The ICO’s three-year plan units out the precise focus of the general public physique. We have summarised some key areas under that we anticipate will see larger growth, steering and enforcement.
In addition to the broad aims, the ICO25 units up a programme of annual priorities. It will probably be attention-grabbing to see how these develop and whether or not there will probably be a lot change in subsequent years. Whilst the ICO’s focus till October 2023 covers a wide range of areas, we’ve got set out a number of the key ones for companies under:
Subject Access Requests – The ICO desires to create a brand new topic entry request instrument. This will generate template requests for people that may be despatched to companies accompanied by further steering and help from the ICO. Whilst this could assist in making certain topic entry requests are extra constant, companies could also be involved that this instrument will result in a rise within the variety of such requests they obtain.
Children’s Privacy – This continues to be a serious concern for the ICO and it desires to push additional adjustments round age gating for social medial platforms, media and music streaming sights and gaming platforms. It additionally desires to proceed its enforcement of the Children’s Code and align it with any adjustments required by the Online Safety Bill (although we be aware that this invoice is presently on maintain till a brand new Prime Minister is appointed).
Safeguarding the Most Vulnerable – This is a broad space of focus that covers a number of potential points, however the common precept is the ICO desires to make sure that technological change doesn’t unduly have an effect on sure teams. Some of the areas of concern are:
how AI instruments can drive discrimination, significantly within the area of recruitment; how the deployment of applied sciences similar to facial recognition and iris scanning can adversely affect weak teams; and contemplating how different points are aggravating, or are aggravated by, the present cost-of dwelling disaster, specifically the usage of adtech for playing on social media and predatory advertising calls.
The ICO25 was not clear in all cases the way it intends to cope with these points in observe, but it surely commits the ICO to partaking with numerous stakeholders to develop controls and steering.
Interestingly, worldwide transfers of non-public information don’t seem to be a magnet for the ICO over the approaching year (apart from some minor factors about enhancing the BCR software course of and advising Parliament on potential adequacy choices). This is especially attention-grabbing because it stays a scorching subject in Europe, the place the affect of Schrems II remains to be being felt and a brand new “Privacy Shield 2.0” governing transfers to the US was introduced earlier within the year.
ICO25 is open for session till 22 September and will probably be adopted by a programme explaining the adjustments the ICO will make to satisfy the targets on a quarterly foundation.
https://www.lexology.com/library/detail.aspx?g=02e4534b-b1ab-4b2b-bb85-e984ab0e24e5
