In a recent op-ed for The Times, Information Commissioner John Edwards doubled down on his long-stated belief that imposing significant monetary penalties on big tech companies is ineffective in ensuring regulatory compliance. His remarks have sparked criticism from privacy advocates who argue the need for stronger measures against such tech companies. In contrast, Edwards counters that large fines, similar to those seen in Europe, would only lead to prolonged legal challenges for his office rather than meaningful change. Mr Edwards went on to say, "I don't believe that the quantum or volume of fines is a proxy for impact. You know, they get a lot of headlines. It's easy to compile league tables but I actually don't believe that that approach is necessarily the one that has the greatest impact."
Looking at the difference in approach, the article highlights the disparity between the average fine amount imposed by the Information Commissioner's Office (ICO), which is around €504,000 (£419,144), compared with €112 million (£93 million) for the EU. In terms of the total amount of fines issued since 2018, the ICO has issued €75.5 million (£62.8 million) compared with €3.2 billion (£2.661 billion) for the EU.
However, rather than relying solely on fines, Edwards advocates for engaging directly with the tech industry to foster compliance, particularly with laws like the Age-Appropriate Design Code (AADC). As such, he pointed to a "dozen examples" of success stories stemming from this collaborative approach.
Commenting on the article, Ben Rapp from Securys said the ICO needs to move away from "toothless reprimands to the full panoply of enforcement orders. Otherwise, not only does the UK risk serious infringements of citizen rights and freedoms, but also losing its status as a safe destination for data exported from other countries."
Meanwhile, Madeleine Stone, senior advocacy officer at Big Brother Watch, said: "The ICO's conciliatory approach to the enforcement of data protection law is strikingly at odds with the public's growing concern over the power of Big Tech companies and their use of the public's sensitive personal data."
In a LinkedIn post, data protection specialist Jon Baines highlighted at least two issues with the article (others are raised in the comments), the first being that the ICO can enforce the Children's Code and take action against big tech companies at the same time. In his second point, Baines said that if we have learned anything about the practices of technology companies over the last 15 years, they are not as compliant as Mr Edwards believes them to be.
£ - This article requires a subscription.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 5,750 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.
