Appearance
When consent for historical data breaks down, the root cause is almost always a mismatch between the standards under which the data was gathered and the standards you must meet to reuse it. The fix is rarely "get consent again" — it is to diagnose precisely where consent is missing, defective, or inapplicable, then either repair it or switch to a sounder lawful and ethical basis. This guide works through the failure modes you will actually hit.
Why does historical consent keep failing modern tests?
Consent collected in 1975, or implicit in a parish register from 1850, was never designed for today's specific-informed-freely-given bar. Three structural problems recur: the data subject is dead and cannot consent; the original consent was broad or undocumented; and third parties were swept in without ever agreeing. None of these is fatal, but each needs a different repair.
Problem: the data subject is deceased — now what?
Most data-protection regimes, including the UK GDPR, do not apply to the dead, so legally the consent question often evaporates. The error is to read that as permission to publish freely. Ethical duty of care passes to living descendants and communities, especially for sensitive material. Diagnose by asking who is still alive that the record could harm.
text
Subject deceased?
-> data-protection law usually N/A
-> BUT check: living relatives identifiable & harmable?
-> check: community-sensitive (medical, criminal, traumatic)?
-> if yes: apply closure/redaction on ethical grounds, not legalProblem: the original consent scope is unknown
You have a 1980s oral-history release form that says "for research" and nothing about the open web. Do not stretch it to cover publication. The fix is a two-step:
- Default restrictive. Interpret ambiguous consent as the narrowest reasonable reading.
- Find a parallel basis. Where consent cannot cover your use, archiving in the public interest or legitimate interest may, if you can show the reuse is proportionate and you have done a balancing test.
Record the uncertainty in the catalogue so the next researcher does not assume permission you never had.
Problem: broad consent that is no longer valid
Consent obtained as a vague "I agree to take part" rarely survives modern scrutiny. Your options, in order of preference:
| Situation | Best fix |
|---|---|
| Subject reachable | re-contact and obtain specific, informed consent |
| Subject unreachable, low risk | switch to public-interest archiving basis, document |
| Subject unreachable, high risk | restrict access, redact, or embargo |
| Consent explicitly withdrawn | honour withdrawal; remove or close |
Re-contacting is the gold standard but often impossible at scale; the documented pivot is the realistic fix.
Problem: third parties named in a source
An interviewee describes their neighbour's affair; the neighbour never consented to anything. This is the most common and most overlooked failure. Treat named third parties as separate data subjects: review for harm, pseudonymise or redact identifiable details, and apply a closure period if real risk remains.
text
for each named person in transcript:
if person == interviewee: keep (they consented)
elif person deceased & low harm: keep, note
else: redact / pseudonymise / embargoHow do I record the consent decision so it holds up?
A consent decision you cannot evidence is a decision you did not make. For every collection, capture the original consent text (or its absence), the lawful basis you are relying on, the date and author of the review, and any restrictions applied. Store this beside the records, not in a forgotten email. When a complaint or rights request arrives, this dossier is what lets you respond in hours instead of weeks.
Does an alternative lawful basis let me skip ethics review?
No — and conflating the two is the deepest error of all. A lawful basis answers "may I, legally?"; an ethics review answers "should I, given the harm?". A use can be perfectly lawful and still wrong. Run an ethics review in parallel, especially for material touching health, criminal justice, children, or marginalised communities, and let it override a merely-legal green light.
Key Takeaways
- Consent failures stem from a standards mismatch, not just missing paperwork — diagnose the exact failure mode.
- The deceased usually fall outside data-protection law, but ethical duty to descendants and communities persists.
- Interpret unknown or broad consent narrowly, then pivot to a documented alternative lawful basis.
- Re-contact subjects where feasible; otherwise restrict, redact, or embargo high-risk material.
- Treat third parties named in a source as separate, non-consenting data subjects.
- A lawful basis never substitutes for an ethics review — run both and let harm concerns win.
Frequently Asked Questions
Can the dead give consent?
No, and most data-protection law does not cover the deceased, but ethical duties of care to descendants and communities often persist. Treat absent consent as a reason for caution, not a green light.
What do I do when the original consent scope is unknown?
Default to the most restrictive plausible interpretation, document the uncertainty, and seek a lawful basis other than consent — such as legitimate interest or archiving in the public interest — where one applies.
Is broad consent collected decades ago still valid?
Often not under current standards, because consent must be specific, informed and freely given. Re-contact where feasible, or pivot to an alternative lawful basis and record why.
How do I handle consent for third parties mentioned in an interview?
People named by an interviewee never consented themselves, so review for harm, redact or pseudonymise identifiable third parties, and apply a closure period if risk remains.
Does an alternative lawful basis remove the need for ethical review?
No. A lawful basis answers the legal question; an ethics review answers the harm question. Run both, because compliance and responsibility are not the same thing.