The Information Commissioner’s Office (ICO) has published its new Data Sharing Code of Practice.
The code provides practical advice to make it easier for businesses and other groups to demonstrate that their compliance with data sharing legislation and their use of data is fair, lawful, and accountable.
It covers several areas, including transparency, lawful bases for using personal data, the new accountability principle and the requirement to record processing activities.
Provisions for the new code were laid out in the Data Protection Act 2018. A previous data sharing code was published in 2011 under the Data Protection Act 1998.
According to Information Commissioner Elizabeth Denham, the Covid-19 pandemic brought the need for fair, transparent and secure data sharing into even sharper focus.
She said: “I have seen first-hand how sharing data between organisations has been crucial to supporting and protecting people during the response to the Covid-19 pandemic.
“That includes public authorities and supermarkets sharing information to support vulnerable people shielding or health data being shared to support fast, efficient and effective delivery of pandemic responses.”
Data sharing holds the key to economic and social benefits, including greater growth, technological innovations, and the delivery of more efficient and targeted services.
As such, the new code aims to promote digital innovation in both the private and public sectors.
The code states that aim of data protection legislation is to facilitate data sharing when approached in a fair and proportionate way, rather than be an obstacle.
In addition, the code provides guidance on the effect Brexit will have on data protection legislation. With the Brexit deadline three weeks away, and a no-deal departure still a possibility, the code advises organisations to review safeguards for transferring data to and from the European Economic Area, as rules on international transfers will start to apply.
- We must make the digital telecare switch or risk losing lives
- Making the most of digital twins – A question of definition
- 11 Scottish startups worth watching in the New Year
The ICO has also published a range of resources to help organisations better ensure compliance with data protection rules. These include a basics guide to the code, along with FAQs, case studies, checklists, and templates.
Before the code is formally adopted, the Secretary of State will need to lay the code before Parliament for its approval, which should be done as soon as is reasonably practicable.
Once the code has been laid it will remain before Parliament for 40 sitting days. If there are no objections, it will come into force 21 days after that.
Denham added that the publication of the code was not a conclusion, but a milestone.
“This code demonstrates that the legal framework is an enabler to responsible data sharing and busts some of the myths that currently exist,” she said.
“I want my code of practice to be part of a wider effort to address the technical, organisational and cultural challenges for data sharing. The ICO will be at the forefront of a collective effort, engaging with key stakeholders.
“I know I can count on a collective effort from practitioners and government to understand the code and work with the ICO to embed it.”