The UK’s data regulator hasn’t done enough to stop the government from disregarding fundamental privacy rights during the pandemic, a cross-party group of 20 opposition MPs has said.
The claims come in a letter (PDF) sent to Elizabeth Denham, the head of the Information Commissioner’s Office (ICO), with the MPs saying more proactive enforcement of the Data Protection Act, which is based upon Europe’s General Data Protection Regulation (GDPR), is needed.
“Parliamentarians and the public need to be able to rely on the data regulator,” the MPs write in the letter. They go on to say there have been numerous data protection issues during the pandemic – such as those around the legal failings of the Test and Trace scheme and wider issues with the contact tracing app – and suggest the ICO should have taken stronger action against any government missteps.
“The government have highlighted your role at every turn, citing you as an advisor looking at the detail of their work, and using you to justify their actions,” the letter says. The document has been signed by Labour, Liberal Democrat, SNP and Green MPs. No Conservative MPs are included.
The letter comes at a time when the ICO is facing increased public scrutiny. An audit of the regulator recently graded some of its work as only “adequate” and a freedom of information request revealed that Denham has been working remotely in her native Canada for personal reasons for the last two months. The west coast of Canada, where Denham is currently based, is eight hours behind the UK, creating a big time gap between Denham and the rest of the ICO’s staff.
“The public needs a data regulator with teeth. The ICO must stop sitting on its hands and start using its powers – to assess what needs to change and enforce those changes – to ensure that the government is using people’s data safely and legally,” Liberal Democrat MP Daisy Cooper said in a statement alongside the letter. Also included on the letter are Labour MPs Clive Lewis and John McDonnell, Caroline Lucas from the Green Party and Tommy Sheppard from the SNP.
“Privacy rights are fundamental to trust,” Lewis said in a statement. “The ICO must investigate and force the Government to fix the problems, to avoid a wider breakdown in trust.”
The ICO has a crucial role in how data is used and processed in the UK. It is responsible for regulating data protection issues as well as privacy rights under the Freedom of Information Act and the Privacy and Electronic Communications Regulations, which govern the use of inappropriate calls, texts and emails for marketing purposes.
It has the power to fine organisations that are found in breach of data protection regulations or marketing communications abuses. GDPR provides the potential for huge fines to be issued. However, the ICO, like many data protection regulators across Europe, has issued very few fines under GDPR since it came into force in May 2018.
“Our regulatory obligations include…
We need to fix GDPR’s biggest failure: broken cookie notices
The user experience of browsing the web is worse than ever. Even if you only spend a tiny …
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
