The Information Commissioner’s Office is urging businesses to study its new Data Sharing Code of Practice, especially with the threat of a no-deal Brexit looming large, to ensure they carry out responsible data sharing.
Insisting that data sharing “is central to digital innovation in both the private and public sectors” with “economic and social benefits, including greater growth, technological innovations, and the delivery of more efficient and targeted services”, the new code updates the 2011 version, written under the Data Protection Act 1998.
The first draft for the new code was opened for consultation in July 2019.
Information Commissioner Elizabeth Denham insisted the pandemic had brought the need for fair, transparent and secure data sharing into even sharper focus: “I have seen first-hand how sharing data between organisations has been crucial to supporting and protecting people during the response to Covid-19.
“That includes public authorities and supermarkets sharing information to support vulnerable people shielding or health data being shared to support fast, efficient and effective delivery of pandemic responses.”
The code addresses many aspects of the Data Protection Act 2018, including transparency, lawful bases for using personal data, the new accountability principle and the requirement to record processing activities.
Alongside the code, the ICO has launched a data sharing information hub where organisations can find targeted support and resources, including a myth busting blog, designed to clear up confusion.
In addition, the code provides guidance on the effect Brexit will have on data protection legislation. With the Brexit deadline three weeks away, and a no-deal departure still a possibility, the code advises organisations to review safeguards for transferring data to and from the European Economic Area, as rules on international transfers will start to apply.
Before the code is formally adopted, the Secretary of State will need to lay the code before Parliament for its approval, which should be done as soon as is reasonably practicable.
Once the code has been laid it will remain before Parliament for 40 sitting days. If there are no objections, it will come into force 21 days after that.
Denham added that the publication of the code was not a conclusion, but a milestone: “This code demonstrates that the legal framework is an enabler to responsible data sharing and busts some of the myths that currently exist.
“I want my code of practice to be part of a wider effort to address the technical, organisational and cultural challenges for data sharing. The ICO will be at the forefront of a collective effort, engaging with key stakeholders. I know I can count on a collective effort from practitioners and government to understand the code and work with the ICO to embed it.”
Govt banks on data strategy to drive Covid-19 recovery
Germans stomp on Facebook over ‘illicit’ data sharing
EU data cop calls for single app to combat coronavirus
Regulator gives the green light for mobile data tracking
ICO pledges ‘light touch’ over coronavirus privacy fears
Mail blames the ICO for blocking coronavirus warnings