Research

Who Regulates the Regulators? The Information Commissioner’s Office

Victoria Hewson and James Tumbridge
15 July 2020

SUGGESTED

previous
Coronavirus

Freight Expectations

Post-pandemic prospects for global trade

3 July 2020
next
Healthcare

The Henry Fords of Healthcare

28 July 2020
latest
Trade, Development, and Immigration

Unplugging progress: the case against EV tariffs

4 November 2024

No 1: The Information Commissioner's Office

https://iea.org.uk/wp-content/uploads/2020/07/Who-regulates-the-regulators_.pdf
Download (PDF)
Press release
Summary

  • The Information Commissioner has wide ranging functions and powers. They are not always parameterised clearly in the relevant legislation. The Information Commissioner’s reporting shows little evidence that objectives are being met, or even measured. The Parliamentary Committee responsible has not performed its scrutiny function of the Information Commissioner’s Office (ICO) well and a forum appears to be lacking for detailed examination of its actions at a technical and legal level.

  • In practice the current data protection regime is not working as had been foreseen by the European Commission in its impact assessment for the General Data Protection Regulation. The costs to businesses have been much greater than expected and there appear to have been negative effects on competition and investment. Many businesses are not fully compliant and some believe full compliance is not possible, suggesting that the Information Commissioner is not succeeding in its functions of promoting public awareness and understanding, and monitoring and enforcing compliance.

  • There is insufficient oversight and review of fines and enforcement actions taken by the Information Commissioner. Challenging a decision is costly, there are serious procedural defects and imbalances, and the fines that can be levied are out of all proportion to the harm or loss caused.

  • The Information Commissioner can issue guidance that is of uncertain legal effect but has serious consequences – and does so without producing impact assessments. This has negative consequences for the rule of law and accountability.

  • The ICO is well regarded internationally and by business organisations for its role in data protection law and policy, but there are reforms that could usefully be made to improve its accountability and effectiveness, while maintaining its independence.


Fullscreen Mode


Victoria Hewson

Head of Regulatory Affairs

Victoria joined the IEA’s International Trade and Competition Unit in Spring 2018. She is a lawyer and practiced for 12 years in the fields of technology and financial services, before joining the Legatum Institute Special Trade Commission to focus on trade and regulatory policy. She has published work on the implications and opportunities of Brexit in financial services and movement of goods and the issues in connection with the Irish border. Before entering the legal profession Victoria worked for Procter & Gamble in the UK and Germany.


James Tumbridge
James Tumbridge is a partner of Venner Shipley. He has extensive experience  in  commercial  litigation, intellectual property and alternative  dispute  resolution (ADR).  James is particularly known for his government relations and data protection practice. He is one of the authors of the UK Data Protection Act 2018 that implemented the General Data Protection Regulation. He has extensive experience of regulatory compliance in matters of data protection in Europe and globally. James has been an ad hoc advisor to various UK Members of Parliament and Members of the European Parliament on this subject, as well as a range of IP and dispute issues. As a Chair of Police Tribunals, James has considered and ruled on data protection issues arising in the context of data and policy breaches. He has also trained three police forces on data compliance.

SHARE

Follow IEA on Twitter Like IEA on Facebook Connect with IEA on LinkedIn

Newsletter Signup