GDS Data Architecture

• About

Data Sharing Principles

• Overview
• 1. Treat data as an asset
• 2. Federate first
• 3. Prepare for Once Only
• 4. Reuse sharing solutions
• 5. Support automation
• 6. Design for all data stakeholders
• 7. Use common standards for sharing
• 8. Share data transparently
• 9. Share data lawfully and ethically
• 10. Secure shared data proportionately

Capability Model

• Overview
• Channels
• Infrastructure
• Data Access
• Services
• Governance
• Security
• Trust

9. Share data lawfully and ethically

Continuity principle

Statement

We act in accordance with all relevant data sharing laws and ethical guidelines.

Why does this matter?

Data sharing is the subject of legislation and ethical discussion. Accounting for both in our data sharing initiatives is essential for safeguarding the rights and interests of individuals whose data is being processed. By adhering to legal frameworks and ethical principles, we ensure that information is not misused and protect people from potential harm.

As with transparency (Principle 8), sound legal and ethical conduct is also crucial for proving the integrity of the public sector and building trust with the people we serve. Taking precautions to pacify legal and ethical concerns around data sharing reduces the risk of reputational damage and the effort that repairing this damage entails.

How do we do this?

We must adhere to the ICO’s statutory Data Sharing Code of Practice when sharing personal data and follow the Data Ethics Framework when creating new data sharing projects.

Data providers should

• Understand their legal responsibilities as a data controller.
• Ensure that personal data is shared only when there is a clear legal basis and a justifiable need for doing so.
• Establish data sharing agreements with data consumers to agree roles and responsibilities.
• Maintain clear and comprehensive documentation about what data is shared, with whom, and for what purpose.
• Conduct thorough Data Protection Impact Assessments (DPIAs) prior to sharing personal data to identify and address potential risks.
• Consider the unintended consequences of sharing or not sharing data with respect to fairness and accountability.

Data consumers should

• Understand their legal responsibilities as a data controller and/or processor.
• Ensure that data is used strictly for purposes compatible with the original reason for its collection, respecting the intended use and expectations of data subjects.
• Establish data sharing agreements with data providers to agree roles and responsibilities.
• Obtain and document appropriate consent or establish a lawful basis for using shared data, particularly when handling sensitive personal information.
• Proactively identify, assess, and mitigate risks of harmful bias in the use of shared data, ensuring fairness and accountability in all processes.

Data sharing enablers should

• Understand their legal responsibilities as a shared data processor.
• Embed privacy-by-design principles into all data sharing solutions to ensure that data protection and ethical considerations are addressed from the outset.
• Enable regular reviews and audits of data sharing arrangements to ensure ongoing legal and ethical compliance.
• Foster a culture of accountability by ensuring that all staff involved in designing or managing data sharing receive suitable training on legal and ethical obligations.