From 31 August this year it was intended that every child in Scotland would have a nominated individual (the 'named person') entrusted with monitoring, promoting, supporting and safeguarding the well-being of the child. The named person would in almost all cases be a professional already well known to the child and family – whether a teacher, head-teacher, or health visitor, for example.
The Supreme Court ruled on 28 July 2016 https://www.supremecourt.uk/cases/docs/uksc-2015-0216-judgment.pdf that the information sharing provisions of this scheme impose lower thresholds for disclosure than those set out in the Data Protection Act 1998 (DPA) and interfere with children's and parents' rights to privacy and family life under article 8 of the European Convention on Human Rights.
This article looks at the information sharing implications of this decision for organisations working with children, and what the objectives and proposed structure of the NPS can teach organisations about how best to protect children and promote their well-being.
How should organisations share information about children?
The decision does not change existing law - or good practice – on data sharing in Scotland or the rest of the UK. However, it does feed into the growing (and uneasy) debate surrounding the extent to which information should be shared in the interests of a child's welfare.
Acknowledging the capacity for misinterpretation of the decision, namely a culture of excess caution leading to failures in child protection, the Information Commissioner (ICO) felt the need to put out a short statement on the matter. The key message was that:
"practitioners should be reassured that information sharing for child protection purposes is not affected by the judgment and that they should continue to share such information following best practice within the framework of the Data Protection Act and other law."
What this means, in practice, is that data protection should never be a bar or impediment to proper management of child welfare. However, that concept of child welfare includes rights of privacy and fair processing of private information which are built into the DPA. Sharing information in a way that protects these rights whilst simultaneously enabling organisations to identify and address children's needs at an early stage, protect children from harm and promote their well-being can be difficult to achieve. The pressures and uncertainties faced by professionals can be significant. For now, organisations should:
- put in place clear guidance on information collection, security, protection and sharing. Train your safeguarding leads so that they in turn can provide guidance to staff, ensuring that information is stored and shared in a way which promotes as far as possible the well-being of the children you work with.
- consider and follow the guidance set out in Chapter one of Working Together to Safeguard Children (WTSC) and Information sharing: advice for practitioners providing safeguarding services.
- when in receipt of a request for disclosure from a public body, whilst it will almost invariably be necessary and proper to defer to these bodies, organisations should take common sense practical steps to ensure they are sharing in a way which is compatible with the rights of data subjects, including by ensuring that the public body provides details of the statutory power under which it is making the request, identifies any relevant non-disclosure exemption in the DPA and confirms that it will process all information in accordance with the DPA.
- remember that data protection should never be a bar or impediment to proper management of child welfare, but remember also that the concept of child welfare includes rights of privacy and fair processing of private information. This can be a difficult balance to get right and when in doubt, take advice.
Existing law relating to information sharing
It is well established that local authorities will in some circumstances, and in application of their own professional judgment (as well as the DPA), need to share information – even sensitive information – without consent of children or their parents. This includes situations where protection of a person's vital interests, prevention of a crime, or fulfilment of a statutory duty makes it necessary. Competent authorities may also seek such disclosure from schools, care centres, sports clubs and so on.
However, the DPA is built around safeguards, which – while not intended to make the jobs of local authority officers, schools or the police any harder than they already are – include satisfaction of various conditions and caveats. This means in practice balancing professional necessity against the rights, freedoms and potential prejudice to individuals. And of course, as always at the heart of the DPA, sharing must be carried out in a way that is "fair" as well as lawful – which might mean notifying individuals, even if not directly seeking consent before acting, while considering what might prejudice an investigation or fulfilment of a core regulatory function.
What does the decision say?
Ultimately, it was the privacy concern that dragged the new legislation down – temporarily at least. The Supreme Court had problems reconciling the information sharing provisions of NPS with both Article 8 of the European Convention on Human Rights (protecting the right to privacy and family life) and DPA, finding that the "lack of clarity as to the relationship between the Act and the DPA" needed addressing. In particular it noted the conflict between the high thresholds for disclosure set by the DPA's non-disclosure provisions (e.g. to allow disclosure without consent only in cases where it is necessary to protect the child's vital interests) and the lower thresholds provided for under NPS (e.g. allowing disclosure without consent in cases where the information holder considers that disclosure would be likely to benefit the child's well-being).
The revised draft statutory guidance put out by the Scottish government did seek to tackle this, noting: "Public authorities can share information if it is lawful and proportionate to do so, but each case must be considered carefully to assess what is lawful and proportionate in the particular circumstances." It also noted that "it is routine good practice to seek parents' views about information shared, unless it would be against the child's wishes, where they are considered capable of making that decision, or where seeking the views of the parent may be detrimental to the child's well-being" – and to involve them in decisions "in all but exceptional situations". But the Supreme Court felt that this was not carried through with any clarity in the Act itself, which did not make that 'good practice' a binding legal requirement. Indeed, it left a good deal to discretion and placed no real legal restriction on these discretionary powers to share information.
Whilst stressing that it was not trying to re-write the legislation, the Supreme Court suggested that a revised Act needed to set out clearly "the circumstances in which (i) the child, young person or parent should be informed of the sharing of information or (ii) consent should be obtained for the sharing of information, including confidential information." The concern was that, if authorisation of sharing private personal data was not done "in accordance with the law" (specifically the DPA) as Article 8 requires, it might result in a disproportionate interference with the home life and privacy of many children – in which case the Court would expect to see the requirement of a "compelling justification". In short, the judgment concluded, "changes [to the Act] are needed... to provide safeguards so that the proportionality of an interference can be challenged and assessed."
The introduction of the NPS will be delayed as a result of this ruling. The Scottish government had hoped to roll out the scheme to cover the whole country on 31 August. It has been reported in the media that it now hopes to be able to roll out the scheme by the end of this year.
Objectives of the NPS
Part of the Scottish government's Getting It Right For Every Child strategy, the NPS has two key objectives:
- to help families to address any concerns as early as possible in order to prevent them becoming more serious. In this way, the NPS aims to achieve a shift away from intervention by public authorities after a risk to welfare has been identified, towards an emphasis on early intervention to promote well-being. This echoes the objectives of the early help regime in England and Wales, which requires professionals to identify and support children with emerging difficulties and unmet needs. The CPU will be publishing an article on this topic shortly.
- to provide a single point of contact if a child or their parents want information or advice, or if they want to talk about any worries and seek support. The named person would also be the point of contact for other services if they have any concerns about a child's well-being. The idea is that the named person would create a focal point for the pooling and sharing of information about children and young people in order to ensure that appropriate action can be taken which supports the whole well-being of the child. This echoes the increasing focus on information sharing within the statutory guidance applicable in England and Wales (please see Keeping children safe in education (2016) and Working Together to Safeguard Children (2015)) (WTSC). As stated in WTSC, the importance of information sharing is highlighted in a series of serious case reviews which have shown how poor information sharing has contributed to the deaths or serious injuries of children.
View from England and Wales – the Debate
This "macro" approach to child protection, root and branch for every person under 18, was only to apply in Scotland: but while logic suggests it might be even harder to bring about in a more populous country, the rest of the UK is looking with interest to see how successful the scheme will be.
The NPS has been controversial from the outset, with many groups finding the radical, all-embracing approach commendable. Major children's charities including Barnardo's, Aberlour, Action for Children and Children 1st have said that a named person would help to connect families more effectively to a range of services when they are needed without "excessive red tape or delay".
The scheme has also come up against strong opposition; former Prime Minister David Cameron publically labelled the proposal "absurd", while the 'No To Named Persons' campaign group has described the NPS as "the most calamitous scheme the Scottish government has ever dreamed up".
Many opponents – including privacy campaigners and libertarians – felt that the proposal by the Scottish government smacked of a "Big Brother" mentality. Supporters of traditional family life felt it might undermine parents, and some social workers feared it would divert finite resources away from those children (and vulnerable adults) known to be genuinely at risk. Hence it was no surprise that a number of interested groups brought a legal challenge.
The 'No 2 Named Persons' campaign website lists eleven reasons for objecting to the government's strategy. The group mounted a legal challenge to the introduction of the NPS, on the basis that Part 4 of the Children and Young People (Scotland) Act 2014 ("the Act"), which makes provision for the NPS, breaches broad parental rights, as well as more specific privacy and data-protection rights for parents and children. These challenges were rejected by the Court of Session in Edinburgh, prompting the appellants to take their claim to the Supreme Court.
Complex laws in important areas such as child protection are never easy. They are however made even more difficult where competing laws such as child protection and data protection appear to be in conflict. Such conflicts bring organisations working with children into the area of exercising sound judgment based on an assessment of the relative risks of different courses of action. We are here to try to help you do that!
If you require further information on anything covered in this briefing please contact Owen O'Rorke (email@example.com, 020 3375 7348) or your usual contact at the firm on 020 3375 7000. Further information can also be found on the Intellectual Property and Technology page on our website.
This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.
© Farrer & Co LLP, September 2016