2 February 2017
You only need glance at your mobile phone to see how international data protection is today. Apps developed 5,000 miles away on America’s West Coast, following rules written 400 miles away in Brussels, in the palm of your hand to help you keep in touch with friends who live around the corner.
As a regulator and data protection authority, it’s important we have an international outlook. That’s long been the case, given the borderless nature of the digital economy, but it’s especially true today, as the UK reassesses its place in the world.
It’s an important context to consider as I set out what I want my office to achieve during my five year term as Information Commissioner. I expect to publish our information rights strategy in time for the new financial year, and it will have a clear international element.
That’s why last week we convened a group of international experts in privacy and data protection regulation in London. Current and former data protection commissioners from Europe and Canada, and voices from global business and academia joined us in the workshop. I was privileged to assemble colleagues Jennifer Stoddart, David Smith, Wojciech Wiewiorowski, David Loukidelis, Bojana Bellamy, Peter Hustinx and Colin Bennett to provide their perspectives on the ICO’s emerging international strategy.
The simple fact is we want to learn. Our international strategy is fast emerging, but we want to learn how it can be better. To ask other jurisdictions to critique our plans is, I think, indicative of the approach we’re taking more broadly.
The ICO’s international engagement is not starting from scratch, and there was recognition in the room of our contribution to the Article 29 Working Party and what we gain from the relationship. It’s important we build on the momentum behind this engagement, and the view in the room was that effort should go into maintaining a constructive and mutually supportive relationship with the European Data Protection Board as and when the ICO ceases to be a member.
It was noted too that the ICO needs to step up its engagement with the growing community of data protection authorities in the rest of the world. Effort should be put into developing bilateral relationships with individual authorities, whether on an ad hoc basis, for example when a shared enforcement interest arises, or on a wider, more permanent basis.
Our existing work can help here. We contribute to international conferences and working groups, particularly around specialist areas, like telecommunications and enforcement. Our guidance is also recognised internationally, particularly by the business community.
It was a constructive event, highlighting plenty for the ICO to be proud of, but much to focus on in our strategy for the future too.
It’s clear we have tough choices to make because we have limited resources. We need to invest time in forums and relationships that best support strengthening of data protection for UK citizens and consumers, focusing on a global reach and influence.
To drive forward this work I have established a new Department, International Strategy and Intelligence, which will have delivery of this work as a core focus, alongside work to develop a new expanded intelligence function and management of high profile cases.
Our learning doesn’t end here. I continue to believe that the case for a modern, effective data protection regime is strong but I don’t believe that the UK or the EU has a monopoly on good ideas. There’ll be plenty more listening to be done before we publish our international strategy.
Elizabeth Denham was appointed UK Information Commissioner on 15 July 2016, having previously held the position of Information and Privacy Commissioner for British Columbia, Canada.