ICO says UK could be ‘data protection gateway’

New International Strategy sets out four priorities with details of how the organisation will respond

The Information Commissioner’s Office (ICO) intends to explore the idea of the UK becoming a “global data protection gateway” as part of a strategy to deal with the uncertainty around data flows when the country leaves the EU.

It has included the move as part of its newly published International Strategy 2017-21, in response to the priority of dealing with the legal protections for international data flows.

The concept involves establishing the UK as a country with a high standard of data protection law which is effectively interoperable with different legal systems applying to flows of data.

It would be accompanied by work to develop new mechanisms for international transfers, such as codes of conduct and certification under the EU General Data Protection Regulation (GDPR), and for interoperability between UK’s data protection laws and others.

This could be particularly relevant to the Government’s plan, made public in last month’s Queen’s Speech, to place a new Data Protection Bill before Parliament to replace the act of 1988.

Elizabeth DenhamInformation Commissioner Elizabeth Denham (pictured) said: “There is little doubt that there are challenging times ahead but we are well placed to tackle them. We have a powerful voice and it is heard around the world, but we are excellent listeners too. That is our strength.

“This blueprint for how we’ll deliver on our international objectives was informed by experts from all over the world who challenged our perceived priorities and advised on what our next steps should be.”

The strategy outlines three other challenges and a collection of priorities for ICO as a response.

European influence

One is to ensure it remains influential as a data protection authority at European level, even after the UK has left the EU. This will include continuing to work as a full member of the Article 29 Working Party, which advises member states and the European Commission, until Brexit, then keeping up a strong working relationship with the European Data Protection Board when it comes into being next year.

Second is for the ICO to maximise its own relevance worldwide as increasing volumes of data flow through online technologies. To do this it will continue to work with data protection authorities in the Commonwealth through the Common Thread network, deal with privacy networks in new areas such as the Asia Pacific region, and take the lead in developing new networks where they do not duplicate others.

Thirdly, it wants UK data protection law and practice to be a benchmark for high global standards. This would involve the ICO collaborating with international business, aiming to turn the GDPR principles into a flexible global solution, and supporting the long term aim of a global data protection and privacy agreement.

The ICO said the strategy complements the key goals of its new Information Rights Strategic Plan, which includes an emphasis on keeping abreast of evolving technology.

Give back control

“These challenges, they are opportunities,” Denham added. “A chance to give people back control of their own data.”

The publication has won the support of IT industry association techUK. Its deputy chief executive officer, Anthony Walker, said: "The ICO is right to say that global data flows are central to the digital economy.

“Since the UK’s vote to leave the EU, techUK has been calling for a secure and robust legal basis for cross border data transfers, ideally based on an adequacy finding. International data flows underpin our ability to trade in services and goods."

Image from GOV.UK, Open Government Licence v3.0