Should the ICO have greater powers?

Should the ICO have greater powers? This is one of the many questions being asked as we continue to swim through the wreck of the Facebook / Cambridge Analytica data scandal.

It’s understood that the UK’s Information Commissioner’s Office (ICO for short) were in the midst of complex investigations surrounding the use of data in political campaigns when the scandal broke. The ICO are asking for greater powers to allow them to keep up with the pace of developments in such matters, and with the GDPR that came into force last month that empowers regulators to be able to better audit any organisations using data – which, let’s face it, is all of us really – should the ICO have greater powers still?

One of the key things the ICO wants to do, and is in talks with the government over, is to have the power to move more quickly to obtain the information they need to undertake investigations that are said to be in the public’s interest. Although they appreciate that organisations and their employees themselves have rights that must also be respected, they reportedly want a “streamlined warrant processes with a lower threshold”.

The ICO says that such powers will allow for a greater understanding that breaches of data protection must be taken more seriously for the crime that it actually is; especially as the world moves forward toward a far more digitalised and data-intensive world.

The huge increases in the fines that organisations can now receive in accordance with the new GDPR is thought to be helping this approach as well. The ICO makes clear that, although repeat and deliberate offenders will face the full weight of the law, those organisations who take responsibility and accept accountability quickly, and work with the ICO, can be treated far more leniently.

This kind of approach perhaps works in theory, but given that we’re only less than a month since the inception of the new GDPR, we will have to wait and see. Perhaps the question as to whether the ICO should have greater powers may be answered once the full extent of GDPR has been tried and tested.