Government data sharing plans may breach Data Protection Act

By Graeme Burton
01 May 2012 View Comments

Cabinet Office plans to increase data sharing among government departments and other public-sector bodies will require a new "consent exemption" to legalise the sharing of sensitive personal data.

That is the view of Kathryn Wynn, a data protection law specialist and senior associate at law firm Pinsent Masons. Even with such an exception, she warns, public-sector bodies might still have difficulty justifying sharing sensitive personal data under the Data Protection Act, without first notifying the individuals concerned.

Further reading

It follows revelations that Cabinet Office minister Francis Maude is planning new laws that would provide the public sector with a "fast-track mechanism" to enable personal data collected by one government department or public-sector organisation to be used by others for purposes other than those originally intended.

According to the reports, even data collected by doctors or the police could be shared with other bodies without individuals' consent or notification. This, however, might contravene as many as four of the eight data protection principles established under the Data Protection Acts 1984 and 1998.

In an article on a website run by the law firm,, Wynn said: "At the moment, if an organisation wishes to share sensitive personal data, it must satisfy the first data protection principle. The data sharers would be required to ensure processing is fair and lawful, and that individuals have been issued with a ‘fair process notice'."

She added: "The data sharing bodies may also be able to rely on the ‘legitimate interests' justification for processing data without consent, provided that they have made an assessment to ensure that the data sharing will not be prejudicial to the individuals."

It is not yet clear, however, whether Maude is proposing this relaxation in data protection for investigative or operational purposes. Many public-sector organisations, encouraged by central government, have forged ahead with shared services, such as running common functions from the same technology platforms. Many are also experimenting with cloud computing.

These initiatives, though, are driven by a need to save money and to improve long-term cost efficiency, even if establishing such initiatives has a high up-front cost.

There remains a suspicion that local authorities, police forces and other public-sector bodies are increasingly sharing personal data in ways that may be illegal under the Data Protection Act and that the aim is to retrospectively normalise these activities, and to make cross-governmental data sharing the norm in future.

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

38 %
26 %
15 %
21 %