ICO opens consultation for flow of biometric and other data out of the UK
The Information Commissioner’s Office (ICO) has opened a new consultation inviting organizations to comment on the protection of citizens’ data when it is transferred outside of the UK, with a particular focus on the risks of transferring sensitive data like biometrics.
Specifically, the ICO is looking for responses to its draft international data transfer agreement (IDTA) and guidance, which replaced the old Standard Contractual Clauses (SCCs).
In their call for contributions, the ICO said it recognized the importance of international data flows to the UK’s digital economy.
The organization also confirmed they are committed to maintaining high standards of data protection for people’s personal information when being transferred outside of the UK.
The document directly mentions a number of types of personal data, including “biometric data for the purpose of uniquely identifying a natural person.”
From a regulatory perspective, the IDTA is part of a wider UK package to assist international data transfers and includes independent support for the government’s approach to adequacy assessments of third countries which receive the data.
“We aim to provide greater regulatory certainty and assist organizations to comply with the law,” the consultation reads.
The document is divided into three separate sections, respectively proposal and plans for updates to guidance on international transfers, transfer risk assessments, and the international data transfer agreement.
The ICO also called for additional views related to privacy rights, legal, economic or policy considerations, and implications.
“Input at this early stage can make a significant difference as we will use the responses we receive to inform our work in developing the final documents,” the appeal reads.
The consultation is set to close on October 7, with the ICO running online workshops in September to provide organizations with additional information about the international transfer of data.
Information Commissioner Elizabeth Denham also issued recommendations recently for how live facial recognition deployments can protect people’s data privacy.