The information regulator may prescribe more detailed rules for the processing of health information or sex life (section 32(6)) by making Health and Sex Life Regulations (section 112(2)(c)). The rules would apply to specific responsible parties who process personal information concerning a data subject’s health or sex life for certain activities. These rules do not apply to medical professionals, healthcare institutions or facilities, social services, or schools – to name a few.

The regulator is not obliged to prescribe these rules—they may. Note also that they are rules and not principles—there is a big difference. Drafting rules is often much harder and more time-consuming.

If these Health and Sex Life Regulations could apply to your organisation, you want to be part of the rule-making process.

Do the rules for the processing of health information or sex life currently exist?

No, they don’t. However, it appears the regulator has circulated draft health or sex life regulations to some stakeholders for comment and has held engagement sessions regarding the rules. Our understanding is that the regulator will publish a draft of the rules shortly.

To whom and regarding which activities would these health or sex life regulations apply?

They will only apply to certain responsible parties for certain activities. There are two groups.

Insurance or medical schemes

To insurance companies, medical schemes, medical scheme administrators, and managed healthcare organisations, if such processing is necessary for [the following activities]:

  • assessing the risk to be insured by the insurance company or covered by the medical scheme and the data subject has not objected to the processing;
  • the performance of an insurance or medical scheme agreement; or
  • the enforcement of any contractual rights and obligations (section 32(1)(b)).

For example, the rules may apply to an insurance company doing medical tests on an insured person to determine whether they are entitled to a payout. Or a medical scheme determining whether someone is covered by asking about their sexual relationships and sexual activity.

Rights or benefits related to health or sex life

The rules would apply to all employers – so basically every organisation.

To administrative bodies, pension funds, employers or institutions working for them, if such processing is necessary for [the following activities]:

  • the implementation of the provisions of laws, pension regulations or collective agreements which create rights dependent on the health or sex life of the data subject; or
  • the reintegration of or support for workers or persons entitled to benefit in connection with sickness or work incapacity (section 32(1)(f)).

For example, the rules may apply to an employer who processes health information (like the type of illness) to determine whether to pay an employee during sick leave.

Actions you can take

What is sex life?

What is personal information concerning a person’s sex life? Collins Dictionary defines it as information regards their sexual relationships and sexual activity.