Question to the HM Treasury:

To ask His Majesty's Government why His Majesty's Revenue and Customs has not published the business case and data protection impact assessments relating to projects 341 and 476 under the debt and fraud information sharing provisions of the Digital Economy Act 2017.

HMRC has met the Digital Economy Act (2017) Statutory Code of Practice transparency requirement by recording information on data sharing between the two departments (Home Office and HMRC) on the Register of Information sharing agreements under Part 5 of the Digital Economy Act 2017.

HMRC’s Privacy Notice makes clear that it collects information from other Government Departments to fulfil its functions, which include administration of the Child Benefit system.

Publication of the Business Case and Data Protection Impact Assessment (DPIA) for the data sharing are not requirements under the statutory code of practice. HMRC’s general policy is not to publish Business Cases or DPIAs because details they contain may jeopardise the outcomes sought when tackling fraud.