On 8 November, the UK Information Commissioner’s Office (ICO) and the European Data Protection Supervisor (EDPS) announced that they had signed a Memorandum of Understanding (MOU), intended to bolster their common aim to uphold the data protection and privacy rights of individuals. 

The ICO is the UK’s independent regulator responsible for data protection and information rights law. The EDPS is the independent supervisory authority responsible for monitoring data protection in relation to EU institutions and bodies, as well as advising on policies and legislation that affect privacy. These bodies intend to achieve international cooperation in order to ensure consistent regulation of data protection, and often align when publishing their respective views on specific issues arising under data protection law.

The MoU sets out the broad principles of collaboration between the ICO and the EDPS, alongside the legal framework governing the sharing of relevant information and intelligence between them. 

Areas of Common Interest

The ICO and EDPS acknowledge the following areas of common interest for entering into the MoU:

  • Ensure that they both are capable of delivering regulatory cooperation with regard to data protection of UK and EU individuals, whilst protecting their fundamental rights;
  • Cooperate with respect to enforcement of their respective applicable data protection and privacy laws;
  • Ensure they keep each other informed of developments in their respective jurisdictions; and
  • Recognise parallel or joint investigations or enforcement actions as priority issues for co-operation. 

Methods of Collaboration

The MoU sets out a number of methods for cooperation between the ICO and EDPS, including as follows:

  • Sharing of experiences and exchange of best practices on data protection policies, education and training programs;
  • Sharing of information on priorities for regulatory actions;
  • Implementation of joint research projects and joint publications;
  • Exchange of information (excluding personal data) involving potential or ongoing investigations of organizations in the respective jurisdictions in relation to a contravention of personal data protection legislation;
  • Secondment of staff; and
  • Convening bilateral meetings between the ICO and EDPS.

It is important to note that the MoU is a statement of intent; it does not impose any legally binding obligations on the ICO or EDPS to cooperate with the other, or to share information with the other. The ICO and EDPS intend to continue to maintain their collaborative relationship; they have indicated they will monitor the MoU and carry out a review if either one of them requests this. 

John Edwards, UK Information Commissioner, stated of the MoU:

‘Today's MoU formalises the existing and ongoing collaboration between my office and the EDPS. We’ll continue to work together both bilaterally, and in other international groups, to find pragmatic solutions to ensure that organisations are supported and aware of their data protection, while upholding people’s information rights.’ - ICO and European Data Protection Supervisor (EDPS) sign Memorandum of Understanding | ICO

If you have any questions or would otherwise like to discuss any issues raised in this article, please contact David Varney or another member of our Technology Team.

This article was written by Victoria McCarron