Data protection

The business case for investing in proactive privacy protection

Invitation to tender for a research project

Review of EU Data Protection Law

The Information Commissioner’s Office (ICO) has published the review of the strengths and weaknesses of the EU Data Protection Directive which it commissioned from RAND Europe.

The ICO commissioned RAND Europe to conduct the study amid growing fears that the current European Directive was out-dated and too bureaucratic.

The RAND study concludes that, in an increasingly global, networked environment, the Directive will not suffice in the long term. The report acknowledges that the Directive has helped to harmonise data protection rules across the European Union and has provided an international reference model for good practice. However, the report also says that the Directive is often seen as burdensome and too prescriptive, and may not sufficiently address the risks to individuals’ personal information.

Read the full report
Read the report summary

Privacy By Design

The ICO has commissioned the Enterprise Privacy Group to undertake a project aimed at promoting ‘privacy by design’. Despite more than 20 years of data protection legislation in the UK and efforts to encourage the adoption of privacy friendly technologies and ways of working, progress has been disappointing and data protection and privacy safeguards are often bolted on as inadequate afterthoughts rather than built into new developments from first principles.

With the current drive for increased information sharing, large centralised databases and increasing use of biometrics, the ICO sees the concepts at the heart of ‘privacy by design’ as helping ensure that essential safeguards against potential unwarranted risks to individuals' information and privacy are put in place in new developments. The ICO wants to try to help bridge the current gap in both the public and private sectors.

The project will culminate in a short report setting out the privacy by design concept and mentioning some of the privacy enhancing technologies and working methods that already exist. The report will concentrate on why there have not been better levels of adoption; the barriers to this and what can be done to improve the situation.

The ICO will publish the completed report at a conference it is organising entitled ‘Privacy by Design’. The free to attend conference will be held at the Lowry Hotel Manchester on the 26 November 2008.  Further details about the project and how to participate in the work can be found on the privacy by design website.

Notifications payment research

It is being considered that the charging regime for data controllers notifying with the ICO will be revised. In February 2008 a research project conducted amongst data controllers was commissioned to provide information to help inform how the revised charging regime could be applied.

SMSR Ltd was commissioned to undertake the study on behalf of the ICO. SMSR Ltd is an independent market research company based in Hull which adheres to the Market Research Society’s Code of Conduct.

Notifications payment research report

Stakeholder perception study

A commitment of the stakeholder relations strategy, launched in 2007 is to track progress of our actions. As a result a survey was undertaken in March 2008 to measure perceptions of the ICO amongst key stakeholders.

The stakeholder perception study involved stakeholders which have a high interest in what we do and can have a high influence on ICO, data protection and freedom of information issues.

The research was conducted on behalf of the ICO by Jigsaw Research and Critical Research, both independent market research agencies based in London.

Stakeholder perception study: research report