At the beginning of March, the UK Information Commissioner’s Office (ICO) signed a memorandum of understanding (MOU) with the U.S. Federal Trade Commission (FTC) at the IAPP Global Privacy Summit. The memorandum is aimed at increasing cooperation between the agencies, with UK Information Commissioner Graham stating that the arrangement would be “to the benefit of people in the United States and the United Kingdom.”
Whilst the MOU does not create legally binding obligations between the two agencies, it sets out terms for cooperation during investigations and enforcement activities. The FTC and ICO will cooperate on serious violations. The methods for cooperation include:
- Sharing information, including complaints and personal information
- A mutual undertaking to provide investigative assistance to the other agency through use of legal powers
- Coordinating enforcement powers when dealing with cross-border activities arising from an investigation of a breach of either country’s law, where the matter being investigated is the same or substantially similar to practices prohibited by the other country
Measures to encourage cooperation between national regulators have been introduced by several international organisations. For example, in 2010, the Asia-Pacific Economic Cooperation (of which the United States is a member) launched a Cross-border Data Privacy Initiative, recognising that “trusted flows of information are essential to doing business in the global economy.”
The MOU is a joint acknowledgment by the FTC and ICO that consumer protection and data protection require close collaboration, and it serves as a warning to organisations that the agencies will be proactive in carrying out investigations of serious violations of consumer protection and data protection laws.