The ICO Data Sharing Code

In October 2021, the ICO’s Data Sharing Code of Practice (the “Code”) came into force. The Code is designed to resolve misconceptions around data sharing relationships, including requirements for agreements between two or more controllers (for which the UK GDPR does not set out a list of prescribed provisions). Uncertainty around legal requirements has led to organisations being hesitant to share personal data due to fear of non-compliance.

The Code seeks to provide practical advice and guidance on how to comply with the UK’s data protection regime.  Whilst the guidance is relatively high-level, it does deal with specific situations. For example, where organisations pool data for mutual use, they should consider whether they are independent or joint controllers. It is always good practice to enter into a formal agreement setting out agreed roles and responsibilities but, where the parties are joint controllers, this is a legal requirement. As another example, the Code also sets out guidance on data use in emergency situations, and guidance as to what would count as an emergency - risk of serious physical harm, protection of public health and national security among other headings. Of particular note, the Code also provides some insight into how to carry out privacy due diligence when looking at data transfers due to mergers, acquisitions or other changes in organisational structures.

The Code also includes a number of useful real-life examples, to demonstrate the effects and realities of data sharing in practice. These include:

  • A supermarket disclosing loyalty scheme data to the police.
  • A mobile phone company sharing details of customer accounts with a credit reference agency.
  • A university carrying out research on pupil performance and background.
  • An information sharing framework for intra-county healthcare providers.

The Code goes a long way to promote transparent and responsible data sharing. There are huge benefits to this, for example facilitating access to wider pools of data leads to greater innovation and technological advancements.

For more information on this article, please contact Hannah Pettit.

Send us a message