Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Irish Data Protection Commissioner and FTC sign Memorandum of Understanding

Posted in Federal Trade Commission, International

The Data Protection Commissioner Billy Hawkes has signed a memorandum of understanding (MOU) with the Chairwoman of the U.S. Federal Trade Commission (FTC), Edith Ramirez.  The MOU is a statement of cooperation between the two agencies in their efforts to protect consumer privacy.  It includes provisions calling for cooperation in relation to enforcement of relevant privacy laws through providing investigative assistance and the mutual exchange of information and knowledge.

The Commissioner welcomed the development, stating that  it would provide valuable assistance to the Irish Data Protection Authority (DPA) in combatting issues relating to “the increasing data flows across borders and the ever-increasing complexity and pervasiveness of information technologies.”  Several major U.S. tech companies, including Apple and Google, have their EU headquarters in Ireland.  This agreement should facilitate the regulation by both agencies of data transferred from Ireland to these companies’ U.S. parents.  Although cross-border transfers are not heavily regulated by U.S. privacy laws, EU law does place restrictions on when personal data can be transferred out of the EEA.  The recent media reports regarding the NSA’s PRISM data collection program show that this is an area in which further cooperation between U.S. and EU agencies is needed.  

This agreement is part of an increasing trend of trans-Atlantic cooperation in the field of data protection.  For example,  the Dutch and Canadian DPAs recently carried out a joint privacy investigation into WhatsApp, the popular messaging app, in an operation described as a “global first.”  The FTC and Irish DPA have also previously  cooperated on cross-border policy and enforcement as part of wider international agreements, including through the London Action Plan (LAP, an anti-spam network) and the Global Privacy Enforcement Network (GPEN).