On Monday, we saw the ICO’s 12th annual Data Protection Practitioners’ Conference
take place at the Manchester Central Conference Centre.
The day had a variety of events including a talk from President and Executive Director of EPIC (Electronic Privacy Information Centre), Marc Rotenberg, and panel sessions covering important topics, including what Brexit means for Data Protection.
Several interesting discussion points were raised throughout the day and I would like to
take the time to discuss with you the two that I found myself most fascinated by. First,
the ICO’s focus on the accountability principle of the GDPR, and second, the developing
area on Ethical Data Protection and AI profiling.
One: “Accountability encapsulates everything the GDPR is about.”
The Commissioner made the message on prioritising accountability clear in her opening
speech for the DPPC. The ICO will not be satisfied with organisations just complying
with the new regulations. The emphasis is instead on the ability to demonstrate you are
compliant.
This strong message from Elizabeth Denham will likely be a welcome one to Data
Protection Professionals across the country, who may be battling to convince
organisations that the GDPR is not a one-time tick box, but a factor to consider
continually. The Commissioner’s reinforcement of this point should help cement Data
Protection’s integration into business culture. The progress we have made in the year
since GDPR came into force is a promising start but we must continue the trend in the
right direction.
Two: Technology, ethics and compliance – leave no room for loopholes.
I would like to congratulate Mikko Nava for winning the second ICO Data Practitioner of
the Year award. I thought his acceptance speech was genuine and gracious and his
thoughts on the industry being “the intersection between technology, ethics and
compliance,” was thought provoking in its own right. With data privacy incorporating so
many areas which are in the process of change and growth, the only way to ensure the
protection of data subjects is by reaching an equilibrium between technology
advancements, the ethics surrounding the tech, and the legislation which is already in
place.
To reach this balance, forward-thinking ethical and legal discussion is required, that
would not afford future technologies loopholes in the law. We also need to improve the
understanding of these technologies, such as the growing use of Artificial Intelligence
(AI).
It was a welcome sight to see the ICO taking steps towards striking this balance. Their
AI auditing framework blog, which helps demystify this area, is a useful starting point. I
will be putting out a few thoughts on this topic myself, over the coming months.