ICO launches international strategy to meet Brexit and GDPR challenges

The ICO has set out a four-year international strategy on how to tackle international data protection challenges, aiming to enhance the safeguarding of UK citizens’ data

The Information Commissioner’s Office (ICO) has launched its first international strategy, setting out the organisation’s plans for the next four years. 

The strategy sets out how the ICO plans to deal with challenges such as Brexit, the EU General Data Protection Regulation (GDPR) and changing technologies.  

“Our strategy presumes that GDPR will also be assumed into UK law before exit to ensure there is continuity and certainty about UK law afterwards,” it said, adding that it’s important for the UK to retain “a high standard of data protection and data protection as a fundamental right”.

This includes providing expert advice to the UK government on data protections implications of leaving the EU, especially the ICO’s relationship with the European Data Protection Board (EDPB), which will operate from May 2018 when the GDPR comes into force. The ICO expects the EDPB to be a “highly influential global player in setting the direction for data protection and privacy challenges”.  

“Recognising our role may be shaped by the Brexit negotiations, we will seek to maintain a strong working relationship with the EDPB when the UK exits the EU,” the strategy said.

“We will also seek to strengthen bilateral relationships with individual EU data protection authorities where appropriate.”

The ICO also wants to ensure that in an increasingly globalised world, the data of UK citizens has strong protections, and that UK data protection law and practice is a benchmark for high global standards.

Read more about the ICO

This means collaborating with international businesses and stakeholders to turn the GDPR’s accountability principles into a robust but flexible global solution”.  

Perhaps one of the most challenging areas will be addressing the uncertainty of what protection will be in place for international data flows to and from the EU post-Brexit. 

“We will seek to explore the concept of the UK as a ‘global data protection gateway’ – a country with a high standard of data protection law which is effectively interoperable with different legal systems that protect international flows of personal data,” the strategy said.

“We will work to ensure that personal data transferred from the UK to third countries continues to be adequately protected.”

It will also work with international privacy networks across the world, both where there are established relationships, but also explore the potential of new connections such as in the Asia Pacific region.

“We will continue to play a leading role in joined up, efficient and effective international enforcement cooperation mechanisms that can lead to better enforcement of data protection compliance in the UK,” the strategy said.

“We will invest in bilateral relationships, including enforcement cooperations, with the most strategically important economies and data protection and privacy authorities globally.”

Challenging times ahead

Commenting on the launch of the strategy, information commissioner Elizabeth Denham spoke of challenging times ahead, but insisted they were well placed to tackle them.

“We have a powerful voice and it is heard around the world, but we are also excellent listeners,” she said.

“This blueprint for how we’ll deliver on our international objectives was informed by experts from all over the world who challenged our perceived priorities and advised what our next steps should be.”

Internally, the ICO plans on establishing a new international strategy and intelligence department, which will solely focus on international activity. It also plans to submit a bid to host the international conference of data protection and privacy commissioner, promoting ICO guidance globally.

Read more on Privacy and data protection