The Global Privacy Assembly (GPA) has published guiding principles on data sharing, outlining 16 principles aimed at assisting organisations across various jurisdictions on how to share personal data safely for the public good.
The principles aim to give businesses, organisations and individuals the confidence to share data in a safe, fair and transparent manner for the public good. As the need for data sharing becomes increasingly relevant, the GPA decides now is the right time to make the document available for the wider public and directly help organisations meet their ethical responsibilities and build the public trust by upholding high privacy standards.
The 16 guiding principles outlined in the document include purpose of sharing, fairness and transparency, data protection impact assessment, sensitive data, privacy by design and default, and rights of individuals. The document also includes additional resources issued by the GPA that provide data sharing best practices and lessons learned since the COVID-19 pandemic.
Publishing these guiding principles now will better enable the GPA to promote the benefits that come with efficient and responsible sharing of personal data by public and private sector organisations, both in terms of improving choice or outcomes for the public and in driving competition and innovation throughout all jurisdictions.
The guiding principles were developed by the GPA’s Working Group on Data Sharing for the Public Good (DSWG), which identifies practical solutions for data sharing where there is a public benefit. Led by GPA Member the UK Information Commissioner’s Office, with input from a range of GPA members from all global regions, the guiding principles on data sharing were finalised in mid-2024 and later included as part of the DSWG’s annual report in late 2024.
The GPA hopes that the guiding principles document will now reach a wide audience across multiple jurisdictions. However, whilst the principles are intended to be generally relevant to different Data Protection and Privacy legislative frameworks in different jurisdictions, organisations should consult the relevant Data Protection Authority and their websites or resources for more detailed information about sharing data within a specific jurisdiction.
Next steps
The GPA will continue discussing these principles and their practical application. It will also focus on identifying further practical and pragmatic approaches on how personal data can be shared and used to enable innovation while protecting individuals’ privacy rights.
The DSWG will also continue developing proactive responses on any emerging data protection and privacy issues associated with data sharing, especially on sensitive or ‘special category’ data such as health data.