Select Committee on Home Affairs Written Evidence


APPENDIX 3

Memorandum submitted by Dr C N M Pounder

1.  RECOMMENDATIONS

  The evidence in my submission leads me to invite the Committee:

    —    To conclude that the use of surveillance technology in a post 9/11 age raises the question of whether there should be an explicit right to privacy.[1] Such a right would raise issues which are broader than the surveillance state. I would also recommend that an independent inquiry should explore whether or not the law should be augmented with this right.[2] The form of this inquiry, its members and its terms of reference must stress independence from Government, as Government has a vested interest in its outcome.

    —    To state that the processing of personal data via new technologies, or the processing of personal data that are subject to data sharing and data retention polices should be subject to a strengthened data protection regime where procedures which protect individual privacy can be independently established, monitored, reviewed and enforced.[3]

    —    To augment the recommendation from the Joint Committee of Human Rights (JCHR)[4] with respect to the production of a Human Rights Memorandum/Assessment and state that any Privacy Impact Assessment be incorporated into the JCHR recommendation. The joint Human Rights/Privacy Impact Assessment should be published as part of the Regulatory Impact Assessment for any Bill. Such Assessments should also be post-dated for Acts of Parliament which impact on privacy (e.g. Civil Contingencies, anti-terrorism, Children Act, ID Card Act and Criminal Justice Acts).

    —    To recommend that there should be fewer Commissioners involved in the privacy protection business, and in the case of national security, a mechanism should be developed whereby operational matters can be assessed.[5]

    —    To call for a review of Parliamentary procedures in order to identify the lessons that should be drawn from the lack of scrutiny which has occurred with the decision to use the National Identity Register as a population register. If the Committee find the evidence on the Annex compelling, I would ask the Committee to recommend the use of Parliamentary procedures so that section 1(4)(e) of the ID Card Act 2006 becomes inoperable.[6]

2.  WHY PRIVACY IS AT RISK?

  In general, the current framework of the law and as it impacts on privacy (ie the Human Rights Act; Data Protection Act) does not protect privacy to the extent imagined. I have detailed these arguments elsewhere[7] but I summarise the main points below.

  1.  Government Departments are increasingly being considered to be a single data controller whereas the Data Protection Act assumes an array of separate data controllers. This change is a consequence of data sharing statutory gateways which allow personal data collected for one purpose by one Department to be used for other purposes under the control of different Departments. In data protection terms, this especially degrades the protection afforded by the Second Principle (purpose limitation).

  2.  Government is in a unique position as it can enact legislation or use existing powers to modify the impact of all the Data Protection Principles in order to meet its processing objectives, and in data protection terms, this ability degrades the protection afforded by the most Principles.[8] So when Ministers claim that "the Data Protection Act applies" the claim can be disingenuous,[9] if Ministers can subsequently use powers to modify the impact of the Principles.

  3.  Legislative powers which impact on the processing of personal data are often needed to provide flexibility as to how the processing of personal data is to occur, or to allow for the use of the techniques or technology not yet designed. A problem arises because the time when the legislation is enacted by Parliament is often separated, by years, from the time when policy is implemented through the use of technology. To introduce a degree of flexibility, widely drawn powers are defined and this exacerbates the risk of function creep or use of powers by a future Government in a different context. The Identity Card project is an example of how aspirations for the use of a database can change.

  4.  Powers established by Parliament in a bygone age have been used to justify vast tracts of data sharing or data access.[10] It is arguable that it is unsafe to leave broad powers on the statute book and that approval of certain powers should be refreshed by Parliament (eg every 10 years).

  5.  Retention policies (eg DNA database, communications data, retention of ID Card data) enhance the surveillance potential of the data and raise questions of trust.[11] If Government is delivering joined-up services, the risk is that mistrust of one part of Government activities is likely to also become joined-up and extend to all Government services.

  6.  Government Ministers are often responsible for policies which require interference with private and family life, or have oversight or responsible for the organisations which undertake such interference. A conflict of interest arises as these Ministers, at the same time as being accountable for this interference, establish the procedures which protect private life from such interference. In the Serious Crime Bill before Parliament, for example, the Audit Commission are similarly conflicted.[12] This conflict of interest has to be resolved: the organisation/Minister performing (or responsible for) the interference should not have control of the rules which protect privacy from that interference.

  7.  Legislation often defines widely drawn purposes (eg the purpose of "the efficient and effective delivery of public services" as defined in the ID Card Act). This degrades the protection of those Principles which are usually interpreted assuming a narrowly drawn "purpose" of the processing (eg the processing is necessary for the delivery of one particular service—for example, Council Tax).[13]

  8.  Whereas government services are becoming joined-up, the protection afforded by the regulators who operate in the area of law enforcement and national security are becoming increasingly disjointed.[14]

  9.   The Information Commissioner, when he raises privacy issues which need to be resolved, is seen by Government (and is often treated as such) as part of the opposition to the policy. The result is that privacy concerns form part of the political debate about the policy (ie whether personal data should be processed) and often are not fully addressed in the implementation of policy (ie how to process personal data).[15]

  10.  The Information Commissioner is not a powerful regulator. The Commissioner cannot audit compliance with the Data Protection Act without permission; the Commissioner cannot "name and shame" transgressors following an assessment without permission; the Commissioner cannot fine data controllers that breach a data protection principle.[16]

  11.  Data retention policies are likely to be subject to function creep. The reason is that retained data are stored on a systems that costs £millions and there will be pressure to demonstrate value for money (eg by using the data for other purposes). That is why the NIR started life as a security system and is now a public administration, identity management and security system.

  12.  Data retention policies require the public to trust the authorities performing the interference. The public has to trust that any use of retained data is limited to justified purposes approved by Parliament. The public have to trust that all staff who have access to the data are fully trained not to bend the rules. The public has to trust that procedures which authorise interference are followed scrupulously. The public have to trust the politicians not change the law or use powers to permit function creep. All this trusting is one directional—from the public.

  13.  Data subjects and data controllers cannot contribute directly to the policy or procedures which surround data protection compliance. Ministers produce Codes of Practice in isolation from data subjects whose personal data are processed and data subjects are often excluded from the process of producing a Code of Practice.[17]

  14.  Parliamentary scrutiny of privacy matters needs to be strengthened, especially when powers which impact on privacy are used by Ministers. The European Parliament has little power in respect of decisions made at the Council of Ministers. This is especially the case in the field of national security.[18]

  15.  The current Parliamentary arrangements are not responsive to the increasing number of international commitments, unofficial agreements between Ministers from different regimes, and treaties which require transfers of personal data from the UK to other countries.[19]

  16.  Parliament does not receive the information it needs to scrutinise legislation in the field of Human Rights.[20]

  17.  The current arrangements do not contain a viable mechanism which emphasises the complimentary nature of data protection and law enforcement, and which can ease the tensions which arise. Maintaining the privacy of the individual and assisting the authorities in the field of law enforcement are far too often seen as in total opposition, when in most cases, they are complimentary (eg security of disclosure of personal data; accuracy of data disclosed).[21] However, the merger of security and privacy on the European Commission model is not the solution as this risks making privacy subservient to the security objectives.

3.  SCRUTINY OF THE USE OF POWERS IS INADEQUATE

  Parliament grants Ministers wide powers mainly because Ministers claim that a degree of flexibility is needed to face a specific threat. This accounts for the generous enabling powers found in legislation such as the ID Card Act, the Civil Contingencies Act, the Children Act and most anti-terrorism legislation. So the question arises as to what is the counter-balance to misuse of these powers?

  Ministers correctly claim that if the detailed implementation of their powers by Statutory Instrument (SI) breaches the Human Rights Convention, then these SIs could be struck out by the Courts using its powers under the Human Rights Act. This position is then developed to argue that it follows that all human rights issues can be considered by Government when the instrument is drafted and not when the powers are being obtained. This approach is illustrated by the letter the Home Secretary wrote to the Joint Committee on Human Rights in relation to the ID Card scheme (JCHR's 8th report):[22]

    "...Secondly, I must stress that the Identity Cards Bill is enabling legislation. Many of the precise details relating to the application process, the format of the ID card itself and the arrangements for the provision of information from the National Identity Register have yet to be decided. We have therefore not spelt out all the details on the face of the Bill and many of these can only be set out later in secondary legislation which will also have to be compatible with our ECHR obligations. I consider that all the powers in the Bill are capable of being exercised compatibly and its human rights compliance has to be judged ultimately by looking at the Bill and all the orders and regulations made under it. We will be under a duty, under section 6 of the Human Rights Act, to act compatibly in making the subordinate legislation and if we did not do so the courts will have the power to strike it down".(my emphasis but Home Secretary's emphasis on enabling).

  There are several problems raised by this approach:

    —    Government can use the "powers could be struck-out" argument to ignore any criticism in Select Committee Reports which relate to wide ranging powers.[23]

    —    scrutiny of primary legislation by Parliament when granting the powers can be limited because of the timetabling procedures can be used by Government to stifle debate on important topics.

    —    the secondary legislation associated with the use of powers is not subject to line by line scrutiny or much debate—Ministers can exercise powers without adequate scrutiny or review.

    —    Ministers can expect the use of their powers to be approved by Parliament and it is a very rare occurrence that an SI is defeated or withdrawn;[24] there are about 2,500 Statutory Instruments (SI) per year and, unless the SI is technically defective, most are not challenged.

    —    Pre-legislative scrutiny by Parliament is effectively replaced by post-legislative scrutiny by the Courts. If a Court were to strike out a Ministerial order, (eg as happened in the field of terrorism), it would bring with it the prospect of further clashes between the Government and the Courts and thereby risk of politicising the judiciary.

    —    scrutiny becomes the preserve of those rich enough (or poor enough in the case of legal aid) to take human rights cases through the Courts in an attempt to strike out statutory instruments. This legal tussle is also an unequal struggle—the average citizen is pitted against a Government which has access to a bottomless public purse and teams of its own lawyers, if need be.

    —    It is possible to envisage circumstances in which even where secondary legislation is struck out, Ministers would just draft another instrument circumventing any problem raised in Court. Therefore any legal challenge would need to start again at square one.[25]

  The JCHR has already commented on the problems identified above. In its 19th Report[26] the JCHR stated that:

    81.  ...we have noticed that the Government frequently employs two related catch-all defences to our compatibility queries. One of these defences is that wide discretions granted to public authorities by a bill do not raise compatibility questions because, under section 6 of the Human Rights Act, such authorities will be behaving unlawfully if they act in a manner incompatible with a Convention right. The second defence is that order- or regulation-making powers contained in a bill, however broad, do not present incompatibility risks, because such delegated legislation, unlike primary legislation, is normally invalid to the extent that it is incompatible with a Convention right. Both these defences go to the heart of the purpose of our scrutiny of bills for human rights compatibility, and the effectiveness of scrutiny, particularly in relation to bills which are essentially "enabling" legislation, such as the Identity Cards Bill of Session 2004-05. In our view, one of the most important features of the scrutiny we perform is that it is preventive in nature, aiming to minimise the likelihood of new legislation giving rise to breaches of human rights in practice. We consider this to be a constitutionally different function from the ex post intervention of courts when deciding whether a public authority has acted incompatibly with Convention rights.

  This led to a recommendation from the JCHR (also in the 19th Report, session 2004-05), that Government should publish, with each Bill, a Human Rights Memorandum which will:

    —    "identify the Convention rights and any other human rights engaged by the bill, and the specific provisions of the bill which engage those rights;

    —    explain the reasons why it is thought that there is no incompatibility with the right engaged;

    —    where the rights engaged are qualified rights, identify clearly the pressing social need which is relied on to justify any interference with those rights;

    —    assess the likely impact of the measures on the rights engaged;

    —    explain the reasons why it is considered that any interference with those rights is justified; and

    —    cite the evidence that has been taken into account by the Department in the course of its assessment."

  The Government has not accepted the above recommendation,[27] however, such a Memorandum would chime with the Committee's consideration of Privacy Impact Assessments. It is difficult to see how Parliament can scrutinise effectively without the above information, and I suspect that many members of the public would be surprised to lean that Parliament does not have access to such information.

4.  PARLIAMENT HAS TO SCRUTINISE LEGISLATION EFFECTIVELY

  When I gave oral evidence before the Home Affairs Select Committee in its inquiry into the draft ID Card Bill, I made the remark that a comprehensive public administration function should not be "piggy-backed" onto the National Identity Register (NIR), the name for the database associated with the ID Card system, without a thorough public debate as to the consequences.[28]

  The evidence I now lay before the Committee (detailed in the Annex) concerns how plans to merge the Citizen Information Project (which dealt with general public administration) with the NIR (which dealt with security matters, immigration and law enforcement) were taken without effective scrutiny by Parliament and contrary to a promise of a further round of public consultation.

  My own view is that the evidence also raises an important question for Parliament. If the politics of accountability, scrutiny and debate over public policy cannot be channelled through a Parliamentary process on a subject as mundane as "efficient public administration", how can Parliament assume it has properly scrutinised any other governmental policy?

  In summary, the evidence in the Annex suggests:

    —    The Government cannot claim public support for the use of the NIR as a population register as the public consultation on the ID Card specifically excluded the use of the NIR for a general public administration purpose.[29]

    —    Because of the privacy implications of establishing a population register for a general public administration purpose, the Government, in its public consultation, promised a further public consultation as it was necessary "to explore the issues around public acceptability of the proposal".[30] This consultation has not taken place, yet the decision to transform the NIR into a population register was taken when the ID Card Bill was before Parliament.

    —    The Government's responses to several Parliamentary Committees (eg to the Home Affairs Select Committee in October 2004) do not fully reflect the decisions which were taken to use of the NIR for a general public administration purpose.

    —    The Home Secretary was informed in September 2004 (months before the First Reading of the ID Card Bill in June 2005), that the use of the NIR for a general public administration purpose would require a compulsory ID Card.[31] This important justification for a compulsory ID Card has not featured prominently, if at all, in any public debate, nor in any Government document, and nor in any Ministerial statement to Parliament (eg during the passage of the ID Card Bill).

    —    The opportunity to identify the use of the NIR for a general public administration purpose did not feature in Labour's Manifesto for the General Election. The Government cannot claim that this part of the ID Card's implementation has public approval by virtue of an electoral mandate.

    —    Officials knew before the General Election of 2005, that the use of the NIR for a general public administration purpose represented 20% of the business case for the ID Card scheme. Yet this and other facts were omitted from the ID Card Bill's Regulatory Impact Assessment laid before Parliament.

    —    Around the time of the First Reading of the ID Card Bill in June 2005,[32] and to avoid accusations of "function creep", civil servants advised that a statement should be made to Parliament concerning the NIR's wider role in general public administration. A Ministerial Written Statement was prepared but its publication was delayed until three weeks after the ID Card Act 2006 had passed through Parliament.

    —    There were several Parliamentary opportunities presented to Ministers to announce the change of use of the NIR to support a public administration purpose; these were not taken. The several statements made by Ministers to Parliament about the use of personal data held in the NIR are very difficult to reconcile with the statements made in minutes of meetings with civil servants made months earlier than the Ministerial statements.[33]

    —    Throughout the lifetime of the Citizen Information Project, senior officials from the ID Card project were in attendance, and the minutes indicate that Ministers were informed. However, it is possible that because of the change of Home Secretary in December 2004[34] combined with a breakdown in communications between civil servants and Ministers caused Parliamentary scrutiny of certain aspects of the ID Card scheme to be considerably weakened.

5.  DATA SHARING, TRUST AND SURVEILLANCE

  The question about effective Parliamentary scrutiny can also be related to the issue of trust which underpins the debate about the surveillance society (and a functioning democracy). If Government cannot be trusted to submit to scrutiny (by Parliament or via public consultation) when the purpose is "public administration", why should the population trust its processing of personal data for other purposes?

  My own view is that the main issue with data sharing is usually not WHETHER there should be data sharing, but rather HOW such data sharing is to occur. Taken from this perspective, there are only three policy options for such data sharing:

    —    The data subject is in control of the data sharing and consents to it.

    —    Data sharing occurs but the data subject can easily object to the sharing.

    —    Public bodies are in control of the data sharing. The data sharing is compulsory and sanctioned by statute (and where the data subject could object in the very limited circumstances of the Data Protection Act by showing that data sharing causes substantial unwarranted distress or substantial unwarranted damage).

  What I suspect has happened, is that without debate or public consultation, the Government has shifted its policy. In the original PIU Report[35] on data sharing, for example, data sharing was only based on compulsion in the obvious cases (eg by providing a statutory gateway to allow the law enforcement agencies access to data, or to the emergency services in cases of public health issues). In all other circumstances, the PIU report recommended consent of the individual concerned to facilitate all other data sharing activities where compulsion was not justified by the obvious cases.

  However, in April 2003, the Government obtained legal advice for the Citizen Information Project (CIP).[36] This explained that statutory powers could be used to achieve a compulsory data sharing objective for a "public administration" purpose and described a mechanism which would remain consistent within the requirements of the Human Rights and Data Protection Acts. It was then realised that if data sharing could be based on the use of statutory powers without the need for consent, then you might as well integrate the CIP into an ID Card scheme which, after all, was a system based on compulsion and statutory powers with respect to its law enforcement and security function. One suspects this change in policy towards compulsion also underpins the Government's "Vision Statement"[37] on general data sharing and the debate as to whether patients can opt-out of the Summary Care Record.[38]


  It is important to note that there are philosophical differences when a public authority is in control and when an individual is in control. For example, where a public authority is in control, it is likely to ask "who am I dealing with? I don't need permission to find out or to disclose personal details".[39] By contrast, when an individual is in control, the issue could be "I have chosen to reveal my identity to you because I want a service from you, but I don't want you to share my new address" or "I don't want your service so I am not going to tell you who I am".

  The position with respect to consent also differs. Where public bodies are in control of the data sharing, the notion of consent is in largely irrelevant because consent is absent, or because there are special circumstances where it is known that consent cannot be obtained.[40] If, however, individuals consent or have an easy objection to data sharing, implicit in that relationship is the fact that individuals can trust the sharing process, for if that trust is absent, then the sharing does not occur (or is stopped). Finally, it is worth point out that a lack of trust will arise when public authorities do things which the individual thinks should be under his or her own control.

April 2007



1   The Culture, Sport and Media Select Committee (session 2002-03; HC 458, "Privacy and Media Intrusion") recommended that Parliament should bite this particular bullet-otherwise the Courts will develop the law in this area-a prediction which is coming true. The problem is that cases before the Courts usually involve the media and celebrities with the result that case-law can become unrepresentative of the privacy issues faced by most of the population. (My own view is published in Home Affairs Committee, Fourth Report, "Identity Cards", Session 2003-04, Volume II (Ev 281-283). Back

2   My own view is that a right to privacy, enforceable via the Sixth Data Protection Principle, would buttress the position of data subjects and by keeping it within the framework of the Data Protection Act would not disturb the issues which relate to the Press. Back

3   There are several possibilities that can introduce independence. For example, Codes of Practice dealing with personal data could need to be approved by the Information Commissioner before they can come into effect rather than a commitment to "consult" the Commissioner. The Commissioner could have the power to require Parliament to review the operation of Ministerial power, if need be. The Commissioner could possess the ability to ask the Court, in certain circumstances, to strike out Statutory Instruments. The Commissioner could have powers of entry to assess compliance with provisions a Code of Practice. Identifying these independent mechanisms should be part of the inquiry refereed to in the first recommendation. Back

4   19th Report of the Joint Committee on Human Rights (session 2004-05) calls for a "Human Rights Assessment" to be published. Back

5   I estimate there are at least seven Commissioners who work in the privacy arena-see footnote 14. Back

6   The decision to use the NIR as a population register arguably reproduces all the problems that Parliament had in scrutinising the "War in Iraq". If this is the case, it can be argued that if the public administration purpose is to be subject to these problems, then they are likely to be endemic in the way Government makes any decision. It follows that Parliament has to look at strengthening its powers of scrutiny (eg a mechanism to demand any document from Government; Members of Select Committees to be able to cross examine Ministers and Civil Servants via the use of experts and/or leading counsel in the questioning; Members of Standing Committees on Bills to gain access to civil service briefings given to Ministers re member's amendments to legislation). Back

7   Details in Home Affairs Committee, Fourth Report, Identity Cards, Session 2003-04, Volume II (Ev 169-73 and Ev 276-81). Back

8   Section 12 of the Children Act 2004, for example, allows Ministers to enact powers which can apply to the content of personal data store on a database as well as accuracy, security, retention, management, disclosure and access. Back

9   A general statement on the lines that "the database will comply with the Data Protection Act" was given, for example on 20 April 2006 : Column 807W; and 20 July 2005 : Column 1784W and 16 November 2004 : Column 1430W in relation to ID Cards Act. Or 1 September 2004: Column 774W and 2 November 2004: Column 228 for the Children Act 2004. Back

10   HMRC often justify taking copies of databases under the Taxes and Management Act of 1970. Parliament did not discuss this Act in the context of database access-mainly because the technology was not developed (eg in 1970, a mainframe computer with 256K of memory-which filled a large room-was a rarity-now a memory stick measuring a couple of inches has 10 times as much memory). Back

11   There are examples of trust being lost. For example, parents who object to the police retaining DNA of their children who have been mistakenly arrested, parents who object to their childrens details being retained on a child at risk register when there is no risk, and patients who object to the holding of medical records centrally. Back

12   The Audit Commission is to produce its own Code of Practice to govern its own data matching activities. Back

13   For example, if someone says "data item X is relevant to a housing benefit purpose", the claim can objectively be tested-is the data item relevant or not relevant to the housing benefit purpose? However, there is no viable test as any data item X is likely to be relevant to the efficient delivery of public services. It is going to be difficult to show a breach of a Principle if the Commissioner has to prove "inefficiency". Most of the data protection principles are defined in terms of a purpose which is assumed to be narrow. Back

14   Oversight of the Intelligence Services (except interception practices) is carried out by the Intelligence Services Commissioner. Oversight of interception is carried out by the Interception of Communications Commissioner. The Office of Surveillance Commissioners is responsible for oversight of property interference under Part III of the Police Act, as well as surveillance and the use of Covert Human Intelligence Sources by all organisations bound by the Regulation of Investigatory Powers Act (RIPA) (except the Intelligence Services). There is an Information Commissioner, a National Identity Scheme Commissioner, the Commissioners who deal with Northern Ireland policing/terrorism and the Police Complaints mechanisms and the various Parliamentary Ombudsman could also be drawn into the supervision business. Recently the Financial Services Authority levied a £1 million fine in a case of inadequate security of personal data held by the Nationwide Building Society. Back

15   The Information Commissioner's views on the ID Card provides an example. The Home Secretary said that the Information Commissioner was "a long-standing opponent of the identity card system" (28 June 2005: Column 1157). Back

16   Unlike the FSA which recently fined the Nationwide £1 million for breaches of security of personal data. Back

17   I have developed a mechanism whereby Codes of Practice can be challenged by stakeholders-this can be made available to the Committee if it wants it. Back

18   Joint Committee On Human Rights, Third Report ("Counter-Terrorism Policy and Human Rights: Terrorism Bill and related matters"), Session 2005-06, Written Evidence 156. Back

19   International Treaties or Decisions of the Council of Ministers are often presented to Parliament as fait accompli-for example the ICAO agreement to capture two fingerprints was used in Parliament to justify the capture of all 10 fingerprints for the purpose of the ID Card. Back

20   19th Report of the Joint Committee on Human Rights (session 2004-05) calls for a "Human Rights Assessment" to be published. Back

21   If staff are properly trained in procedure, if powers are properly applied in the correct way and in the correct circumstances, and there is no "mission creep" or "function creep", then privacy and security can co-exist. Back

22   Joint Committee On Human Rights, 8th Report, Session 2004-05, Appendix 1. Back

23   See recommendations 59 and 60 of the Committee's report into ID Cards Report where the powers were described as "unacceptable", yet they exist in the ID Card Act 2006 in the same form. Back

24   One SI on a privacy matter which was withdrawn was the draft SI issued by David Blunkett in relation to wide access to Communications Data (as defined under RIPA). Press reports at the time credited Mr. Blunkett's son (Hugh) for the Home Secretary's change of mind (see for example, http://news.bbc.co.uk/1/hi/uk_politics/2051117.stm). Back

25   This is the practice with respect to National Security Certificates signed under section 28 of the Data Protection Act (eg in the case of Norman Baker MP ). Back

26   Session 2004-05, paragraph 81. Back

27   I was told by the Clerk to the JCHR when I was preparing this paper that "The Government has not agreed to this recommendation (in the 19th Report) and is not providing Human Rights Memoranda in relation to Bills. From the start of this Session it has been making an effort to meet the spirit of the Committee's recommendation by improving the quality of treatment of human rights in the Explanatory Notes which accompany each Bill. The Committee has not yet taken a view as to whether it considers these efforts meet its requirements". Back

28   Q782, Fourth Report of Home Affairs Committee, Identity Cards, Session 2003-04, Volume II. Back

29   The public consultations (CM 5557 and CM 6178) both gave commitments to use the ID Card and related NIR for limit purposes (eg to crime and security issues). Back

30   Paragraph 3.20 of CM 6178 ("Legislation on Identity Cards"). Back

31   Citizen Information Project: CIP progress report-10 September 2004 on http://www.gro.gov.uk/cip/Definition/ProjectBoardPapers/index.asp. Back

32   See Appendix 1 and the events of 30 June and 13 July 2005. Back

33   A sample of these are referenced in the text in the Appendix. Back

34   From Mr David Blunkett to Mr Charles Clarke. Back

35   Privacy and data-sharing. the way forward for public services (PIU report April 2002), paragraphs 10.24-10.33. Back

36   The legal advice is contained in Annex 8 of the CIP final report (on http://www.gro.gov.uk/cip/Definition/FinalReportAnnexes/index.asp). Back

37   Information Sharing Vision Statement (on http://www.dca.gov.uk/foi/sharing/information-sharing.pdf) is to justify data sharing in terms of "in the public interest". This is a likely reference to the phrase "necessary in the public interest" which is defined in S.42 of the ID Card Act 2006 which links to the "efficient and effective delivery of public services". Back

38   See the web-site for "TheBigOptOut.org". It can be argued that the trust argument condenses to the issue of who is in control of medical records. Most patients think the GP is in control-that is until they become aware of Section 251 of the NHS Act 2006 which puts the Secretary of State in control of patient information. The question then is whether trust is maintained when the Secretary of State exercises that control without patient consent or GP involvement. Back

39   The notion of seeking consent is nonsensical for most law enforcement, terrorist incidents, life threatening emergencies etc. Back

40   Criminals do not consent to data about them being exchanged between law enforcement agencies; neither do individuals whose medical details need to be shared because they are unconscious. Back


 
previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index

© Parliamentary copyright 2008
Prepared 8 June 2008