The United Kingdom’s Information Commissioner’s Office (“ICO”) has published its international strategy for 2017-2021, which sets out the UK’s strategy for its relationship with the European Union on data privacy matters following Brexit and its ambitions for international relations on data privacy matters thereafter.
This publication comes at a time of significant scrutiny for the UK’s data privacy strategy, with questions around how the UK will align with the EU on data privacy matters following the decision for the UK to leave the EU, and how the UK will handle the impending introduction of the General Data Protection Regulation (“GDPR”) in the EU, widely considered to be the most far-reaching and detailed piece of legislation on data privacy to be passed anywhere in the world.
The ICO states that its strategy regarding the UK’s impending exit from the EU is “to operate as an effective and influential data protection authority at the EU level while the UK remains a member of the EU and when the UK has left the EU.” Whilst the UK makes clear its ambitions in this respect, the strategy document recognises that the UK’s role in the EU after Brexit will be shaped by the negotiations about the terms of the UK’s departure.
The strategy document also makes clear, after some debate, that the UK will implement the GDPR in May 2018 before the UK leaves the EU to ensure that “there is continuity and certainty about UK law afterwards.”
The UK’s stated key strategic objective for international relations is to maintain its reputation as an influential and respected data protection authority internationally by continuing engagement with leading international privacy networks around the Commonwealth and exploring relationships with networks in the Asia Pacific region.
Lastly, the ICO sets itself the challenge of maintaining its high standards of data protection law and further, to continue to be recognised as a globally leading standard “to enable it to be a leading regulatory partner and to enable international data flows.” Conceptually, the aim is for the UK to be viewed as a “global data protection gateway,” which the strategy document defines as a “country with a high standard of data protection law, which is effectively interoperable with different legal systems that protect international flows of data.”
This is an ambitious strategy, which clarifies the UK’s vision for what is to be an eventful period in data privacy law, marking a constitutional change for the UK with regard to its relationship with the EU and the increasing importance of the relationship between data and globalisation.