The ICO on the 4th of July 2017 took a step forward with regards to privacy protection for the UK public from overseas data protection threats and risks, by publishing its first ever International Strategy document. This document supports the earlier ICO ‘Information Rights Strategic Plan 2017 – 2021’ document and is set to help the ICO meet overseas data protection challenges in a globalised world, including those in relation to key areas such as the GDPR and Brexit.
The document sets out what the ICO sees as its main international concerns over the next four years, which are:
- Operating as an effective and influential data protection authority at European level while the UK remains a member of the EU and when the UK has left the EU, or during any transitional period.
- Maximising the ICO’s relevance and delivery against its objectives in an increasingly globalised world with rapid growth of online technologies.
- Ensuring that UK data protection law and practice is a benchmark for high global standards.
- Addressing the uncertainty of the legal protections for international data flows to and from the EU, and beyond, including adequacy.
In the document, the ICO stresses a commitment to continuing to work with WP29 and as a part of the EDPB from 2018 until Brexit takes effect. It makes clear that it will seek to maintain a strong working relationship with the EDPB when the UK exits the EU.
The ICO also expresses a desire to strengthen bilateral relationships with individual EU data protection authorities, as well as collaborate with the international business community to turn the GDPR accountability principles into a flexible but robust global business solution. This is in a bid to ensure UK data protection law remains a benchmark for high global standards.
The document concludes by outlining the ICO’s plans to structure and resource the teams responsible for its implementation. This entails the creation of an International Strategy and Intelligence Department within the ICO: the ICO’s first-ever department with a core focus on international activity, and also suggests the possibility of staff exchanges and secondments with other data protection authorities.
The ICO assures that the International Strategy document remains dynamic in that it will be reviewed regularly by the ICO and updated where necessary in response to new challenges and opportunities on the global data protection landscape.