Last year the Law Commission launched a consultation on the law around sharing of personal information between public sector organisations. The paper outlined the current law and asked 22 broad questions. In July, following analysis of the consultation responses, the Commission recommended a full-scale, UK-wide reform project to consider how the current law can be simplified and modernised.
The legalities of data sharing is a subject which often confuses public sector officials. Local authorities, in particular, are often stumped by the “To Share or Not to Share” question, even if the sharing is for very good reasons (e.g. child protection or crime prevention). More often than not, the Data Protection Act 1998 (DPA) is made the scapegoat for officials’ failure to fully understand the law. It is wrongly perceived as a barrier to data sharing despite offering a range of justifications (e.g. consent, legal obligation, protecting vital interests etc. (Schedule 2)). According to Nicholas Paines QC, the Law Commissioner responsible for public law:
“Data sharing law must achieve a balance between the public interest in sharing information and the public interest in protecting privacy,”
Public authorities are right to be cautious though. See the recent decision in AB & Anor, R (on the application of) v The London Borough of Haringey  EWHC 416 (Admin) (13 March 2013) where a judge ruled that the council’s data gathering had been unlawful because consent from the data subject was not sought.
The Commission received 87 written responses to its consultation paper, from a range of different individuals and organisations. It published its report, including its analysis of consultation responses on 11 July 2014. The report sets out its recommendations as follows:
“We made three recommendations.
We recommend that a full law reform project should be carried out in order to create a principled and clear legal structure for data sharing, which will meet the needs of society. These needs include efficient and effective government, the delivery of public services and the protection of privacy. Data sharing law must accord with emerging European law and cope with technological advances. The project should include work to map, modernise, simplify and clarify the statutory provisions that permit and control data sharing and review the common law.
The scope of the review should extend beyond data sharing between public bodies to the disclosure of information between public bodies and other organisations carrying out public functions.
The project should be conducted on a tripartite basis by the Law Commission of England and Wales, together with the Scottish Law Commission and the Northern Ireland Law Commission.
The Commission suggests that the project could usefully include consideration of the functions of the Information Commissioner in relation to data sharing, including the Commissioner’s enforcement role (Read the ICO’s response to the consultation.)
The Cabinet Office and the Ministry of Justice will now decide together whether to refer a full law reform project to the Law Commission.
Don’t hold your breath. We have been here before! Furthermore, do we really need new laws on data sharing or a better awareness of the existing ones? As I have said before, the current law is adequate to regulate yet allow responsible data sharing. The DPA and the ICO Data Sharing Code can be very useful tools for allowing responsible data sharing if they are properly understood.
STOP PRESS – The final report of the Home Office research into “Multi Agency Working and Information Sharing” was published on 1st August. The report makes for interesting reading, and sets out a number of commitments the Home Office is making to continue to support multi agency working and information sharing.
Ibrahim Hasan will be conducting full day Information Sharing workshops in Manchester and London in September.
ICO invites practitioners to feedback on its Data Sharing Code of Practice
The ICO is inviting feedback on its Data Sharing Code of Practice.
Published in May 2011 the publication continues to be one of our most popular pieces of guidance. We would like to hear about how you’re using the guidance and how it has helped your organisation meet its data protection and freedom of information obligations.
You can submit your comments using the survey on our website. The deadline for responses is 5 October 2014