Speaking in London recently, Information Commissioner Elizabeth Denham said that she is in discussions with the government to secure a stronger audit power in the UK Data Protection Bill than currently planned.
Speaking about the Facebook / Cambridge Analytica investigation, Denham said: “Under the GDPR I will have the power to audit all those who hold, use and share personal data. In other words, soon I will be able to look behind the curtain and see what those who hold our data and personal information are doing with it.”
“But, in the context of this particular investigation, the GDPR audit power is already being outpaced by technological advances in data analytics. I want to see this addressed. I am in intense consultation with government, to ensure that, as part of the Data Protection Bill, the ICO has the ability to move more quickly to obtain the information we need to carry out our investigations in the public interest.”
“We need to respect the rights of companies but, we also need streamlined warrant processes with a lower threshold than we currently have in law.” [Editorial comment: what about the rights of owners, proxy holders and management, lawyer/client relationships].
Denham said that the ICO is looking at 30 organisations – social media platforms, data companies, campaigns and political parties. The ICO is willing to take enforcement action if the law has been breached. But in general, Denham said that the ICO’s enforcement style will not change with the GDPR – the ICO will retain its proportionate and pragmatic approach. Voluntary compliance is the preferred route.
“But we will back this up by tough action where necessary; hefty fines can and will be levied on those organisations that persistently, deliberately or negligently flout the law.”
Source: Privacy Laws and Business