UK ICO sees loss of biometrics, surveillance review roles as funding opportunity
As part of a consultation on data and simplifying oversight of police use of biometrics and overt surveillance, the British government is quietly proposing to eliminate the role of Biometrics and Surveillance Camera Commissioner and pass their remit to the Information Commissioner’s Office (ICO).
The specific commissioners’ roles are distinct from those of the ICO which is a regulatory body independent of government and sponsored by the Department of Digital, Culture, Media and Sport (DCMS) to regulate the Data Protection Act 2018, GDPR etc.
The Biometrics Commissioner, also independent, works with the Home Office to review police use and retention of DNA and fingerprints. The Surveillance Camera Commissioner also works with the Home Office to encourage compliance with the Surveillance Camera Code of Practice for CCTV which came into force in 2013 for local authorities and police forces in England and Wales.
Both roles came out of the Protection of Freedoms Act 2012 which sought protection for the public from the authorities, and were merged in March 2021. They now face dislocation and dissolution if they are disconnected from the Home Office, a central part of government, and mixed in with the ICO below the DCMS.
The ICO has now equally quietly acknowledged the proposals at the end of its own response.
“Innovation is enabled, not threatened, by high data protection standards,” writes the UK Information Commissioner, Elizabeth Denham, in her foreword to her Office’s response to the consultation by the British government into parts of the proposed National Data Strategy. Denham wants to see innovation which makes data handling easier for organizations and gives individuals rights around their data.
The outgoing Information Commissioner seems intent on reproducing the post-Brexit Global Britain sentiment of government announcements and leads on the importance of the digital sector to the economy: “In June this year it was announced that the UK now has one hundred tech companies valued at $1bn or more, more than the rest of Europe combined”.
There is mention in the foreword of some of the ICO’s bread and butter – data protection – before swiftly moving on to ensuring the Office is resourced (“by engaging closely with Government”) and reformed with a separate Chair and CEO to be “better suited to the ICO’s role as a whole economy and public sector regulator with extensive domestic and international responsibilities”.
The Department for Digital, Culture, Media and Sport is running the public consultation “on reforms to create an ambitious, pro-growth and innovation-friendly data protection regime that underpins the trustworthy use of data” referring to the overall November 2020 proposed National Data Strategy’s “Mission 2: Securing a pro-growth and trusted data regime”.
Denham’s foreword does not mention the future of the Biometrics and Surveillance Camera Commissioners, but they are mentioned on page 88 of the 89-page response to the consultation by the ICO.
Biometric Update found two paragraphs on the roles of the Biometrics Commissioner and Surveillance Camera Commissioner at the very end of the 146-page Data: A New Direction Consultation document which suggest eliminating the roles and absorbing the responsibilities into the ICO.
This should “bring benefits to data controllers and the public with a single route for advice, guidance and redress,” says the consultation paper.
We spoke to the current and former commissioners who found the proposal illogical and not relevant given the role is “quasi-judicial” rather than regulatory.
The ICO, on reading the proposals to merge the roles into their remit give an initially lukewarm response at the end of their response:
“It is for Government to decide where these functions would best fit. Should this be what Parliament and Government decide, we are open to this expansion of our role, given the synergies Response to DCMS consultation with our existing responsibilities. This is subject to appropriate funding being available. We also recognise that these proposals could potentially improve regulatory certainty for bodies such as the police and help to simplify the overall regulatory landscape.”
In the section where the ICO responds to the DCMS’s thoughts on the reform for the ICO, the Office is somewhat more upbeat if it involves more funding:
“We agree that clarity about regulatory remits is crucial in areas such as police use of biometrics and overt surveillance. We note the intention to build on existing efforts to simplify the regulatory landscape (such as the recent appointment of one Biometrics and Surveillance Camera Commissioner) by assessing the feasibility of combining these functions and absorbing them into the ICO’s remit (paragraph 410).
“We recognise the benefits of this approach for stakeholders in these two areas and see the close alignment of the work with our existing responsibilities. We are open to this expansion of our regulatory remit, subject to appropriate funding, and await further detail on how any transfer of functions would work in practice.”
In her foreword Denham notes that “Three years have passed since the introduction of the Data Protection Act 2018, and the pace and scale of innovation means the data landscape has changed significantly. How we deliver high standards cannot be static”. What is less clear from the ICO response is how government, police and authorities will be held to account over elements of the even older Protection of Freedoms Act 2012 whose tenets are seen as crucial to many.