Memorandum submitted by Dr C N M Pounder
The evidence in my submission leads me to invite
To conclude that the use of
surveillance technology in a post 9/11 age raises the question
of whether there should be an explicit right to privacy.
Such a right would raise issues which are broader than the surveillance
state. I would also recommend that an independent inquiry should
explore whether or not the law should be augmented with this right.
The form of this inquiry, its members and its terms of reference
must stress independence from Government, as Government has a
vested interest in its outcome.
To state that the processing
of personal data via new technologies, or the processing of personal
data that are subject to data sharing and data retention polices
should be subject to a strengthened data protection regime where
procedures which protect individual privacy can be independently
established, monitored, reviewed and enforced.
To augment the recommendation
from the Joint Committee of Human Rights (JCHR)
with respect to the production of a Human Rights Memorandum/Assessment
and state that any Privacy Impact Assessment be incorporated into
the JCHR recommendation. The joint Human Rights/Privacy Impact
Assessment should be published as part of the Regulatory Impact
Assessment for any Bill. Such Assessments should also be post-dated
for Acts of Parliament which impact on privacy (e.g. Civil Contingencies,
anti-terrorism, Children Act, ID Card Act and Criminal Justice
To recommend that there should
be fewer Commissioners involved in the privacy protection business,
and in the case of national security, a mechanism should be developed
whereby operational matters can be assessed.
To call for a review of Parliamentary
procedures in order to identify the lessons that should be drawn
from the lack of scrutiny which has occurred with the decision
to use the National Identity Register as a population register.
If the Committee find the evidence on the Annex compelling, I
would ask the Committee to recommend the use of Parliamentary
procedures so that section 1(4)(e) of the ID Card Act 2006 becomes
2. WHY PRIVACY
In general, the current framework of the law
and as it impacts on privacy (ie the Human Rights Act; Data Protection
Act) does not protect privacy to the extent imagined. I have detailed
these arguments elsewhere
but I summarise the main points below.
1. Government Departments are increasingly
being considered to be a single data controller whereas the Data
Protection Act assumes an array of separate data controllers.
This change is a consequence of data sharing statutory gateways
which allow personal data collected for one purpose by one Department
to be used for other purposes under the control of different Departments.
In data protection terms, this especially degrades the protection
afforded by the Second Principle (purpose limitation).
2. Government is in a unique position as
it can enact legislation or use existing powers to modify the
impact of all the Data Protection Principles in order to
meet its processing objectives, and in data protection terms,
this ability degrades the protection afforded by the most Principles.
So when Ministers claim that "the Data Protection Act applies"
the claim can be disingenuous,
if Ministers can subsequently use powers to modify the impact
of the Principles.
3. Legislative powers which impact on the
processing of personal data are often needed to provide flexibility
as to how the processing of personal data is to occur, or to allow
for the use of the techniques or technology not yet designed.
A problem arises because the time when the legislation is enacted
by Parliament is often separated, by years, from the time when
policy is implemented through the use of technology. To introduce
a degree of flexibility, widely drawn powers are defined and this
exacerbates the risk of function creep or use of powers by a future
Government in a different context. The Identity Card project is
an example of how aspirations for the use of a database can change.
4. Powers established by Parliament in a
bygone age have been used to justify vast tracts of data sharing
or data access.
It is arguable that it is unsafe to leave broad powers on the
statute book and that approval of certain powers should be refreshed
by Parliament (eg every 10 years).
5. Retention policies (eg DNA database,
communications data, retention of ID Card data) enhance the surveillance
potential of the data and raise questions of trust.
If Government is delivering joined-up services, the risk is that
mistrust of one part of Government activities is likely to also
become joined-up and extend to all Government services.
6. Government Ministers are often responsible
for policies which require interference with private and family
life, or have oversight or responsible for the organisations which
undertake such interference. A conflict of interest arises as
these Ministers, at the same time as being accountable for this
interference, establish the procedures which protect private life
from such interference. In the Serious Crime Bill before Parliament,
for example, the Audit Commission are similarly conflicted.
This conflict of interest has to be resolved: the organisation/Minister
performing (or responsible for) the interference should not have
control of the rules which protect privacy from that interference.
7. Legislation often defines widely drawn
purposes (eg the purpose of "the efficient and effective
delivery of public services" as defined in the ID Card Act).
This degrades the protection of those Principles which are usually
interpreted assuming a narrowly drawn "purpose" of the
processing (eg the processing is necessary for the delivery of
one particular servicefor example, Council Tax).
8. Whereas government services are becoming
joined-up, the protection afforded by the regulators who operate
in the area of law enforcement and national security are becoming
9. The Information Commissioner, when he
raises privacy issues which need to be resolved, is seen by Government
(and is often treated as such) as part of the opposition to the
policy. The result is that privacy concerns form part of the political
debate about the policy (ie whether personal data should
be processed) and often are not fully addressed in the implementation
of policy (ie how to process personal data).
10. The Information Commissioner is not
a powerful regulator. The Commissioner cannot audit compliance
with the Data Protection Act without permission; the Commissioner
cannot "name and shame" transgressors following an assessment
without permission; the Commissioner cannot fine data controllers
that breach a data protection principle.
11. Data retention policies are likely to
be subject to function creep. The reason is that retained data
are stored on a systems that costs £millions and there will
be pressure to demonstrate value for money (eg by using the data
for other purposes). That is why the NIR started life as a security
system and is now a public administration, identity management
and security system.
12. Data retention policies require the
public to trust the authorities performing the interference. The
public has to trust that any use of retained data is limited to
justified purposes approved by Parliament. The public have to
trust that all staff who have access to the data are fully trained
not to bend the rules. The public has to trust that procedures
which authorise interference are followed scrupulously. The public
have to trust the politicians not change the law or use powers
to permit function creep. All this trusting is one directionalfrom
13. Data subjects and data controllers cannot
contribute directly to the policy or procedures which surround
data protection compliance. Ministers produce Codes of Practice
in isolation from data subjects whose personal data are processed
and data subjects are often excluded from the process of producing
a Code of Practice.
14. Parliamentary scrutiny of privacy matters
needs to be strengthened, especially when powers which impact
on privacy are used by Ministers. The European Parliament has
little power in respect of decisions made at the Council of Ministers.
This is especially the case in the field of national security.
15. The current Parliamentary arrangements
are not responsive to the increasing number of international commitments,
unofficial agreements between Ministers from different regimes,
and treaties which require transfers of personal data from the
UK to other countries.
16. Parliament does not receive the information
it needs to scrutinise legislation in the field of Human Rights.
17. The current arrangements do not contain
a viable mechanism which emphasises the complimentary nature of
data protection and law enforcement, and which can ease the tensions
which arise. Maintaining the privacy of the individual and assisting
the authorities in the field of law enforcement are far too often
seen as in total opposition, when in most cases, they are complimentary
(eg security of disclosure of personal data; accuracy of data
However, the merger of security and privacy on the European Commission
model is not the solution as this risks making privacy subservient
to the security objectives.
3. SCRUTINY OF
Parliament grants Ministers wide powers mainly
because Ministers claim that a degree of flexibility is needed
to face a specific threat. This accounts for the generous enabling
powers found in legislation such as the ID Card Act, the Civil
Contingencies Act, the Children Act and most anti-terrorism legislation.
So the question arises as to what is the counter-balance to misuse
of these powers?
Ministers correctly claim that if the detailed
implementation of their powers by Statutory Instrument (SI) breaches
the Human Rights Convention, then these SIs could be struck out
by the Courts using its powers under the Human Rights Act. This
position is then developed to argue that it follows that all human
rights issues can be considered by Government when the instrument
is drafted and not when the powers are being obtained.
This approach is illustrated by the letter the Home Secretary
wrote to the Joint Committee on Human Rights in relation to the
ID Card scheme (JCHR's 8th report):
"...Secondly, I must stress that the Identity
Cards Bill is enabling legislation. Many of the precise
details relating to the application process, the format of the
ID card itself and the arrangements for the provision of information
from the National Identity Register have yet to be decided. We
have therefore not spelt out all the details on the face of the
Bill and many of these can only be set out later in secondary
legislation which will also have to be compatible with our ECHR
obligations. I consider that all the powers in the Bill are capable
of being exercised compatibly and its human rights compliance
has to be judged ultimately by looking at the Bill and all the
orders and regulations made under it. We will be under a duty,
under section 6 of the Human Rights Act, to act compatibly in
making the subordinate legislation and if we did not do so the
courts will have the power to strike it down".(my emphasis
but Home Secretary's emphasis on enabling).
There are several problems raised by this approach:
Government can use the "powers
could be struck-out" argument to ignore any criticism in
Select Committee Reports which relate to wide ranging powers.
scrutiny of primary legislation
by Parliament when granting the powers can be limited because
of the timetabling procedures can be used by Government to stifle
debate on important topics.
the secondary legislation associated
with the use of powers is not subject to line by line scrutiny
or much debateMinisters can exercise powers without adequate
scrutiny or review.
Ministers can expect the use
of their powers to be approved by Parliament and it is a very
rare occurrence that an SI is defeated or withdrawn;
there are about 2,500 Statutory Instruments (SI) per year and,
unless the SI is technically defective, most are not challenged.
Pre-legislative scrutiny by
Parliament is effectively replaced by post-legislative
scrutiny by the Courts. If a Court were to strike out a Ministerial
order, (eg as happened in the field of terrorism), it would bring
with it the prospect of further clashes between the Government
and the Courts and thereby risk of politicising the judiciary.
scrutiny becomes the preserve
of those rich enough (or poor enough in the case of legal aid)
to take human rights cases through the Courts in an attempt to
strike out statutory instruments. This legal tussle is also an
unequal strugglethe average citizen is pitted against a
Government which has access to a bottomless public purse and teams
of its own lawyers, if need be.
It is possible to envisage circumstances
in which even where secondary legislation is struck out, Ministers
would just draft another instrument circumventing any problem
raised in Court. Therefore any legal challenge would need to start
again at square one.
The JCHR has already commented on the problems
identified above. In its 19th Report
the JCHR stated that:
81. ...we have noticed that the Government
frequently employs two related catch-all defences to our compatibility
queries. One of these defences is that wide discretions granted
to public authorities by a bill do not raise compatibility questions
because, under section 6 of the Human Rights Act, such authorities
will be behaving unlawfully if they act in a manner incompatible
with a Convention right. The second defence is that order- or
regulation-making powers contained in a bill, however broad, do
not present incompatibility risks, because such delegated legislation,
unlike primary legislation, is normally invalid to the extent
that it is incompatible with a Convention right. Both these defences
go to the heart of the purpose of our scrutiny of bills for human
rights compatibility, and the effectiveness of scrutiny, particularly
in relation to bills which are essentially "enabling"
legislation, such as the Identity Cards Bill of Session 2004-05.
In our view, one of the most important features of the scrutiny
we perform is that it is preventive in nature, aiming to minimise
the likelihood of new legislation giving rise to breaches of human
rights in practice. We consider this to be a constitutionally
different function from the ex post intervention of courts when
deciding whether a public authority has acted incompatibly with
This led to a recommendation from the JCHR (also
in the 19th Report, session 2004-05), that Government should publish,
with each Bill, a Human Rights Memorandum which will:
"identify the Convention
rights and any other human rights engaged by the bill, and the
specific provisions of the bill which engage those rights;
explain the reasons why it is
thought that there is no incompatibility with the right engaged;
where the rights engaged are
qualified rights, identify clearly the pressing social need which
is relied on to justify any interference with those rights;
assess the likely impact of
the measures on the rights engaged;
explain the reasons why it is
considered that any interference with those rights is justified;
cite the evidence that has been
taken into account by the Department in the course of its assessment."
The Government has not accepted the above recommendation,
however, such a Memorandum would chime with the Committee's consideration
of Privacy Impact Assessments. It is difficult to see how Parliament
can scrutinise effectively without the above information, and
I suspect that many members of the public would be surprised to
lean that Parliament does not have access to such information.
When I gave oral evidence before the Home Affairs
Select Committee in its inquiry into the draft ID Card Bill, I
made the remark that a comprehensive public administration function
should not be "piggy-backed" onto the National Identity
Register (NIR), the name for the database associated with the
ID Card system, without a thorough public debate as to the consequences.
The evidence I now lay before the Committee
(detailed in the Annex) concerns how plans to merge the Citizen
Information Project (which dealt with general public administration)
with the NIR (which dealt with security matters, immigration and
law enforcement) were taken without effective scrutiny by Parliament
and contrary to a promise of a further round of public consultation.
My own view is that the evidence also raises
an important question for Parliament. If the politics of accountability,
scrutiny and debate over public policy cannot be channelled through
a Parliamentary process on a subject as mundane as "efficient
public administration", how can Parliament assume it has
properly scrutinised any other governmental policy?
In summary, the evidence in the Annex suggests:
The Government cannot claim
public support for the use of the NIR as a population register
as the public consultation on the ID Card specifically excluded
the use of the NIR for a general public administration purpose.
Because of the privacy implications
of establishing a population register for a general public administration
purpose, the Government, in its public consultation, promised
a further public consultation as it was necessary "to explore
the issues around public acceptability of the proposal".
This consultation has not taken place, yet the decision to transform
the NIR into a population register was taken when the ID Card
Bill was before Parliament.
The Government's responses to
several Parliamentary Committees (eg to the Home Affairs Select
Committee in October 2004) do not fully reflect the decisions
which were taken to use of the NIR for a general public administration
The Home Secretary was informed
in September 2004 (months before the First Reading of the ID Card
Bill in June 2005), that the use of the NIR for a general public
administration purpose would require a compulsory ID Card.
This important justification for a compulsory ID Card has not
featured prominently, if at all, in any public debate, nor in
any Government document, and nor in any Ministerial statement
to Parliament (eg during the passage of the ID Card Bill).
The opportunity to identify
the use of the NIR for a general public administration purpose
did not feature in Labour's Manifesto for the General Election.
The Government cannot claim that this part of the ID Card's implementation
has public approval by virtue of an electoral mandate.
Officials knew before the General
Election of 2005, that the use of the NIR for a general public
administration purpose represented 20% of the business case for
the ID Card scheme. Yet this and other facts were omitted from
the ID Card Bill's Regulatory Impact Assessment laid before Parliament.
Around the time of the First
Reading of the ID Card Bill in June 2005,
and to avoid accusations of "function creep", civil
servants advised that a statement should be made to Parliament
concerning the NIR's wider role in general public administration.
A Ministerial Written Statement was prepared but its publication
was delayed until three weeks after the ID Card Act 2006 had passed
There were several Parliamentary
opportunities presented to Ministers to announce the change of
use of the NIR to support a public administration purpose; these
were not taken. The several statements made by Ministers to Parliament
about the use of personal data held in the NIR are very difficult
to reconcile with the statements made in minutes of meetings with
civil servants made months earlier than the Ministerial statements.
Throughout the lifetime of the
Citizen Information Project, senior officials from the ID Card
project were in attendance, and the minutes indicate that Ministers
were informed. However, it is possible that because of the change
of Home Secretary in December 2004
combined with a breakdown in communications between civil servants
and Ministers caused Parliamentary scrutiny of certain aspects
of the ID Card scheme to be considerably weakened.
5. DATA SHARING,
The question about effective Parliamentary scrutiny
can also be related to the issue of trust which underpins the
debate about the surveillance society (and a functioning democracy).
If Government cannot be trusted to submit to scrutiny (by Parliament
or via public consultation) when the purpose is "public administration",
why should the population trust its processing of personal data
for other purposes?
My own view is that the main issue with data
sharing is usually not WHETHER there should be data sharing,
but rather HOW such data sharing is to occur. Taken from
this perspective, there are only three policy options for such
The data subject is in control
of the data sharing and consents to it.
Data sharing occurs but the
data subject can easily object to the sharing.
Public bodies are in control
of the data sharing. The data sharing is compulsory and sanctioned
by statute (and where the data subject could object in the very
limited circumstances of the Data Protection Act by showing that
data sharing causes substantial unwarranted distress or substantial
What I suspect has happened, is that without
debate or public consultation, the Government has shifted its
policy. In the original PIU Report
on data sharing, for example, data sharing was only based on compulsion
in the obvious cases (eg by providing a statutory gateway to allow
the law enforcement agencies access to data, or to the emergency
services in cases of public health issues). In all other circumstances,
the PIU report recommended consent of the individual concerned
to facilitate all other data sharing activities where compulsion
was not justified by the obvious cases.
However, in April 2003, the Government obtained
legal advice for the Citizen Information Project (CIP).
This explained that statutory powers could be used to achieve
a compulsory data sharing objective for a "public administration"
purpose and described a mechanism which would remain consistent
within the requirements of the Human Rights and Data Protection
Acts. It was then realised that if data sharing could be based
on the use of statutory powers without the need for consent, then
you might as well integrate the CIP into an ID Card scheme which,
after all, was a system based on compulsion and statutory powers
with respect to its law enforcement and security function. One
suspects this change in policy towards compulsion also underpins
the Government's "Vision Statement"
on general data sharing and the debate as to whether patients
can opt-out of the Summary Care Record.
It is important to note that there are philosophical
differences when a public authority is in control and when an
individual is in control. For example, where a public authority
is in control, it is likely to ask "who am I dealing with?
I don't need permission to find out or to disclose personal details".
By contrast, when an individual is in control, the issue could
be "I have chosen to reveal my identity to you because I
want a service from you, but I don't want you to share my new
address" or "I don't want your service so I am not going
to tell you who I am".
The position with respect to consent also differs.
Where public bodies are in control of the data sharing, the notion
of consent is in largely irrelevant because consent is absent,
or because there are special circumstances where it is known that
consent cannot be obtained.
If, however, individuals consent or have an easy objection to
data sharing, implicit in that relationship is the fact that individuals
can trust the sharing process, for if that trust is absent, then
the sharing does not occur (or is stopped). Finally, it is worth
point out that a lack of trust will arise when public authorities
do things which the individual thinks should be under his or her
1 The Culture, Sport and Media Select Committee (session
2002-03; HC 458, "Privacy and Media Intrusion") recommended
that Parliament should bite this particular bullet-otherwise the
Courts will develop the law in this area-a prediction which is
coming true. The problem is that cases before the Courts usually
involve the media and celebrities with the result that case-law
can become unrepresentative of the privacy issues faced by most
of the population. (My own view is published in Home Affairs Committee,
Fourth Report, "Identity Cards", Session 2003-04, Volume
II (Ev 281-283). Back
My own view is that a right to privacy, enforceable via the
Sixth Data Protection Principle, would buttress the position of
data subjects and by keeping it within the framework of the Data
Protection Act would not disturb the issues which relate to the
There are several possibilities that can introduce independence.
For example, Codes of Practice dealing with personal data could
need to be approved by the Information Commissioner before they
can come into effect rather than a commitment to "consult"
the Commissioner. The Commissioner could have the power to require
Parliament to review the operation of Ministerial power, if need
be. The Commissioner could possess the ability to ask the Court,
in certain circumstances, to strike out Statutory Instruments.
The Commissioner could have powers of entry to assess compliance
with provisions a Code of Practice. Identifying these independent
mechanisms should be part of the inquiry refereed to in the first
19th Report of the Joint Committee on Human Rights (session
2004-05) calls for a "Human Rights Assessment" to be
I estimate there are at least seven Commissioners who work in
the privacy arena-see footnote 14. Back
The decision to use the NIR as a population register arguably
reproduces all the problems that Parliament had in scrutinising
the "War in Iraq". If this is the case, it can be argued
that if the public administration purpose is to be subject to
these problems, then they are likely to be endemic in the way
Government makes any decision. It follows that Parliament has
to look at strengthening its powers of scrutiny (eg a mechanism
to demand any document from Government; Members of Select Committees
to be able to cross examine Ministers and Civil Servants via the
use of experts and/or leading counsel in the questioning; Members
of Standing Committees on Bills to gain access to civil service
briefings given to Ministers re member's amendments to legislation). Back
Details in Home Affairs Committee, Fourth Report, Identity
Cards, Session 2003-04, Volume II (Ev 169-73 and Ev 276-81). Back
Section 12 of the Children Act 2004, for example, allows Ministers
to enact powers which can apply to the content of personal data
store on a database as well as accuracy, security, retention,
management, disclosure and access. Back
A general statement on the lines that "the database will
comply with the Data Protection Act" was given, for example
on 20 April 2006 : Column 807W; and 20 July 2005 : Column 1784W
and 16 November 2004 : Column 1430W in relation to ID Cards Act.
Or 1 September 2004: Column 774W and 2 November 2004: Column 228
for the Children Act 2004. Back
HMRC often justify taking copies of databases under the Taxes
and Management Act of 1970. Parliament did not discuss this Act
in the context of database access-mainly because the technology
was not developed (eg in 1970, a mainframe computer with 256K
of memory-which filled a large room-was a rarity-now a memory
stick measuring a couple of inches has 10 times as much memory). Back
There are examples of trust being lost. For example, parents
who object to the police retaining DNA of their children who have
been mistakenly arrested, parents who object to their childrens
details being retained on a child at risk register when there
is no risk, and patients who object to the holding of medical
records centrally. Back
The Audit Commission is to produce its own Code of Practice
to govern its own data matching activities. Back
For example, if someone says "data item X is relevant to
a housing benefit purpose", the claim can objectively be
tested-is the data item relevant or not relevant to the housing
benefit purpose? However, there is no viable test as any data
item X is likely to be relevant to the efficient delivery of public
services. It is going to be difficult to show a breach of a Principle
if the Commissioner has to prove "inefficiency". Most
of the data protection principles are defined in terms of a purpose
which is assumed to be narrow. Back
Oversight of the Intelligence Services (except interception
practices) is carried out by the Intelligence Services Commissioner.
Oversight of interception is carried out by the Interception of
Communications Commissioner. The Office of Surveillance Commissioners
is responsible for oversight of property interference under Part
III of the Police Act, as well as surveillance and the use of
Covert Human Intelligence Sources by all organisations bound by
the Regulation of Investigatory Powers Act (RIPA) (except the
Intelligence Services). There is an Information Commissioner,
a National Identity Scheme Commissioner, the Commissioners who
deal with Northern Ireland policing/terrorism and the Police Complaints
mechanisms and the various Parliamentary Ombudsman could also
be drawn into the supervision business. Recently the Financial
Services Authority levied a £1 million fine in a case of
inadequate security of personal data held by the Nationwide Building
The Information Commissioner's views on the ID Card provides
an example. The Home Secretary said that the Information Commissioner
was "a long-standing opponent of the identity card system"
(28 June 2005: Column 1157). Back
Unlike the FSA which recently fined the Nationwide £1 million
for breaches of security of personal data. Back
I have developed a mechanism whereby Codes of Practice can be
challenged by stakeholders-this can be made available to the Committee
if it wants it. Back
Joint Committee On Human Rights, Third Report ("Counter-Terrorism
Policy and Human Rights: Terrorism Bill and related matters"),
Session 2005-06, Written Evidence 156. Back
International Treaties or Decisions of the Council of Ministers
are often presented to Parliament as fait accompli-for
example the ICAO agreement to capture two fingerprints was used
in Parliament to justify the capture of all 10 fingerprints for
the purpose of the ID Card. Back
19th Report of the Joint Committee on Human Rights (session
2004-05) calls for a "Human Rights Assessment" to be
If staff are properly trained in procedure, if powers are properly
applied in the correct way and in the correct circumstances, and
there is no "mission creep" or "function creep",
then privacy and security can co-exist. Back
Joint Committee On Human Rights, 8th Report, Session 2004-05,
Appendix 1. Back
See recommendations 59 and 60 of the Committee's report into
ID Cards Report where the powers were described as "unacceptable",
yet they exist in the ID Card Act 2006 in the same form. Back
One SI on a privacy matter which was withdrawn was the draft
SI issued by David Blunkett in relation to wide access to Communications
Data (as defined under RIPA). Press reports at the time credited
Mr. Blunkett's son (Hugh) for the Home Secretary's change of mind
(see for example, http://news.bbc.co.uk/1/hi/uk_politics/2051117.stm). Back
This is the practice with respect to National Security Certificates
signed under section 28 of the Data Protection Act (eg in the
case of Norman Baker MP ). Back
Session 2004-05, paragraph 81. Back
I was told by the Clerk to the JCHR when I was preparing this
paper that "The Government has not agreed to this recommendation
(in the 19th Report) and is not providing Human Rights Memoranda
in relation to Bills. From the start of this Session it has been
making an effort to meet the spirit of the Committee's recommendation
by improving the quality of treatment of human rights in the Explanatory
Notes which accompany each Bill. The Committee has not yet taken
a view as to whether it considers these efforts meet its requirements". Back
Q782, Fourth Report of Home Affairs Committee, Identity Cards,
Session 2003-04, Volume II. Back
The public consultations (CM 5557 and CM 6178) both gave commitments
to use the ID Card and related NIR for limit purposes (eg to crime
and security issues). Back
Paragraph 3.20 of CM 6178 ("Legislation on Identity Cards"). Back
Citizen Information Project: CIP progress report-10 September
2004 on http://www.gro.gov.uk/cip/Definition/ProjectBoardPapers/index.asp. Back
See Appendix 1 and the events of 30 June and 13 July 2005. Back
A sample of these are referenced in the text in the Appendix. Back
From Mr David Blunkett to Mr Charles Clarke. Back
Privacy and data-sharing. the way forward for public services
(PIU report April 2002), paragraphs 10.24-10.33. Back
The legal advice is contained in Annex 8 of the CIP final report
(on http://www.gro.gov.uk/cip/Definition/FinalReportAnnexes/index.asp). Back
Information Sharing Vision Statement (on http://www.dca.gov.uk/foi/sharing/information-sharing.pdf)
is to justify data sharing in terms of "in the public interest".
This is a likely reference to the phrase "necessary in the
public interest" which is defined in S.42 of the ID Card
Act 2006 which links to the "efficient and effective delivery
of public services". Back
See the web-site for "TheBigOptOut.org". It can be
argued that the trust argument condenses to the issue of who is
in control of medical records. Most patients think the GP is in
control-that is until they become aware of Section 251 of the
NHS Act 2006 which puts the Secretary of State in control of patient
information. The question then is whether trust is maintained
when the Secretary of State exercises that control without patient
consent or GP involvement. Back
The notion of seeking consent is nonsensical for most law enforcement,
terrorist incidents, life threatening emergencies etc. Back
Criminals do not consent to data about them being exchanged
between law enforcement agencies; neither do individuals whose
medical details need to be shared because they are unconscious. Back