The U.K.’s Information Commissioner’s Office (ICO) has responded to the U.K.’s Department for Digital, Culture, Media and Sport’s (DCMS) “Data: Unlimited” initiative.

There is a lot to unpack. Here is an analysis I wrote for OneTrust DataGuidance that may be helpful.

Key points:

  • The current approach does not work for people or businesses and commitment to improving this is welcomed.
  • The proposal to increase fines that can be imposed under PECR (which governs direct marketing) so they are the same level as those under the UK GDPR is welcomed.
  • There are deep concerns about any clarification or changes to the data protection regime that removed the centrality of fairness in how people’s data is used.
  • There are concerns about the proposal to remove the right to a human review of automated decision-making set out in Article 22 of the UK GDPR.
  • The Government’s ambition to increase flows of data safely across jurisdictions, and the proposal to approach adequacy assessments with a focus on risk-based decision-making and outcomes is welcomed. It is important that the approach continues to ensure our existing high standards are maintained.