Information Commissioner's open letter to the UK Prime Minister - Key Takeaways

We summarise below the six key commitments outlined by John Edwards in the letter which seek to package the UK ‘as an attractive place to launch and invest in innovative projects and businesses that will grow the economy’:

• Providing regulatory certainty to businesses on AI
  Artificial intelligence (AI) has the potential to add £47bn to the UK economy each year. However, regulatory uncertainty is seen as a hurdle to businesses in investing and adopting the use of AI. In response to this, the letter introduces the commitment to producing ‘a single set of rules for those developing or using AI products, to make it easier for them to innovate and invest responsibly while safeguarding people’s information rights’. The ICO also confirmed that it is dedicated to supporting the government in legislating rules to become a statutory code of practice on AI.

• Cutting costs for SMEs
  The launch of a ‘Data Essentials training and assurance programme’ during 2025/26 will ‘reduce the costs to businesses, increase customer trust, and grow SMEs’ confidence in using personal data responsibly, to grow their businesses’. This commitment acknowledges and responds to the difficulties SMEs have in navigating the digital regulatory landscape.

• Facilitating more innovation through its Regulatory Sandbox and Innovation Advice services
  The ICO is seeking to implement an ‘experimentation regime to give businesses a time-limited derogation from specific regulatory requirements to test their new ideas under strict governance controls supervised by the ICO’, with the findings used to inform further statutory revisions.

• Unlocking privacy-preserving online advertising
  Digital advertising boosts the UK economy significantly and adds a gross value of £129bn. However, it is not lost on the ICO how the digital advertising regulatory landscape is thorny to navigate. The ICO’s commitment in this regard is to ‘review where Privacy and Electronic Communications Regulations (PECR) consent requirements are preventing an industry-wide shift towards more privacy-friendly forms of online advertising, such as contextual models’. A statement will be published by the ICO  ‘outlining low-risk processing purposes (such as privacy-preserving ad measurement) which are unlikely to result in damage or distress’.

• Smoother and quicker international data transfer
  By ‘publishing new and updated guidance on international data transfers’, the ICO aims to make it simpler and quicker for businesses to transfer personal data on a global scale safely. To achieve this aim, the ICO will ‘work through international fora, including the G7 and the Global Privacy Assembly, to build international agreement on increasing mechanisms for trusted free flows of data’. The aim is also to work alongside the government ‘to review adequacy assessments for key trading partners’.

• Lower costs of engaging with multiple regulators
  For larger companies, having to ‘navigate complex interactions between regulatory regimes’ to be compliant on multiple fronts can come at an expensive cost. The ICO will continue to work with other digital regulators through the Digital Regulation Cooperation Forum (DRCF) alongside the government ‘in simplifying legislation on information-sharing between regulators’.