How a weaker data watchdog impacts you

We live in an information age when organisations rely on large amounts of personal data to make life-changing decisions about us. When things go wrong with people’s data there are real-world harms. These include increased risk of becoming a victim of cybercrime, unfair treatment in the workplace, or unfair decisions on mortgage or loan applications. For justice, people turn to the UK’s data watchdog, the Information Commissioner’s Office (ICO), but the Data Protection and Digital Information Bill weakens its role.

What’s the problem?

Often it is the most vulnerable who face the biggest impact of these digital harms. As Adam Freedman, Senior Policy and Campaigns Officer at National AIDS Trust said, “despite existing equalities and data protection legislation, far too many people are having their private health data shared unlawfully.”

When things go wrong with people’s data they turn to the UK’s data watchdog, the Information Commissioner’s Office (ICO). This could be about anything, including workplace disputes, discrimination cases, or campaigners challenging why a public body has refused a Freedom of Information (FOI) request.

Sadly there are many failings within the ICO. It is widely considered to be one of the weakest data regulators in Europe. Too often it has failed to hold government departments and companies to account for data protection abuses. For example ORG’s report Data privacy and the Information Commissioner’s Office During a Crisis exposed failures by the ICO in protecting the public privacy and data rights during the Covid-19 pandemic.

Despite there already being problems the Government’s Data Protection and Digital Information (DPDI) Bill will weaken the ICO further, attacking its independence, granting it powers to ignore complaints, and giving Ministers too much power to set its direction and priorities. Our briefing on the bill sets out these problems.

What can be done about this?

ORG are proposing the Government makes a number of amendments to the bill. These would:

• Ensure the ICO’s independence, impartiality and objectiveness.

• Introduce an effective redress mechanism for complainants if the ICO fails to investigate their complaint properly

• Enable organisations to make collective complaints on data issues on behalf of groups of people.

• Give the Equality and Human Rights Commision a role in reviewing the work of the ICO and the impact of data protection enforcement on broader human rights protections.

• Stop plans to scrap the Biometric and Surveillance Camera Commissioner.

• Give the ICO a clear duty of investigating infringements and ensuring the diligent application of data protection rules.

• Ensure the ICO is appointed by Parliament rather than Government in-line with recommendations in the Brown report.

• Stop the regulatory capture by industry, and take action to ensure people working as regulators can’t immediately leave their roles to go and work for the industries they were regulating.

How can individuals or organisations play a role?

The DPDI Bill is now back in the House of Lords. If your organisation agrees with us that the UK needs a strong data watchdog then please raise this issue with any of your Parliamentary contacts.

If you would like further information in how you can be involved in working with us to ensure the UK has a strong data watchdog then please contact.

If you are an individual then the best thing you can do is to raise this issue with your MP. When the bill returns to the commons MPs will once again be able to vote on it. They can also raise concerns and issues with their party whips and colleagues in the Lords.