The Information Commissioner’s Office (ICO) has launched its first international strategy, setting out the organisation’s plans for the next four years.
“Our strategy presumes that GDPR will also be assumed into UK law before exit to ensure there is continuity and certainty about UK law afterwards,” it said, adding that it’s important for the UK to retain “a high standard of data protection and data protection as a fundamental right”.
This includes providing expert advice to the UK government on data protections implications of leaving the EU, especially the ICO’s relationship with the European Data Protection Board (EDPB), which will operate from May 2018 when the GDPR comes into force. The ICO expects the EDPB to be a “highly influential global player in setting the direction for data protection and privacy challenges”.
“Recognising our role may be shaped by the Brexit negotiations, we will seek to maintain a strong working relationship with the EDPB when the UK exits the EU,” the strategy said.
“We will also seek to strengthen bilateral relationships with individual EU data protection authorities where appropriate.”
The ICO also wants to ensure that in an increasingly globalised world, the data of UK citizens has strong protections, and that UK data protection law and practice is a benchmark for high global standards.
Read more about the ICO
- Information Commissioner’s Office finds that the controversial NHS data-sharing deal with Google DeepMind did not fully comply with the Data Protection Act.
- The GDPR and global enforcement work will place an extra work burden on the ICO, but government has collaborated on a new funding plan that is awaiting parliamentary approval.
- Information Commissioner’s Office encourages business to review guidance on the General Data Protection Regulation as it is published to identify what areas need to be addressed in 2017.
This means collaborating with international businesses and stakeholders to turn the GDPR’s accountability principles into a “robust but flexible global solution”.
Perhaps one of the most challenging areas will be addressing the uncertainty of what protection will be in place for international data flows to and from the EU post-Brexit.
“We will seek to explore the concept of the UK as a ‘global data protection gateway’ – a country with a high standard of data protection law which is effectively interoperable with different legal systems that protect international flows of personal data,” the strategy said.
“We will work to ensure that personal data transferred from the UK to third countries continues to be adequately protected.”
It will also work with international privacy networks across the world, both where there are established relationships, but also explore the potential of new connections such as in the Asia Pacific region.
“We will continue to play a leading role in joined up, efficient and effective international enforcement cooperation mechanisms that can lead to better enforcement of data protection compliance in the UK,” the strategy said.
“We will invest in bilateral relationships, including enforcement cooperations, with the most strategically important economies and data protection and privacy authorities globally.”
Challenging times ahead
Commenting on the launch of the strategy, information commissioner Elizabeth Denham spoke of challenging times ahead, but insisted they were well placed to tackle them.
“We have a powerful voice and it is heard around the world, but we are also excellent listeners,” she said.
“This blueprint for how we’ll deliver on our international objectives was informed by experts from all over the world who challenged our perceived priorities and advised what our next steps should be.”
Internally, the ICO plans on establishing a new international strategy and intelligence department, which will solely focus on international activity. It also plans to submit a bid to host the international conference of data protection and privacy commissioner, promoting ICO guidance globally.