EHRC consultation: asking about sex at birth

This is the second in a series of posts focusing in detail on individual parts of the Equality and Human Rights Commission’s draft code of practice for service providers, associations and public bodies (read our full response to the consultation).

In chapter 2 of the draft code of practice, the EHRC has proposed introducing new content on asking “about sex at birth”. We strongly disagree with this content and have recommended that the whole section be cut. 

The placement of this section in the numbering scheme puts it before the protected characteristic of sex is introduced, rather than after it. This is irrational and suggests that asking about “birth sex” is something different to asking about or recording “sex” and expecting an honest answer. This section also uses the concepts of discrimination, indirect discrimination and harassment before they are introduced in the guidance. This is likely to confuse readers and shows that the section is an inadequate sticking plaster for the longstanding data mess.

Like much of the proposed statutory guidance on this topic, the code of practice falls into the trap of framing the advice as how a single staff member should respond to a trans service user, rather than what general rules and processes are lawful for an organisation.

It says:

• “It is important to be aware that some people, including some trans or gender non-conforming people, may find it distressing to be asked about their birth sex. Any necessary request about birth sex should be made sensitively, taking this into account.”
• “Discrimination or harassment could occur if, for example, individuals are asked about their birth sex in a way which may require them to disclose this information in public, or if the language or manner of a request is rude, combative or offensive.”
• “If there is genuine concern about the accuracy of the response to a question about birth sex, then a birth certificate could be requested… However, it should be noted that a birth certificate may not be a definitive indication of birth sex.” 
• “In the unlikely event that it is decided that further enquiries are needed, such as confirmation as to whether a person has a GRC, then any additional requests should be made in a proportionate way which is discreet and sensitive.”

It gives the example: 

“A trans woman goes to the office of a local support group and makes enquiries with the receptionist about the group counselling sessions they offer. Based on the needs of its service users, the group provides different sessions that are single-sex or mixed-sex. The receptionist reasonably thinks that the trans woman is a biological male and, as there are some other people waiting in the office, asks her to come into a side room to get more details about the support she is looking for. When they are in private, the receptionist explains the different group sessions that are offered and asks the trans woman what her birth sex is. When she confirms her birth sex, the receptionist provides her with the details of the mixed-sex groups she could attend.” 

This section does not align with the Equality Act or the Data Protection Act and is not supported by case law. We think it is misguided and unworkable – and that the example is dangerous. It is based on the discredited “case by case” model that has informed EHRC’s track record of getting the law wrong on this issue for the past 15 years.

This approach is fundamentally flawed. It should tell service providers to set simple, lawful policies (record personal information accurately when the information is needed; consider making the question voluntary) and expect the few thousand trans-identifying individuals in the country to follow the rules like everyone else. Instead it expects businesses and the public sector to spend millions of pounds training all their customer-facing staff to try to guess who is trans and treat them differently by applying complex human-rights law principles. This is a recipe for more bad training and legal liability.

There is no particular provision in the Equality Act against recording sex data, and the advice should be simple: follow ordinary data-protection principles.

What the guidance gets right is that whenever organisations record personal information this can interfere with people’s human rights under Article 8 of the European Convention on Human Rights, which protects private and family life.

“Therefore, care should be taken, particularly by public authorities, that this is only done where necessary and justified.”

But what it gets wrong is thinking that this test of whether it is necessary and proportionate to record whether service users are male or female needs to be applied differently if the person might be trans. 

Apply ordinary rules 

Every piece of the EHRC guidance needs to be able to be applied by a large institution through a lawful policy.

In many routine situations organisations collect and record data on sex, along with other information such as a client’s name, date of birth and address. Examples include when someone registers for a service such as joining a gym, or when they get health or personal care. In other situations, such as signing up for a food-delivery service or a social-media account, customers are not asked to state their sex when they register (there might be a field for Mr/Ms but these are typically voluntary and don’t have to align with sex). Taking personal information is often done online, through a form or by drawing information from existing records or referral from another organisation. Once the information is collected it is included in a database. 

Collecting, recording or sharing any personal data in this way engages Article 8 and must be done as a proportionate means to a legitimate aim, and in line with data protection. This needs to be thought about when the database and form are designed, not on the fly by a receptionist.

The emphasis on asking the question sensitively is misplaced. Of course in general people should not be asked for personal information in a way that is combative or rude. But it is impractical to tell service providers to try to guess that a particular individual might be sensitive about their sex being recorded.

In order for the service provider (either staff members or a computer) to treat a transgender person’s data differently they would need to know (and be able to record) that they are transgender. This means recording MORE sensitive data about them, not LESS. 

A person who feels sensitive about sharing any particular piece of information may be able to respond “prefer not to say”, or to skip a question if the data field is not mandatory. 

The example is dangerous

The example of a “trans woman” going to the office of a local support group and being taken into a side room by the receptionist is particularly bad and shows that the case-by-case approach is dangerous and unworkable.

It suggests that rather than the organisation setting up systems to collect accurate information in a way that is compliant with data-protection principles, an individual receptionist should adopt an ad-hoc workaround that involves making assumptions based on a service user’s appearance.

The EHRC suggests that the receptionist (who is likely to be a woman) should respond to the suspicion that an individual might lie about their sex by leaving the reception unattended with people in the waiting area, and going into a side room with the person she suspects is a man, and who may well respond badly to being asked to confirm that he is a man. The risks of doing this are obscured by referring to the man as “she” in the example. 

The entire thinking behind this example is wrong. If the service provider offers mixed-sex and single-sex services, it should make this clear in all communications about its services – online, in leaflets and in person. Clients all know what sex they are, and should not try to attend services which are not intended for them. The risk that people (such as the potential client in the example) will try to access services illegitimately should be assessed when developing the service, and the service should have protocols that mitigate these risks, such as putting explanations of why they expect accurate responses into online forms, and screening new clients on the phone to make sure that they understand the service, and the expectations of their conduct.

What does the case law say?

The practical difficulty of trying to keep a person’s sex data private by marking it as sensitive, and the legal implications of Article 8, are explored in R (on the application of C) (Appellant) v Secretary of State for Work and Pensions (Respondent) [2017] UKSC 72 and in Croft v Royal Mail [2003] UKCA. Both found that it is not a breach of Article 8 or anti-discrimination law to ask for and record people’s sex or previous names wherever that information is generally needed. 

Pemberton v Inwood [2018] EWCA Civ 564 concludes in general: 

“If you belong to an institution with known, and lawful, rules, it implies no violation of dignity, and is not cause for reasonable offence, that those rules should be applied to you, however wrong you may believe them to be. Not all opposition of interests is hostile or offensive.”

It is not a cause for reasonable offence for an organisation to ask for and record sex, where it is needed. 

A recent European Court of Justice case, Mousse v Commission nationale de l’informatique et des libertés (CNIL) and SNCF Connect, found that it was a breach of Article 8 for the French rail company SNCF to require ticket buyers to be recorded as Monsieur or Madame because the information was not needed. This does not mean it would be a breach for a gym, sports association or healthcare provider to collect sex data, or for any organisation to collect sex data using a voluntary question or data field.

While equality monitoring is not the only reason for recording sex, the Supreme Court in FWS made clear (at paragraph 239) that the public-sector equality duty requires data collection on women and men, not on the incoherent groups of “women including transgender women” and “men including transgender men”.

There is a data mess

The EHRC should tell organisations to apply ordinary data-protection principles. But the problem is that many (including many public authorities) do not. They have spent the past decade and more mixing up sex and gender-identity data in the same field. This has been comprehensively documented in the Sullivan Review.

That the FWS judgment and the EHRC guidance have been greeted by trans activists angrily saying that they won’t follow rules, and that there is no way to prove their sex, highlights why the data mess is a problem. That problem is not solved by telling individual minimum-wage staff members to be more sensitive when dealing with people who think the rules don’t apply to them.

The EHRC tries to deal with the data mess by offering advice about birth certificates. This is wrong. Birth certificates are not forms of identification and (because of the 2004 Gender Recognition Act) are not accurate about sex. There are currently no reliable official sources of data on sex, as passports, driving licences and NHS data have not been kept accurate. None of this was done with any lawful basis.

Sorting out the data mess is not a job for the EHRC but for the government and the Information Commission. We think it should be addressed urgently by the Secretary of State for Science and Technology through the Digital Verification Services trust framework he is developing now; by the government acting on the Sullivan Review’s recommendations; and by the Information Commissioner enforcing data protection. 

The EHRC should cut this section, which unfairly passes the buck for dealing with the problem down to the lowest-paid workers, and saddles their employers with the bill for training them to do the impossible and then picking up the pieces when they fail.

We suggest that the chair of the EHRC, Kishwer Falkner, should instead write to the Minister for Women, the Secretary of State for Science and Technology and the Information Commissioner and tell them they must clear up the data mess.