Guðmundsdóttir v. The State of Iceland

The appellant, Guðmundsdóttir, wrote a letter to the Medical Director of Health, the respondent, requesting that health information in medical records of her deceased father should not be transferred to the Health Sector Database and asserted her right to do so. In particular, she did not want her father’s genealogical or genetic information to be transferred, which could be used to infer hereditary characteristics about her. Article 7 of the Health Care Sector Database Act No. 139/1998 authorizes a database licensee to obtain data from health institutions and self-employed health service workers and therefore she had a personal legitimate interest to prevent the transfer of her father’s genetic information. The Medical Director however refused to withhold the transfer of the appellant’s father’s information into the database. He contended that there are no direct provisions under the Act on the right of relatives of a deceased person to prevent information about him/her being transferred into the Health Sector Database.

The appellant approached the District court and sought for a recognition that she had a right to prohibit the transfer of such information into a database under Article 8 of the said Act which provided that persons who wanted to prevent their personal information from being included in a database could notify the Medical Director of Health, and it would be withheld. The District court passed an order in favour of Medical Director holding that encryption could be done in a secure manner that it would be virtually impossible to read the encrypted data. Against the order of the District Court, she appealed to the Icelandic Supreme Court.

The central issue in this case was whether in addition to the constitution or any other relevant statutory law, the rights of a next of kin under the law includes the right to control the dissemination and use of the deceased’s medical and genetic information.

The Supreme Court reversed the Director’s decision and held that the appellant had a right to prohibit the transfer of the information on the basis of her personal right to protection of privacy. She, however did not have a right to request on behalf of her deceased father’s behalf as the personal rights of an individual ceases on his/her death.

The court prohibited the transfer of appellant’s medical information to the Health Sector Database for the following three reasons:

• First, the information which was entered in the Database allowed a detailed identification of the person concerned and since it was possible to infer information about a person’s hereditary characteristics from the genetic and geneological data, information could also have been applied to the person’s descendants. As such, the appellant had a personal interest in preventing the transfer of such information.
• Secondly, the act provided for certain public entities for monitoring the queries and processing of information in the database however there was no guidance on what type of queries will be directed to the Database or in what form the replies to such queries would appear as on the Database.
• Thirdly, even though provisions under the law stated that health information in the database should be non-personally identifiable as per the objective of the Act, there were no procedures laid out under the Act to ensure such object. It was found that information contained in the medical records such as lifestyle, social circumstances, family and employment relates to intimate information and identification of the person.

The court hence held that Paragraph 1 of Article 71 of the Constitution which states that “everyone shall enjoy freedom from interference with privacy” would be applicable and held that without definite statutory norms on protection, the Act does not fulfil this constitutional requirement.

Part IV. “…extensive information is entered into medical records on people’s health, their medical treatment, lifestyles, social circumstances, employment and family. They contain, moreover, a detailed identification of the person that the information concerns. Information of this kind can relate to some of the most intimately private affairs of the person concerned, irrespective of whether the information can be seen as derogatory for the person or not. It is unequivocal that the provisions of Paragraph 1 of Article 71 of the Constitution apply to information of this kind and that they guarantee protection of privacy in this respect. To ensure this privacy the legislature must ensure, inter alia, that legislation does not result in any actual risk of information of this kind involving the private affairs of identified persons falling into the hands of parties who do not have any legitimate right of access to such information, irrespective of whether the parties in question are other individuals or governmental authorities.” (Pages 7-8)

 "The provisions of Article 10 of Act 139/1998 discussed earlier do not specify what information from the medical records involving the personal identifiers of a patients which could be transferred into the Health Sector Database might be seen by a person receiving a response to a query submitted to the database. Nor are there any indications what overall picture could be gained in this respect from the connection of information from the Health Sector Database with databases containing genealogical information and genetic information, as discussed in the provision. Instead, it is merely provided that steps should be taken in the processing of information to preclude linking of the information with identifiable individuals. There are no further provisions on this in Regulation No. 32/2000. As mentioned earlier, no further plans are available concerning the actual implementation of this in the operation of the Health Sector Database." (Page 8-9) 

“Individual provisions in Act No. 139/1998 refer repeatedly to the fact that health information in the Health Sector Database should be non-personally identifiable…however, the achievement of this stated objective is far from being adequately ensured by the provisions of statutory law. Owing to the obligations imposed on the legislature by Paragraph 1 of Article 71 of the Constitution to ensure protection of privacy, as outlined above, this assurance cannot be replaced by various forms of monitoring of the creation and operation of the Health Sector Database, monitoring which is entrusted to public agencies and committees without definite statutory norms on which to base their work. Nor is it sufficient in this respect to leave it in the hands of the Minister to establish conditions in the operating licence or appoint other holders of official authority to establish or approve rules of procedure concerning these matters, which at all levels could be subject to changes within the vague limits set by the provisions of Act No. 139/1998.” (Page 9)