The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

The Information Commissioner’s Office (ICO) has set out a commitment to safeguard the information rights of the most vulnerable people, including regulatory work around children’s privacy, AI-driven discrimination, the use of algorithms within the benefits system and the impact of predatory marketing calls.

The plans are set out in ICO25, a three year plan setting out the ICO’s regulatory approach and priorities.

Speaking at the launch of the plan, UK Information Commissioner John Edwards will say:

“My most important objective is to safeguard and empower people, by upholding their information rights. Empowering people to confidently share their information to use the products and services that drive our economy and society.

“My office will focus our resources where we see data protection issues are disproportionately affecting already vulnerable or disadvantaged groups. The impact that we can have on people’s lives is the measure of our success. This is what modern data protection looks like, and it is what modern regulation looks like.”

The ICO25 plan sets out how the ICO will regulate and prioritise work over the next three years. The accompanying action plan setting out the focus for the year ahead includes details of work focused on empowering people, including:

  • looking at the impact of predatory marketing calls;
  • looking at the use of algorithms within the benefits system;
  • considering the impact the use AI in recruitment could be having on neurodiverse people or ethnic minorities, who weren’t part of the testing for this software; and
  • ongoing support of children’s privacy.

The plan also emphasises the importance of certainty and flexibility for business, announcing a package of actions to help save businesses at least £100 million across the next three years. To achieve this the ICO will:

  • publish internal data protection and freedom of information training materials;
  • create a database of ICO advice provided to organisations and the public;
  • produce a range of templates to help organisations develop their own approaches;
  • create an ICO moderated platform for organisations to discuss and debate compliance and share information and advice;
  • develop a range of ‘data essentials’ training, specifically aimed at SMEs whose involvement with data protection is a by-product of their core activity; and
  • set up iAdvice to offer early support for innovators.

Speaking at the launch of the plan, UK Information Commissioner John Edwards will say:

“Certainty and flexibility remain the two pillars of what I offer to business today, and in how we will support the successful implementation of a new data protection law. Certainty in what the law requires, coupled with a predictable approach to enforcement action, that allows businesses to invest and innovate with confidence. And the flexibility to reduce the cost of compliance.

“That support for business and public sector is important in itself, but it is ultimately a means to an end. We help business to help people.”

The report sets out support for the public sector, including a revised approach to public sector fines and the creation of a cross Whitehall Senior Leadership Group to drive compliance and high standards of information across government departments.

The report also sets out the ICO’s commitment to supporting the development of modern freedom of information, including prioritising FOI complaints and a greater emphasis on dispute resolution around complaints.

Speaking at the launch of the plan, UK Information Commissioner John Edwards will say:

“There are few regulators who can say their work is of fundamental importance to the democracy on which society exists. But that is the value of the Freedom of Information Act. My role is to ensure the administration of that law is fit for the modern world.

“But to achieve that requires fundamental change. And that change has to start in my office. The proposals I set out today involve trying different approaches. Some may work well, some may not work, some may need tweaking. But it is absolutely clear to me that in a world of increasing demand, and shrinking resources, we simply cannot keep doing what we’ve been doing and expect the system to improve.”

Notes to Editors

  1. The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals. It has its head office in Wilmslow, Cheshire, and regional offices in Belfast, Cardiff, Edinburgh and London.
  2. The ICO has specific responsibilities set out in the Data Protection Act 2018, the UK General Data Protection Regulation, the Freedom of Information Act 2000, Environmental Information Regulations 2004, Privacy and Electronic Communications Regulations 2003 and a further five Acts / Regulations.
  3. The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
  4. To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.