‘Paralysis’ in sharing information on vulnerable adults between healthcare groups is addressed by new toolkit

Misunderstandings arise due to lack of clarity in how the GDPR applies, says Data Protection Commission

Commissioner for Data Protection Des Hogan, assistant commissioner Clare Barry, Tim Hanly of the HSE's National Safeguarding Office, Bibiana Savin of Sage Advocacy and DPC deputy commissioner David Murphy at the launch of the safeguarding guidlines
Commissioner for Data Protection Des Hogan, assistant commissioner Clare Barry, Tim Hanly of the HSE's National Safeguarding Office, Bibiana Savin of Sage Advocacy and DPC deputy commissioner David Murphy at the launch of the safeguarding guidlines

The Data Protection Commission (DPC) has launched an adult safeguarding “toolkit” to address misunderstandings about how to protect the data of at-risk adults in health and social care settings.

The introduction of the General Data Protection Regulation (GDPR) has caused “paralysis” where people are concerned that they shouldn’t share data even if they can, DPC chairman and commissioner for data protection Des Hogan said.

For example, residential care centres may not receive relevant health information about prospective residents, leading to “a whole suite of issues that would unfold once the resident is already settled in there”, said Bibiana Savin, chief executive of Sage Advocacy.

Ms Savin further outlined misunderstandings relating to the gathering of a vulnerable adult’s data from cameras and recording devices, and family members’ rights to request data on behalf of their loved one.

Under GDPR, sensitive data can be shared where there is consent, in performance of a contract, to comply with a legal obligation and for vital, public or legitimate interests.

In April 2024, the Law Reform Commission proposed a new law on adult safeguarding to address a gap in the regulatory framework. “There’s a lack of positive obligations and clear legal basis for data sharing,” said David Murphy, deputy commissioner of the DPC.

Positive obligations are typically duties imposed on official bodies to take specific actions to protect individuals’ fundamental rights.

While clear positive obligations to share data in this context are being developed, the DPC’s new toolkit aims to avoid blockages in how information flows between systems where there is a legal basis for sharing personal data.

“We would like to change the mindset, to factoring in ‘What harms could arise to the individual if I don’t share their data’,” Mr Murphy said.

The DPC defines vulnerable adults broadly, including individuals suffering from physical or mental conditions, children with additional needs reaching the age of majority, people subject to domestic violence or coercive control, experiencing homelessness, financial abuse or trafficking.

Abusers using data protection law to get details on victimsOpens in new window ]

The toolkit follows the DPC’s work on safeguarding children’s data and expands the focus to a wide range of vulnerable groups in society. The commission has been engaging with various stakeholders in the social care and health systems for the past two years to develop the toolkit.

Mr Hogan said at the launch on Thursday, “we need to get away from this paternalism which has permeated our society for an awful long period of time ... into the position where we are defending and protecting rights”.

“As we move our way into a new digital world, it is just so important that we get this right,” he said.

  • Join The Irish Times on WhatsApp and stay up to date

  • Sign up for push alerts to get the best breaking news, analysis and comment delivered directly to your phone

  • Listen to In The News podcast daily for a deep dive on the stories that matter