Law Commission: full-scale reform of law governing data sharing by public bodies needed

Following a year-long review of the law in this area, the Law Commission has requested that the UK government commission a full-scale, UK-wide reform project which would make recommendations to simplify the law and bring it up to date. This project should be carried out jointly by the Law Commission and its partner bodies in Scotland and Northern Ireland, and look at the sharing of data between public bodies and other bodies carrying out public functions, as well as between public bodies themselves, according to a report by the Commission (198-page / 530KB PDF).

“Data sharing law must achieve a balance between the public interest in sharing information and the public interest in protecting privacy,” said Nicholas Paines QC, the commissioner responsible for public law.

“We have identified widespread misunderstanding and confusion about the statutory framework for data sharing and its relationship with data protection, human rights and the common law. In our view, an effective, long-term solution can be achieved only through UK-wide law reform. A thorough analysis of law and practice, and reforms to modernise, simplify and clarify the provisions that permit and control data sharing, are needed to restore confidence to the bodies that provide public services and the citizens that use them,” he said.

The Law Commission began consulting public bodies on their experiences of data sharing and views on the application of existing data protection rules last year. At the time, the law reform body said that the perceived problems with data sharing between public bodies may have originated from lack of guidance, insufficient technology or fear of excessive sanctions rather than necessarily being due to inappropriate laws. If a full law reform project goes ahead, it plans to consider the potential for ‘soft law’ codes of practice, advice and guidance, training of staff and ways of sharing data management best practice alongside legislative proposals.

In its report, the Law Commission said that existing laws governing data sharing had been created in a “piecemeal and ad hoc way”. “This has meant that the law has developed without consistent oversight and scrutiny, resulting in a complex web of statutory provisions”, it said. Currently, powers to share data are scattered across a very large number of statutes and may be set out expressly or implied, and there are also various common law provisions.

As part of the proposed law reform project, the Commission intends to review the common law as well as map, modernise, simplify and clarify the existing statutory provisions. It would also incorporate the impact of emerging European law and technological advances as part of this work. In addition, the project could consider the functions of the Information Commissioner in relation to data sharing, including the Commissioner’s enforcement role, the Law Commission said.