Plans to share pregnant women’s alcohol intake ‘could breach GDPR’
BPAS says move would be in contravention of GDPR and the Data Protection Act 2018
The National Institute for Clinical Excellence (NICE) is under fire over plans that would see a woman’s alcohol consumption during pregnancy automatically recorded on their child’s medical records.
According to reproductive charity the British Pregnancy Advisory Service (BPAS), which is spearheading the campaign against the proposal, such a move would be in contravention of GDPR and the Data Protection Act 2018, as any data collected would be shared with a third party without consent.
General Data Protection Regulation (GDPR) What is the Data Protection Act 2018? UK government faces legal action over NHS Test and Trace risk assessments
“There is no compelling evidence of harm at lower levels of consumption, but NICE wants any alcohol reported by a pregnant woman automatically transferred to her child’s record as part of new Quality Standards on Fetal Alcohol Spectrum Disorder,” said BPAS.
“Proposals likely to fall foul of GDPR and the Data Protection Act 2018, which require a legal basis to collect and transfer private information in this way and [General Medical Council] guidance on confidentiality – last year a woman lost her case against the NHS over their failure to disclose her father’s Huntington’s diagnosis to her, which he had not consented to sharing,” it added.
In response, a NICE spokesperson said: “The draft quality standard on fetal alcohol spectrum disorder is based on guidance published in Scotland last year and in use elsewhere in the world, and takes into account the recommendations made by the Chief Medical Officer on alcohol use during pregnancy.
“The feedback we receive from external organisations and members of the public during this consultation period will help us better understand what works, and what doesn’t, for practice in England. Stakeholders who wish to participate in the consultation are able to do so until 18 September 2020.”
Speaking to IT Pro, however, multiple lawyers and advocacy groups have agreed with BPAS’ stance.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Phil Booth of campaign group medConfidential said: “Automatically recording on the permanent record of a child whether a mother-to-be has had any alcohol at all not only tramples on medical confidentiality - it risks eroding the trusted relationship with health and care professionals at one of the points it is most vital. The consequences for both child and parent could be far-reaching; not only the effects of FASD, but the wider incentive to mislead your doctor due to a ‘mutant algorithm’ which marks your child irrespective of risk.
“The permanent record of a child is used to inform decisions by all sorts of authorities about parents and families - it must be clinically sound, not embed the prejudices of Boris Johnson as super-nanny.”
Annabel Kaye, GDPR specialist at KoffeeKlatch, put the situation in even more stark terms saying: “Women are not just vessels for children and our data privacy rights are not changed by motherhood. Consent should be sought."
There is, however, an argument that such actions are permissible under GDPR without consent, as the regulation gives exceptions for when such measures are necessary for health and social care under Section 11 of Schedule 1.
“If it could be argued that the proposed requirement to record a mother's alcohol consumption (and record it on a child's medical records) is "necessary" for "preventive medicine", then NICE could argue for its legality under data protection laws,” said Jon Baines, data protection advisor at law firm Mishcon de Reya.
“However – a lot turns on that word ‘necessary’ – it means among other things, ‘proportionate’, and that there should be a pressing social need,” Baines added.
Frank Jennings, a partner at law firm Wallace, agreed, saying it’s “a high bar for NICE to meet with these proposals and we should expect them to publish their Personal Data Impact Assessment containing their justification for doing this”.
Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.
Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.