Skip to content

Report of the Digital Government Review

The Law Commission: a report on data sharing

So far, there are no comments on this section. Jump to comments

Much of government’s handling of data is controlled by the Data Protection Act 1998. It is notoriously complicated.

Igor Judge QC (Lord Judge) said, when writing a foreword to a guide to the DPA for the judiciary that: ‘This legislation is virtually impenetrable’ [65]. Igor Judge went on to become Lord Chief Justice. If he finds data protection law hard to grasp, then no one else has a hope.

It is not widely understood that data sharing is also controlled by legislation outside the Data Protection Act (DPA), with most local authorities relying on powers granted under the Localism Act 2011 and central government requiring primary legislation to establish ‘data sharing gateways’. Much, but by no means all of UK data sharing law flows from EU legislation, which itself is currently undergoing change. It is far from clear whether the UK exerts any meaningful influence on EU law and practice.

The Law Commission recently consulted on data sharing legislation [66]. Some parties have argued this reliance on primary legislation creates much-need transparency and debate. This section nicely summaries the legal complexities:

‘Relationship between different data sharing provisions

‘One of the complaints made about the law on data sharing is that it is often difficult to know what the law is, because of the number and range of sources of law. It is also difficult to know which law takes precedence on any particular issue. Statutory provisions interact with other legal requirements and the hierarchy is not always clear and is often difficult to understand.

‘Some gateways expressly override certain other statutory provisions. Some expressly do not override certain other statutory provisions. Some provide for secondary legislation to prescribe any particular restrictions. Some gateways provide for certain common law duties or other obligations to be overridden, such as confidentiality. There may be provision in other legislation providing that data sharing does not breach certain specified legal restrictions.

‘A statutory gateway may impliedly override other provisions. The introduction of statutory powers can supersede a common law power covering the same ground, so the common law may be eroded by the development of statutory gateways. Whether a particular statutory provision supersedes the common law is a matter of statutory construction, with the result that uncertainty can overshadow the use of common powers in areas where Parliament has also passed statutory gateways to share data.’

The Law Commission noted that no authoritative list of data sharing gateways exists and that the complexity in the current legislation made it extremely difficult to establish such a list. The lack of such a list acts against government aims of transparency and openness. It contributes to the distrust felt by people towards government use of their data.

But the Law Commission report also reports a view from the Information Commissioner’s Office that problems with data sharing are “generally cultural, based on a misunderstanding of what the law does allow or the result of inter- organisational distrust, budgetary restraints, incompatible IT systems and so forth”.

The chapter on Troubled Families within the Law Commission report on data sharing [67], and the supporting consultation responses, tell a number of tales of differing organisations requiring different legal, financial, technical and process approaches to data sharing.

There is no best practice approach or mediation service to assist in or to resolve situations such as this. This internal confusion and discussion delays the benefits that the public agencies are trying to bring to people.

As the Law Commission report demonstrates charities and the public sector have to go through agonies to share data between themselves even when there is clear benefit to people in need. This is a stark contrast to the almost blasé approach of central government to providing data sets to the private sector.

The Law Commission recommend that a full law reform project should be carried out in order to create a principled and clear legal structure for data sharing that would meet the needs of society. But does this go far enough? How will we determine and embed the principles into that legal structure that will fix the trust issues? Is a legal framework sufficient to address the issues with anonymisation and security?

[67] See chapter 10 of and supporting submissions

This page reformats automatically when printed. Print this section

Please note that comments left here are public - you can also make a private submission.

Your email address will not be published. Name, email address and comment are required fields. Please note we may moderate comments.