Denham: 'We need global accord on data protection'

Information Commissioner Elizabeth Denham appears intent on making the most of the last few weeks of her reign in a new call for worldwide harmony on data protection, demanding “21st century thinking for the 21st century problems that data faces”.

In a speech delivered at the Oxford Internet Institute, Denham cited the post-World War II Bretton Woods Conference, where economists gathered to consider how the world could rebuild once the war ended.

Ultimately, Denham explained that the group reached a series of agreements that continue to influence the world today, including the formation of the IMF and World Bank.

She added: “Where the delegates succeeded was in appreciating that the challenges individual states faced – in rebuilding and refinancing their own nations – could only be resolved with an international solution.”

Conceding that today’s challenges are not comparable with that period in history, as, despite Covid the world is more stable and more prosperous, Denham continued: “I want to set out today, the value of international cooperation continues to be fundamental.

“Our current approach to data protection, considered nation by nation, can only take us so far. If we are to unlock the full potential of data driven innovation, supported by public trust in how data is used, we need an international approach to data protection standards. We need an international solution. We need a data Bretton Woods.

“Our digital world is international. Data flows around the world in a heartbeat. I open up my phone, check an app, and in a moment my data travels around the globe. Services like geolocation and cloud computing all rely on international data flows. But the checks and balances on this data are domestic. That brings problems.”

Denham went on to say that when a multinational company does not follow the rules, or when there is an international data breach, the ability for regulators to work together across jurisdictions can be limited, due to differing legal systems and approaches.

This means that there are companies who develop apps available to people in the UK, but based in jurisdictions with little or no data protection provisions, she claimed, adding that it means the system for international data flows is based on assessments of how other nations’ laws measure up to each other’s, no matter how many flaws in the systems.

Of course there are adequacy agreements, Denham conceded, but considering whether another nation’s law offers the same protections as your own is a difficult process.

She continued: “Countries’ laws reflect their histories, their cultures and their societies. Trust in police access to information can be low in countries that historically had secret police forces with government links, for instance.

“And there’s a difference between a European approach founded in human rights, versus a North American approach which has historically focused on consumer rights. Throw geopolitics into the mix, and it’s no surprise that adequacy assessments can be far from simple. Which is where we return to Bretton Woods.

“It is my view that a Bretton Woods conference for data is required today. It is accepted that the digital world is borderless. It is accepted that the flow of data, from individual to organisation, from organisation to organisation, from country to country, is integral to digital innovation.

“It is accepted – I hope – that such data flows rely on the public trust earned through sensible data protection regulation. And yet we continue to consider those protections domestically. That needs to change.”

However, Denham insisted it is not about creating a global law that everyone must follow; it is not about deciding there is only one law to rule them all.

“We will only make progress by respecting the differences between our laws, our cultures and our societies. We need to build the architecture to allow those differences to work side by side.

“My own view is that a global data protection accord could find common ground between nation’s data protection regimes. Membership would rely on countries demonstrating their commitment to data protection, backed by independent regulation.

“The challenge must go to governments and international organisations like OECD, Council of Europe and WTO: you are the ones with the convening power to make a Bretton Woods conference for data happen.

“And then the challenge must go further afield. Data is such a broad, cross societal issue that impacts every facet of our lives. And so the solutions must come from the bright minds across society from civil society, from think tanks, academia, from businesses and from the people whose trust so much relies on.”

She concluded: “The challenge is clear. The appetite for solutions is clear. What we need now is 21st century thinking for a 21st century problem.”