Abstract
The Information Commissioner has wide-ranging functions and powers, which are not necessarily parameterised clearly in the relevant legislation. Its reporting shows little evidence that objectives are being met or even measured, and there is no a forum for a detailed examination of its actions at technical and legal levels. The current data protection regime is not working as had been foreseen by the European Commission: costs to businesses have been much greater than expected and accompanied by negative effects on competition and investment. Many businesses are not fully compliant and some consider full compliance impossible. There is insufficient oversight and review of fines and enforcement actions taken by the Information Commissioner. Challenging a decision is costly, and the fines that can be levied are out of all proportion to the harm or loss caused. The Information Commissioner can issue guidance that is of uncertain legal effect, but has serious consequences – and does so without producing impact assessments. This has negative consequences for the rule of law and accountability. The ICO is well-regarded internationally and by business organisations for its role in data protection law and policy, but there are reforms that could usefully be made to improve its accountability and effectiveness and maintain its independence.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
