Human Rights Act
The Human Rights Act 1998 allows an individual to assert the rights of the ECHR (European Convention on Human Rights) against public bodies in UK courts and tribunals. Article 8 ECHR provides:
- for the right to respect for private life, family life, one’s home and correspondence, and
- that there shall be no interference by a public authority with the exercise of this right, except if it is in accordance with the law, for a legitimate social purpose, or for the protection of the rights and freedoms of others
Personal data (particularly medical data) is therefore protected by Article 8 of the ECHR as part of an individual’s right to respect for a private life. The Human Rights Act is intended to prevent any communication or disclosure of personal data as may be inconsistent with the provisions of Article 8 ECHR.
In order to justify an infringement of Article 8 ECHR, and therefore any infringement of privacy under the Human Rights Act, a public authority must be able to show that any interference is:
- in accordance with the law or for a legitimate aim, and
- necessary in a democratic society (this would require a court judgement as to whether the sharing of data was necessary, whether there were sufficient safeguards in place, and whether the aims were legitimate and sufficiently defined), and
This should have been taken into account by the data holding organisation prior to release of any sensitive or personal data.
Further readingHuman Rights Act 1998 - Act in full (PDF) (218Kb)