Managing tomorrow's world: the ICO's strategy for a better tech future

Lindsay McEwan, VP and managing director EMEA, Tealium

Technological advances are transforming how we live and work. On the whole, these changes are positive: powering greater connectivity and efficiency, and even saving lives. But with the rising use of smart tools comes risks that need to be mitigated.

This is why the Information Commissioner’s Office (ICO) has recently created its first Technology Strategy. As well as setting out the ICO’s approach for General Data Protection Regulation (GDPR) compliance, these plans also place a strong emphasis on balancing innovation with responsibility that all companies should be emulating, particularly in regards to cyber-security, artificial intelligence and online data privacy. 

Spearheaded by Elizabeth Denham - the Information Commissioner and number one on the DataIQ 100 list for 2018 - the strategy advocates a respectful approach to data that will help win consumer trust and thereby fuel a positive future for tech.  

Let’s explore the key takeaways of the ICO manifesto:

The core priorities: 

1. Cyber-security

Risks to cyber-security are a crucial area of concern for ICO, specifically hazards created by the way personal data is collected, stored and transmitted. As more connected technology features are introduced, threats to infrastructure, networks, Internet of Things’ devices, smartphones and tablets will keep growing, making it vital to adopt a robust security policy and employ the right talent. The ICO plans to build a workforce of more than 600 by 2020, which will include technical experts focused on cyber-safety.

2. Artificial intelligence, big data and machine learning

Aiming to establish the UK as a leader in emerging technologies, the Government released its industrial strategy in April this year, which prioritises AI, machine learning and big data. By using huge stores of personal data, technologies - which are often cloud-centric to take advantage of large-scale processing - allow better, faster decision-making based on individuals’ habits and preferences, but must be leveraged responsibly. The ICO is therefore pushing for a broader ethical framework to form part of all AI research and implementation, particularly when it comes to potentially intrusive use cases, such as facial recognition. 

3. Web and cross-device tracking

Tracking tools such as HTTP cookies have been around for a long time, but of late highly-personalised methods of monitoring consumer behaviour are increasingly being used and should be deployed carefully. For example, while browser, device, and canvas fingerprinting have many valuable uses, there is a possibility they could be harnessed for systematic and invasive tracking. As a result, it is imperative to set clear rules for tracking activity that prevent companies from crossing the line on data privacy. 

Top three goals: 

1.  Education and guidance around technology issues

As part of a mission to drive broad technological understanding, the ICO will educate its staff and other companies’. This is set to include internal programmes focused on boosting technical knowledge and external guidance on areas such as the GDPR, and on avoiding data protection issues. The ICO is also due to share “lessons learnt” from cyber-security breaches and promote adherence with privacy by default for all companies.

2.  Risk research

ICO will draw on internal and independent research and expertise to develop better knowledge of emerging technologies and data protection risks that can then be imparted to businesses and the public. 

3.  The right staff and partnerships

Having the right staff to do the job is important to the ICO, as is establishing partnerships with stakeholders, such as universities focused on technology. In line with this, it has developed a two-year post-doctoral role to investigate the impact of artificial intelligence on data privacy, encompassing big data and machine learning. It will also hold an annual conference of data protection and technology utilising new links with bodies that have an influence on developing global technology standards that affect data protection.


The ICO’s tech strategy takes us up to 2021: considering the vast changes not only to the technical landscape, but society as a whole thus far, it’s impossible to say what new developments will come between now and then. However, what we can be sure of is that preparation, understanding and regulation are essential to fuel progress. And this means companies should be following in the footsteps of the ICO and setting their own future-gazing strategies to ensure successful navigation of tomorrow’s tech world. 

Please note that blogs are the sole view of the author and that they are not neccesarily the view of IQ ddg Ltd and should not be interpreted as advice. Please read our full disclaimer