ICO launches tech strategy

The Information Commissioner's Office (ICO) released its first technology strategy in support of its Information Rights Strategic Plan 2017-2021

The strategy outlines eight technology goals that the ICO hopes to achieve in order to enhance its technical knowledge and understanding, and work more effectively with those it regulates.

The ICO recognises that if technology is not an essential element of its approach towards regulation, it will fail to deliver a satisfactory level of service to the public.

In her foreword the Information Commissioner Elizabeth Denham notes that the most significant data protection risks are now driven by the use of new technologies. She also makes it clear that fast-changing technological advancements, including entirely new fields such as FinTech and EdTech, do not need to come at the expense of data protection and privacy rights. Indeed, the strategy begins by stating that privacy and innovation are not mutually exclusive.

The goals and practical steps identified in the strategy are:

1. Ensure effective education and awareness of ICO staff on technology issues The ICO will develop training programmes and resources appropriate to the level of seniority of its staff.
2. Provide guidance to organisations about how to address data protection risks The ICO will update guidance to ensure it reflects requirements in the GDPR. It will also publish reports, blogs and social media updates about emerging technologies and 'lessons learnt' from reported cyber breaches.
3. Ensure the public receive information about data protection risks arising from technology The ICO will work with partners (such as the National Cyber Security Centre) to ensure its messages are disseminated widely.
4. Support and facilitate research into risks and solutions The ICO will work to develop a comprehensive understanding of various new technologies, and provide grants to support research and data protection by design solutions. It will also carry out annual surveys to understand areas of public concern.
5. Recruit and retain staff with technology expertise This will include the use of secondees from external organisations and the potential to offer technology apprenticeships. The ICO will establish a panel of forensic investigators to support its regulatory work.
6. Establish partnerships to support knowledge exchange The ICO will create Technology Fellowships for post-doctoral experts, and forge partnerships with tech-focussed industry bodies and professional groups. It will also launch an annual ICO conference to showcase the latest research.
7. Engage internationally with other regulators and networks The ICO will prioritise international engagement on issues related to global privacy risks arising from new technologies.
8. Engage with organisations to understand and explore innovative technology

The ICO will establish a 'regulatory sandbox', drawing on the success of the Financial Conduct Authority’s sandbox process. This will allow organisations to innovate whilst engaging with the regulator to ensure appropriate safeguards are in place for their products and services.

The strategy concludes by outlining three priority areas for 2018-2019:

• Cyber security
• Artificial intelligence, big data and machine learning
• Web and cross device tracking

The ICO will focus on these areas over the next year and produce separate plans for each, which will be updated annually.

Comment:

The ICO’s desire to ensure its staff engage with, understand and foster better public understanding of new technologies is to be commended. It will hopefully lead to faster adoption of new technologies with appropriate transparency and safeguards being put in place to protect those engaging with them.

Co-authored by Laura Bilinski.