UK Information Commissioner Elizabeth Denham is calling for more power to investigate privacy breaches.
In a speech at the IAPP Europe Data Protection Intensive 2018 in London this week, she called for “streamlined warrant processes with a lower threshold than we currently have in law.”
The Information Commissioner's Office (ICO) is now in “intense consultation with government” to make sure the pending Data Protection Bill gives the ICO the ability to move more quickly, in preparation for the EU’s General Data Protection Regulation (GDPR).
Denham mentioned this need in the context of the Cambridge Analytica scandal and the ICO's probes into that and other situations.
“In all, we are looking at 30 organizations—social media platforms, data companies, campaigns and political parties to pull back the curtain on the use of personal data in modern political campaigns,” she said.
She added, however, that in the context of this probe, “the GDPR audit power is already being outpaced by technological advances in data analytics. I want to see this addressed.”
For example, “We have to look for inter-relatedness between data sets and the effect they have on decisions,” she said. “We may need to see these effects in short time periods in the context of a fast-moving investigation.”
Denham noted that she senses a shift “in the posture of industry with regards to privacy regulation in the US,” although she did not offer specific details.
According to Denham, Parliament has agreed to a funding increase from £24 million to £38 million for the ICO in 2018/2019.
In addition, the ICO is recruiting at all levels of staff, including 10 newly created director roles, and expects to have a headcount of 700 by 2020, up from 520 at present.
In general, Denham also said, “We need the regime to reflect the reality that data crimes are real crimes.”
She concluded, “If we find that the law has been broken, we will take the necessary enforcement action.”