- The idea is to hide such sensitive information if the details are judged to be “inadequate” or “irrelevant” or no longer relevant or if deemed excessive.
- How do you determine whether the information is all those things and so it should remain, or the information is inaccurate, inadequate, irrelevant or excessive for it to be ‘forgotten’?
The growth of the internet over the last two decades has brought about vast sharing of information and with such enormous exchange and storage of information, there is bound to be negative consequences which includes sharing of personal or inaccurate information. It is often said that the internet records everything and forgets nothing, however, recent changes in privacy law seek to challenge this by providing for the ‘right to be forgotten’.
The right to be forgotten refers to the right that guarantees an individual’s private information be erased or destroyed. Under Article 17 of the General Data Protection Regulation (GDPR), individuals have the right to have personal data erased including from the internet.
This extends to the medical profession as well. Access to information in relation to the practice history of a doctor or medical profession is important to the public, including any instances of negligence. However, on the side of the doctor, such kind of information may as well translate to a career downfall, especially if their action caught the eyes of the media and made it to the internet.
What would happen if in such as case, the doctor in question is exonerated from such allegations by a disciplinary committee and allowed to go back to practice? Would they be successful if they invoked the ‘right to be forgotten’ in quest of having any available information relevant to their negligence removed from the internet or would this information be regarded as a matter of public interest and transparency on the side of any health regulatory body?
One of the questions to be determined would be whether such information has sufficient relevance or adequacy to continue being in any search engine.
Initially any efforts to invoke ‘the right to be forgotten’ had been futile until recently in a landmark case in The Netherlands. A surgeon had faced the Dutch medical regulatory authority for allegations against her poor post- operative care of a patient. Initially, she was suspended but upon appeal this decision amended and she was allowed to practice again.
Her name however was not in the clear as it had found its way to a website that listed her among other doctors with questionable practice fitness. In agreement with this right to be forgotten, the court ruled that even though the information on the website regarding the actions of the surgeon were correct, she had been put in a list of doctors who were not fit to treat patients which was not in any way the finding of the Dutch medical regulatory authority.
The right balance
Other personal information like divorce cases or bankruptcy cases, which are also public information and can be made available to the public on the internet, might have a negative effect on a medical profession’s career despite them having nothing to do with the doctor’s competence as a medical practitioner.
Among the principles of data protection provided in the Data Protection Act 2019, every data controller or data processor is expected to ensure that personal data is, among other things, adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
But what are the standards here? How do you determine whether the information is all those things and so it should remain, or the information is inaccurate, inadequate, irrelevant or excessive for it to be ‘forgotten’?
Of course, such information would remain available on the health regulatory body’s end but only to the extent of the findings in the allegations made. Any other information which is a conclusion drawn from such findings would in no way be the true position and has the potential to taint the reputation of the medical practitioner.
One could then argue that such information and personal data should be erased. The idea is to hide such sensitive information if the details are judged to be “inadequate” or “irrelevant” or no longer relevant or if deemed excessive.
The right balance must be drawn between the right to privacy and the protection of personal data on the one hand and the freedom of rights of access to information on the other.