The Information Commissioner’s Office (ICO) has strengthened its commitment to remaining an effective and influential international data protection regulator post-Brexit with a prestigious new appointment.

Peter Hustinx, who was the first European Data Protection Supervisor and served in the role for more than 10 years, has been appointed as a non-executive director of the ICO.

Mr Hustinx has also served as a director of the International Association of Privacy Professionals and the Centre for Democracy & Technology (CDT) in Washington DC.

He said:

"I look forward to working with the ICO to help ensure its continued effectiveness and good governance in a period of rapid transitions. 

"In view of my long experience as a data protection regulator, both in the Netherlands and at European level, I also hope to contribute to a close and productive co-operation with other colleagues, facing similar challenges and often sharing the same legal frameworks.”

Mr Hustinx has been influential in the development of data protection law. He was president of the Dutch Data Protection Authority from 1991 until 2004 and was also chairman of the European Union’s Article 29 Working Party of data protection authorities from 1996 until 2000.

Elizabeth Denham, Information Commissioner, said:

“We are delighted that the ICO will benefit from Peter’s vast experience, expertise and international connections. He will be a real asset in helping us to continue to maintain and grow our global networks and influence.

 “These are challenging times but the ICO and EU supervisory authorities will remain internationally connected and new working relationships will be essential to maintaining the flow of data in areas such as international transfers, mutual contribution to guidance development on topics of interest, and keeping pace with emerging threats and changing technology.”

Notes to Editors

  1. The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  2. The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR) and Privacy and Electronic Communications Regulations 2003 (PECR).
  3. The General Data Protection Regulation (GDPR) is a new data protection law which applied in the UK from 25 May 2018. Its provisions are included in the Data Protection Act 2018. The Act also includes measures related to wider data protection reforms in areas not covered by the GDPR, such as law enforcement and security. The UK’s decision to leave the EU did not affect the commencement of the GDPR.
  4. The ICO’s commitment to its international work and goals was set out in the International Strategy 2017-21. The strategy sets out what the ICO sees as its main international concerns over the next four years:
  • To operate as an effective and influential data protection authority at European level while the UK remains a member of the EU and when the UK has left the EU, or during any transitional period.
  • Maximising the ICO’s relevance and delivery against its objectives in an increasingly globalised world with rapid growth of online technologies.
  • Ensuring that UK data protection law and practice is a benchmark for high global standards.
  • Addressing the uncertainty of the legal protections for international data flows to and from the EU, and beyond, including adequacy.
  1. In October 2018, Elizabeth Denham was appointed chair of the International Conference of Data Protection and Privacy Commissioners (ICDPPC) - the leading global forum of data protection and privacy authorities, encompassing more than 120 members across all continents.
  2. Mr Hustinx becomes the ICO’s fifth non-executive director and the newest member of the Management Board.
  3. To report a concern to the ICO go to ico.org.uk/make-a-complaint.