Digital Government (Scottish Bodies) Regulations 2022: children's rights and wellbeing - screening sheet

The Digital Government (Scottish Bodies) Regulations 2022: Child Rights and Wellbeing Screening Sheet

1. Brief Summary

The Digital Government (Scottish Bodies) Regulations 2022 are made under sections 48(5) and 56(6) of the Digital Economy Act 2017^[1] ("the Act"). They add certain Scottish public authorities with devolved functions ("Scottish Bodies") to schedules 7 (debt) and 8 (fraud) of the Act so providing a new legal gateway for Scottish Bodies to use to enter into information sharing agreements with other listed bodies. The Scottish Bodies listed in the Regulations are in the Annex. The UK and Welsh Governments have already added UK, English and Welsh bodies to the schedules.

Part 5 of the Act introduces new information sharing powers to reduce debt owed to, or fraud against, the public sector. To be able to use the information sharing powers, public authorities (and bodies which provide services to public authorities) must be listed in schedule 7 of the Act for the debt powers and schedule 8 for the fraud powers. A listed public authority can only share data under these powers with other persons who are also listed in the relevant schedule. The Act regulates what data can be shared and for what purposes. The Act does not compel public authorities to share data. The information sharing powers in the Act are permissive. It is for the public authorities listed to decide to make use of the powers and to seek to enter into information sharing agreements with other listed bodies.

There are safeguards in place for the sharing of information under the powers. The Data Protection Act 2018 and UK General Data Protection Regulation apply to the processing of all personal data using the debt and fraud powers. The Digital Economy Act creates criminal offences for unauthorised disclosure of personal information received under the debt and fraud powers. Additionally, public authorities must always ensure that data sharing is compliant with the Human Rights Act 1998 and they must not act in a way that would be incompatible with rights under the European Convention on Human Rights.

Public authorities listed in schedules 7 or 8 of the Act must have regard to the Code of Practice^[2] for public authorities disclosing information under Chapters 1, 3 and 4 (Public Service Delivery, Debt and Fraud) of Part 5 of the Digital Economy Act 2017) (the Code). The Code provides details on how the debt and fraud information sharing powers should operate. It provides that in the first instance, all information sharing under the debt and fraud powers is run as a pilot. The impact of Scottish Bodies using the debt and fraud powers will not be apparent until proposals to pilot the use of the powers are in development.

The Code sets out the guidance on the process which bodies will need to follow to establish a new pilot. The purpose of such pilots is to allow for the benefit of the data share to be explored and to identify any potential impacts and ethical issues. Pilots will determine whether and how there is value in sharing personal information for the purposes of taking action in connection with debt owed to, or fraud against the public sector.

Public bodies wishing to establish a pilot submit a business case, information sharing agreement, data protection impact assessment and security plan to the secretariat of a review board. The UK Government has established a review board^[3] to oversee reserved and England-only data sharing under the fraud and debt powers. The board assesses and makes recommendations to UK Ministers on each pilot proposal. The Scottish Government will similarly establish its own structures for the oversight of data sharing arrangements for Scotland

The Code includes Fairness Principles which provide a set of best practice guidelines to help ensure a common approach to fairness is considered when sharing information under the debt power. The UK Government worked in partnership with non-fee paying debt advice providers to develop these Principles. Where a vulnerable customer is identified, the Fairness Principles provide that they should be given appropriate support and advice. This is particularly relevant in the wake of Covid-19 where individuals may be experiencing hardship.

The Code sets out that information about information sharing agreements should be published in a searchable electronic public register. The UK Government has established a register^[4] for reserved and England-only information sharing agreements. A similar register will be established for devolved information sharing agreements.

Failure to have regard to the Code may result in a public authority or organisation losing the ability to disclose, receive and use data under the powers in the Act.

There have been two public consultations seeking views on Scottish Bodies to be included in the schedules. Amongst those invited to respond to the consultations were Scottish public bodies, poverty groups and the Information Commissioner.

There was broad support for the proposals. No concerns were raised about the impact of the Regulations on children and young people. The consultations, answers from respondents who gave permission for them to be published and analysis of responses, can be found here:

Scottish public authorities sharing data: consultation

https://consult.gov.scot/digital-directorate/public-authorities-sharing-data/

Scottish public authorities sharing data: further consultation

https://consult.gov.scot/digital-directorate/public-authorities-sharing-data-2/

The National Performance Framework^[5] (NPF) measures and keeps track of how Scotland is performing against the Framework's National Outcomes which describe the kind of Scotland it aims to create. The NPF aims to reduce inequalities and give equal importance to economic, environmental and social progress.

The Regulations:

• Contribute to the Human Rights National Outcome – We respect, protect and fulfil human rights and live free from discrimination. Progress towards this includes assessing views on "Public services treat people with dignity and respect".
• Contribute to the International National Outcome - We are open, connected and make a positive contribution internationally". Progress towards this includes assessing views on "Trust in public organisations".
• Reflect the NPF values of openness, transparency and rule of law.

2. What aspects of the policy/measure will affect children and young people up to the age of 18?

Adding Scottish Bodies to schedule 7 (debt) and/or schedule 8 (fraud) will not adversely affect children and young people up to the age of 18.

The Regulations create a legal gateway. Scottish Bodies can use the gateway to enter into data sharing agreements which are subject to a number of safeguards as outlined in section 1.

3. What likely impact – direct or indirect – will the policy/measure have on children and young people?

Adding Scottish Bodies to schedule 7 (debt) and/or schedule 8 (fraud) will not adversely impact on children and young people.

4. Which groups of children and young people will be affected?

Adding Scottish Bodies to schedule 7 (debt) and/or schedule 8 (fraud) will not adversely affect groups of children and young people.

5. Is a Children's Rights and Wellbeing Impact Assessment required?

Taking into consideration the above, the Scottish Government considers there is not a requirement to complete a full CRWIA.

6. Sign & Date

Policy Lead: Alison Dewar, 2 February 2022

Deputy Director: Albert King, Chief Data Officer, 2 February 2022