On 28 November the Information Commissioner’s Office (“ICO”), the UK’s regulator for certain information rights (data protection and freedom of information) published a draft document entitled ‘Looking Ahead, Staying Ahead: towards a 2020 vision for information rights’, as well as an accompanying consultation questionnaire for stakeholders.
The draft document sets out the ICO’s proposed direction for the next five years and beyond. It does this by reiterating the ICO’s mission, vision and broad goals before outlining what the organisation’s more specific aims are for this five year period and how it expects to achieve these aims.
The “vision” described in the draft document is a product of internal consultations with ICO senior management and staff as well as stakeholder research and ‘customer satisfaction surveys’. The consultation process, which is open until 7 February 2014, is designed to ensure that a wider range of stakeholder views are included in the final document, a corporate plan for 2014-2017, which should be published in March.
Much of what is stated in the document reflects previous communications from the ICO. For instance, the ICO’s specific aims fall under the following five headings: educate, empower, enforce, enable and engage. These objectives are the same as those identified by the ICO for 2012/2013 as restated in its Annual Report for that year . These objectives reinforce the image of the ICO internationally as a pragmatic regulator (a trait which is viewed with admiration by some and disdain by others).
However, there are two more noteworthy points about the document. Firstly, Christopher Graham, the Information Commissioner, takes the opportunity to highlight the squeezed position in which the ICO finds itself as a regulator. On the one hand, there is increasing demand for its advice from citizens, businesses and public authorities while, on the other hand, it is facing a funding crunch. The Commissioner recognises the ‘better for less’ challenge which public bodies face. However, short of a loaves and fishes miracle, one must question how doing ‘better for less’ will solve the issue he emphasises of increasing demand and reduced supply as a result of funding cuts. This document could therefore be seen as a proactive step on the part of the regulator to set its own agenda and emphasise the importance of its work before these cuts go further.
Secondly, the ICO notes that it will adjust its focus by acting on concerns expressed by individuals and that it is keen to learn from casework. In so doing, it states that it will ‘tackle systemic problems ahead of individual lapses’. This prioritisation is perhaps a natural consequence of the financial squeeze mentioned above. However, it is arguably also a procedural reflection of the principle of ‘risk-based regulation’ which is being discussed by the European Council in the context of the EU’s current draft data protection regulation.
While some EU Member States have come out in favour of a risk-based approach to determining obligations under data protection rules, civil society organisations have expressed concern about the principle primarily because it will lead to a lower level of data protection for individuals in many instances. This tussle between economic efficiency and fundamental rights efficacy is also implicit in the ICO’s draft document and how it should be resolved is likely to be one of the primary issues on which the ICO will receive consultation feedback.
This post originally appeared on the LSE Media Policy Project Blog and is reproduced with permission and thanks