As highlighted by our new Privacy 2040 initiative, there have never been more opportunities to shape the existing and future privacy and cybersecurity legal framework. Consultations on draft guidance and surveys of various stakeholders are an important step in the production of new rules and materials, and the UK Information Commissioner’s Office (ICO) and the European Data Protection Board (EDPB) currently have a number of open consultations. The consultation process provides an opportunity to contribute to and to influence regulatory direction. This post lists and discusses a number of consultations which are currently open.
The ICO’s consultation on its draft Direct Marketing Code of Practice focuses on the statutory code of practice the regulator is required to produce under the Data Protection Act 2018. The Code is wide-ranging and takes a “life-cycle approach” to direct marketing, with sections covering the planning of marketing, collecting data, delivering marketing messages, and individual rights. This consultation closes on March 4, 2020.
Data controllers who process personal data relating to criminal convictions may be interested in a survey the ICO is carrying out with the aim of ascertaining whether gaps exist in awareness and understanding of data protection requirements for processing such data. The survey closes on March 13, 2020 and may lead to further guidance. The ICO is also consulting on a package of support for the providers of online services likely to be accessed by children aimed at ensuring compliance with the Age Appropriate Design Code. Once the Code is approved by Parliament, online service providers will have twelve months to implement the final version of the Code.
Finally, the ICO has been working on an AI auditing framework and is now consulting on draft guidance related to that framework. The views of those with a compliance focus or speciality in technology are being particularly sought. The guidance contains advice about data protection law in the AI context, recommendations for organisational and technical measures to mitigate the risks AI poses to individuals, and a methodology for auditing AI applications to ensure data processing is fair. This is a particular opportunity to help the ICO shape its approach to innovation and technology.
The EDPB also carries out public consultations to which interested stakeholders and citizens of the European Union are invited to contribute. The EDPB’s first two sets of draft guidelines of 2020, on connected vehicles and mobility related applications and transfers of personal data between EEA and non-EEA public authorities, are being consulted on. The closing dates are March 20, 2020 and April 6, 2020 respectively.