View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

ICO says Europe must get “practical” on data regulation

British data authority hails greater fining powers, but says regulators need funding.


The British Information Commissioner has demanded that Europe take a "practical" approach to protecting the data rights of its citizens.

Christopher Graham warned the European Conference of Data Protection Authorities that the digital revolution was not waiting for the authorities to catch up.

Referring to research collated ahead of the conference, he noted that citizens were demanding control over their personal data, transparency at organisations that handle it, and security to protect it.

From regulators, citizens also want transparency, independence and consistency in how rules are enforced, as well as access to remedies in the event that data is mishandled.

"The point is that citizens and consumers attitudes to privacy are changing as they become accustomed to the digital deal," Graham said.

"Public attitudes and awareness may not be uniform. Tech savvy youngsters may not have thought through the implications of being quite so free with their data. Older people may not always understand quite what’s going on.

"But we have to understand what today’s data subjects understand about data – and what they expect of us as the guardians of their fundamental rights."

Content from our partners
The growing cybersecurity threats facing retailers
How to integrate security into IT operations
How Kodak evolved to tackle seismic changes in the print industry and embrace digital revolution

During the speech Graham discussed the impending update to EU data regulations, the most controversial provision of which is a mechanism that could allow regulators to fine companies up to 5% of global turnover.

Whilst he welcomed the measure, saying "it makes the punishment fit the crime – and fit the perpetrator", he also also said the top fine had to be used selectively to be effective.

At present the ICO is allowed to fine data controllers who flout their obligations up to £500,000, and the information commissioner argued that the simple fact it could do so had had a "big impact" even on businesses it had not fined.

Finishing his speech, Graham also said that data regulators must be appropriately funded in order to do their jobs. "Here it is worth challenging the politicians," he said. "Don’t legislate for what you are not prepared to fund."

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy