The UK Information Commissioner’s 2018 report: Privacy and rights take centre stage.
Reports by statutory bodies very seldom make for interesting reading and for most outside observers the 2018 Information Commissioner’s (ICO) report is perhaps no different. For those of us interested in issues such as privacy and cyber security, it is quite a different story though. Not only is the Cambridge Analytica and Facebook saga still a hot topic, but the 2018 report is the first to be published since the GDPR came to force. As one might expect, given this context, there have been a couple of notable changes over the past year.
In more general terms the report highlights the increased need, year over year, for the ICO’s services and draws attention to its various initiatives. The report’s more interesting revelations are however not in these generalities but in the numbers supporting them. Over the past year the ICO has seen the following increases:
· nearly 29% more self-reported breaches
· 23% more data protection complaints
· 12% more freedom of information requests
During the last quarter of the reporting year the ICO also saw a jump of 29000 more calls to its advice lines than during the previous quarter.
It is noteworthy that the reporting period ended just over a month before the GDPR became enforceable, which may well indicate increased need for the ICO’s service over the coming year.
Of course, if one understands the Web as a sociotechnical system then these effects are to be expected. In this, legislation can be described as the manner in which humanity gives formal structure to its society, including the technological aspects thereof. A formal change in that structure will necessarily lead to disruptions, at least in the short term. Of course, such shifts can also bring about changes in the technology, as has been the case with the GDPR. First with a flood of privacy emails and now the proliferation of checkbox compliance by website owners.
Of course, in a sociotechnical system the flow of cause and effect operates in both directions, with technology impacting on society and society again impacting on the technology. So for instance, Automatic Number Plate Recognition (ANPR) is used widely for traffic enforcement in the UK. The recordings made using ANPR cameras have been kept for a period of two years but according to the ICO’s report, recent research has shown that a retention period longer than 1 year does not add to utility and as such present an unjustified use of private data. After the ICO and other parties raised this concern, policing bodies in the UK are now changing their data retention practices to fall in line with this finding.
This back and forth influencing might be the norm in a sociotechnical system, but the introduction of a massive change such as the GDPR is bound to have an impact that is felt both broadly and for an extensive period.
With the new ePrivacy Regulation still to come, and this only being the start of GDPR implementation, it is safe to assume that the ICO’s yearly reports will show increased activity across most of its services for several years to come.
The full 2018 report can be found here.
