Winchester Vacancies

ICO calls for greater clarity in scope of data protection law and personal data

The Information Commissioner’s Office has called for greater clarity on the scope of data protection law, including what constitutes personal data.

The plea came in its submission to the Ministry of Justice’s call for evidence on the current data protection legislative framework.

The ICO said it supported the review and believed there needed to be a “common sense and modern day approach” to data protection. It said current data protection principles were sound, but added that there was a need for some areas of the law to be clarified.

According to the watchdog, the law “must be clearer on when consent is required to use personal information and adopt a more pragmatic approach to the regulation of international data flows”.

There also needs to be better co-ordination between freedom of information law and an appreciation that individuals’ rights need to be updated to bring them in line with the capabilities of modern technology.

David Smith, Deputy Commissioner and Director of Data Protection at the ICO, said: "We have no doubt that this framework, which includes the UK Data Protection Act and the EU Data Protection Directive, can be improved so that the law is more effective in practice.

“We need to ensure that people have real protection for their personal information, not just protection on paper and that we are not distracted by arguments over interpretations of the Data Protection Act.”

In its submission, the ICO said:

  • The development of increasingly sophisticated information systems, mass information sharing and the online collection of personal information mean that data protection law is more relevant, and more needed, than ever
  • Not only is personal information shared more often, and in greater volumes, than ever before, but the potential for inadequate information handling systems and practices to have far-reaching consequences has also increased dramatically
  • The level of complaints and enquiries made to the ICO “goes up all the time”. The watchdog suggested that individuals and businesses were more aware of information rights issues. This, in turn, suggested that the law is becoming more, not less, relevant to personal and corporate life.
  • Individual rights in this field are becoming ever more important. ICO research showed that individuals increasingly feel they have lost control of their personal information. “In this environment the right of subject access, as well as the right to receive broader information about the data controller and the purposes for which personal data is used, the right to stop processing that may cause damage or distress, the right to stop direct marketing, the right to compensation and the right to have inaccurate personal information rectified are all hugely important”.

The ICO went on to say that an effective new data protection framework must: be clear in its scope, particularly in the context of new forms of individual identification; protect the rights and freedoms of individuals whilst permitting the free flow of data; place clear responsibility and accountability on those processing personal data, throughout the information life cycle; ensure obligations for those processing personal data are focused on processing that poses genuine risk to individuals or society, rather than focusing on particular categories of data; and give individuals clear, effective rights and simple, cost-effective means of exercising them.

The ICO’s submission can be read here.