The ICO recently released a report, outlining plans for the next three years, called ICO25.
The report set out the “strategic enduring objectives” which the ICO intends to pursue over the three year period ending in 2025, as well as shorter-term goals which the office will focus on in the coming year.
The report set out four long-term objectives:
1. “Safeguard and empower people.”
As explained in the plan, this will be focused on making more people aware of their data protection rights and applying the ICO’s enforcement powers to ensure organisations apply strong cyber security systems to protect people’s information. The enforcement will also extend to tackling predatory marketing, especially when it is targeted at vulnerable people.
2. “Empower responsible innovation and sustainable economic growth.”
This covers the promotion of economic growth by providing a framework for businesses to share personal data responsibly. Here again, the ICO references an intention to take action against those businesses that attempt to gain unfair advantage by skirting the rules.
3. “Promote openness, transparency and accountability.”
This objective is focused on the Freedom of Information Act and the Environmental Information Regulations. The ICO’s commitment is that it will be more timely in its role as adjudicator when disputes arise between organisations and people who request information. They will also support public authorities in proactively publishing information.
4. “Develop the ICO’s culture, capability and capacity”.
The last objective is focused on the ICO’s internal functions, to optimize them for faster and better-quality service delivery.
The immediate priorities which the ICO intends to focus on in 2023 will include protecting the privacy of children, clamping down on predatory marketing calls, investigations into AI-driven discrimination in employment and the usage of automated decision making within the benefits system.
“My office will focus our resources where we see data protection issues are disproportionately affecting already vulnerable or disadvantaged groups. The impact that we can have on people’s lives is the measure of our success. This is what modern data protection looks like, and it is what modern regulation looks like.” – John Edwards, ICO Commissioner
Citing the need for certainty and flexibility, ICO25 also revealed a ‘package of actions’ purported to help save businesses at least £100 million over the next three years.
To achieve this ambitious goal, the ICO has outlined plans to;
- Publish internal data protection and freedom of information training materials
- Create a database of ICO advice, available to both organisations and the public
- Create an ICO moderated platform for organisations to discuss debate compliance and share information and advice
- Develop a range of ‘data essentials’ training, specifically aimed at SMEs whose involvement with data protection is a by-product of their core activity
- Set up iAdvice to offer early support for innovators.
“That support for business and the public sector is important in itself, but it is ultimately a means to an end. We help businesses to help people.” – John Edwards
ICO25 discusses support for the public sector, with revisions to public sector fining approaches and a commitment to the development of modern freedom of information.
Let us know what you think about the priorities of ICO25!
Head to the ICO’s website for more information; https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/07/uk-information-commissioner-sets-out-focus-on-empowering-people-through-information/
We also wrote an article talking about the ICO issuing fines due to Interserve Group failing to protect their staff’s data, which may provide further insight.