7
principles of the GDPR, the DPA 2018 and all other applicable
legislation. The Information Commissioner may identify that
information she holds, which may include personal data, should be
shared with the Surveillance Camera Commissioner, as it would
assist him in performing his functions and responsibilities.
23. Section 132(1) of the DPA 2018 states that the Information
Commissioner can only share confidential information with others if
there is lawful authority to do so. In this context, the information
will be considered confidential if has been obtained, or provided to,
the Information Commissioner in the course of, or the purposes of,
discharging her functions, relates to an identifiable individual or
business, and is not otherwise available to the public from other
sources. This therefore includes, but is not limited to, personal
data. Section 132(2) of the DPA 2018 sets out the circumstances in
which the Information Commissioner will have the lawful authority
to share that personal data with the Surveillance Camera
Commissioner. In particular, it will be lawful in circumstances
where:
• The sharing was necessary for the purpose of the Information
Commissioner discharging her functions (section 132(2)(c));
• The sharing was made for the purposes of criminal or civil
proceedings, however arising (section 132(2)(e)); or
• The sharing was necessary in the public interest, taking into
account the rights, freedoms and legitimate interests of any
person (section 132(2)(f)).
24. The Information Commissioner will therefore be permitted to share
information with the Surveillance Camera Commissioner in
circumstances where it has been determined that it is reasonably
necessary to do so in furtherance of one of those grounds outlined
at paragraph 23. In doing so, the Information Commissioner will
identify the function of the Surveillance Camera Commissioner with
which that information may assist, and assess whether that function
could reasonably be achieved without access to the particular
information in question. In particular, where the information
proposed for sharing with the Surveillance Camera Commissioner
amounts to personal data the Information Commissioner will