The UK data protection watchdog committed millions of pounds in additional investment last year to recruit additional expert talent, while also working to ensure its tech operations meet functional standards
The Information Commissioner’s Office spent an extra £11.6m during its most recent financial year as the regulator sought to grow its number of digital and data experts.
The regulator has published its annual report and financial statements for the 2023/24 fiscal year, which reveal that expenditure for the year stood at £87.3m. This represents a 15.3% rise on the £75.7m outlay recorded by the ICO during the prior year.
The report says that “the majority of the increase in expenditure… was in relation to staff costs”. This included the impact of a “higher-than-usual pay remit and one-off cost of living payments as set by central government for 2023/24”.
But the data-protection watchdog also spent money on “some targeted growth mostly within our DDaT (digital, data and technology) and legal professions to support our regulatory and transformation work”.
During 2023/24, the ICO also measured how its operations in each of government’s 12 functions aligns to the guidelines set out in the relevant functional standard.
These investigations found that its specialist teams “meet all parts of all of the applicable standards and assessed a rating of at least ‘Good’” across all metrics – with the exception of the digital standard. But work has since begun to bring its digital and data ops up to speed and meet functional targets during the coming weeks.
Related content
- ICO reprimands Hackney for ‘clear and avoidable error’ – but council claims watchdog ‘has misunderstood the facts and misapplied the law’
- ICO issues data protection warning over domestic abuse victims after DWP and local councils reprimanded
- Information commissioner: ‘I want us to be for all of society – not just those with the resources to access data protection’
“The digital standard was rewritten by the Central Digital and Data Office presenting four key themes which focus on governance, services, technology and data,” the report says. “Following a full reassessment of the new standards and requirements criteria, we have rebase-lined and report a significant proportion of requirements meet ‘Good’ and more positively some at ‘Better’ and ‘Best’, with just one criterion showing as not meeting requirements. The criterion focuses on all senior civil servants having had training in digital, technology and data essentials. Work is underway to ensure completion by September 2024.”
During the 2023/24 year, the regulator received 35,332 complaints, fielded 273,338 phone calls and 54,256 live chats, and responded to 9,614 emails seeking advice. High-profile action taken during the year included a £12.7m fine levied on TikTok for failing to adequately protect children’s – which, while it continues to appeal against the penalty, the firm has yet to pay, according to the report.
In his foreword, information commissioner John Edwards said that his organisation’s work during the year had been “disrupted and diverted” by the rapid progress of sophisticated artificial intelligence technology. Such disruption is set to continue, he predicts.
“The emergence of AI and the inevitable questions that follow around its regulation and development are two issues that my office has been looking at in detail over the past year,” the foreword says. “Reading over this report, I am struck by the diverse nature of my roles as information commissioner. Some of the cases we see and investigations we undertake are caused by simple human error – an email that didn’t use BCC, for example, or a breach caused by old, out of date software. On the other hand, I have teams looking at the potential privacy implications of quantum technologies and other examples of emerging technology being rolled out in the next two to five years.”
For the past two years, the ICO has been trialling a new approach to its work with the public. Since summer 2022, the regulator has largely avoided issuing monetary penalties to public bodies, in favour of working with them to improve data-protection standards. After the conclusion of an initial two-year trial, the future of this approach is currently under review.
In its first sweep of proposed legislation since taking power, the new government recently revealed plans to undertake a programme of “modernising and strengthening the ICO”.
“It will be transformed into a more modern regulatory structure, with a CEO, board and chair,” according to guidance on the legislative proposals. “And it will have new, stronger powers. This will be accompanied by targeted reforms to some data laws that will maintain high standards of protection but [addressing] where there is currently a lack of clarity impeding the safe development and deployment of some new technologies. We will also promote standards for digital identities around privacy, security and inclusion.”
Hey there! Would you mind if I share your blog with my facebook group? There’s a lot of people that I think would really appreciate your content. Please let me know. Cheers