Greetings from Brussels!
Earlier in the week, I made my way to Manchester with IAPP Europe colleague Giulia Miotto for the ICO’s 2017 Data Protection Practitioners' Conference. The conference was well attended, with more than 800 delegates, making it one of the biggest data protection conferences in Europe. In addition, there were more than 30 booths participating in the "information market"; of which the IAPP was also one.
I was pleasantly surprised by the overwhelming interest in IAPP membership, training and certification programs. We were also fortunate to have Trevor Hughes, IAPP CEO, on the ground, who delivered a topical keynote on the history of privacy and its evolution from its early beginnings to the present day, with an emphasis on societal impact. Fair to say, with the U.K. being an important privacy community in Europe, the IAPP was well represented and it was a great opportunity for us to interact with our members, as well with the wider U.K. data protection professional community present.
In her opening address, ICO Commissioner Elizabeth Denham was clear from the outset, stating that the GDPR is bringing about major cultural and behavioral change, and companies and organizations should strive to make the handling of customer data a top priority. She went on to say that the onus of good privacy governance lay with privacy pros, urging the audience to focus that effort: “We have an opportunity to set out a culture of data confidence in the U.K. We just need to keep in mind that when we lend our name to projects, we should think about how they can be of benefit to citizens.” Denham’s vision is one where organizations embrace the changes in the legislative environment to adopt a meaningful privacy culture to the benefit of all. She cited competitive advantage as a real return for companies: A renewed opportunity to present themselves with enhanced respect to their customer base.
Denham also spoke briefly about Brexit. Prior to the referendum taking place, Denham and the ICO were wrestling with "challenges of a digital economy that required data to flow across borders, where different legal systems and cultural norms around privacy make this a complicated undertaking." Post-Brexit, that hasn’t really changed, she said: "The challenge is still around making sure that data can flow across borders as needed, with no privacy issues."
So, where does the ICO stand, post-Brexit? Steve Wood, the ICO Head of International Strategy and Intelligence and a keynoter at this coming week's sold out IAPP Data Protection Intensive in London, gave some insights into the international strategy going forward. Clearly, Europe will remain an important partner, and with GDPR at the heart of matters, it will remain the core of U.K. law for the foreseeable future. Thus, GDPR will be key for the regulator and practitioners alike. This will entail strong bilateral relationships with EU DPAs, and, to remain practical and influential, the ICO will continue as an active member of the WP29 and seek an equally strong relationship with the EDPB once in place. On the global stage, the ICO will look to play a leading role in key international networks and seek influence in new networks in regions like Asia-Pacific. Furthermore, it will look to forge deeper links with the Commonwealth through the Common Thread Network.
On knowledge exchange guidance and standards, the ICO said it will collaborate with business to turn the GDPR accountability principle into reality, as well as a global standard. It will continue to promote ICO guidance on universal topics such as impact assessments, which the ICO has been instrumental in spearheading as a concept in Europe. Work with other bodies such as the ISO in developing international standards will also continue, while strengthening cooperation with think tanks and NGOs for ongoing efforts to support key data protection standards.
The ICO will for sure have a different set of challenges post-Brexit, and providing expert advice to the U.K. government on data flows and EU adequacy will also be critical to their activity. In general, better interoperability with other transfer mechanisms in other areas of the world seems to be the order of the day outside the EU. Busy times ahead, but the ICO seems confident and ready for the changes.
If you want to comment on this post, you need to login.