Digital Economy Bill code of practice aims to clarify data sharing definitions- is it enough?

The Digital Economy Bill’s data sharing code of practice aims to clarify what it means by data sharing and when it should be done, but full transparency is still lacking.

The publication of the code comes after the Digital Economy Bill  faced scrutiny by the committee of MPs reviewing the bill, particularly critisised for its lack of detail around data sharing.

Experts also criticised the government for failing to publish the code of practice the Bill is referring to.

The aim of the bill is to make the UK “a place where technology ceaselessly transforms the economy, society and government”; with one of its key commitments focusing on the sharing of publicly held data sets “to improve service delivery while maintaining safeguards on privacy”.

One of the main criticisms, echoed by several experts, was that the bill failed to include a definition of what data sharing means.

The code of practice defines data sharing in three ways: a reciprocal exchange of data, one or more organisations providing data to a third party and a number of organisations pooling information and making it available to each other.

The modern version of data sharing

In his written evidence to the committee ahead of last month’s hearing, Jerry Fishenden co-chair of the Cabinet Office’s Privacy and Consumer Advisory Group, said the bill seems “to imply an approach to ‘data sharing’ modelled on the era of filing cabinets and photocopiers when the only way to make data available to others was to send them a duplicate physical copy”.

“Modern technology has rendered the need for such literal ‘data sharing’ obsolete: data can now be used without copying it to others and without compromising security and privacy,” he said.

The code aims to address this issue and points out that while in the past, data sharing “has commonly involved bulk data transfers within and between public authorities”, new technology has impacted data sharing.

“APIs allow applications and their datasets to interact with each other across organisational and geographical boundaries,” the code said.

“This allows public authorities to identify or verify eligibility for services and other objectives for which data needs to be shared through less intrusive methods, such as running binary checks against one or more datasets.”

While exactly what data sharing practices are currently in place in government is, in the words of former GDS  chief Mike Bracken “opaque at best”, the code of practice recognises that as a transition is being made between old and new approaches to data sharing.

“The legislation is intended to support the range of different approaches to data sharing and as such does not specify the use of a particular technology or a specific approach to be used in terms of the practicalities of transfer.”

Transparency still needs improvement

While the bill does clarify what it means by data sharing, it is still fairly vague on safeguards and transparency on how proposals to share data fits in in with the government’s policy that citizens control their own data.

However, it does state that data sharing arrangements “cannot be established for purposes which are to the detriment of the individual or household”.

What exactly it means by this is difficult to gage, and will likely do little to alleviate fears among the public. As previously pointed out, one of the reasons why it’s so important to be clear on data sharing arrangements is that the government has a long way to go in building public trust- as seen by the debacle.

One of the programme’s criticisms was that the sharing arrangements were not explained in a way the public would understand. Very few may expect a code of practice to be written in “plain language”, but with the bill being so vague, it’s difficult to see how the public will be reassured by this statement.

The code of practice should however be commended, because it includes a checklist on why, what and how to share- presumably useful to organisations not sure on how to proceed.

So does the code do enough to clarify? It most definitely provides a significant amount of detail that was missing from the bill itself, which is a positive step in the right direction.

However, should the government want to make changes such as tightening or extending its data sharing regime, it won’t require changes to the bill itself- simply changing the definitions in the code. Now, what would that do to transparency and public trust…