The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Last week’s Data Protection Practitioners’ Conference 2022 brought together more than 3,000 data protection professionals from across the country. Didn’t manage to attend? Here’s five things you missed from the day. And look out in coming weeks as we publish videos of the speeches and seminars.

Training materials for businesses and organisations

Can the ICO help you grow the number of data protection experts in your organisation?

That’s the offer John Edwards set out, highlighting the publication of the information governance and legislation training modules the ICO provides its staff as part of our internal training.

“At the ICO, we need our staff to be expert in what the law says. And so when new staff join, they’re signed up to training on the laws we regulate. That training is great. It is written by subject experts, to enable more subject experts. But the community of subject experts outside of the ICO needs to be bigger than ever. And so we’re publishing our materials for everyone to use.”

John Edwards urged organisations to encourage staff to find an hour or two over the coming weeks to improve their data protection and information rights expertise. He said:

“Crucially, more data protection experts means more people safeguarding and empowering people, by upholding their rights.”

Privacy professional as an organisation’s eyes and ears

“Understanding not only what the law says, but also what that means in practice, and how it relates to your customers, staff and stakeholders, remains a specialist job. The privacy professional is the eyes and ears of an organisation in that respect.”

Those were John Edwards’ words, as he reassured delegates that the role of the data protection professional remains crucial.

“You are the ones who best understand what any innovation around data will mean to customers. There’s no substitute for that, and from what I’ve seen, this community is serving the UK exceptionally well.”

John Edwards added that the ICO could do more to connect DPOs with other members of the DPO community, to share expertise and experience. To this end, we are establishing a Cross-Whitehall Senior Leadership Group to drive standards across government. And the ICO25 demonstrates our commitment to create a forum for organisations to discuss and debate compliance and best practice.

Doing the right thing to safeguard children

Among the many informative and well attended seminars that formed part of the DPPC’s afternoon sessions, there was one that focussed on sharing data to safeguard children. This emphasised that it is imperative that organisations and businesses possess the knowledge and confidence to share data in instances where it will safeguard children and young people. Delegates were urged not to hesitate to share data in urgent or emergency situations.

John Edwards said:

“Wherever you work, whether it is in health, law enforcement, education or the care sector and you have information about a child that you think might be at risk, you won’t get into trouble if you share that information with someone who is in a position to do something about that.”

A poll of delegates revealed that the main challenge faced when sharing data to safeguard children is the fear of doing something wrong, followed by uncertainty about data protection law and cultural barriers. Our data sharing code of practice and supporting resources can provide help with addressing this. Businesses and organisations are also reminded to use their DPO for advice and guidance.

Personal data and equality in a digital age

This year’s DPPC keynote covered the crucial issue of how data protections sits alongside inequality.

Marcial Boo, chief executive of the Equalities and Human Rights Commission, emphasised the importance of the ICO’s work in supporting organisations to make the right decisions about collecting good-quality data to address inequalities. He also stressed how, in this digital age, data must be used lawfully and appropriately, taking full account of human rights standards.

He cited the example of emerging evidence that artificial intelligence (AI), if poorly understood or implemented, can perpetuate biases and prejudice people by their race or sex, simply because the algorithms and processes rely on existing data where there may already be entrenched inequality.

This sits alongside the ICO’s announcement, as part of ICO25, that we will be investigating concerns over the use of algorithms to sift recruitment applications, which could be negatively impacting employment opportunities of those from diverse backgrounds.

Mr Boo said:

“AI is transforming the workplace, from recruitment and task allocation, through to monitoring performance. It’s becoming increasingly commonplace, particularly as a result of the shift to remote working through the pandemic. In this way, it was great to see the ICO’s announcement last week that they will be looking into the impact of AI in recruitment practices.”

Data protection reform – the future

The UK Government introduced the new Data Protection and Digital Information Bill to Parliament and, while there are still details to be finessed, UK Information Commissioner John Edwards believes the proposals strike a good balance in making improvements. At the conference, he said:

“The Bill reflects an understanding that there are areas of red tape for business that can be reduced, while acknowledging the value of protections that give people confidence to use the products and services that power the economy and society.”

Notes to Editors

  1. The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals. It has its head office in Wilmslow, Cheshire, and regional offices in Edinburgh, Cardiff and Belfast.
  2. The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five Acts / Regulations.
  3. The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
  4. To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.