No reason to exempt public bodies from data protection fines
Sir, – The proposed exemption of public authorities and bodies from administrative fines under the terms of the General Data Protection Regulation would be a serious error of judgment.
As Data Protection Commissioner Helen Dixon put it, there is “no basis on which public bodies or authorities” should be excluded. If the Government goes ahead with this exemption, it risks bringing the law into disrepute and damaging the trust and reputation of the public sector, as it will be seen to be held to a lower standard of compliance than other sectors. And it’s worth noting that nonprofit and charitable organisations will also be potentially subject to the fines; this is not just a concern for commercial undertakings.
The UK’s information commissioner has from time to time come in for criticism for imposing hefty administrative fines on public bodies under existing powers, because the fines were seen to be reducing resources for vital public services. Former information commissioner Christopher Graham’s response was to the effect that data protection law has to be enforced without fear or favour on all organisations and that in any case the fines go back into central funds, from where it is the UK government’s prerogative if it so chooses to return fines to any penalised public body. Our Government would be well advised to take a similar approach. – Yours, etc,