Coroners and Justice Bill
Harriet Wistrich: No, we do not go with those recommendations. We have not addressed that.
The Chairman: Given the shortage of time and the fact that you want to say something else, if there is any further thought that you want to add, feel free to submit a note to the Committee. We shall be delighted to receive it. Sandra McNeill; you wish to say something?
Sandra McNeill: Yes. Mostly, when men allege infidelity, they say, And she taunted me. There was the case of Ward, who alleged, She said the baby wasnt mine. I lost it and strangled her. He was not put on trial. He got three years for manslaughter. When he got out he murdered his next girlfriend, Valerie Middleton, and again alleged taunting, saying, She told me she had another lover who was better in bed than me. And I sat in the gallery and in the canteen with friends and family who said to me, No way would she have taunted him. She was terrified of him.
I would also like to cite the case of Cooper, 2002, who strangled his wife and told the police, She taunted me. She had another lover who was better in bed than me. What Cooper forgot was that there was a voice-activated recorder in the rooma tape recorderwhich recorded him abusing her for 24 minutes while she begged for her life and swore she loved him and was true to him, and then he said, You are the weakest link. Goodbye, and strangled her. That made all the tabloid headlines.
Unfortunately, not all murders are recorded on tape recorders. So as for saying that it is okay to allow the defence of sexual infidelity as long as he adds, and she taunted meno. That is just including sexual infidelity, and you have seen our reasons for wanting to exclude it. As we say, we do not live in the 16th century. There are countries where people are executed for adultery; remember the fury over the documentary Death of a Princess? What if we allow men to execute their wives simply for leaving them for another man? There is another example: it is not just infidelity but, She left me for another man. That is another allegation, as in Humes case. Again there was not a jury; it was just accepted by judge and prosecution.
If we allow those men to execute their wives and do not convict them of murder we have in fact got the death sentence for adultery in this country, and in the 21st century we should not have.
The Chairman: Thank you very much indeed. Thank you for coming. The Committee as always is indebted to you. It has been good to have you here. If you do have any further thoughts, please place them in writing. Ms McNeill, if in the light of your last comments you wish to relate them to clauses in the Bill, I am sure that the Committee would be pleased to hear from you in writing.
Sandra McNeill: Thank you for inviting us.
The Chairman: Mr. Richard Thomas, Information Commissioner, and Mr. David Smith, deputy Information Commissioner; good afternoon, welcome and thank you for joining us.
Q 323Mr. Bellingham: Thank you for coming. I want to ask a series of questionsperhaps five in totalthe first of which is fairly general. Certainly, on this side of the Committee, anyway, we are concerned about the Governments general record on the handling, transportation and storage of data, which we think is pretty poor. There is a real fear that the powers of the state are increasing without the necessary safeguards being put in place. Certainly in this context, clause 152 is very far-reaching.
First of all, the Serious Crime Act 2007 provided for data sharing between public and private bodies to defeat serious crime. Do you not think that in many ways this went far enough in terms of data sharing? Do you share my concern that the EU data protection directive could be breached by this clause? The directive makes it clear that the data subject has unambiguously to give his or her consent. It is possible that this clause is incompatible with the UKs obligations under EU law. Looking at those points, would you give some general comment?
Richard Thomas: I start by clarifying my position. I am the Information Commissioner responsible for enforcement of data protection legislation. I was also asked to carry out the data-sharing review with Sir Mark Walport of the Wellcome Trust, which I did in a semi-personal capacity. Some but not all of the provisions of part 8 of the Bill reflect our recommendations, and I spent seven or eight months on that review, alongside my official responsibilities.
In the course of that review, we received a mass of evidence. We started in November 2007 and produced our report in July 2008. We received a mass of written evidence and held a large number of consultation meetingshearings of one sort or another. I hope that it is not arrogant to say that the broad analysis that we brought forward has been widely accepted. You cannot say that data sharing is good or bad. There can be wholly inappropriate data sharing. There can be sharing that should be but is not taking place. We advocated what I call a public interest approach. Where sharing is beneficial, provided certain safeguards are in place, it should be permitted. Where it is not appropriate, it should not be allowed.
We set out an analysis of the circumstances in which there should or should not be sharing and how sharing should take place. We set out three broad headings under which sharing might be appropriate: for law enforcement; for the improvement of services, particularly public services; and for research and statistical purposes. In our report we examine those situations in detail. The final chapter of our report brought forward a series of recommendations. A word I particularly want to emphasise to the Committee is in paragraph 8.1, the first paragraph of that final chapter. This is a package of recommendations. Sir Mark Walport and I saw this very much as a packageon the one hand, to improve the arrangements for beneficial data sharing where that is appropriate, and on the other, to be balanced by a series of safeguards and protections, not least, stronger powers for my office. I would like to address that in more detail during the course of the afternoon. I stand down in June of this year but my successor will, I hope, benefit from stronger powers because we have been handicapped throughout the life of the Information Commissioners Officeformerly the Data Protection Commissioners Officeby having very weak powers.
Life has changed dramatically. There has been a fundamental shift in the past few years in awareness of the risks of data-handling. Where there is poor data-handling, there are considerable risks for individuals and society at large, and your question hinted at an awareness of that. There is also a much wider set of public concerns about data protection, borne out by our own surveys. Our most recent survey indicates that the general public now rank the handling of personal information alongside concerns about the prevention of crime, expressing stronger concern about it, for example, than about the health service or the environment.
We welcome the fact that part 8 of this Bill provides an opportunity for improving data protection law and, to a certain extent, there is a cross-party interest in doing that. I also recognise that at the moment, I and my office can give only a heavily qualified welcome to part 8. We think that there are beneficial aspects to it. We have provided the Committee with a written memorandum setting out our position. But we fear that the data-sharing powers are somewhat wider and less safeguarded than was proposed in the Thomas-Walport report and that the powers available to my office are substantially weaker. We would like to see what eventually emerges by the time of Royal Assent more closely mirroring what we spent seven months researching and putting forward.
On your specific question about compatibility with the European directive, that sets the framework for data protection law in this country. The Data Protection Act 1998 transposes that directive. Whatever goes through in part 8 of the Bill will remain subject both to the European directive and to that Act. One of the changes that we would like to see is that if the data-sharing order remains, it should be spelled out in the Bill that any arrangement that has come forward as a result of a data-sharing order should explicitly remain subject to the data protection legislation. That is undoubtedly the case, but it is not spelt out in the Bill.
Q 324Mr. Bellingham: You mentioned the 1998 Act. Incidentally I am grateful for the briefing that you sent to the Committee. I certainly feel that the part of the Bill that gives more powers to your office makes a lot of sense. The 1998 Act contains various exemptions that are specifically intended to ensure that data protection does not prevent the use or sharing of personal information, where a failure to do so would prejudice the purposes of law enforcement. Public bodies have or should have the knowledge and confidence to rely on the exemptions to the Act, when it is necessary to do so. In that context, do we not have sufficient legislation in place already, without bringing in far-reaching, sweeping extra powers for data-sharing? Public authorities can share data already. There was a quantum leap forward with the Serious Crime Act 2007. Does it make sense and is there a real demand to go further still?
Richard Thomas: I failed to address your specific point about consent. Yes, one of the grounds for data processing is consent, but there are other grounds which are permitted by the European directive. In paragraph 5.7 of our report, we explain some of the limitations, particularly in the law enforcement area but also in areas like taxation and child protection, where you cannot rely on consent alone. Sometimes it is wholly inappropriate to rely on consent and that is understood by both the directive and the 1998 Act.
On your wider point about whether there are sufficient powers already, one of the reasons why Sir Mark Walport and I put forward those proposals is that we feel very strongly that we need greater scrutiny and less confusion when it comes to data sharing. We came across a really quite unsatisfactory state of affairs, where almost every single witness brought to us the evidence that there is what we called a fog of confusion about what can and cannot be shared. We talked about a culture of risk aversion, a culture of uncertainty and people not knowing where they stand.
One reason why there could be greater scrutiny with the data-sharing order is that so often when a Department wants or needs to share information for a particular purpose, it brings forward a very precise sectoral provision, which is often tucked away at the back of a Bill. One example would be schedule 30 to the School Standards and Framework Act 1998, which created the national pupil database. That amended previous legislation, and it got no parliamentary debate whatsoever.
There have been many examples where specific provisions have been brought forward because there is insufficient power or there are legal difficulties. Those are not debated sufficiently in Parliament. Another example would be the Learning and Skills Act 2000. You could argue that when the national DNA database went through, it was not sufficiently scrutinised by Parliament. These sorts of things are often added at quite a late stage in the Bill. They are not picked up and are not debated in Parliament.
So we brought forward this far more transparent process with a number of safeguards. First, there is a requirement for public consultation on the specific proposal. Secondly, there is a requirement for a privacy impact assessment. The Committee may know about how those have been used widely in other countries. Over the past two or three years, we have been pushing for them to be used to evaluate the risk associated with any data sharing. Thirdly, there is a requirement for the Information Commissioners office to give an opinion on the acceptability of a data-sharing measure.
Fourthly, there is an affirmative resolution procedure so that Parliament has an opportunity to examine it rather than just nodding it through by way of negative resolution, which would be completely unacceptable, or it being tucked away in a Bill and not scrutinised. I accept that a measure put forward by affirmative resolution cannot easily be amended, but it would create greater awareness. If done properly, that measure could end up with greater scrutiny and less confusion. I have some reservations over the wording of part 8 and that must be improved. If that is done, the measure will be in the public interest.
Q 325Mr. Bellingham: In October 2006, you sent a position paper to the Home Office in reference to the Serious Crime Act 2007. Are your views the same on the impact of information sharing on private individuals? On page 4, you stated:
It is important to keep any information sharing initiative under periodic review, to assess its impact on personal privacy and to determine how successful the sharing has been in terms of protecting the public purse, apprehending offenders and so forth. A successful information-sharing initiative could still be unacceptable on data protection grounds, for example because it causes widespread and unwarranted detriment to individuals.
Do you still stand by the general thrust of those remarks? Does this part of the Bill contain the necessary safeguards?
Richard Thomas: I stand by the general sentiment of that. You have the advantage of a better recall of that measure than me. As I recall, in the passage of the 2007 Act there were many discussions about a data-sharing provision for the purposes of serious crime detection. A package of measures was put forward that met the concerns that I expressed in that memorandum and elsewhere. That is an example of a case being put forward for information sharing for law enforcement purposes. I do not think that there was any serious dissent saying that it was unacceptable.
It remains necessary that in every case no more information is shared than is needed for the particular purpose. There must be safeguards over how data are shared and constant vigilance is needed to ensure that the rules of the game are followed, as that note stated. That is one reason why I attach so much importance to my office having the powers of inspection and scrutiny that are necessary to ensure that the arrangements are working.
Another example of data sharing being acceptable with certain safeguards is when the Metropolitan police wanted access to the Transport for London congestion cameras to prevent acts of terrorism or to find out what had happened after acts of terrorism. With the Home Office, the Metropolitan police and Transport for London, my office was involved in putting together a protocol that confined the sharing to precisely defined circumstances. That data sharing can be used only in cases of suspected or actual terrorismnot even in cases of serious crimeand there must be a proper audit trail of what is going on. There is a consensual or contractual inspection power for my office to find out what has happened in any particular situation.
One needs to be careful with data sharing. I am the first to advocate that. Some of the safeguards in the Bill are necessary, but some do not go far enough.
Q 326Mr. Bellingham: How can we keep the measure under periodic review? We might be passing vital legislation. You mentioned in the past that it is important to keep it under periodic review. How can we do that?
Richard Thomas: Primarily by my office having the power to inspect without consent. For more than 20 years, my office has not had the power to carry out any inspection without the consent of the organisation concerned. In the six and a half years that I have been commissioner, I have strenuously argued that that is not acceptable. One would not expect a food inspector to have to get the restaurants consent before carrying out an inspection. The Bill moves towards giving us stronger powers, and I regard clause 151 on the assessment notice procedure as very welcome so far as it goes, but I am very concerned indeed that it extends only to Government Departments. Our report made it very clear that that sort of power is required right across the private and voluntary sectors for all data controllers.
It is unacceptable that the assessment notice currently has no associated sanction. If an organisation says, No, we are not going to follow the requirements of your assessment notice, Mr. Commissioner, there is no sanction. I very strongly urge this Committee to put that rightplease.
|©Parliamentary copyright 2009||Prepared 6 February 2009|