Public sector personal data sharing: framework and principles

This report considers frameworks and practices of providing access to personal data by public sector organisations to private organisations.


References

Adams, C., & Allen, J. (2014). Government databases and public health research: Facilitating access in the public interest. Journal of Law and Medicine, 21(4), 957–972.

The Alan Turing Institute (2017). Independent Digital Ethics Panel for Police. Ethics Advisory Report for West Midlands Police. July. https://www.turing.ac.uk/sites/default/files/2018-11/turing_idepp_ethics_advisory_report_to_wmp.pdf

Australian Government - Department of the Prime Minister and Cabinet. (2018) New Australian Government

Australian Government (n.d.). Australian Privacy Principles guidelines. https://www.oaic.gov.au/privacy/australian-privacy-principles-guidelines

Bampoulidis, A., Bruni, A., Markopoulos, I., & Lupu, M. (2020). Practice and Challenges of (De-Anonymisation for Data Sharing. In F. Dalpiaz, J. Zdravkovic, & P. Loucopoulos (Eds.), Research Challenges in Information Science (pp. 515–521). Springer International Publishing. https://doi.org/10.1007/978-3-030-50316-1_32

Biddle, N, Edwards, B, Gray, M, McEachern, S. Public attitudes towards data governance in Australia (2018). Centre for Social Research and Methods, Australian National University. 12. https://csrm.cass.anu.edu.au/research/publications/public-attitudes-towards-data-governance-australia-0

Big Data Value Association (2019). Towards a European Data Sharing Space. April. https://www.bdva.eu/sites/default/files/BDVA%20DataSharingSpace%20PositionPaper_April2019_V1.pdf

Cavallaro, F., Lugg-Widger, F., Cannings-John, R., & Harron, K. (2020). Reducing barriers to data access for research in the public interest—Lessons from covid-19. The BMJ. July 6. https://blogs.bmj.com/bmj/2020/07/06/reducing-barriers-to-data-access-for-research-in-the-public-interest-lessons-from-covid-19/

Combe, C. (2009). Observations on the UK transformational government strategy relative to citizen data sharing and privacy. Transforming Government: People, Process and Policy, 3(4), 394–405. https://doi.org/10.1108/17506160910997892

Danish Data Protection Agency (n.d.). What We Do. https://www.datatilsynet.dk/english/about-us/what-we-do

DataLoch (n.d.). FAQs. https://dataloch.org/about-us/faqs

De Fauw, J., Ledsam, J. R., Romera-Paredes, B., Nikolov, S., Tomasev, N., Blackwell, S., Askham, H., Glorot, X., O'Donoghue, B., Visentin, D., van den Driessche, G., Lakshminarayanan, B., Meyer, C., Mackinder, F., Bouton, S., Ayoub, K., Chopra, R., King, D., Karthikesalingam, A., … Ronneberger, O. (2018). Clinically applicable deep learning for diagnosis and referral in retinal disease. Nature Medicine, 24(9), 1342–1350. https://doi.org/10.1038/s41591-018-0107-6

DeepMind (2016). Announcing DeepMind Health research partnership with Moorfields Eye Hospital. 5 July. https://deepmind.com/blog/announcements/announcing-deepmind-health-research-partnership-moorfields-eye-hospital

Deloitte (2020). D01. Study on public sector data strategies, policies and governance. Data analytics for Member States and Citizens. 15 May. https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/2020-06/DIGIT%20-%20D01%20-%20Study%20on%20public%20sector%20data%20strategies%2C%20policies%20and%20governance%20v3annexes.pdf

Equality and Human Rights Commission (n.d.). The Human Rights Act 1998. https://www.equalityhumanrights.com/en/human-rights/human-rights-act.

European Commission (2022). AI Watch - National strategies on Artificial Intelligence. https://publications.jrc.ec.europa.eu/repository/handle/JRC129123.

European Commission (2021). The AI Act. https://artificialintelligenceact.eu/the-act/

European Parliament (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679

U.S. Federal Data Strategy (2020). 2020 Action Plan. https://strategy.data.gov/action-plan/

Finland Government (2019). Act on the Secondary Use of Health and Social Data (552/2019). https://www.finlex.fi/fi/laki/alkup/2019/20190552

Finland Ministry of Social Affairs and Health (n.d.). Secondary use of health and social data. https://stm.fi/en/secondary-use-of-health-and-social-data

Godlee F. (2016). What can we salvage from care.data? BMJ. 354:i3907 doi:10.1136/bmj.i3907

Hamza, H., Sehl, M., Egide, K., & Diane, P. (2011). A Conceptual Model for G2G Relationships. In M. Janssen, H. J. Scholl, M. A. Wimmer, & Y. Tan (Eds.), Electronic Government (pp. 285–295). Springer. https://doi.org/10.1007/978-3-642-22878-0_24

Harmony Alliance (n.d.). FAQ. https://www.harmony-alliance.eu/bigdata-platform/faq

Henriksen-Bulmer, J., & Jeary, S. (2016). Re-identification attacks—A systematic literature review. International Journal of Information Management, 36(6, Part B), 1184–1192. https://doi.org/10.1016/j.ijinfomgt.2016.08.002

Hern, A. (2017). Royal Free breached UK data law in 1.6m patient deal with Google's DeepMind. The Guardian. 3 July. https://www.theguardian.com/technology/2017/jul/03/google-deepmind-16m-patient-royal-free-deal-data-protection-act

Ipsos MORI Social Research Institute (2016). The One-Way Mirror: Public attitudes to commercial access to health data. March. https://wellcome.org/sites/default/files/public-attitudes-to-commercial-access-to-health-data-wellcome-mar16.pdf

Japan Personal Information Protection Commission (2020). Act on the Protection of Personal Information. June. https://www.ppc.go.jp/en/legal/

Kumazawa, H. (2019). Joint Statement by Haruhi Kumazawa, Commissioner of the Personal Information Protection Commission of Japan and Věra Jourová, Commissioner for Justice, Consumers and Gender Equality of the European Commission. https://www.ppc.go.jp/files/pdf/310123_pressstatement_en.pdf

Laurie, G. & Stevens, L. (2016). Developing a Public Interest Mandate for the Governance and Use of Administrative Data in the United Kingdom. September. Journal of Law and Society, Vol. 43, Issue 3, pp. 360-392, 2016, Available at SSRN: https://onlinelibrary.wiley.com/doi/epdf/10.1111/j.1467-6478.2016.00759.x or http://dx.doi.org/10.1111/j.1467-6478.2016.00759.x

Mikhaylov, S. J., Esteve, M., & Campion, A. (2018). Artificial intelligence for the public sector: Opportunities and challenges of cross-sector collaboration. Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences, 376(2128), 20170357. https://doi.org/10.1098/rsta.2017.0357

Moorfields Eye Hospital (n.d.). DeepMind Health Q&A. https://www.moorfields.nhs.uk/faq/deepmind-health-qa

NHS Digital (2020). NHS Digital Data Uses Register. https://digital.nhs.uk/services/data-access-request-service-dars/data-uses-register

NHS Digital (2006). Protecting patient data. https://digital.nhs.uk/services/national-data-opt-out/understanding-the-national-data-opt-out/protecting-patient-data#section-251-nhs-act-2006-approval

NHS Scotland (n.d.). Data Safe Haven. https://www.nhsresearchscotland.org.uk/research-in-scotland/data/safe-havens

Nishimura, K. (2021). Diet enacts data bills despite concerns raised over privacy. The Asahi Shimbun: Breaking News, Japan News and Analysis. 12 May. https://www.asahi.com/ajw/articles/14346985

Norwegian Ministry of Local Government and Modernisation (2020). National Strategy for Artificial Intelligence. https://www.regjeringen.no/contentassets/1febbbb2c4fd4b7d92c67ddd353b6ae8/en-gb/pdfs/ki-strategi_en.pdf

OECD (2021). Drivers of Trust in Public Institutions in Finland, OECD Publishing, Paris, https://doi.org/10.1787/52600c9e-en.

U.S. Office of the Chief Technology Officer (2018). The State of Data Sharing at the U.S. Department of Health and Human Services. U.S. Department of Health and Human Services, September. https://www.hhs.gov/sites/default/files/HHS_StateofDataSharing_0915.pdf

OpenSAFELY (n.d.). About OpenSAFELY. https://www.opensafely.org/about/

Parliament of Australia (2020). Data Availability and Transparency Bill 2020. https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6649

The Paypers (2020). More than half of Europeans don't trust public authorities with their data. December 21. https://thepaypers.com/payments-general/more-than-half-of-europeans-dont-trust-public-authorities-with-their-data--1246377

Richter, H. (2020). The Law and Policy of Government Access to Private Sector Data ('B2G Data Sharing') (SSRN Scholarly Paper ID 3594109). Social Science Research Network. https://doi.org/10.2139/ssrn.3594109

Sail Data Bank (n.d.). Overview. https://saildatabank.com/about-us/

Savirimuthu, J. (2021). The GDPR, AI and the NHS Code of Conduct for data driven health and care technology. In: Personal Data Protection and Legal Developments in the European Union. https://livrepository.liverpool.ac.uk/3098248/

SaxInstitute (n.d.). SURE. https://www.saxinstitute.org.au/our-work/sure/

Scottish Government (2015a). Charter for Safe Havens in Scotland: Handling Unconsented Data from National Health Service Patient Records to Support Research and Statistics. 16 November.

Scottish Government (2015b). Open Data Stategy. 25 Feb. https://www.gov.scot/publications/open-data-strategy/

Scottish Government (2013). Public Acceptability of Data Sharing Between the Public, Private and Third Sectors for Research Purposes. 4 October. https://www.gov.scot/publications/public-acceptability-data-sharing-between-public-private-third-sectors-research-purposes/pages/1/

Sentinel (n.d.). About the Food and Drug Administration (FDA) Sentinel Initiative. https://www.sentinelinitiative.org/about_us

Shahaab, A., & Khan, I. (2020). Estonia is a 'digital republic' – what that means and why it may be everyone's future. The Conversation. 7 October. http://theconversation.com/estonia-is-a-digital-republic-what-that-means-and-why-it-may-be-everyones-future-145485

Singapore Competition and Consumer Commission (2019). Data: Engine for Growth – Implications for Competition Law, Personal Data Protection, and Intellectual Property Rights. https://www.cccs.gov.sg/resources/publications/occasional-research-papers/data-engine-for-growth

Singapore Government (2012). Personal Data Protection Act 2012. https://sso.agc.gov.sg/Act/PDPA2012#pr12-

Singapore Personal Data Protection Commission (2019). Trusted Data Sharing Framework. https://www.imda.gov.sg/-/media/Imda/Files/Infocomm-Media-Landscape/SG-Digital/Tech-Pillars/Artificial-Intelligence/Trusted-Data-Sharing-Framework.pdf

Sitra (2016). Survey of attitudes to welfare data in Finland. https://www.sitra.fi/artikkelit/survey-attitudes-welfare-data-finland/

Statistics Denmark (2020). Data for research. Addressing trust in public sector data. 20 July. https://www.dst.dk/en/TilSalg/Forskningsservice

Street, J., Fabrianesi, B., Adams, C., Flack, F., Smith, M., Carter, S. M., Lybrand, S., Brown, A., Joyner, S., Mullan, J., Lago, L., Carolan, L., Irvine, K., Wales, C., & Braunack-Mayer, A. J. (2021). Sharing administrative health data with private industry: A report on two citizens' juries. Health Expectations, 24(4), 1337–1348. https://doi.org/10.1111/hex.13268

Tierney, M. (2019). Data Privacy Laws by State: The U.S. Approach to Privacy Protection. August 27. Https://Blog.Netwrix.Com/. https://blog.netwrix.com/2019/08/27/data-privacy-laws-by-state-the-u-s-approach-to-privacy-protection/

Thuermer, G., Walker, J., Simperl, E. (2019). Data Sharing Toolkit. Data Pitch. https://datapitch.eu/wp-content/uploads/2019/10/7770-Final-Data-Sharing-Toolkit-Web.pdf

UK Centre for Data Ethics and Innovation (2020). Addressing Trust in Public Sector Data Use. https://www.gov.uk/government/publications/cdei-publishes-its-first-report-on-public-sector-data-sharing/addressing-trust-in-public-sector-data-use

UK Department for Digital, Culture, Media & Sport (2021). Data: a new direction. 10 September. https://www.gov.uk/government/consultations/data-a-new-direction

UK Department for Digital, Culture, Media & Sport (2016). Digital Economy Bill Part 5: Digital Government. 5 July. https://www.gov.uk/government/publications/digital-economy-bill-part-5-digital-government

UK Department for Business, Energy & Industrial Strategy (2019). AI Sector Deal. 21 May. https://www.gov.uk/government/publications/artificial-intelligence-sector-deal/ai-sector-deal

UK Department of Education (2022). External data shares. https://www.gov.uk/government/publications/dfe-external-data-shares

UK HM Revenue & Customs (n.d.). internal manual. Information Disclosure Guide. https://www.gov.uk/hmrc-internal-manuals/information-disclosure-guide/idg40120

UK Information Commissioner's Office (2018). Guide to the UK General Data Protection Regulation (UK GDPR). https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/

UK Information Commissioner's Office (n.d.a). What we do. https://ico.org.uk/about-the-ico/what-we-do/

UK Information Commissioner's Office (n.d.b). What is personal data? https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/what-is-personal-data/

UK Information Commissioner's Office (n.d.c). Special category data. https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/special-category-data/

UK Information Commissioner's Office (n.d.d). Controllers and processors. https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/controllers-and-processors/

UK Information Commissioner's Office (n.d.e). Data protection impact assessments. https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-impact-assessments/

UK Information Commissioner's Office (n.d.f). Data sharing agreements. https://ico.org.uk/for-organisations/guide-to-data-protection/ico-codes-of-practice/data-sharing-a-code-of-practice/data-sharing-agreements/

UK Information Commissioner's Office (2017). Royal Free - Google DeepMind trial failed to comply with data protection law. 3 July. https://ico.org.uk/media/about-the-ico/consultation-responses/2618963/ico-response-national-data-strategy-consultation.pdf

UK Office for National Statistics (n.d.a). Accessing secure research data as an accredited researcher. https://www.ons.gov.uk/aboutus/whatwedo/statistics/requestingstatistics/approvedresearcherscheme#the-five-safes

UK Office for National Statistics (n.d.b). ONS research and data access policy. https://www.ons.gov.uk/aboutus/transparencyandgovernance/datastrategy/datapolicies/onsresearchanddataaccesspolicy

UK Office for National Statistics (2015). ICO review: Data sharing between the public and private sector to prevent fraud. 16 April. https://ico.org.uk/media/action-weve-taken/audits-and-advisory-visits/1043719/ico-review-data-sharing-to-prevent-fraud.pdf

UK Public General Acts (2018). Data Protection Act 2018. https://www.legislation.gov.uk/ukpga/2018/12/schedule/1/enacted

UK Public General Acts (2017). Digital Economy Act 2017. https://www.legislation.gov.uk/ukpga/2017/30/part/5/chapter/5/enacted

UK Public General Acts (2005). Commissioners for Revenue and Customs Act 2005. https://www.legislation.gov.uk/ukpga/2005/11/contents

United States Census Bureau. Research Data Centres. https://www.census.gov/about/adrm/fsrdc/locations.html

van Panhuis, W. G., Paul, P., Emerson, C., Grefenstette, J., Wilder, R., Herbst, A. J., Heymann, D., & Burke, D. S. (2014). A systematic review of barriers to data sharing in public health. BMC Public Health, 14(1), 1144. https://doi.org/10.1186/1471-2458-14-1144

Vanska, R., & Halenius, L. (2019). People value having the power to make decisions about the use of their data. Sitra. January 17 https://www.sitra.fi/en/articles/people-value-power-make-decisions-use-data/

Zajc, T. (2021). From eHealth week: Open data models – enablers for easier secondary use of data. 14 September. https://blog.better.care/from-ehealth-week-open-data-models-enablers-for-easier-secondary-use-of-data

Contact

Email: sophie.Ilson@gov.scot

Back to top