The re-use of public sector information


The re-use of Public Sector information has to be built on a balanced approach where the public interests of such use have to be properly weighted against other important rights especially privacy. A recent bill was tabled in Maltese Parliament entitled ‘An Act to amend the Re-Use of Public Sector Information’ – how does this it measure up?

Public sector bodies produce documents constituting a vast, diverse and valuable pool of resources which can benefit the knowledge economy1. An open data approach therefore encourages the wide availability and re-use of public sector information for private or commercial purposes, with minimal or no legal, technical or financial constraints. To have a level playing field within the EU in terms of whether or not the re-use of documents is authorised, Directive 2003/98/EC established a minimum set of rules governing the re-use of existing documents held by these public sector bodies together with means of facilitating their re-use. Since the Directive’s introduction, public data increased exponentially leading to the promulgation of Directive 201/37/EU, which, whilst respecting the fundamental rights and principles on the protection of personal data and the right to property, introduced rules to facilitate the re-use of public sector documents, where possible and appropriate, by making documents available through open and machine-readable formats and together with their metadata, at the best level of precision and granularity, in a format that ensures interoperability.

Malta implemented the abovementioned Directives by means of the Re-Use of Public Sector Information Act, 2015 (Cap 546 of the Laws of Malta). On the 7 October 2019, however, a Bill was presented in Parliament with the object of extending its application to facilitate the information sharing for public administration purposes in line with any law. This Bill also proposes to widen the definition of re-use of documents to include the use of such documents by a public sector body, apart from a person or legal entity, of a document which is held by a public sector body or another public sector body, as the case may be.

The Bill introduces a new procedure to be applied where a request for re-use of public sector information has been made to a public sector body and this has been refused, is not dealt with in accordance with the requirements of the Act, or that public sector body is not acting in compliance with the requirements of the Act. The Bill also introduces a new appeal procedure in terms of which the decision or enforcement of the regulatory authority may be appealed before the Data Protection Appeals Tribunal established in terms of the Data Protection Act (Cap 586 of the Laws of Malta). Therefore, this Bill is set to extend the current functions and powers of this Tribunal to determine appeals on the re-use of public sector information apart from its current function to determine appeals on decisions /orders made by the Information and Data Protection Commissioner. Similar to the Data Protection Act, decisions of the Tribunal shall be subject to appeal to the Court of Appeal. It is worth noting that no regulatory authority responsible for the monitoring of the implementation of the provisions of the Act has been established and therefore regulatory authority being mentioned in the Bill is yet to be made known.

MITLA believes that public sector information re-usability can create a positive open data environment but the Maltese Government needs to ensure that it creates a balanced framework based on fair information principles:

  • Political Accountability: this must be fostered in the Maltese Government’s data disclosure policies by ensuring that the ultimate goal of the exercise is to provide an instrument for extending the right to knowledge which is a basic principle of democracy.
  • Public Sector Efficiency & Service Delivery: Any exercise undertaken must save resources and improve public services.
  • Privacy Interests: Despite the foregoing arguments the fundamental rights too privacy and data protection need to be protected as an imperative. Specifically, one must keep in mind the following considerations:

    • Chilling Effects: People interacting with governmental institutions must not fear that their information will be shared without their consent.
    • Personal control over Personal Information: As a general principle, citizens must maintain control and agency over their data. The lack of such control (or perception of control) may lead to subjective or objective privacy harm. Since this Bill does not envisage re-obtaining citizen consent, the usage or data emanates from the original consent obtained which needs to be well-formed, unless it derives from a legal obligation or exclusion.
    • Social Sorting and Discrimination: Data should not be used by Government as an input for social sorting or discriminatory procedures.
    • Collection Limitation Principle:MITLA believes that Government should limit the amount of data it collects as this reduces concerns around unnecessary surveillance. Within such collection, data quality must be maintained within the purpose and use specified.

MITLA encourages that the implementation and adoption of such rules should be regularly monitored in order to ensure that the overarching aims of such legislation are fulfilled effectively with full respect of other information and data rights which may be impacted by such measures.

1Directive 2013/37/EU amending Directive 2003/98/EC on the re-use of public sector information, Rec. 1

Article provided by: Dr. Sarah Cannataci and Dr. Gege Gatt (MITLA, Malta)




Discover more about INPLP, the INPLP-Members and the GDPR-FINE database

Dr. Tobias Höllwarth (Managing Director INPLP)

What is the INPLP?

INPLP is a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters. INPLP provides targeted and concise guidance, multi-jurisdictional views and practical information to address the ever-increasing and intensifying field of data protection challenges. INPLP fulfils its mission by sharing know-how, conducting joint research into data processing practices and engaging proactively in international cooperation in both the private and public sectors.