• GL
Choose your location?
  • Global Global
  • Australia
  • France
  • Germany
  • Ireland
  • Italy
  • Poland
  • Qatar
  • Spain
  • UAE
  • UK

Data sharing across the public sector: the Digital Economy Act codes

31 March 2021
In this article, Sam Morrow and JP Buckley review the Digital Economy Act codes, what this means for public sector bodies and how to correctly set up a data sharing arrangement. Read more.

In December 2020 the Information Commissioner's Office (ICO) issued the final version of its Data Sharing Code of Practice, which is intended to give organisations confidence to share personal data in compliance with data protection law.  Please see the December 2020 issue of DWF Data Protection Insights, our data protection focused newsletter, for an overview of the Code. Of particular relevance to public sector bodies is the section Data sharing across the public sector: the Digital Economy Act codes.

The Digital Economy Act 2017 (DEA) introduced a framework for sharing personal data for defined purposes across specific parts of the public sector.  Although the DEA predates the GDPR, it was drafted to be compatible with it. When using the DEA framework, public sector bodies must comply with data protection law including the GDPR (as retained in UK law as the UK GDPR) and the Data Protection Act 2018, as well as other codes of practice issued by the ICO. The framework aims to:

  • ensure clarity and consistency in how the public sector shares personal data;
  • improve public services through the better use of data; and
  • ensure data privacy.

The DEA provides gateways that allow specified public authorities to share personal data for tightly-defined objectives and purposes. These powers are supplemented by statutory codes of practice (the DEA codes) which facilitate data sharing for different purposes, including the production of statistics, disclosure of information by civil registration officials and Revenue Authorities, and data sharing for research purposes. The DEA does not currently cover data sharing relating to the provision of health and social care.

The DEA codes contain guidance about what data you can share and for which purpose, and include safeguards to make sure that the privacy of citizens’ data is protected. Some of the codes require public authorities to put in place a data sharing or information sharing agreement, and specify what the agreement must cover.

Case Study

The ICO Data Sharing Code includes a case study about Companies House and HMRC using the data sharing powers under the DEA to share details of company accounts, including personal data about the company's directors, to prevent fraud by ensuring that companies file the same accounts with both bodies. While the DEA created a gateway which permitted this sharing, Companies House and the HMRC had to work together to:

  • design and agree a data specification;
  • complete a data protection impact assessment (DPIA) to ensure they considered proportionality and fair processing; and
  • agree and sign an information sharing agreement.

If you would like advice on how to set up a data sharing arrangement under the DEA, please contact JP Buckley, who can help you to conduct a DPIA, address any risks identified and draft an appropriate data sharing agreement.

Further Reading

We use cookies to give you the best user experience on our website. Please let us know if you accept our use of cookies.

Manage cookies

Your Privacy

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. We mainly use this information to ensure the site works as you expect it to, and to learn how we can improve the experience in the future. The information does not usually directly identify you, but it can give you a more personalised web experience.
Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change permissions. However, blocking some types of cookies may prevent certain site functionality from working as expected

Functional cookies


These cookies let you use the website and are required for the website to function as expected.

These cookies are required

Tracking cookies

Anonymous cookies that help us understand the performance of our website and how we can improve the website experience for our users. Some of these may be set by third parties we trust, such as Google Analytics.

They may also be used to personalise your experience on our website by remembering your preferences and settings.

Marketing cookies

These cookies are used to improve and personalise your experience with our brands. We may use these cookies to show adverts for our products, or measure the performance of our adverts.