The Information Commissioner’s Office (“ICO”) has released its International Strategy 2017-2021 (“Strategy”). The Strategy supports its Information Rights Strategic Plan, which we reported on earlier this year. The first part of the Strategy refers to the challenges and priorities for the next five years, particularly in light of changes brought about by the General Data Protection Regulation (“GDPR”) and the UK’s exit from the European Union. The second part outlines how the ICO proposes to meet those challenges and priorities.
Challenges and priorities
The first challenge identified by the ICO is the need to operate as an influential data protection authority, particularly as its relationship with its EU equivalents and the European Data Protection Board (EDPB) will change as a result of Brexit. The ICO intends to meet this challenge by continuing to provide expert advice to the UK government, combined with continued engagement with the Article 29 Working Party, the EDPB and other EU institutions, such as the Council of Europe and the European Parliament.
Second, the Strategy highlights the need to maximise the ICO’s relevance and delivery against its objectives in an increasingly globalised world. The ICO proposes to engage and exchange knowledge with leading international privacy networks, for example, in the Asia Pacific region and via the Commonwealth’s Common Thread Network ( which the ICO leads). The ICO also intends to take a leading role in enforcement activity, including cooperating with other data protection authorities, as appropriate, with a view to ensuring a joined-up approach.
The third challenge is to ensure that the UK data protection law remains a benchmark for high global standards. Among other provisions, the Strategy sets priorities for collaborating with the international business community to turn the accountability principles under the GDPR into a flexible but robust global business solution.
Finally, the Strategy addresses the challenge of ensuring effective safeguards for international data transfers. To that end, the ICO will focus on the interoperability of the UK and other data protection laws and systems globally, including the APEC Cross Border Privacy rules, which we recently discussed here.
The Strategy concludes by outlining the ICO’s plans to structure and resource its team to implement the Strategy. This entails the creation of an International Strategy and Intelligence Department within the ICO: the ICO’s first-ever department with a core focus on international activity. The Strategy also suggests the possibility of staff exchanges and secondments with other data protection authorities.
These international activities will be subject to ongoing measurement and evaluation, the results of which will be detailed in the ICO’s annual report.