The bill could usefully set out a number of ground rules. It should set out what the law is, and the code of practice should say how it is to be implemented. It should not create any new rules, standards or tests, although it might set out or clarify which tests the existing law expects people to apply.
The logical sequence of events should be, as has been mentioned, to think first of all whether sharing the information will assist the child’s wellbeing, however that is defined, and if the answer is yes, to proceed to considering whether it can be shared legally. The first question that you need to ask is, “Can I share this without consent?” The reason why that question comes first is so that you are not then going through the mock exercise of seeking consent when you have already decided to share the information anyway.
If the information is sufficiently important that you feel that you should be sharing it without consent, you are arguably going beyond wellbeing and starting to stray into child protection territory. That would be my thinking. Sharing without consent is something that the Supreme Court was very much against in its ruling. If the information that you have does not pass the threshold of being sufficiently important to share without consent, the next step is to figure out how to ask for consent in a way that is compatible with the GDPR requirement that makes it clear that, in cases where there is a power imbalance, consent is not always going to be appropriate.
The code of practice might usefully address that kind of area. I could envisage a code of practice that says, “When seeking consent from the young person or the parent, you must make it absolutely clear that there will be no adverse consequences if they say no.” If that is not made clear—and I appreciate Janys Scott’s experience that that is not how it works in practice at the moment—you cannot really say that a person has given free, informed and voluntary consent. That is the level of detail at which I would anticipate a code working.