The Information Commissioner's Office (ICO) has called for a more practical approach to data protection regulation as technology progresses.
Speaking at the European Conference of Data Protection Authorities, Information Commissioner Christopher Graham commented that regulators must not get left behind as technology changes how personal information is used.
Graham said: ‘Governments have gone digital, keen to find efficiencies in the delivery of joined up public services. And now there’s the security dimension, with politicians claiming that public safety is an absolute right, while privacy is a right that may need to be qualified.
‘And that’s where we need to get practical. Because the challenges are to how we do things, not what we are there for. If we want to be effective doing what we do, we are going to have to learn to do some things differently.’
Graham also highlighted the publication of its research into what data protection rights the public want and what the public want from data protection authorities.
The commonly recurring themes of what the public want from data protection are: control over their personal data; transparency – they want to know what organisations will do with their personal data; to understand the different purposes and benefits of data sharing; security of their personal data; and specific rights of access, deletion and portable personal data.
The themes of what the public want from DPAs are: independence – DPAs free from outside influence; consistency – where possible a consistent approach to data protection across the eu; visibility – DPAs making themselves known, providing clear help and guidance to them and also to organisations; privacy certification, seals and trust marks – giving them confidence in the organisations who are processing their personal data; responsive to new technologies – DPAs that understand the privacy implications of the new technologies they encounter in their daily lives; and enforcement – appropriate remedies that are used effectively by DPAs to ensure that organisations comply with data protection rules.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.