The ICO recently published its first ever International Strategy (the Strategy). The Strategy looks at the next four years up until 2021 and is designed to help the ICO meet the challenges it faces during this time.
In particular, the Strategy focuses on the challenges presented by increased globalism, changing technology, GDPR and Brexit. The document is divided into two parts – part one addresses what the ICO sees as its main international concerns, and part two covers the ICO's structure, resourcing and how the Strategy is evaluated.
Part one – challenges
The ICO identifies four main challenges in the Strategy:
- To operate as an effective and influential data protection authority at European level while the UK remains a member of the European Union (EU) and when the UK has left the EU, or during any transitional period. Prompted by Brexit, the ICO looks at how it can ensure a high standard of data protection after the UK leaves the EU. To achieve this, the ICO prioritises its role in providing expert advice to the UK Government and recognises the importance of strong engagement with the Article 29 Working Party and the European Data Protection Board (EDPB) from May 2018 throughout the Brexit negotiations and thereafter.
- Maximising the ICO's relevance and delivery against its objectives in an increasingly globalised world with rapid growth of online technologies. This second challenge focuses on how the ICO can maintain global influence in an increasingly connected and complex digital world. To stay relevant, the ICO prioritises engaging and collaborating with leading international privacy networks and other regulatory bodies. The ICO also emphasises the need to promote a joined up approach to enforcing data protection laws globally.
- Ensuring that UK data protection law and practice is a benchmark for high global standards.To ensure that the ICO continues to be recognised as a leading authority, the ICO will carry on participating in international work in order to promote global protection standards.
- Addressing the uncertainty of the legal protections for international data flows to and from the EU, and beyond, including adequacy.Lastly, the ICO promises to uphold a high standard of data protection law to protect the international flow of personal data. The ICO will support the development of new mechanisms in order to do so.
Part two – structure and resourcing, engagement and evaluation
Part two highlights the ICO’s structural and resourcing changes required to help deliver the Strategy. These can be summarised as follows:
- Creating a new International Strategy and Intelligence Department at the ICO;
- Adding new resources to the ICO’s international team to support the delivery of the Strategy;
- Exploring staff exchanges and secondments with other data protection authorities and international organisations; and
- Embedding stronger links with international work in relevant ICO projects and cross-office working.
Together with hosting a number of its own conferences, the ICO will also seek to prioritise attendance at meetings and events that are relevant to the Strategy's objectives.
A final part of the Strategy is developing a reporting mechanism to evaluate and measure the ICO's progress in achieving the Strategy’s objectives.
The ICO's inaugural Strategy is heavily centred around the growing importance of an international and joined up approach to data protection in an increasingly connected and complex digital world. To this end, the Strategy focuses on key themes of engagement, collaboration and data protection on a global scale and lays down a clear marker for a proactive approach to data protection going forward.
The full Strategy can be viewed here