4 Considerations by the Panel
The Panel took some initial time to discuss and become familiar with the issues that were impacting on information sharing in relation to Parts 4 and 5 of the 2014 Act. It also went on to consider the wider landscape that impacts on information sharing.
This understanding developed throughout the Panel’s work.
In their meetings, the Panel discussed the term ‘consent’, how this is understood and, in particular, when it used to support information sharing. It also considered the Supreme Court’s judgment in detail. The detailed considerations of the Legal Focus Group informed these discussions. The uncertainty around data protection law until the end of May 2018 and the change in the law from then complicated these discussions.
The importance of freely given consent was emphasised and there was discussion around the clarity provided through recital 43 of EU GDPR, which states that:
“In order to ensure that consent is freely given, consent should not provide a valid legal ground for the processing of personal data in a specific case where there is a clear imbalance between the data subject and the controller, in particular where the controller is a public authority and it is therefore unlikely that consent was freely given in all the circumstances of that specific situation”.
The term ‘consent’ and how it is understood has a specific meaning in data protection law. Consent is one of the many legal bases for processing that may be relied on to allow processing of data.
The Legal Focus Group highlighted that this is not the same as requiring consent for the purposes of reducing the risk of breaching an individual’s human rights under ECHR Article 8 or their right to confidentiality under common law where that right exists.
It was the view of the Panel that even if sharing of information is not conditional on the consent of a child or its parent, that does not prevent a child having the right to say what they think about that happening, nor does it prevent their views being taken into account.
The Panel was also positive about making it clear that there is no obligation to accept the offer of advice or support from a Named Person. This included discussion about how rights and legal aspects of information sharing could be communicated clearly to children, young people and families.
The Panel observed that information sharing in relation to what may impact on a child’s wellbeing is safeguarded and governed by a complex framework of European, UK and Scots law, standards, policies and guidance. However, the Panel had confidence that this is made accessible and workable for practitioners and the public through a wide range of general and targeted systems, policies, procedures, protocols, codes of practice, guidance and communication materials.
Its view was that this framework generally works for the public, third sector and private services and has been supporting the delivery of services that support children and families for decades. The application of the system is well understood in the large number of different contexts in which it is applied and has proven to be resilient and responsive to changes in legislation, public attitudes, technology and practice.
The Panel recognised that although certain key law is commonly discussed in relation to information sharing i.e. human rights, data protection and the law in relation to confidentiality, there are many other areas of law that also govern information sharing e.g. law in relation to child welfare, health and law and order. The information sharing provisions in Parts 4 and 5 of the 2014 Act would add to this framework of law.
The Panel acknowledged that these laws may interact with each other.
Often underpinning this structural framework is human consideration where professional judgement will consider, amongst other things, necessity, proportionality, risks, the will of the individual, ethical issues, best interest of the individual and expediency.
Panel members and its Legal Focus Group explored the opportunity to learn from legislation, codes of practice, codes of conduct and guidance that explained how information sharing operated in other contexts. These provided advice and guidance for organisations and certain individuals on information sharing. However, they did not find a directly comparable context that set out how information sharing must be applied within the wide framework of law as is required of this Code.
The Panel and its Legal Focus Group developed several iterations of an evolving draft Code, scrutinising and evaluating these against their remit.
As the thinking of the Legal Focus Group developed, it came to the conclusion late in October 2018 that for the proposed Code to be effective in providing the safeguards looked for in the Supreme Court ruling, these safeguards would need to be placed directly into the draft Code.
In other words, the draft Code would need to be detailed in terms of how data protection law, human rights law, the law in relation to confidentiality and other areas of law interacted with the information sharing provisions in Parts 4 and 5 of the 2014 Act.
The Legal focus group shared its thinking with the Panel which came to the view that this level of detail would result in a Code being produced that would be viewed as complicated and difficult to apply in practice. This would be contrary to a desire for the developing draft Code to be simpler, more concise and accessible and, as a result, the information sharing landscape could become more complex and confusing for practitioners.
The Panel’s view was that the likely unintended consequence would be to stifle the consideration and process of sharing relevant, necessary and proportionate information sharing, which, in turn, would lead to reduced opportunities to offer support to children and families.
The Panel shared its emerging thinking with the Deputy First Minister in December 2018:
- The General Data Protection Regulation and the new Data Protection Act 2018 provide new and more explicit safeguards to support proportionate sharing of necessary information. Once clarified through forthcoming guidance (and potential case law) these would assist information sharing practice;
- Refreshed Getting It Right For Every Child ( “GIRFEC”) Policy and practice guidance could be an opportunity to explain how information sharing practice could generally be delivered and sign post to guidance on more complex situations;
- Any Code that could be produced under the Bill would be detailed and viewed as complex in explaining how different parts of law interact and difficult for practitioners and the public to understand. This would result in a non-user friendly Code, which could inhibit good professional practice; and
- That these points together challenge the necessity for and achievability to provide a draft Code that meets the Panel’s remit.
4.1 Changes in the Legal landscape
Since the introduction of the Bill, and the Committee’s initial considerations at Stage 1 of the Parliamentary Bills process, the legal landscape in relation to data protection law has changed. GDPR has now come into force. The ICO has also finalised its guidance on the interpretation of GDPR. In addition, European guidance has now been published. These finalised documents have provided greater clarity on the interpretation of new data protection legislative changes. The Data Protection Act 2018 (“DPA 2018”) is also now in force and GDPR needs to be read alongside that Act.
When the Data Protection Bill (which later became the DPA 2018) was debated by the UK Parliament, the issues around information sharing and safeguarding concerns (including wellbeing) were highlighted. In particular, the importance of putting in place common safeguards to spot important patterns of behaviour was specifically noted. It was also noted that there is still uncertainty about what personal data can be processed for safeguarding purposes. As a result, amendments were introduced, which made specific provision around the safeguarding of children and of individuals at risk.
The UK Government has produced cross-agency and cross-governmental guidance called “Working Together to Safeguard Children”, which places the responsibility of safeguarding children on all relevant professionals who come into contact with children and families.
In addition, the UK Government recently issued updated guidance entitled “Information Sharing: Advice for practitioners providing safeguarding services to children, young people, parents and carers”.
ICO Data Sharing Code
The ICO is required by the DPA 2018 to prepare a “Data-sharing code”. This is to be a code of practice which will provide guidance on how the DPA 2018 (including UK provisions for GDPR) should be applied. This document, together with further advice, once published, should help clarify expectations around information sharing practice.
There is a problem
Thanks for your feedback