The UK’s new Information Commissioner could continue to change the internet, metaverse for all

The UK’s new Information Commissioner, John Edwards, has taken the helm for a five-year term, succeeding Elizabeth Denham. Edwards has called for respect for privacy, and committed to making it easy for firms to be respectful as the Information Commissioner’s Office (ICO) eyes up a particularly weighty to-do list for 2022.

The ICO’s Age Appropriate Design Code had a global impact on internet giants last year and the tasks at hand could continue to be of global significance. While at home, campaigners are threatening the regulator with legal action and the remit of the ICO itself is still in question as its scope widens across biometrics. And it has a large backlog of cases it has still to investigate, reports the Campaign for Freedom of Information.

“Privacy is a right not a privilege. In a world where our personal data can drive everything from the healthcare we receive to the job opportunities we see, we all deserve to have our data treated with respect,” says Edwards in his statement on beginning the new job.

The former New Zealand barrister and Privacy Commissioner says his role is to “work with those to whom we entrust our data so they are able to respect our privacy with ease whilst still reaping the benefits of data-driven innovation. I also want to empower people to understand and influence how they want their data to be used, and to make it easy for people to access remedies if things go wrong.”

In a separate communication from the ICO, Edwards notes the importance of the UK’s data protection community and businesses which must adhere to (and pay to register for) data handling provision: “I hope our relationship can be symbiotic: the ICO can offer you support, tools and advice to make your job easier, and in turn you can share your expertise from the front-line to help my office be more effective.”

ICO agenda for 2022

“The ICO has an international reputation for forward thinking and clear assessment of the practicalities of the law, which I will continue to promote,” says Edwards.

This reputation took a boost with the passing of the code of practice which the ICO calls the Children’s Code although it is generally referred to as the more descriptive Age Appropriate Design Code. It states how firms must operate in order to remain compliant with the GDPR, or face fines of up to 4 percent of global turnover.

Just as it came into effect in September 2021, a year after being introduced to give firms time to become compliant, tech firms around the world made changes to their platforms. TikTok, Facebook and Instagram applied changes required in the UK to their products around the world, though did not acknowledge the UK for prompting the change.

That could be just the beginning. It will remain to be seen how the ICO enforces the Age Appropriate Design Code, but next up is the even broader scope of the UK’s Online Safety Bill whose general premise is that what is already illegal offline should be regulated online.

It proposes to do away with internet services conducting self-policing. Instead, there will be far greater powers for regulators to fine firms. It will cover not just content but the harmful effect of algorithms.

Porn sites will have to ensure they cannot be accessed by children, but does not specifically include age verification. This has led campaigners to write to the previous Information Commissioner threatening the ICO with legal action if it fails to introduce a requirement for age verification for porn sites.

How the UK handles this next round of legislation and the reaction of internet could be even more significant. The ICO is already in touch with Meta about how AADC applies in the metaverse. The Guardian reports that the ICO is seeking clarification from the firm over the lack of parental controls, such as for Oculus headsets, which could be exposing young users to harms already discovered by research from the Center for Countering Digital Hate.

Legislative and code issues do not end there. “I welcome the opportunity to oversee the crucial Freedom of Information Act,” says Edwards. “Transparency that helps people understand and trust decisions made on their behalf has perhaps never been as relevant as across the past two years. I look forward to ensuring the law continues to be relevant in our changing world.”

His predecessor, Elizabeth Denham, saw current FOI practice as a poor fit for the way government now works and told a parliamentary committee that there needs to be a “root-and-branch review of the legislation.”

Edwards will have to deal with any fallout from the pandemic, such as the UK’s Track and Trace monitoring project. The next stage in the Clearview AI provisional US$23 million fine will happen during 2022 for alleged serious breaches of UK data protection law with biometric data collection and facial recognition. Clearview AI claims the assertions are factually and legally incorrect.

Add in the fact that the UK’s biometrics and surveillance camera commissioners are fighting to stop their roles being subsumed by the ICO – most recently suggesting that their remits are too complicated for the regulator — and John Edwards looks to have a busy, but important first year in the job.

Article Topics

biometrics  |  California Age Appropriate Design Code (CAADC)  |  children  |  data protection  |  digital identity  |  GDPR  |  Information Commissioner’s Office (ICO)  |  legislation  |  privacy  |  regulation  |  UK