Out-Law News 2 min. read
06 Jul 2017, 3:57 pm
The Information Commissioner's Office (ICO) said that it would "seek to maintain a strong working relationship" with a new European Data Protection Board (EDPB), a committee of representatives of data protection authorities from across the EU which will begin operating in 2018. The EDPB will replace the existing Article 29 Working Party and has specific roles in providing oversight, regulatory decision-making and guidance for organisations subject to the new General Data Protection Regulation, which will apply from 25 May 2018.
In a new international strategy (8-page / 200KB PDF) it has published, the ICO confirmed it "will continue to work as a full member of the Article 29 Working Party … and as part of the EDPB from 2018, until the UK exits the EU". It said it accepted its role post-Brexit could be "shaped" by the negotiations over the terms of the UK's exit from the trading bloc.
In addition to maintaining relations with the EDPB post-Brexit, the ICO said it "will also seek to strengthen bilateral relationships with individual EU data protection authorities where appropriate" and promised "wider European engagement" too, including continued dialogue with MEPs and participation in "specialist EU working groups that consider data protection related to law-enforcement data sharing", depending on the outcome of Brexit negotiations.
"Our priorities are designed to be compatible with a range of scenarios and enable the ICO to respond flexibly to different circumstances," the ICO said.
The ICO said the UK "needs a regulator with greater global reach and influence" to reflect the "increasingly complex and less visible" way in which personal data is protected when it flows across borders.
To that end, its international strategy also set out its plans to maintain grow "global relationships", including with Commonwealth countries and privacy networks in the Asia Pacific region. It also said it "will prioritise international engagement on issues related to global privacy risks arising from the application of new technologies".
The ICO's international presence will also be felt in the areas of enforcement work and in work in developing global data protection standards, it said.
The ICO also said it will "seek to explore the concept of the UK as a ‘global data protection gateway’ – a country with a high standard of data protection law which is effectively interoperable with different legal systems that protect international flows of personal data".
Businesses can also expect the ICO to "support work to develop new mechanisms to enable international transfers, such as codes of conduct and certification under the GDPR", and to "support better interoperability between the UK’s data protection laws and other systems such as the APEC Cross Border Privacy Rules (CBPR)".
UK information commissioner Elizabeth Denham said: "There is little doubt that there are challenging times ahead but we are well placed to tackle them. We have a powerful voice and it is heard around the world, but we are excellent listeners too. That is our strength. This blueprint for how we’ll deliver on our international objectives was informed by experts from all over the world who challenged our perceived priorities and advised on what our next steps should be."