March 26th, 2010 by Anya Proops
The question of the extent to which those working within the national health service should have access to patient data is a difficult one to resolve. On the one hand, permitting widespread access can potentially enable health service provides to provide more efficient, ‘joined up’ health-care to patients. On the other hand, there will always be concerns that too much access increases the risk that patient data, which is obviously sensitive personal data for the purposes of s. 2 of the Data Protection Act 1998, will be misused and/or inadvertently disclosed to third parties. We have seen this debate unfolding not least in respect of the Spine database project which is aimed at achieving a comprehensive centralised database of NHS patient records. The British Medical Association amongst others have alreeady expressed concern that the system is being rolled out too quickly (see further this article from the Guardian earlier this month). Today, reports are surfacing in the media that an NHS Trust in Wales is failing to ensure that proper restrictions are being placed on hospital staff accessing patient data (see further this BBC article which suggests hospital porters, IT staff and administrators have all been permitted access to patient data). This kind of story is only going to fuel concerns that the quest for efficiency in patient treatment requires too high a price to be paid in terms of compromising the privacy rights of patients.
March 26th, 2010 by Anya Proops
In an earlier post this month on the Al Rawi litigation, I reflected upon recent developments concerning the use of secret evidence in civil litigation. Yesterday, the House of Lords and House of Commons Joint Committee on Human Rights published its latest report on the human rights implications of UK counter-terrorism measures: Counter-Terrorism Policy and Human Rights (Seventeenth Report): Bringing Human Rights Back In. In its report, the JCHR expressed serious concerns about the growth in the use of secret evidence procedures within the judicial system and the Government’s apparent failure to apply the restrictive principles outlined in the Article 6 cases of A v UK  49 EHRR and Secretary of State v AF  UKHL 28. The following paragraphs of the report are particularly worthy of note:
62. The Government’s response to the A and AF judgments suggest that it considers itself free to press on with the use of secret evidence and special advocates in the other contexts in which they are used, without pausing to take stock of the wider implications of these significant rulings. Although the Government says that it is considering whether changes to the Parole Board’s procedures are needed, we have not seen any evidence to suggest that the Government has in fact considered the implications of the judgment of the European Court of Human Rights in A v UK for all the other contexts in which special advocates and secret evidence are used. We recommend that the Government urgently conduct a comprehensive review of the use of secret evidence and special advocates, in all contexts in which they are used, in light of the judgments of the European Court of Human Rights and the House of Lords, to ascertain how often they are used and whether their use is compatible with the minimum requirements of the right to a fair hearing as interpreted in those judgments, and to report to Parliament on the outcome of that review.
64. We are not satisfied that the Minister’s answer meets the special advocates’ concerns about the difficulty of distilling the relevant principles from closed judgments, or about the necessary accessibility of the law. We recommend that the Government include arrangements for law reporting in the review of the use of secret evidence that we have recommended above.
March 24th, 2010 by Anya Proops
The European Data Protection Supervisor last week adopted a new opinion examining the question of how effectively to safeguard data protection and privacy rights in the fast-moving world of information technology. The central thrust of the opinion is that new information technologies themselves need to be developed in a way which protects personal data and privacy, rather than simply being subject to possibly ineffective control policies once they have been developed. This so called ‘privacy by design’ approach to developing new technologies is intended to build public trust in the information society.
March 19th, 2010 by Anya Proops
The question of whether and to what extent local authorities can or should share information about individuals thought to pose a risk to children is often a very difficult one to answer in practice. Failure to disclose the information may expose the authority to claims that it has not acted in accordance with its duties to safeguard children’s interests. On the other hand, sharing the information may expose the authority to claims that it has acted in excess of its powers and has otherwise breached the individual’s right to privacy under Article 8 ECHR. In the recent case of H & L v X City Council and Y City Council  EWHC 466 (Admin), the Administrative Court considered this question in a case involving the disclosure of information by a local authority about a severely disabled man (H) who been convicted of indecent assault on a child. In this case, the council had made a variety of disclosures to organisations with which H was involved. It had also adopted a policy of considering on a case by case basis whether it should make disclosure of information relating to H to organisations with which he became involved in the future. In addition, the local authority had a policy of disclosing information to H’s personal care assistants, purportedly to protect any children those carers may bring into contact with H.
In a judgment which recognised the very strong imperative in favour of protecting children’s interests, Judge Langan QC held that the policies of disclosure to organisations with which H was involved constituted a proportionate interference with H’s Article 8 right to privacy and was otherwise lawful. In reaching this conclusion, the judge took into account the fact that the disclosures were fairly guarded in nature; were not made in lurid terms and did not go beyond what was required for the purpose of making a measured communication. The judge similarly held that the policy of notifying other organisations with which H came into contact in future on a case-by-case basis was a reasonable, proportionate and otherwise lawful policy. However, the judge took issue with the authority’s policy of notifying H’s care assistants. He held that this was a disproportionate measure, particularly in view of the facts that: two of the three long-term carers had no children; there was a ‘no children at work’ provision in the relevant employment contracts and, further, the terms of the disclosures would raise suspicions in the minds of the carers which was more grave than H’s past conduct justified. In reaching his conclusions on the various policies adopted by the council, the judge plainly had in mind the recent important Supreme Court judgment in R(L) v Commissioner of Police of the Metropolis  3 WLR 1056, where the Supreme Court held that it was no longer right to assume that priority must be given to the need to protect the vulnerable over the right to respect for the private life of the individual. What this case perfectly illustrates is the highly fact-sensitive approach which needs to be adopted in any case where the local authority is contemplating sharing information for child protection purposes. Tim Pitt-Payne appeared on behalf of the local authority
March 18th, 2010 by Anya Proops
It would seem that the approach to be taken to the retention of DNA on the Police National Database is going to be a hot election issue. The Government has for some time been seeking to introduce onto the statute books new legislation which would enable the DNA of persons who have not been convicted of any offence to be stored for up to six years (see my November 2009 post on this issue). However, a report in yesterday’s Guardian suggests that the Government may scrap the 6 year retention provision in order to get the remainder of the Crime and Security Bill passed into law before the election. Meanwhile, the Conservatives have proposed that the period of retention of DNA relating to unconvicted persons should be three years. The Government has attacked these proposals on the basis that they amount to a criminals charter. Of course, even if particular party political proposals with respect to the DNA database are effective in attracting the popular vote, that is not to say that they would find favour before the Strasbourg Court on a challenge brought under Article 8 ECHR (see further on this issue the Marper judgment discussed in my May 2009 post).