Question to the Department for Science, Innovation & Technology:

To ask Secretary of State for Science, Innovation and Technology, if she will make an assessment of the potential merits of requiring the Information Commissioner’s Office to (a) maintain a (i) central and (ii) publicly accessible repository of privacy notices providing the required Articles 13 and 14 information in the standard format and (b) challenge organisations where the information provided does not fully and clearly inform data subjects.

The UK Data Protection regime is administered and enforced independently of the government by the Information Commissioner’s Office (ICO). Article 52(1) of the UK General Data Protection Regulation (UK GDPR) requires that the Information Commissioner is to act with complete independence in performing his tasks and exercising his powers under the UK GDPR. Article 52(2) goes on to require that the Commissioner must remain free from external influence and neither seek nor take instructions from anybody when carrying out his functions under the UK GDPR. The Data Protection Act 2018 (DPA) sets out further detail about the governance arrangements and responsibilities of the Information Commissioner, in particular at Part 5 and Schedule 12.

The Information Commissioner is directly accountable to Parliament and reports against agreed key performance indicators to the DCMS Select Committee. The ICO-DCMS management agreement provides more information about the relationship between the ICO and DCMS, and can be found at: https://ico.org.uk/about-the-ico/who-we-are/relationship-with-the-dcms/.

The UK GDPR can be found at: https://www.legislation.gov.uk/eur/2016/679/contents, whilst the DPA can be found at: https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted.