It’s somewhat typical, no updated data protection legislation for 15 years and suddenly bills and directives are popping up faster than you can click yes to cookies.
The Data Sharing and Governance Bill 2018 (the “Bill”) has been published – the Bill purports to allow for the sharing of and reuse of personal data so that individuals and businesses only have to provide their details once to a public body.
Key provisions of the Bill include facilitating effective administration, supervision and control of public services; establishing entitlements to public services; identifying and correcting erroneous information; and evaluating the effectiveness of public services.
The Bill seeks to provide a generalised legal basis for the sharing of data between public bodies while also setting out guidelines under which such sharing should take place. Importantly, the Bill requires that sharing be carried out under a formal written data-sharing agreement that sets out in detail what data will be shared with whom and for what purpose. Data-sharing agreements are to be published on the websites of the public bodies concerned in advance of any sharing taking place, and the public will be able to comment on such proposals.
Part 2 of the Bill states that nothing in the Bill shall affect the operation of data protection law however there is sure to be tension between the principles upholding the GDPR and the application of broad exemptions from same to public bodies. The implementation of necessary and proportionate measures, together with the use of appropriate safeguards, will be vital in ensuring that such data-sharing agreements are not susceptible to future challenge.
Website by Open