A proposed Bill is seeking to allow the use of a person’s sensitive personal data without obtaining their permission. The draft Health Information and Patient Safety Bill includes a section which permits an organisation to collect and use people’s personal health data without obtaining their consent provided that permission has been granted by The Office of the Data Protection Commissioner.
Section 2 of the Data Protection Acts, 1988 and 2003 refers to the processing of personal data with s.2(b) referring to the processing of sensitive personal data. Sensitive personal data is described as personal data as to—
(a) the racial or ethnic origin, the political opinions or the religious or philosophical beliefs of the data subject,
(b) whether the data subject is a member of a trade union,
(c) the physical or mental health or condition or sexual life of the data subject,
(d) the commission or alleged commission of any offence by the data subject, or
(e) any proceedings for an offence committed or alleged to have been committed by the data subject, the disposal of such proceedings or the sentence of any court in such proceedings;]
Section 33 of the new Bill states:
(1) A person proposing to carry out health research may include in their application a request for a decision from the Commissioner permitting the collection and use, by
the person, of personal data that relate to one or more individuals without the consent of those individuals.
(6) Where the Commissioner receives an application, the Commission shall
publish a notice on his or her website-
(a) advising that the application has been made,
(b) giving a brief description of the research proposal, and
(c) advising that any person may make, until a date specified, representations
concerning the request for an exemption.
The applicant will have to demonstrate sufficiently that their research is of sufficient importance that the public interest in it outweighs to a substantial degree the public interest in protecting the confidentiality of the personal data concerned. Furthermore, the applicant will have to guarantee that the personal data will not be used in any way that causes damage or distress to the individuals involved.
The Bill also states that a fee will be payable to the Office of the Data Protection Commissioner where the researcher seeks this exemption and that this exemption will be reviewed annually.
The Bill also provides for leave to appeal a decision by the Commissioner to the Circuit Court by the researcher concerned and/or any individual whose personal data has been affected by the decision.
A full copy of the Bill can be found here.
