The Information Commissioner’s Office on the 4th of July 2017 took a step forward with regards to privacy protection for the UK public from overseas data protection threats and risks, by publishing its first ever International Strategy document. Its aim is to not only enhance privacy protection but it also commits the ICO to learning about new ideas and developments emerging from other countries.
The International Strategy sets out the main challenges the ICO faces and their associated priorities. These are as follows:
To operate as an effective and influential data protection authority at European level while the UK remains a member of the EU and when the UK has left the EU, or during any transitional period.
Maximising the ICO’s relevance and delivery against its objectives in an increasingly globalised world with rapid growth of online technologies.
Ensuring that UK data protection law and practice is a benchmark for high global standards.
Addressing the uncertainty of the legal protections for international data flows to and from the EU, and beyond, including adequacy.
To meet the first challenge the ICO have identified three priorities in order to implement GDPR and to ensure collaboration with European Data Protection Authorities. These include: providing expert advice to the UK Government on the data protection implications of leaving the EU, strong engagement with the Article 29 Working Party which consists of the independent data protection authorities of member states of the EU and EDPB until the UK exits the EU and Wider European engagement.
To meet the second challenge the following priorities are identified: engagement with leading international privacy networks, exploration of relationships with networks where there has not been engaged previously and development of stronger links with data protection authorities in Commonwealth countries.
The ICO also aims to continue to play a leading role in joined up, efficient and effective international enforcement co-operation mechanisms that can lead to better enforcement of data protection compliance in the UK as well as invest in bi-lateral relationships, including enforcement co-operation, with the most strategically important economies and data protection/privacy authorities globally.
In addition, the ICO with regards to the second challenge strives to explore new links with international bodies and regulatory networks that do not focus on data protection but have an important influence on developing global standards that affect data protection and the share information and knowledge with other independent bodies responsible for enforcing and promoting freedom of information laws.
In ensuring that UK data protection law and practice is a benchmark for high global standards, the International Strategy has prioritised collaborating with the international business community and other stakeholders in order to support work to turn the GDPR’s accountability principles into a robust but flexible global solution.
Finally, the priorities in relation to challenge 4 include: working to ensure that personal data transferred from the UK to third countries continues to be adequately protected and supporting the development of mechanisms to support better interoperability between the UK’s data protection laws and other systems such as the APEC Cross Border Privacy Rules (CBPR).
As well as setting out priority actions and strategies for meeting the challenges identified, the document also states how the ICO’s internal structure and resourcing will reflect an enhanced global dimension. The strategy runs until 2021. However, recognising that the ICO needs to be agile in an ever-changing world, it will be regularly reviewed and updated in response to new challenges and opportunities.
If you have any questions in relation to GDPR or the International Strategy Document please contact Andrew Swan – Head of Regulation and Financial Crime or Sheila Ramshaw - Specialist in Regulation and Financial Crime on 0191 211 1503.