Universities in the UK and the US are standing at a complex legal crossroads. Bound by stringent privacy laws, yet increasingly held accountable in the aftermath of tragedy, they occupy an unenviable position in systems that lack suitable legal safeguards, leaving them at the mercy of lawsuits and public outcry when things go terribly wrong.
“Universities accused of hiding student suicide attempts behind GDPR” read a Guardian headline in June. This is over-simplistic, but it draws attention to a particular difficulty for those at the front line of student well-being. Universities are not hiding behind the UK-GDPR or FERPA, its US counterpart, but they are being stifled by strict data protection rules designed expressly to prevent the sharing of personal data unless specific, complex conditions can be met. Behind a requirement to protect personal information lies a web of ambiguity that universities must navigate when a student’s mental health is at stake.
In the UK, the tragic deaths of university students such as Natasha Abrahart have galvanised a movement among bereaved parents, who claim that the UK-GDPR’s implementation in universities is fatally overriding the safeguarding of students at risk of harm. Across the Atlantic, similarly heart-wrenching tragedies have also spilled over into the courtroom. Each case lays bare the fraught terrain that universities tread, where the legal imperative to protect student privacy clashes with the moral (and legal) obligation to intervene.
The call for reform found a platform in a UK parliamentary debate on 5 June, which crystallised the prevailing concern: while personal data protection is paramount, there must be mechanisms to allow the flow of critical information in serious situations. This debate is not just a matter of policy, but a reflection of a society grappling with the value it places on privacy in the face of the urgent need to protect its vulnerable young citizens within the educational sphere.
For frontline university staff, the current landscape is rife with potential missteps. Every decision to reach out or not, to involve families, to take precautionary measures, is laden with legal ramifications and the spectre of violating privacy norms. The laws, as they stand, are not just a shield but also a maze, within which the path to protecting students is anything but straightforward.
Bereaved parents in the UK have spoken out against the government’s review of student suicides, seeing it as too little, too late, and much too narrow. Their experiences reflect a shared sentiment with their US counterparts: a sense of abandonment by legislative and regulatory bodies that have failed to provide a clear and supportive framework for student welfare.
Universities are caught in a bind. On one side, they face the scrutiny and the pain of families who, in their loss, consider the institutions’ actions or inactions part of the problem. On the other, they grapple with the limitations imposed by privacy laws and regulators, often operating without the legal clarity of direction they desperately need to make informed decisions that could ultimately save lives.
While universities have developed “opt-in” schemes (in which students authorise their institutions to share their information with parents or carers in the event of a crisis), these cannot take into account students falling out with, or becoming estranged from, their parents, or simply losing trust in their institutions and withdrawing consent to share. Where the nature of a student’s relationship with their parents or carers is at the root of their mental health situation, the position becomes even more complex.
These facts call for a shift to a better approach that is both pragmatic and compassionate. Universities require clarity – privacy laws with proactive mental health protocols that can guide and protect them in identifying and acting upon the warning signs of a student in crisis. The best solution in the short term is the creation of clear actionable guidelines that universities can follow without fear of legal reprisal. This includes the development of communication protocols that align with privacy standards but allow for parental notification and involvement in certain circumstances, all within a legislative framework that unequivocally allows data-sharing well before a crisis becomes life-threatening.
It is time to construct a new paradigm – one where the protection of life and the right to privacy are not in opposition, but where each is embraced as essential to higher education’s mission to foster not just the intellect, but the whole, healthy human being. But if students are to learn in an environment in which both their lives and their privacy are valued, privacy laws must change – or, at least, be clarified.
Until that happens, universities will continue to be caught in a clash between compassion and compliance, and students and parents will continue to suffer.
Iria Giuffrida is assistant dean for academic and faculty affairs and professor of the practice of law at William & Mary Law School in Williamsburg, Virginia. Alex Hall is director of legal and compliance services and university solicitor at the University of Hertfordshire and chair of the UK Association of University Legal Practitioners.
Register to continue
Why register?
- Registration is free and only takes a moment
- Once registered, you can read 3 articles a month
- Sign up for our newsletter
Subscribe
Or subscribe for unlimited access to:
- Unlimited access to news, views, insights & reviews
- Digital editions
- Digital access to THE’s university and college rankings analysis
Already registered or a current subscriber? Login