WIREDGOV

The ICO’s Steve Wood has been appointed as chair of the OECD’s Working Party on Data Governance and Privacy.

The working party plays an important role in the OECD’s international work to bring policy makers together, inform future policy and develop international standards.

The working group’s focus areas include:

• Supporting the OECD work, including reviewing recommendations on protecting children online, promoting digital transformation and monitoring the implementation of privacy guidelines, supported by government, industry and civil society experts.
• Considering measures to enhance access and sharing of data standards internationally.
• Studying data protection aspects in an international context, including the data portability in the context of online platforms and personal data breach notification reporting.
• Providing a forum for discussion of data ethics, in the context of accountability, the risk of bias and discrimination and digital divides.
• Developing practical guidance on issues like the implementation of AI.

Steve Wood, Deputy Commissioner (Regulatory Strategy), yesterday said:

“We need to look beyond our own borders if we are to properly protect UK citizens’ data protection rights. Encouraging a fair, prosperous and inclusive digital economy worldwide is central to that, and the OECD plays a unique role in developing global policies to shape the governance and standards needed to achieve that.

“These privacy and data protection standards have never been more central to the digital economy, and the businesses that we rely on for so many services. This working group can play a vital role in shaping this agenda and I look forward to working with the international membership to achieve that.”

Notes to Editors

1. The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
2. The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR) and Privacy and Electronic Communications Regulations 2003 (PECR).
3. The General Data Protection Regulation (GDPR) has provisions included in the Data Protection Act 2018. The Act also includes measures related to wider data protection reforms in areas not covered by the GDPR, such as law enforcement and security. 
4. The data protection principles in the GDPR evolved from the original DPA, and set out the main responsibilities for organisations. Article 5 of the GDPR requires that personal data shall be:
   • Processed lawfully, fairly and in a transparent manner in relation to individuals;
   • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
   • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
   • Accurate and, where necessary, kept up to date
   • Kept in a form which permits identification of data subjects for no longer than is necessary; 
   • Processed using appropriate technical or organisational measures in a manner that ensures appropriate security of the personal data; and
   • Article 5(2) requires that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”
5. To report a concern to the ICO go to ico.org.uk/concerns.