Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES

Respondents  26 Written responses received from:  Private Citizens  State Agencies  Government Departments  Members of the Oireachtas  Rights Groups  Research Bodies  Solicitors  Industry Representative Bodies

Proposed Definition of Data-Sharing  1. The receiving body determining a need for data from the sending body to support or improve its business processes, perform a statutory function, or to provide evidence to support policy evaluation and development  2. The receiving body identifying an existing legal basis for the data- sharing, or creating a new one  3. The sending body agreeing to provide the data  4. Technical and legal details being agreed in writing – data protection restrictions, transmission channel, format, contents, security etc.  5. Generally, the receiving body will need to match the shared data with data it currently holds

Do you agree with the proposed definition of data-sharing?

If you do not agree, how do you believe the definition could be improved? - “Two or more” parties - Open Data concepts – e.g. “Open by design” - Governance led approach - Establish an interoperability community

What do you believe are the priority areas for data- sharing to contribute to improved public services?  Removal of Duplication  Evidence based evaluation of programmes  Better Governance Culture  Training of public service staff  Setting of information standards  Better access to services and information  Better use of spatial information, health information and educational information

Do you agree that more effective data-sharing can help drive public service reform?

Examples of suggested drivers for public sector reform  Sharing of education data to assess outcomes  Streamlining the provision of services to the public  Streamlining identification of individuals across service providers  Improved transparency to reduce need for FOI requests  Improved Data Governance strategies at Management Level  Reduce costs and increase revenues by removing Duplication and reducing fraud and error

Do you share the assessment that a new legislative framework for data- sharing is required?

What type of legislative reform is necessary?  Clarification of data retention issues  Wider access to anonymised records  Resolve Data-Sharing disputes between Public Service Bodies  Measures to create Accountability  Governance centred reform, with sharing based on existing law  Sanctions for poor Data Governance and Breaches  Establish requirement for Data Sharing Officers and Privacy Impact Assessment

what do you see as the main obstacles to data-sharing?  OBSTACLES  Institutional reluctance  Lack of resources (Financial, staff, technological)  Lack of institutional knowledge and training  Lack of enforced interoperability standards for data  Lack of accountability, Organisational asymmetry

Proposed solutions:  PROPOSED SOLUTIONS  Supervision and enforcement of sharing by central Departments/Agency  Link compliance to budget  Implement training and standardise data across different Bodies

Suggestions for public consideration, analysis and debate?  Consult with stakeholders in Public Sector, NGO Sector and Civil Society, Academia  Use of Public Forums to clarify the benefits of Public Service Data-Sharing  Circulate Heads of draft legislation  Use of online materials to provide information  Further Public Consultation

How far can the Bill go in providing the necessary powers to share data, while at the same time ensuring clarity around what exactly is permitted?  Set Protocols for sharing to create clarity  Purpose of sharing should be based in primary legislation  Data-sharing only for lawful and specified reasons  Engagement with a governing body beneficial  Address interoperability issues  Approval role for Data Protection Commissioner

Should both personal and sensitive personal data be covered by these provisions?

What other specific data-sharing arrangements should be considered?  Educational information  Public/Private exchanges (other than Personal Data)  Sharing of business data and crime data  Reform access to existing publicly available data sets  Infrastructure Data, Ordnance Survey, Transport, BER Ratings

Should "Trusted Third Parties" be Included in the Bill?

Should there be provisions relating to "anonymised" data?

Do you agree that “The problem [of data governance] is therefore primarily one of better implementation, rather than an absence of legislation.”?

Should the Data Protection Commissioner have a role in monitoring and reporting on compliance with these governance provisions?

In what circumstances should a Department be able to “opt out” of the transparency requirement for a particular data-sharing arrangement?  Never – transparency should be absolute  When connected to the investigation of Crime or National Security  When necessary to protect sensitive data  When approved by a Data Governance Supervisor  “Commercial Confidentiality” should not be allowed as a ground for excluding reporting and transparency  When approved by the Data Protection Commissioner

Should new governance and transparency arrangements apply to all existing data-sharing arrangements, not just new ones?

Is the base register concept a useful one?

What other base registers could usefully be defined?  Registers chould be approved by Data Governance Supervisor  Educational Qualifications and Awards  Eircodes  Legal Judgments  Vehicle Registration  Geospatial information, Addresses and Eircodes  Health Identifiers  Identification Management  National Infrastructure

Next steps  Publication of consultation responses on Department of Public Expenditure and Reform Website  Preparation of General Scheme  Drafting of Data-Sharing and Governance Bill  Further engagement with stakeholders and public