Autonomy and audit--striking the balance

Abstract

The Data Protection Act 1998 purports to implement European legislation which aims to protect the privacy of individuals. There were such concerns about the implications of the Act for certain research and audit that it became necessary to enact further legislation to enable such essential activities to continue. Although this empowers the Secretary of State for Health to approve proposals for these purposes, there should still be a requirement that the use of identifiable personal information without consent must be justified on compelling public interest grounds. It is this that can confound those seeking to rely on such justification. There can either be too cavalier an approach to the issue, and/or there is little sense of what considerations should come into play. This paper attempts to highlight some of the difficulties that are theoretically raised by some audit activities and set out the legal framework within which they must operate. However, the key focus is on how ethical considerations might inform the public interest argument.