Cross-border data transfers
The ICO believes a common view on high standards will support regulatory cooperation, as well as promote high standards globally and influence discussions in a consistent way, both internationally and within GPA member jurisdictions.
Substantially, we monitor policy developments in regional and global approaches to transferring personal data across borders, and attitudes to the UK’s own data protection regime to support the UK government in promoting our regime as adequate to others. Different types of policy approaches can support transfers eg. Adequacy, certification, standard contractual clauses, law enforcement cooperation, BCRs, treaty development between governments or administrative agreements between public authorities. We monitor technological developments too, such as ways in which other jurisdictions use privacy enhancing technologies to protect data being transferred across borders.
We also participate or lead international networks and standalone events which help us to promote high standards of data protection and privacy including in the transfers context. For example, the UK Government is the first Associate Member of the Global CBPRs Forum and the ICO advises the Government on regulatory enforcement aspects of this cooperation.
The ICO meets regularly with our international counterparts to maintain the international focus on children’s privacy, to promote the ICO’s Children’s Code, and to influence the developing international approaches to protect children’s data online.
We aim to:
- Work collaboratively to protect children’s data online through effective bilateral relationships with our international counterparts and other international organisations, including through our membership of the GPA Digital Education Working Group.
- Seek opportunities to learn from our international counterparts, ensuring the ICO’s approach to children’s privacy remains up to date and informed by the latest developments.
- Influence, where possible, our international stakeholders to ensure children benefit from an age-appropriate online experience.
The ICO advises in its independent regulatory capacity the UK Home Office on European and international law enforcement data sharing and transfers. We provide advice and formal authorisations on the data protection provisions in international agreements for data sharing and transfers in the area of law enforcement (e.g. Administrative Arrangements, Memoranda of Understanding for data sharing). This includes agreements on:
- electronic evidence gathering across borders,
- the transfer of passenger name records between the UK and other countries' airlines and law enforcement agencies;
- The transfer of criminal records data across borders.
We also engage bilaterally with other authorities and international organisations across borders to help inform best practices on how we cooperate on law enforcement or conduct criminal investigations.
Tech and innovation
The fast paced world of technological development means that engagement in an international arena is vitally important to the ICO. Through our international engagement, both bilaterally and multilaterally, we are able to respond rapidly to new and emerging technologies.
We aim to:
- Work collaboratively with other like-minded DPAs within multilateral fora, such as the Berlin Group and the G7 to identify and respond to areas of technological mutual interest.
- Seek opportunities to influence and share the ICO’s technological expertise with international stakeholders, for example on issues such as Privacy Enhancing Technologies (PETs) and Neurotechnologies.
- Influence responsible innovation through the continued cooperation with international data protection authorities.
The cyber threat landscape is continuously evolving, with attacks targeting both data and system resilience increasing in frequency and magnitude.
The ICO needs to ensure that it cannot only respond to these threats locally but also internationally. To rise to this challenge, we engage with our international regulatory and law enforcement colleagues both bilaterally and multilaterally in fora such as the International Enforcement Working Group (IEWG) within the Global Privacy Assembly (GPA).
In December 2022 the ICO began coordinating the GPA’s Cybersecurity sub-group, comprising of 16 GPA members, following a resolution that was adopted in October 2022.
Transparency by design
The ICO works with other organisations internationally on improving practices and standards relating to the Right of Access to Public Information. Through our membership of the International Conference of Information Commissioners, we collaborate with global partners to improve practices and standards, however there is no global or regional freedom of information law, unlike the data protection international privacy landscape.