Hello, and thank you for inviting me to speak with you.
What shines through all the sessions today is the opportunity that lies in front of us. And more specifically, the benefits – to business, to UK plc, to UK society – that data offers.
My role is to give you the regulator’s perspective.
And let’s be clear from the outset: my role is not to stand in the way of progress. We are not ‘the department of no’.
In fact quite the opposite.
It’s clear from the conversations today that exponentially increasing flows of personal data and the evolving sophistication of information technologies have made data a key asset. But like any asset it requires investment – for it to be managed, protected and respected – to unlock its impact and value.
What I’m going to set out now is how good data protection is an investment that can maximise the value of data. Good data protection ensures that your innovations work not only on paper, but in the real world, where you need people to have trust and confidence in what you’re doing.
Data protection and trust
At its core, data protection is about trust. It has always been about trust. Data protection law was born in the 1970s out of a concern that the potential from emerging technology would be lost if we didn’t embrace innovation.
That link with trust remains today. The data-driven innovations you are planning will only work if people are willing to share their data with you, trusting it will be used fairly.
Good data protection consideration helps to encourage that trust. We’ve all seen that first hand this past year. Contact tracing that relies on people downloading apps or scanning QR codes would have fallen at the first hurdle if people felt their data might be used in unfair or unexpected ways.
Early consideration of privacy – including the concept of privacy by design – sets out a roadmap that can guide you to a final product that people will trust.
Data protection and data security
Trust is also earned by people having confidence their data won’t be lost or hacked.
I was struck by the ICO’s research that shows people who have heard about a data breach, have lower levels of trust and confidence in organisations using their data across the board.
Or to put it another way, one company’s data breach can reduce the value of the data assets held by other companies in their sector.
We all know that scams and the theft of data is a growing concern for us all. The good news is that I’ve seen a real shift over the past three years, with cyber security moving from being an IT responsibility to a board level imperative. There is a growing appreciation of data as an asset to be protected and valued.
That’s crucial: my experience is that the biggest data security breaches come not from a lack of technical knowledge, but from a lack of awareness of what data a company holds, and a lack of staff training on processes. The law, of course, requires both.
There is an associated benefit: our data protection laws offer reassurance to companies outside of the UK that data is protected here encouraging data flows and the associated economic benefits.
Data protection and data flows
That international aspect is important. As the Minister said, the UK is well placed to reap the benefits data can bring in the coming years, both to our economy and to our society.
Trust is one of the key selling points of the City. And the good data protection standards we require in the UK travel well: the principles of current UK law are familiar and reflected around the world. They are the starting point for new laws from California to Brazil.
There is more to be done here. In the short term, the focus is on cementing our data flows with the EU, but in the longer term my view is we need to take an ambitious international view.
A global accord, a Bretton Woods for data, setting out minimum standards and protections for data around the world would offer strong reassurance to consumers and citizens.
And it could have a real impact on facilitating truly global financial data flows. Watch this space for more on that.
The ICO’s role
I’ll bring my comments to a close with a simple request: don’t be a stranger.
The value of your data assets is so much greater with public trust, and our support can help you to realise that potential value.
I would be here long beyond my ten minute slot if I listed every way we can offer that support.
We provide practical advice and guidance informed by the conversations we have with organisations. The support we provided throughout the pandemic is a good example, as is our guidance to encourage and enable safe data sharing, and our support around AI explainability and our AI toolkit.
We run a privacy sandbox to hear innovators and to help them
We collaborate with the FCA, with the CMA, with Ofcom, and through the Digital Regulation Cooperation Forum.
And yes, we issue sanctions, for the worst offenders who try to gain an unfair competitive advantage by flouting the rules.
Let us help you find approaches that are fair, transparent and maximise trust in a project.
Data offers you enormous opportunity.
Good data protection is an investment that will unlock its impact and value.