John Edwards, the Information Commissioner, delivered a keynote speech at the Data and the Future of Financial Services Summit. The speech focussed on the ICO’s regulatory philosophy and how it is empowering businesses in the finance sector and protecting consumers that rely on these services.
Edwards explained that the ICO understands that the financial services sector’s work relies heavily on being able to use and exchange personal data. The ICO is a ‘whole economy’ regulator, and understands that there is a balance to be struck between empowering the public to share their information with confidence whilst supporting organisations to use this information responsibly, proportionately and safely.
Regulatory co-operation is part of the ICO’s three-year plan (ICO25) objectives. For example, being part of the Digital Regulation Cooperation Forum has enabled the ICO to work closely with regulators (the FCA, the CMA and Ofcom).
Under two headings the ICO sets out some examples of how it is helping the financial services sector:
- by providing detailed, sector-specific advice for organisations of all sizes on their data protection obligations; and
- by providing its Innovation Advice service and sandbox service. Under this heading, the ICO reminds firms that they are accountable for considering:
- what is their lawful basis for processing;
- how will firms ensure processing is fair and transparent; and
- how will people’s rights under Article 22 of UKGDPR related to automated decision-making be upheld – for example their right to request human intervention or to challenge a decision?
Edwards stated that there is no excuse for reckless innovation that puts people at risk of harm. Innovation needs to be done responsibly. The ICO expects, and requires, financial services firms to be considering all of their data protection obligations from the outset and to take a data protection by design and default approach. This isn’t optional – if firms are processing personal data, it’s the law.
For more information, click here.