THE DATA PROTECTION (PROCESSING OF SENSITIVE PERSONAL DATA) ORDER 2000
This order is made under paragraph 10 of Schedule 3 to the DPA and describes additional circumstances pursuant to which sensitive personal data may be processed. Ten situations are identified in the schedule to the order, the majority of which also contain the necessity test. Five of the circumstances also require that the processing be carried out ‘in the substantial public interest’.
As far as the substantial public interest test is concerned, this involves a test of proportionality, that is, the interference with the data subject’s rights must be proportionate judged by reference to the public interest served, which itself must be ‘substantial’. The fact that the processing might be beneficial to the public interest will not provide sufficient grounds for the processing.
The prevention or detection of unlawful acts
The first circumstance says:
|
1. – (1) The processing – (a) is in the substantial public interest; (b) is necessary for the purposes of the prevention or detection of any unlawful act; and (c) must necessarily be carried out without the explicit consent of the data subject being sought so as not to prejudice those purposes. (2) In this paragraph, ‘act’ includes a failure to act. |
This circumstance is not looking for criminal acts. Rather it is concerned with unlawful acts, which includes not only criminal acts but also civil wrongs including, potentially, contractual breaches and torts, such as negligence and nuisance. Thus, this circumstance is potentially very wide indeed.
In terms of privacy the real peril for data subjects lies in the fact that this circumstance is concerned with situations where their explicit consent will not be sought because of a risk of prejudice to the processing purpose, namely the prevention or detection of unlawful acts. The data subject’s privacy will be affected because the data subject has no information to enable them to exercise any control over the processing. For these reasons this potentially very wide circumstance is seriously restricted by the need for the data controller to overcome four distinct hurdles:
The data controller must satisfy the substantial public interest test.
The data controller must satisfy the necessity test.
The data controller must show that the processing must be necessarily carried out without consent.
The data controller must show that the seeking of consent would cause prejudice to the processing purpose.
These very strict tests erect very high barriers to a data controller’s reliance upon this circumstance and they point very clearly to the benefit of doubt always being exercised in the data subject’s favour. The likelihood of prejudice being caused to the processing purpose if the data subject’s consent were sought must be very real. In the case of R (on the application of Alan Lord) v. The Secretary of State for the Home Department116 the High Court confirmed that the likelihood of prejudice need not be more likely than not, but, conversely, a fanciful risk will not suffice.
Consequently, data controllers wishing to rely upon this circumstance must be clear in their thinking and reasoning. From a compliance perspective this encourages the data controller to record its thinking and reasoning, so that in the event of scrutiny by the data subject, the Information Commissioner, the Information Tribunal or the courts, the data controller’s motivations will be indisputable.
EXAMPLEA person brings a claim for damages for personal injury following a road traffic accident. The claimant says that their injuries prevent them from working and from participating in any sport. The defendant, while admitting that the accident was their fault, seriously disputes what the claimant says about their injuries, relying upon independent medical evidence that casts considerable doubt on the claimant’s claims. In order to protect themselves from an exaggerated claim, the defendant engages the services of a firm of private detectives who follow the claimant with a hidden video camera and record footage of their comings and goings. In this example the video footage will record the claimant’s sensitive personal data (information about their physical conditions). It is highly likely that the secret videoing will be justified on the grounds of preventing or detecting an unlawful act. |
Protecting the public and regulatory activity
The second circumstance says:
|
2. The processing – (a) is in the substantial public interest; (b) is necessary for the discharge of any function which is designed for protecting members of the public against – (i) dishonesty, malpractice, or other seriously improper conduct by, or the unfitness or incompetence of, any person, or (ii) mismanagement in the administration of, or failures in services provided by, any body or association; and (c) must necessarily be carried out without the explicit consent of the data subject being sought so as not to prejudice the discharge of that function. |
As with the first circumstance, the data controller has very significant hurdles to overcome before it can rely upon this exemption.
This circumstance can be relied upon by a data controller who is required to discharge a function designed to protect the public from the perils listed. Data controllers who rely on this exemption include regulators such as the FSA, the Office of Communications (Ofcom), the Office of Fair Trading, the Law Society and the General Medical Council.
Special purposes disclosures
The third circumstance says:
|
3. – (1) The disclosure of personal data – (a) is in the substantial public interest; (b) is in connection with – (i) the commission by any person of any unlawful act (whether alleged or established), (ii) dishonesty, malpractice, or other seriously improper conduct by, or the unfitness or incompetence of, any person (whether alleged or established), or (iii) mismanagement in the administration of, or failures in services provided by, any body or association (whether alleged or established); (c) is for the special purposes as defined in section 3 of the Act; and (d) is made with a view to the publication of those data by any person and the data controller reasonably believes that such publication would be in the public interest. (2) In this paragraph, ‘act’ includes a failure to act. |
This circumstance deals with only one aspect of processing, namely disclosures and it concerns only disclosures made for the special purposes, namely journalistic, literary and artistic purposes. The primary effect of this circumstance is to support the media in its reporting of wrongdoing, as part of the protections for freedom of expression.
Counselling, advice and support
The fourth circumstance says:
|
4. The processing – (a) is in the substantial public interest; (b) is necessary for the discharge of any function which is designed for the provision of confidential counselling, advice, support or any other service; and (c) is carried out without the explicit consent of the data subject because the processing – (i) is necessary in a case where consent cannot be given by the data subject, (ii) is necessary in a case where the data controller cannot reasonably be expected to obtain the explicit consent of the data subject, or (iii) must necessarily be carried out without the explicit consent of the data subject being sought so as not to prejudice the provision of that counselling, advice, support or other service. |
This circumstance is intended to facilitate counselling and similar services where it is necessary for a counsellor or advisor to learn of personal matters relating to people connected with the person undergoing counselling, for example during marriage guidance counselling where the counsellor speaks to the spouses separately or to only one of them.
Insurance company and pension schemes processing of medical data
The fifth circumstance says:
|
5. – (1) The processing – (a) is necessary for the purpose of – (i) carrying on insurance business, or (ii) making determinations in connection with eligibility for, and benefits payable under, an occupational pension scheme as defined in section 1 of the Pension Schemes Act 1993; (b) is of sensitive personal data consisting of information falling within section 2(e) of the Act relating to a data subject who is the parent, grandparent, great grandparent or sibling of – (i) in the case of paragraph (a)(i), the insured person, or (ii) in the case of paragraph (a)(ii), the member of the scheme; (c) is necessary in a case where the data controller cannot reasonably be expected to obtain the explicit consent of that data subject and the data controller is not aware of the data subject withholding his consent; and (d) does not support measures or decisions with respect to that data subject. |
The effect of this circumstance is that it allows insurance companies and pension schemes to process medical data of the insured’s or scheme member’s family, provided that the data are not used to support decisions or measures with respect to the family member concerned.
Insurance company and pension scheme established processing
The sixth circumstance says:
|
6. The processing – (a) is of sensitive personal data in relation to any particular data subjects that are subject to processing which was already under way immediately before the coming into force of this order; (b) is necessary for the purpose of – (i) carrying on insurance business, as defined in section 95 of the Insurance Companies Act 1982, falling within Classes I, III or IV of Schedule 1 to that Act; or (ii) establishing or administering an occupational pension scheme as defined in section 1 of the Pension Schemes Act 1993; and (c) either – (i) is necessary in a case where the data controller cannot reasonably be expected to obtain the explicit consent of the data subject and that data subject has not informed the data controller that he does not so consent, or (ii) must necessarily be carried out even without the explicit consent of the data subject so as not to prejudice those purposes. |
The sixth circumstance concerns sensitive personal data that was being processed by insurance companies and pension schemes prior to the coming into force of the Data Protection (Processing of Sensitive Personal Data) Order 2000117 on 1 March 2000. Unlike the fifth circumstance, this circumstance concerns any type of sensitive personal data, not just medical data relating to family members of the insured or pension scheme member. It is designed to ensure that insurance companies and pension schemes are not unduly hindered by the coming into effect of the DPA.
Equal opportunities processing
The seventh circumstance says:
|
7. –(1) Subject to the provisions of sub-paragraph (2), the processing – (a) is of sensitive personal data consisting of information falling within section 2(c) or (e) of the Act; (b) is necessary for the purpose of identifying or keeping under review the existence or absence of equality of opportunity or treatment between persons (i) holding different beliefs as described in section 2(c) of the Act, or (ii) of different states of physical or mental health or different physical or mental conditions as described in section 2(e) of the Act, with a view to enabling such equality to be promoted or maintained; (c) does not support measures or decisions with respect to any particular data subject otherwise than with the explicit consent of that data subject; and (d) does not cause, nor is likely to cause, substantial damage or substantial distress to the data subject or any other person. (2) Where any individual has given notice in writing to any data controller who is processing personal data under the provisions of sub-paragraph (1) requiring that data controller to cease processing personal data in respect of which that individual is the data subject at the end of such period as is reasonable in the circumstances, that data controller must have ceased processing those personal data at the end of that period. |
This circumstance effectively expands the ninth condition in Schedule 3 to the DPA, concerning equal opportunities monitoring. The expansion thereby allows data controllers to process sensitive personal data about data subjects’ religious or similar beliefs or their physical or mental health or condition. The key limitations on the use of this circumstance are:
The processing must be necessary for equal opportunities monitoring.
The processing cannot justify measures or decisions relating to the data subject. Explicit consent is needed for such measures or decisions.
The processing cannot be allowed to cause substantial damage or distress to the data subject or to other persons.
The processing must cease following a request from the data subject.
Political parties processing
The eighth circumstance says:
|
8. – (1) Subject to the provisions of sub-paragraph (2), the processing – (a) is of sensitive personal data consisting of information falling within section 2(b) of the Act; (b) is carried out by any person or organisation included in the register maintained pursuant to section 1 of the Registration of Political Parties Act 1998 in the course of his or its legitimate political activities; and (c) does not cause, nor is likely to cause, substantial damage or substantial distress to the data subject or any other person. (2) Where any individual has given notice in writing to any data controller who is processing personal data under the provisions of sub-paragraph (1) requiring that data controller to cease processing personal data in respect of which that individual is the data subject at the end of such period as is reasonable in the circumstances, that data controller must have ceased processing those personal data at the end of that period. |
This circumstance provides registered political parties with a limited right to process information about a person’s political opinions without consent, provided that neither substantial damage or distress is caused and provided that the processing stops following a request from the data subject.
Research
9. The processing –
(a) is in the substantial public interest;
(b) is necessary for research purposes (which expression shall have the same meaning as in section 33 of the Act);
(c) does not support measures or decisions with respect to any particular data subject otherwise than with the explicit consent of that data subject; and
(d) does not cause, nor is likely to cause, substantial damage or substantial distress to the data subject or any other person.
This is a very limited circumstance that allows processing for research, statistical and historical purposes without explicit consent, provided that neither substantial damage or distress are caused. The other safeguards are the requirement to satisfy the substantial public interest test and the necessity test.
Processing by police constables
The tenth circumstance says:
|
10. The processing is necessary for the exercise of any functions conferred on a constable by any rule of law. |
Again, this is another wide circumstance that allows police constables to process sensitive personal data without the data subject’s explicit consent if the processing is necessary.