Does one need explicit consent to share personal data?

read titleRead full title
Published on LexisPSL on 14/09/2016

The following Information Law Q&A provides comprehensive and up to date legal information covering:

  • Does one need explicit consent to share personal data?
  • What is ‘data sharing’
  • Consent and the other conditions for lawful processing
  • Fair processing

In answering this Q&A, we have assumed that all parties and data subjects are exclusively based in the UK, no overseas laws or regulation applies, that there will be no transfer of personal data outside the European Economic Area, that the personal data includes no ‘sensitive personal data’ and that the customers and other data subjects are adults with full legal capacity. For the purposes of our response, we have focussed on the position of a private sector data controller under the current Data Protection Act 1998 (DPA 1998) (we have not considered the superseding General Data Protection Regulation, which comes into force in 2018, nor have we considered the use of data for marketing purposes or sharing of confidential or proprietary data). For information on what ‘sensitive personal data’ is, see Q&A: What is sensitive personal data for the purposes of the Data Protection Act 1998?

What is ‘data sharing’

In its Data sharing code of practice, the Information Commissioner explains how the DPA 1998 applies to the sharing of personal data. In this context, the term ‘data sharing’ refers to the disclosure of data from one or more organisations to a third party organisation or organisations, or the sharing of data between different parts of an organisation. Data sharing can take the form of:

  1. a reciprocal exchange of data

  2. one or more organisations providing

Related documents:

Popular documents