Included in this edition of Data & Privacy News: Government launches consultation on UK's data landscape, Irish Data Protection Commission investigates TikTok and more...

Government launches consultation on UK's data landscape

The Government has launched a 'wide-ranging consultation on proposed changes to the UK's data landscape' and published updates to the National Data Strategy launched in September 2020.  The proposed changes include:

• a new governance model is for ICO, including an independent board and chief executive to mirror the governance structures of other regulators 
• balancing the need to 'remove unecessary barriers to responsible data use'
• with mitigations against nuisance calls and text messages, and algorithmic bias

The announcement included news of appointments to the Centre for Data Ethics and Innovation’s (CDEI) refreshed advisory board; the CDEI's 2021/22 work programme will focus on: maximising the public benefit of data by enabling it to be used and shared responsibly; building a strong AI assurance ecosystem in the UK; and supporting the delivery of transformative data and AI projects in the public sector, with a focus on the most high impact use-cases.

The consultation closes on 19 November 2021.

ICO launches consultation on incident reporting thresholds under NIS Regulations 2018

The ICO consultation seeks to address a perceived deficiency in the NIS legislation surrounding the incident reporting thresholds.  The thresholds were established when the UK was a member of the EU; the ICO arguing that these were set for a market size of the 28 EU member states.  The Government proposes to lay a statutory instrument which would revoke Article 4, which sets out the thresholds, from the UK retained version of the European Commission Implementing Regulation 151/2018.

The consultation closes on 7 October 2021.

Irish Data Protection Commission investigates TikTok

The DPC has commenced two own-volition inquiries pursuant to section 110 of the Data Protection Act 2018 in relation to TikTok Technology Limited’s (TikTok) compliance with requirements of the GDPR.  

The first will examine compliance with the GDPR’s data protection by design and default requirements as they relate to the processing of personal data in the context of platform settings for users under age 18 and age verification measures for persons under 13. This inquiry will also examine whether TikTok has complied with the GDPR’s transparency obligations in the context of the processing of personal data of users under age 18.  

The second inquiry will focus on transfers by Tiktok of personal data to China and TikTok’s compliance with the GDPR’s requirements for transfers of personal data to third countries.

ICO summary of G7 data protection authorities' discussion

The ICO has published a summary of issues discussed between its fellow G7 data protection and privacy authorities, at a virtual meeting with the theme 'Data Free Flow with Trust' on 7 and 8 September 2021.  The group have agreed:

• to share experience and intelligence
• initiate a dialogue with firms and other interested parties to examine the role of technology in creating a more privacy oriented internat, upholding and preserving the principle of an informed and meaningful prior consent online
• advocate for their role in future governance of artificial intelligence
• identify opportunities for greater enforcement cooperation including scope for extraterritorial application

Government plans review of retained EU law

In a statement to the House of Lords, Cabinet Office minister Lord Frost has stated that 'we must now revisit this huge, but for us, anomalous, category of law'; the review would remove the special status of retained EU law.  The statement co-incides with the Government's response to the TIGRR report on regulation which recommended reform of the GDPR and dropping the EU's 'precautionary principle' on new technologies.