03 December 2016 - Post by:David Smith
We have just seen an announcement from the Information Commissioner, Elizabeth Denham, about the appointment of a new Deputy, Rob Luke, who was previously British High Commissioner to Malta, and has also served overseas in Brazil and Paris as well as in policy roles at the Foreign & Commonwealth Office in London. In her announcement Elizabeth said:
“The new General Data Protection Regulation brings an opportunity to look at how we all do things afresh, and the ICO will be at the forefront of that, helping organisations to improve how they comply with the law…The digital world is a smaller world. The ICO will be taking an internationalist approach, continuing and growing our work with regulators around the world.”
This shows the new Commissioner again stamping her own mark on the ICO.
Her announcement follows a session at the International Association of Privacy Professionals (IAPP) Congress in Brussels a few weeks ago when Elizabeth was interviewed by Peter Hustinx, the former European Data Protection Supervisor. She was upbeat then and talked about her experience as a commissioner in Canada where she had been known for bringing a wide range of interest groups together and for assisting businesses with compliance. She linked this to the GDPR to which she said she would bring a “sectorally focussed approach” to guidance. Particularly welcome, in this context, was Elizabeth’s commitment to an increasingly proactive role with her office, the ICO, devoting what she described as more “face time” to understanding and working with the business community and with civil society. She also spoke of the importance of the ICO staying relevant in a world where technology is changing so rapidly, tying this in to her plan to recruit a Chief Technology Strategist. Turning to Brexit, Elizabeth stressed the importance of the UK maintaining a strong data protection law after Brexit even though she acknowledged that there was still much work to be done to deliver this.
The same week also saw some important and welcome clarification about the future of data protection in the UK from the Government. The Minister, Matt Hancock, speaking at a conference in London, confirmed that the UK will implement the EU General Data Protection Regulation (GDPR) in May 2018. This, in itself, isn’t news but the surprisingly positive and upbeat tone that the Minister adopted was significant, talking about the importance of trust, not putting the UK’s high reputation at risk and seeking not just to maintain but to enhance the UK’s credentials as a world leader in data protection. He described the GDPR as “an essential update in the data protection regime” and talked about the UK’s successes in the negotiations leading up to the GDPR, in areas such as the risk based approach and giving discretion to data protection authorities over fines. There was nothing specific said about what would happen post Brexit but the Minister did, in a similar vein to the Commissioner, describe the GDPR as a “strong framework for years ahead” and talk about the Government’s desire to ensure a continuing flow of information to and from the EU.
So where does this leave us? There’s still a great deal of uncertainty, particularly around Brexit. This includes whether, post Brexit, the UK will be considered as an “adequate” destination for personal data transferred from the EU even if UK law stays essentially the same as the GDPR. In other respects though the outlook is more rosy. We have positive statements from the Minister about the Government’s intentions that the UK will still be ”the bee’s knees” for data protection, an indication of stability in that the GDPR, or something very much like it, will become and remain UK law for some years to come and a regulator who is committed to acting toughly when necessary but who is not only willing to listen to the business community but keen to actively engage with them.
And, finally, you might ask why “The Bee’s Knees”? Well, Elizabeth Denham, as a Canadian, confessed, in her interview in Brussels, to having been reduced to buying a book of 500 British idioms to help her understand some of the stranger expressions that we use from day to day. “The bee’s knees” turned out to be the one at the top of her list. Whilst she now knows what being “the bee’s knees” means she is still struggling to find anyone who can explain to her satisfactorily why, in the strange world of British idioms, a ‘bee’s knees’ should be equated with excellence.