Adoption campaigners have labelled Tusla ‘worse than nuns’ saying that information that was routinely released is now routinely being withheld, writes Conall Ó Fátharta.

FOR months now adoption rights campaigners have been labelling Tusla “worse than the nuns” in terms of allowing them access to their personal records.

They say that information that was routinely released by the nuns — including a person’s first name at birth and place of birth — is now being routinely withheld.

People are being released pages and pages of records relating to their own lives which are fully or almost entirely redacted.

Rarely has that view been more explicitly stated than in the report of the Mother and Baby Homes Collaborative Forum — a report which children’s minister Katherine Zappone has refused to publish in full.

The report is scathing in its criticism of Tusla following exchanges it had with a delegation from the agency last December.

The report eventually concluded that since Tusla began taking ownership of the files of former adoption agencies in 2014, it has been pursuing “a practice of withholding identity and personal information from applicants detained as children across various institutions on the basis that to release this information, could cause harm to the wider family members of the applicant”.

The Irish Examiner has obtained an audio recording of that meeting in which a member of the delegation said the agency carries out a “risk assessment” as to the “likelihood of someone being harmed or not harmed” before it decides whether or not to release personal information to adopted people about their early lives.

The Tusla representative also admitted that in the case of one of the 126 victims of the St Patrick’s Guild illegal adoption scandal, Tusla sent that person an almost entirely redacted copy of her mother’s death certificate “to ensure it can’t be found” in the General Registration Office (GRO).

This was done to protect third parties — namely any surviving relatives of this woman’s natural mother.

This redaction of a public record was done in spite of the fact that the woman in question had never been legally separated from her mother in the first place as her birth was illegally falsified.

Katherine Zappone

The Department of Children and Youth Affairs (DCYA) has said there are around 150,000 adoption records in existence and approximately 100,000 of these are currently in the custody of Tusla or the Adoption Authority of Ireland (AAI). Tusla has held many of the records since 2014.

However, most of the records are pre-adoption records in that they relate to the lives of individuals who were in care before they were adopted.

Indeed, in some cases, these people were never legally adopted at all.

One the key reasons cited by Tusla for refusing people access to their records, is Section 86 of the Adoption Act 2010 which states that the index held by the AAI to allow it to trace the connection between the Adopted Children’s Register and the corresponding entry in the register of births held by the GRO “shall not be open to public inspection” except by order of the AAI or a court.

Tusla is also citing GDPR as a reason for maintaining tighter control over what information it does and does not release.

At the collaborative forum meeting, the Tusla delegation was asked why it refuses to release information to people about their natural mothers — even after they have died.

A representative said this was being done in case other relatives might be “harmed” if the information was released.

She said Tusla carried out “a risk assessment” to see if harm would be caused by releasing such information.

The issue is that, although a mother may be dead, she may have married subsequently and have other children and there is a potential harm to other members of the family. That’s the thinking. That’s the advices we were given.

The representative added: “What we are trying to do now is carry out a risk assessment in the sense of, if we give out information, what’s the likelihood of someone being harmed or not harmed.

“If we feel that there’s less likelihood of somebody being harmed and that the person who’s searching is more harmed by not getting it, that we are trying to balance those rights.”

When asked to define harm, the Tusla representative could not.

In a statement, Tusla said where a case involves a deceased person, it carries out a “specific risk assessment” under Article 15 (4) of GDPR which requires it to ensure that the sharing of information “should not adversely affect the rights and freedoms of others (eg other family members)”.

“In order to respond to requests for information in these instances, Tusla Adoption social workers use a risk-based process to assess who may be impacted by the disclosure of information in a process that is treated with great sensitivity, balancing the rights and freedoms of all parties involved.

“Social workers continuously work to contact all parties involved so as much information can be shared,” said a statement.

According to specialist in information law Fred Logue of FP Logue, under data protection law, Tusla simply cannot assume third parties might be harmed by the release of information. It must provide evidence that harm will actually be caused.

“Both Irish and European law recognise a specific right of individuals to know about their origins including, their original name and the identity of their natural parents.

In the same vein data protection law gives individuals a fundamental right to access their personal data.

“While these rights are not absolute the law says they can only be restricted if outweighed by the rights of others. In data protection law this means that an access request must be granted unless it would adversely affect the rights of freedoms of others.

“It is inherent in data protection law that this balance applies only to living people — ie the dead have no data protection or privacy rights.

“When striking the balance a decision-maker has to be able to show that any harm is foreseeable and not hypothetical and they have to show how that harm would actually occur. It is not good enough to say there might be harm or that the harm cannot be identified,” he said.

Indeed, Mr Logue points out that currently the balance is already very much in favour of the person seeking the information, as they have already suffered harm — namely they have been denied their right to their original identity.

“The harm to adoptees is apparent. Many individuals are desperate to find out as much as possible about their origins before their natural parents die.

“I would think most people would agree that obstructing that search while parents get older and pass away can only be described as cruelty in the extreme,” he said.

One of the key points put to Tusla at the Mother and Baby Homes Collaborative Forum meeting was that the agency was also withholding information like a person’s first name (not surname) at birth and their place of birth.

This was not third party information but personal information specific to that person.

Other non-identifying information was routinely released by the religious orders when they had ownership of the records and, indeed, prior to the advent of GDPR, Tusla had also released this information.

This information might mention personality or physical traits of the natural mother — that she had black hair, liked to read etc.

However, the Tusla representative told the collaborative forum that “non-identifying information is personal information relating to another person so, as much as we had felt that that was very useful to people in the past, we are not now in the position to give that anymore”.

This was challenged by one forum member who asked: “Is our first name at birth not our information? I know you have stopped giving out information about our first names at birth. Also, where we were born? That used to be given out and it’s not being given out anymore.”

The Tusla representative responded by stating that “if you are adopted, you can’t give it out”.

The collaborative forum member asked what part of GDPR or any other legislation allowed for Tusla to make such a decision.

The Tusla representative responded by saying it was not GDPR that drove this policy but rather Section 86 and 88 of the Adoption Act 2010 which she said “states that the adoption records are not open to the public”.

However, it was also stressed that GDPR had made the release of information more difficult.

“It’s more that the GDPR has made it that we need to be stricter about the information but in line with the Adoption Act, that the adoption records are not open to the public without the High Court or the Adoption Authority consent,” said the Tusla representative.

However, forum member Susan Lohan of the Adoption Rights Alliance pointed out to the delegation that the records held by Tusla’s related to people’s lives before they were adopted.

In many cases, such as those whose births were illegally registered by St Patrick’s Guild, these people were never legally adopted at all.

“We are not talking about adoption records here and we are not the public. We are data subjects and we have the same access rights to our own data as anybody else.

So could you just think about that question again, what piece of legislation prevents any unaccompanied child, any boarded out people — there’s plenty of them here — any fostered people, anybody who went on to be adopted from having access to their own records?

She added: “You can call them pre-adoption records or you could just call them personal records. I happened to be adopted at five months old but there’s plenty of us here who were never adopted. They have no adoption records. They just have personal records.

“So can you tell us what piece of legislation you are working under because currently we know that you are denying boarded out people, unaccompanied children, adopted people their knowledge on their own original names which is their information. That is not third party information,” she said.

At this point, chair of the the forum Gerry Kearney — a former secretary-general in the Department of Community Rural and Gaeltacht Affairs — interjected stating that the forum would write to Tusla on the matter.

“Because I think there is a point, as I am hearing it, there’s a point of change of practice, where people could previously access this information. It’s about themselves, it’s not about third parties. I think it would be appropriate to write to you if you can’t pinpoint the legislative... it’s not a GDPR issue because it’s the individual themselves,” he said.

In response, Tusla again pointed to Sec 86 and Sec 88 of the Adoption Act 2010 before stating that if someone is not adopted, “that is a different matter”.

“I think I’d probably need to know what the cases were so that I could investigate them,” said the Tusla representative.

Ms Lohan then produced an almost entirely redacted death certificate which the agency had sent out to a 69-year-old woman. The woman was among the 126 cases of illegal birth registrations Tusla discovered in the records of the now-closed St Patrick’s Guild adoption agency.

The death certificate was for the woman’s mother but apart from a doctors signature, the woman’s age and a cause of death, all other information on the certificate was redacted by Tusla, including the details of the registrar general — a public official.

Other information redacted from the public record included the date and place of death, the woman’s name, the signature, qualification and residence of the informant to the death, the date when the death was registered, the registration number and the district and county where the death was registered.

As the recipient of the record had never been legally adopted, the Tusla delegation was asked what legislative basis the agency had “to start interfering with public records”.

“I think the reason to redact all of that is to ensure that it can’t be found in the GRO because it is third-party information as per GDPR.

“That is the advices that we are getting and the legal advices that we are getting,” said the Tusla representative.

REACTING to Tusla’s take on data protection rights, specialist in information law Fred Logue was categoric stating that “Irish law does not alter Tusla’s obligations” and warned that the agency could ultimately be held accountable through fines and compensation to people affected.

“EU law has primacy over Irish law which means that nothing in the Adoption Act or any other statute can displace an individual’s data protection rights or rights over their identity.

“Tusla as a public body has a positive obligation to disapply any Irish law that conflicts with EU law, it should know this, given that it says that it has taken advice on the issue.

What really concerns me is that Tusla seems to be refusing virtually every request for access that it gets on these flimsy grounds in the knowledge that it is creating immense suffering for people.

“Tusla has absolutely no right to obstruct anyone exercising their fundamental rights and, in my view, it will ultimately be held to account for its position through administrative fines and compensation payments to individuals,” he said.

In a statement, Tusla said both GDPR (for subject access requests) and FoI legislative provisions are considered by Tusla’s decision officers (dependant on the particulars of a client’s request) when considering records redaction.

It said that, under Sec 41(1) of the FoI Act, the disclosure of certain records “is prohibited by law of the European Union or any enactment”.

It pointed out that the relevant enactment i these cases was Sec 86 and Sec 88 of the Adoption Act 2010 which provides for a prohibition on the disclosure of information from the index under section 86, except by order of the court or of the AAI.

Tusla also pointed out that Sec 37(1) and “one occasion” Sec 37 (7) of the FoI Act allow for the disclosure of records to be refused if it would involved “ the disclosure of personal information (including personal information relating to a deceased individual)”.