ICO International Strategy 2017-2021

Jul 6, 2017 | Publisher: Techcelerate Ventures | Category: Business & Economics |  | Collection: Regulations including GDPR | Views: 7 | Likes: 1

International Strategy 2017-2021 Information Commissioner’s Office 2 Version 1 July 2017 International Strategy 2017-2021 To effectively protect the UK public’s personal information in a digital global environment, the ICO needs to co-operate and act internationally. This International Strategy seeks to enhance privacy protection for the UK public. Recognising that the ICO needs to be agile in an ever-changing world, it will be regularly reviewed and updated in response to new challenges and opportunities. This international strategy supports our 2017 Information Rights Strategic Plan. Part one sets out the main challenges we face and their associated priorities. Part two covers ICO structure and resourcing, engagement and evaluation. Part one: Challenges and priorities Challenge 1: To operate as an effective and influential data protection authority at European level while the UK remains a member of the EU and when the UK has left the EU, or during any transitional period. As the UK prepares to leave the EU, the formal relationship between the ICO and EU data protection authorities will change. Our relationship with our EU partners will remain highly important, including with the European Data Protection Board (EDPB) which will operate from May 2018 and on which the ICO will remain active and engaged until the UK’s exit. In overseeing the enforcement of the General Data Protection Regulation (GDPR) from 2018, and issuing guidance, the EDPB will be a highly influential global player in setting the direction for data protection and privacy standards. The strategy recognises that our direction on many of these challenges will often be driven by the outcome of the negotiations between the UK and the EU. Our priorities are designed to be compatible with a range of scenarios and enable the ICO to respond flexibly to different circumstances. In 2017, the Secretary of State, Karen Bradley, and the UK Minister responsible for the digital economy, Matthew Hancock, made several statements to Parliament declaring the UK Government’s commitment to comprehensively 3 Version 1 July 2017 implementing GDPR, as planned, in 2018. The June 2017 Queen’s Speech included a commitment to introduce a Data Protection Bill: “To implement the General Data Protection Regulation and the new Directive which applies to law enforcement data processing, meeting our obligations while we remain an EU member state and helping to put the UK in the best position to maintain our ability to share data with other EU member states and internationally after we leave the EU.” Our strategy presumes that GDPR will also be assumed into UK law before exit to ensure there is continuity and certainty about UK law afterwards. The ICO recognises the importance of the UK retaining a high standard of data protection and data protection as a fundamental right. Our strategy recognises the possible role of EU laws and the Council of Europe in this after Brexit, directly or indirectly. Challenge 1: priorities To meet this first challenge we have identified three priorities in order to implement GDPR and to ensure we can collaborate with European Data Protection Authorities. 1.1 Expert advice to the UK government We will provide expert advice to the UK Government on the data protection implications of leaving the EU, in particular about the ICO’s relationship with the EDPB. 1.2 Strong engagement with the Article 29 Working Party and EDPB  We will continue to work as a full member of the Article 29 Working Party which consists of the independent data protection authorities of member states of the EU - and as part of the EDPB from 2018, until the UK exits the EU.  Recognising that our role may be in shaped by the Brexit negotiations, we will seek to maintain a strong working relationship with the EDPB when the UK exits the EU. We will also seek to strengthen bilateral relationships with individual EU data protection authorities where appropriate. 4 Version 1 July 2017 1.3 Wider European engagement  In addition to the Article 29 Working Party and the EDPB, We will continue to engage with other European groups of data protection authorities.  We will seek to engage with the Council of Europe, to explore the role of Convention 108 as a data protection standard.  We will seek to engage with specialist EU working groups that consider data protection related to law-enforcement data sharing, recognising that our role will be shaped by the Brexit negotiations.  Where relevant and appropriate, we will maintain an active dialogue with Members of the European Parliament. Challenge 2: Maximising the ICO’s relevance and delivery against its objectives in an increasingly globalised world with rapid growth of online technologies. In the last 20 years the ICO has built a reputation as an influential and respected data protection authority internationally. Information rights regulation, and in particular data protection regulation, has an increasingly international dimension. Effective protection of the UK public's personal information becomes increasingly complex and less visible as data flows across borders so the UK needs a regulator with greater global reach and influence. Our approach will also recognise the economic and social benefits to the UK of having influence in a globally connected world and digital economy. Challenge 2: priorities To meet this second challenge we have identified the following priorities: 2.1 Global relationships  We will continue to engage with leading international privacy networks and explore relationships with networks where we have not engaged previously, for example in the Asia Pacific region.  We will continue to develop stronger links with data protection authorities in Commonwealth countries via our leadership of the Common Thread Network. This will support and build capacity with other data protection authorities, increasing opportunities for international collaboration, particularly with emerging or fast-developing economies. 5 Version 1 July 2017  Where opportunities exist to develop new networks that will meet our strategic priorities, and not duplicate other networks, we will take the initiative to lead their development.  We will prioritise international engagement on issues related to global privacy risks arising from the application of new technologies. 2.2 Enforcement  We will continue to play a leading role in joined up, efficient and effective international enforcement co-operation mechanisms that can lead to better enforcement of data protection compliance in the UK.  We will invest in bi-lateral relationships, including enforcement co- operation, with the most strategically important economies and data protection/privacy authorities globally. 2.3 Knowledge exchange, guidance and standards  We will explore new links with international bodies and regulatory networks that do not focus on data protection but have an important influence on developing global standards that affect data protection. To promote knowledge exchange in priority areas, we will seek to develop new relationships with think tanks, academic and civil society networks. The ICO’s new Grants Programme, launched in 2017, will be open to such bodies. 2.4 Freedom of Information  We will share information and knowledge with other independent bodies responsible for enforcing and promoting freedom of information laws. We will support work to identify common standards for freedom of information laws and progressive transparency.  We will support work to develop a regular European Information Commissioners’ conference and collaborate on projects of common interest, such as the transparency of outsourced public services. Challenge 3: Ensuring that UK data protection law and practice is a benchmark for high global standards. The ICO has benefited from its status as a European Data Protection Authority and a data protection regulator with over 30 years’ experience. It is vital that the UK retains a high standard of data protection law to provide effective safeguards for the public in practice. To enable the ICO to be recognised as a 6 Version 1 July 2017 leading regulatory partner, and to enable international data flows, UK data protection needs to continue to be recognised as a globally leading standard. Internationally, data protection and privacy laws are converging and the UK needs to keep pace with these developments. Challenge 3: priorities To meet this challenge we have identified the following priorities: 3.1 Collaborate  We will collaborate with the international business community and other stakeholders to support work to turn the GDPR’s accountability principles into a robust but flexible global solution.  We will continue to take part in international work to promote global data protection standards and the long-term aim of a global data protection and privacy agreement or treaty. Challenge 4: Addressing the uncertainty of the legal protections for international data flows to and from the EU, and beyond, including adequacy. Global data flows are central to the digital economy. Ensuring there are effective safeguards for data transferred internationally continues to be important in effective data protection. Challenge 4: priorities To meet this challenge we have identified the following priority: 4.1 Protecting personal data flows  We will provide expert advice to the UK Government and Parliament on international data flows.  We will seek to explore the concept of the UK as a ‘global data protection gateway’ – a country with a high standard of data protection law which is effectively interoperable with different legal systems that protect international flows of personal data.  We will work to ensure that personal data transferred from the UK to third countries continues to be adequately protected. 7 Version 1 July 2017  We will support work to develop new mechanisms to enable international transfers, such as codes of conduct and certification under the GDPR.  We will support the development of mechanisms to support better interoperability between the UK’s data protection laws and other systems such as the APEC Cross Border Privacy Rules (CBPR). Part two – ICO structure and resourcing, engagement and evaluation 1. ICO structure 1.1 We will establish a new International Strategy and Intelligence Department, creating an ICO department with international activity as its core focus for the first time. 1.2 We will add new resources to our international team to support the delivery of the strategy. 1.3 We will explore the possibility of further staff exchanges and secondments with other data protection authorities and relevant international organisations. 1.4 We will embed stronger links with international work in relevant ICO projects and cross-office working. 2. Engagement 2.1 As well as meetings that cover our essential international obligations we will seek to prioritise attendance at meetings and events that meet this strategy’s objectives. 2.2 We will bid to host the International Conference of Data Protection and Privacy Commissioners, promoting the potential of the UK as a global data protection gateway, with a high standard of data protection law and practice. 2.3 Jointly with the Scottish Information Commissioner, we will host the 2017 International Conference of Information Commissioners in Manchester (focused on Freedom of Information). 2.4 We will host the 2017 European data protection case handling workshop and Global Privacy Enforcement Network (GPEN) practitioners’ workshop. 8 Version 1 July 2017 2.5 We will seek to agree revised or new agreements with key data protection and privacy enforcement authorities globally. This will enhance reciprocal enforcement capabilities and information exchange 2.6 We will seek to promote ICO guidance to global audiences, and seek their feedback, particularly in areas related to technology and accountability. 2.7 We will develop and maintain a new international stakeholder mapping to guide how we prioritise our work. 3. Measurement and evaluation 3.1 We will develop a reporting mechanism that evaluates the value of our international activities and links to relevant departmental business plans. 3.2 We will also include a dedicated section in the Information Commissioner’s annual report reporting against this International Strategy.

To effectively protect the UK public’s personal information in a digital global environment, the ICO needs to co-operate and act internationally. This International Strategy seeks to enhance privacy protection for the UK public.

About Techcelerate Ventures

Tech Investment and Growth Advisory for Series A in the UK, operating in £150k to £5m investment market, working with #SaaS #FinTech #HealthTech #MarketPlaces and #PropTech companies.


Modal Header

Modal body