We received a complaint against a healthcare group arising from its refusal of a request for rectification under Article 16 of the General Data Protection Regulation (GDPR). The complainant alleged that the healthcare group was incorrectly spelling his name on its computer system by not including the síneadh fada, an accent that forms part of the written Irish language.

Hospitals under the administration of this healthcare group use a patient administration system (PAS) to initially record patient data which is then shared with other systems at later points of patient care, that is, laboratory, radiology and cardiology. The healthcare group informed the complainant that it is not possible to record the síneadh fada because syntax characters are recorded as commands on the PAS, impacting on the way data is stored and processed. The healthcare group informed the Data Protection Commission (DPC) that the patient administration system is due to be replaced in 2019/2020. However, the group’s new system will not allow for the use of the síneadh fada. The healthcare group informed the DPC this was for the purpose of enabling a streamlined single point of contact for patient information across different systems. This would enable professionals to access this information across different units within a hospital or hospital group without re-entering the data at a later point, thereby avoiding potential for later errors .

The other systems across the current healthcare group network and/or wider hospital network do not support the use of the síneadh fada. The healthcare group further advised the DPC that they identify patients with Patient ID numbers rather than isolated names.

The DPC examined this submission and concluded that any update of the computer system would lead to costs in terms of significant costs and time, along with errors in storage and matching of records. The DPC also engaged with An Coimisinéir Teanga (Irish Language Regulator) about its advice to public sector organisations with respect to computer systems supporting the síneadh fada. An Coimisinéir Teanga advised there is no such obligation arising from the Official Languages Act 2003 but such an obligation can arise from a language scheme — an agreement put in place between a public body and the Minister for Culture, Heritage and the Gaeltacht .

The DPC queried the healthcare group on the existence of a language scheme and was provided a copy. This scheme sets out a respect for patient choices regarding names, addresses and their language of choice . The scheme also provides a commitment to update computer systems to achieve “language compliancy”. There is no timeframe provided for the fulfilment of this commitment in the language scheme.

The healthcare group advised the DPC they are committed to patient safety as a primary, core concern and further advised the DPC of the difficulties associated with sharing and storing information across other systems if they updated their system to allow for the use of the síneadh fada . They also advised that they will be testing the possibility of using the síneadh fada in any update of their computer system .

The DPC had regard to Article 16 and Article 5(1) (d) of the GDPR in examining this complaint. Both articles set out the rights of individuals subject to “the purposes of the processing”. The right to rectification under Article 16 of the GDPR is not an absolute right. Organisations that control or process personal data are required tom take reasonable steps in the circumstances. The DPC had regard to case law from the European Court of Human Rights on linguistic rights and/or naming. This case law reflects that the spelling of names falls under the ambit of Article 8 of the European Convention on Human Rights but that the Court adopts a restrictive approach in this regard. As such, the DPC reiterated the purpose of the processing in the circumstances of the complaint was the administration of health care to the complainant and involved the use of Patient ID number. The name of the complainant was not the isolated means of identification and therefore the purpose of the processing is being achieved without the use of diacritical marks .

The DPC had regard to any risks to the complainant in the refusal of their Article 16 request also. The DPC noted the risk to the complainant would increase because of the difficulties associated with cross-system handling of the síneadh fada and the impact this would have on any health care decision making for the individual. In the circumstances, the non-use of the síneadh fada would not constitute an interference with the fundamental rights of the individual.

Under section 109(5) (f) of the Data Protection Act 2018 (the 2018 Act), the DPC requested the healthcare group to inform the complainant of its actions in the implementation of a computer system enabled to reflect the síneadh fada. Also, the DPC requested that the group add an addendum to the individual’s file to show the síneadh fada forms part of the individual’s name. The DPC, under section 109(5)(c) of the 2018 Act, advised the complainant that he may contact An Coimisinéir Teanga about the language scheme and any contravention of same.