Insight Local Government Lawyer Insight February 2018 31 Practice for his department and ask the ICO to approve it; alternatively, he can task the ICO to produce a Statutory Code. Such a Code produced by the ICO, like the Framework, can be laid down before Parliament and can balance any conflicting processing interests in a considered way. The main difference is that the ICO has control of content of a Code of Practice whereas it is the Secretary of State that controls the text of the Framework. Public trust in the Framework ultimately depends on who is in control of the text. The fact that these Clauses do not allow the ICO to veto and/or modify the text of the Framework permits it to contain provisions that could skew data protection in favour of a government controller (in this case, this includes any present or future Secretary of State). It is the longevity of these Clauses, the ability to ignore the ICO and the ICO’s lack of control over the text combined with the unknown nature of our future political masters which makes them unacceptable; there is, quite simply, no counter-balance. There appears to be an assumption the Secretary of State will produce a Framework where the ICO is in agreement; history shows that this assumption is false. Without a change to allow the ICO to have independent control or final say on the content the Framework, the Framework should be seen as dangerous. #Fakedataprotection. Chris Pounder is director at Amberhawk Training and Amberhawk Associates. He is a member of the Identity Assurance, Privacy and Consumer Advisory Group (advising the Cabinet Office on “privacy friendly” use of identity assurance techniques) and the Data Protection Advisory Panel (advising the Ministry of Justice on its approach to the EU’s Data Protection Regulation and Directive in the field of law enforcement). www.amberhawk.com References Official explanation of the powers: https://publications.parliament.uk/pa/bill s/lbill/2017-2019/0066/18066- DPMsupplementary.pdf To be honest, one wonders whether erecting barriers to ICO enforcement damages the notion that the UK Information Commissioner is independent of government. Public trust in the Framework ultimately depends on who is in control of the text. The fact that these Clauses do not allow the ICO to veto and/or modify the text of the Framework permits it to contain provisions that could skew data protection in favour of a government controller (in this case, this includes any present or future Secretary of State).