UK’s Information Commissioner’s Office has released its 2019-20 annual report, describing discussions around biometric facial recognition among “transformative” highlights for privacy and data protection.
“We have seen a transformative period in our digital history, with privacy established as a mainstream concern, and with complex societal conversations increasingly asking data protection questions,” Information Commissioner Elizabeth Denham said in a prepared statement. “This report shows the ICO has been at the center of those discussions, from how facial recognition technology is used to how we protect children online.”
The Age Appropriate Design Code is an important piece of the report, as it shows the organization’s commitment to innovation and practical business support. Part of the Data Protection Act 2018, the code will provide guidelines to help companies abide by the framework for information rights regulation. By building design standards for online services, the Commission aims to improve children’s privacy online.
The organization also released its first Commissioner’s Opinion regarding the use of biometric data and automatic facial recognition by the South Wales Police. Following an investigation on how the technology was used in public spaces, ICO published a statement on the High Court Judgement. ICO participated in police deployments and compliance assessments of both South Wales Police and Metropolitan Police Services. An investigation was also launched on the deployment at King’s Cross.
Overall, ICO received 38,514 data protection complaints, resolved 39,860 data protection cases raised by the public, and received 6,367 freedom of information complaint cases.
To help companies post-Brexit, the institution published a set of data protection guidelines to assist during the transition. By launching the freedom of information strategy, ICO wants to build more transparency in how public authorities operate to gain people’s trust.
Some highlights of 2019 include launching the Be Data Aware campaign, publishing the Adtech update report, arranging a consultation to discuss the draft framework code of practice for personal data use in political campaigns, naming a Data Ethics Advisor, as well as publishing a statement regarding data protection during COVID-19.
The institution reached an agreement in a case with Facebook reported under the Data Protection Act 1998. Back in 2017, an investigation was started regarding the misuse of data in political campaigns.
Over the past year, ICO ran more than 2,100 investigations and acted against breaches 236 times through fines, prosecutions, and information, enforcement and assessment notices. ICO’s newly launched Regulatory Sandbox provides assistance to companies whose products use personal data in innovative and safe ways. The institution worked on privacy case studies with different organizations.
The ICO Research Grants Programme that invests in research into privacy and data protection received 67 applications related to AI, machine learning and biometric data, children’s data, and blockchain.
The Regulators’ Pioneer Fund invested in an 18-month project part of the Innovation Hub focused on clinical trials data, AI and Open Banking.
When it comes to its international agenda, ICO will keep chairing the Global Privacy Assembly to establish an international network that safeguards UK citizen’s data across borders.
The impact of COVID-19 is not included in the timeframe analyzed in the report.
“The digital evolution of the past decade has accelerated at a dizzying speed in the past few months. Digital services are now central to how so many of us work, entertain ourselves and talk to friends and family,” Denham said. “The law has not changed, and the ICO continues to be a proportionate and practical regulator.”