Thank you so much for inviting me here today.
I’m Elizabeth Denham, the UK’s Information Commissioner. My office is responsible for data protection in the UK.
And I have a wider role that covers cybersecurity, access to information, law enforcement use of data and electronic marketing. I am also the chair of the global forum of data protection regulators. We number over 120 members from all continents and we share best practice and facilitate cooperation on enforcement. We help each other on the big priority areas for policy consideration when it comes to privacy globally. It’s a diverse and inclusive group and I am delighted that India has secured observer status. I welcome the Ministry. And I hope when your national data protection authority is up and running that it will be interested in joining us as a full member.
It’s important that data protection regulators talk to each other. We play a crucial role in ensuring that the economic opportunities from the lawful and ethical use of data can be realised.
It’s a privilege to be here in India with you while we discuss these important issues affecting our people and economies. The dynamism with which India has pushed forward with the drafting of its data protection bill has been impressive.
This is a pivotal time for data protection — and there is a lot of ambition in India, and globally, to get it right. Data is the asset of the fourth industrial revolution, and people want confidence that their data will be safeguarded and used for their benefit. Only those organisations that truly respect and embrace privacy by design will retain the social licence to innovate with data for commercial or for public benefit. Let’s remember when we talk about personal data, really what we’re talking about is people. Not ones and zeros in binary code.
That’s why people are at the heart of everything my office does! The ICO is Europe’s largest data protection regulator. And we have over 30 years of experience protecting our citizens by investigating complaints of data misuse and educating UK data fiduciaries on how to practically comply with the law. We have learned a lot on this journey that we want to share with others.
We enforce the law, both civil and criminal, against organisations that have violated data protection rules. And with the advent of the GDPR this includes organisations both at home and abroad directing services at UK residents. Our work means we have to keep pace with the huge technical advances we have all seen. My office has been working on the data protection implications of block-chain, examining how AI can be used both innovatively and appropriately in health diagnostics, and how it should be examined for bias and transparency.
I have a post-doctoral fellow from Oxford University helping with our AI framework. My work is cross-economy and ranges from the reports of cyber-attacks against companies, through to our ground breaking investigation into data misuse in our democratic process – the Cambridge Analytica/Facebook case. We are not alone in this — we worked with others such as our national cyber security agency, our national crime agency, other UK regulators and international counterparts to safeguard our citizens and democracy.
Thanks to that robust international network there is a growing global understanding of what works and what doesn’t. We are seeing the emergence of frameworks and guidelines – across jurisdictions – that have a lot of commonality and can be quite easily adapted from one jurisdiction to another to fit different legal regimes, business practices and cultures.
I’ve seen this first hand while visiting a number of countries in Asia and the Pacific recently. I was impressed by the range of innovation and the practical application of the law. Including Hong Kong’s great strides on digital ethics, Singapore’s AI framework, the timely discussion in New Zealand on algorithmic transparency, and the debate in Australia about how better to protect our children online.
What ties all these three topics together? We’ve been grappling with them in the UK and in the rest of the EU too. In the digital era, these dilemmas are ones that affect us all. We are all different and the exact tools that work for one country don’t necessarily carry across to another. But on an outcomes level, it looks like these different paths lead to the same destination.
We’re moving towards convergence. In the age of increasing data flows, there has never been a more important time for global coherence in data protection and privacy. Of course this will positively impact the global data economy and have a significant effect on international trade. But the real beneficiaries will be people; increasing trust and confidence in the way their personal data is used and shared no matter what jurisdiction that may be. And as India confers data protection rights upon 1.2billion people I am hopeful that her interest and expertise will combine to make hers a leading voice in partnership with the UK in that global convergence.