The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Whilst the ICO is no longer a member of the European Data Protection Board having left the EU on 31 January 2020, during the transition period (i.e. until 31 December 2020) and under the terms of the Withdrawal Act 2019 all EU law, including EU data protection legislation (GDPR), continues to apply to the UK. The International Engagement Team therefore continues to engage with the relevant EU institutions and with individual European Member States, and is developing new international and European relationships following the UK’s exit from the EU.

The ICO is responsible for regulating the use of personal information by UK authorities in some EU-wide law enforcement databases and information systems. Each system has its own specific data protection rules which may differ from other data protection laws. These systems include:

  • the Customs Information System which shares information to combat customs-related crime;
  • Eurodac which holds fingerprint information about asylum seekers and other irregular migrants;
  • the Europol Information System which shares information to combat serious cross-border crime and terrorism; and
  • the Schengen Information System (SIS II) which shares information about wanted and missing persons and objects.

We work with our counterparts across the EU to ensure the whole system operates effectively and safeguards individuals’ rights. Colleagues in other teams in the ICO undertake regular audits of some of these systems and can consider complaints from individuals.