Download This PaperTowards Effective Supervisory Oversight? Analysing UK Regulatory Enforcement of Data Protection and Electronic Privacy Rights and the Government’s Statutory Reform Plans
37 Pages Posted: 12 Dec 2022
Date Written: November 28, 2022
Abstract
This paper finds that although the (UK) GDPR mandates strong enforcement and a prioritisation of this by the regulator including through the handling of data subject complaints, severe limitations exist in practice. Indeed, in 2021-22 the Information Commissioner’s Office (ICO) did not serve a single GDPR enforcement notice, secured no criminal convictions and issued only 4 GDPR fines totalling just £633k. The Tribunal has removed any substantive bite to the individual order to progress complaints remedy and the DCMS Committee has failed to provide effective holistic scrutiny. There is a case for some of the legislative reforms now proposed including reconstituting the ICO as a corporate board and increasing transparency. However, others risk providing a de jure entrenchment of the ICO’s positioning away from being a comprehensive upholder of core data protection rights. None directly address the serious challenges present here but a two-fold approach would do so. The order to progress complaints should police the appropriateness of the ICO’s substantive as well as procedural response and not-for-profit representative complaints should be permitted even without the mandate of data subjects in order to encourage well-argued, strategically important cases. Second, and at least as importantly, the Equality and Human Rights Commission should be obliged to periodically provide holistic scrutiny of the ICO’s enforcement track-record from a human rights perspective within which data protection rights must ultimately sit.
Keywords: AdTech, Brexit, DCMS Committee, data protection, Data Protection and Digital Information Bill, e-privacy, Equality and Human Rights Commission, fines, Information Commissioner’s Office, Parliamentary and Health Services Ombudsman, National Audit Office, Real Time Bidding, tribunals, UK GDPR
Suggested Citation: Suggested Citation
David Erdos (Contact Author)
University of Cambridge - Faculty of Law ( email )
10 West Road
Cambridge, CB3 9DZ
United Kingdom
HOME PAGE: http://www.law.cam.ac.uk/people/academic/d-o-erdos/5972