A Memorandum of Understanding has been signed between the UK’s ICO and the Office of the Australian Information Commissioner (OAIC), to facilitate cooperation and collaboration.
A memorandum of understanding has been signed between the UK’s ICO and the Australian Information Commissioner, due to the fact that the two share similar functions and duties in their respective countries. The two parties have realised the need for increased cross-border enforcement and cooperation, with the nature of this modern global economy, and the rate at which personal data crosses borders. With the signing of this memorandum of understanding the parties involved have set out the broad principles of their collaboration and a legal framework, which governs the exchange of irrelevant information and Intelligence between the two.
This memorandum of understanding that the parties signed last month should not be seen as a requirement on the part of any of these two parties to cooperate with each other. There is no legal requirement to cooperate in circumstances that would breach their individual responsibilities. This is simply a way for the two parties to deepen their existing relations and develop them further, in an effort to promote exchange and assistance with the enforcement of laws protecting personal information. The intent is to work together by sharing expertise, experiences and best practices, cooperating on specific projects and investigations and also, sharing information and Intelligence to support their individual and collective work. This collaboration is made without the intent of sharing any personal data. If the parties do wish to share personal data they will consider compliance with their own data protection laws which may require entering into a written agreement or arrangement regarding the sharing of that personal data. Based on section 132(1) of the DPA 2018, the UK commissioner can only share certain information if she has the lawful authority to do so.
The UK’s ICO and the OAIC will monitor the operation of their memorandum of understanding and biennially review it. Either of the parties do have the right to request a review sooner. There is a designated point of contact for each of the parties in the event that any issues arise in relation to this memorandum of understanding. In addition this agreement may only be amended by the parties in writing and signed by each of them.
As stated above, the memorandum of understanding between the ICO and the OAIC does not affect the transfer of personal data between both countries. Currently, there is no adequacy decision for data transfers to Australia, so one of the safeguards covered by the GDPR should apply, like Standard Contractual Clauses or Binding Corporate Rules. Furthermore, one should note that an anti-encryption law was approved two years ago in Australia, which obliges Australian companies to construct back access doors to information in such a way that it is available to the Government, while being required not to communicate the existence of such System to the users or customers, therefore directly colliding with GDPR.
Do you have questions about how this new agreement may affect your company? We can help you. Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.