Dr Dennis Jennings

The Data Sharing and Governance Bill, as published, seems to me to lack a couple of key elements:

The first is a clear, unambiguous statement of what is meant by Data Sharing, and how it will in practice be implemented. The current statement in Section 8.1 In this Act, “data-sharing” means the disclosure of information, including personal data, by a public body to another public body” (Data Sharing and Governance Bill 2018) seems vague and ambiguous to me. Does it mean the copying and distribution of files of data (as I understand is widely the case now), with all the attendant problems of lack of control, security, authority, authenticity, etc. that such an approach implies? Does it mean the construction of a single distributed database across the public sector? Does it mean access, in a controlled, authorised, and authenticated manner, to a set of secured central databases?  Does it mean that databases will be used to answer pertinent questions (of the type – is this person eligible for a particular benefit) rather than actually revealing and distributing personal data?  Perhaps it means a collection of approaches, and, if so, that would have significant implications for the privacy and security of an individual’s personal data.

The second missing key element is a section providing the Statement of Principles that guide and underlie the Bill.  The lack of such a set of statement results in the need to read the document carefully and to try to divine from the text what the principles are and how they are applied.  There are a number of principles that I would like to see explicitly stated. Principles relating to: Ownership of Personal data; Identity & Opt-In: The Unique Authenticated Personal Identifier; Legal and Consent Basis; On-line Authentication and Access; Data Access not Data Sharing; Security – Data Requests & Data Responses; Access Logging by Requestor, Responder, and Centrally; Secure on-line Portal for Individuals; Open Standards & Scalable Architecture; No Exemptions for PPP and Semi-State Actors, Security Services and Law Enforcement; Electronic Signatures for Contracts; Identity Use by Other Organisations.

 

I look forward to discussing these thoughts further at the Public Affairs Ireland Seminar on the recently published Data Sharing and Governance Bill that will take place on Thursday, 29 November, 2018. For more information on this event, click here

  

Dr Dennis Jennings   

Internet Pioneer, Internet Hall of Fame 2014

Company Director / Mentor & Coach / Angel Investor

Chairman and/or non-executive director of a small number of Irish technology-based companies that address international markets. Member of the Open Data Governance Board of the Department of Public Expenditure & Reform. Chairman of the Board of Governors of the Royal Irish Academy of Music. Served (2007-10) on the Board of Directors of the Internet Corporation for Assigned Names and Numbers (ICANN, ICANN.org), which is responsible for the coordination of the technical identifiers of the global Internet.

To read more of Dennis Jennings articles on The Data Sharing and Governance Bill, you can do so by clicking here