Previous Section Back to Table of Contents Lords Hansard Home Page


Baroness Nicholson of Winterbourne: My Lords, I am grateful to be speaking on behalf of the Liberal Democrats who welcome the Bill. We thank the Minister for his overview and for telling us a little about the genesis of the directive, because it is within the context of the manifesto statement to "bring rights home". There are two other parts of this tripartite mission--the Human Rights Bill and the proposed freedom of information legislation. It is rather nice to think that we will be discussing the detail of the Bill in the Moses Room, as we are not talking about matters on tablets of stone.

There is much work ahead of us. As the Minister said, there are general themes which arise from the directive which are reflected in the Bill. They are social, practical themes such as privacy and personal information; the impact on society of this novel legislation; the legislative changes that will flow; and the detailed points of overlap and possible conflict and possible inexactitudes with the other two parts of this tripartite effort.

There are some people who should be thanked in the context of the Bill. I refer first to Geoffrey Hoon, the Minister, who was rapporteur in Brussels in the European Parliament. When the government here were hostile--indeed, fully and totally hostile--to this legislation, we had a British voice who spoke up most clearly and who was also the rapporteur. Secondly, I refer to my noble friend Lord Lester of Herne Hill with his human rights legislation and, indeed, the noble and learned Lord the Lord Chancellor.

There were also people who blocked the Bill, both in the House of Commons and in your Lordships' House, on the government side. That was perhaps partly due to ignorance of the development of information technology, partly due to an inborn desire in terms of historical British governmental attitudes to control information on British citizens and partly due to a desire not to share that knowledge for mistaken reasons of freedom of trading. I should also mention the very early support for this frame of thinking by Lord Kilmuir, who, in the philosophy of the noble Lord, Lord Alport, took a "one nation" view; in other words, a respect for each other's views, which inevitably leads to respect for personal privacy data.

The kernel of the legislation--that is, the meat of the Bill--seems to me a fresh attempt to create an oasis of individual privacy for each European Union citizen or resident in face of the octopus of largely electronic knowledge which so many others from so many walks of life now have on each and every one of us, while not lessening the flow of knowledge, one of our essential European Union freedoms.

The Minister mentioned the fact that many people have knowledge about us; indeed, all of us are on at least 137 different computer systems. There is also the difficulty and expense of accessing that information. But the knowledge that someone has such information about you is possibly the most difficult thing to accept. So this is an important piece of legislation.

2 Feb 1998 : Column 450

On the down side, there is our obligation as a European Union member state within the Treaty of Rome and the single market Act not to inhibit the free flow of knowledge. That is just as important--or is it?--as privacy of the individual. I shall return to the fact that it is a difficult balance to strike, but perhaps I may just congratulate the Government on their efforts as regards human rights, freedom of information and data protection.

The latter is, of course, an inherited piece of legislation. It emerged in October 1990 when it was clearly stated why it was being created. The European Parliament was consulted by the Council on whether or not there should be a directive on the protection of individuals in relation to the processing of personal data. The mission statement was endorsed by the European Parliament in 1992 when it said that it would adopt a directive on the protection of individuals with regard to the processing of personal data and the free movement of such data. How does the much modified directive look today, eight years on from 1990? That is not eight years old in computer terms but octogenarian because the free flow of information technology has outstripped all of the initial proposals.

Indeed the 1984 convention, stemming as it rightly did from the Council of Europe convention of 1981, has stood the test of time remarkably well. However, we look at it differently now in the light of the Government's new efforts to take Europe seriously and to bring rights home. I suggest that privacy is a novelty for United Kingdom citizens. The noble and learned Lord the Lord Chancellor in his speech on Bringing Rights Home stated:


    "The Government is not introducing a privacy statute".
He went on to say, with regard to the media, that,


    "strong and effective self-regulation is the best way forward in the interests of the press and the public. Lord Wakeham has begun the task of strengthening self-regulation".

On the Second Reading of the Human Rights Bill on 3rd November the noble and learned Lord, Lord Simon, commented that that Bill,


    "nevertheless introduces into English law for the first time a right to privacy".--[Official Report, 3/11/97; col. 1259.]
With his great knowledge the noble and learned Lord added--I do not suppose that he could resist it--that in 1351 it was an offence to eavesdrop and that,


    "listening under the eaves of your neighbour's house was considered an infringement of his privacy".
The noble Lord, Lord Lester, perhaps summed up the matter when he commented in the same Second Reading debate on the Human Rights Bill, in the context of privacy versus public interest, that,


    "the right to free speech, like the right to respect for one's private life, is not absolute".
He went on to say that the,


    "European Court has also emphasised the importance of ensuring respect for the personal privacy of oneself and one's home".--[Official Report, 3/11/97; col. 1241.]
As a result of incorporation, the noble Lord said, the UK has a positive obligation under the convention to secure the right to privacy in domestic law. Our courts are likely to create it if we do not in Parliament. In other

2 Feb 1998 : Column 451

words, a common law of privacy will be developed if we do not do so in Parliament ourselves. I wish to set a marker here that we must consider which concept we put first in the United Kingdom. As I understand it, under our European Union obligation we must put personal privacy first. That point was clearly stated in one of the debates in the European Parliament which I can quote if necessary.

Be that as it may, the Data Protection Registrar sees the Bill as a partial privacy law. I suggest that as such it is a new initiative. I repeat that it was strongly opposed and with great hostility by the previous government. Why is a partial privacy law, or something stronger, needed? I refer again to the Second Reading of the Human Rights Bill. I believe it was the noble Lord, Lord Waddington, who stated that he thought that as a free born citizen, if his home were invaded by a public authority without just cause, he had a remedy but that his rights would be weakened under the new convention where he might be told it was allowed to happen for the economic well-being of the country or for the protection of his own or someone else's health. However, it is curious to note that those considerations already apply and have nothing to do with a new European convention.

In a few moments I shall mention health records. This country, with its National Health Service, has a unique stance on health. In my view it is all too unique in the sense that the Secretary of State for Health owns the health records of all those who use the National Health Service, presumably 99 per cent. of the whole population. That is a distinctive position indeed in the context of European Union citizenry legislation.

The noble and learned Lord, Lord Bingham, in talking about the balance of the right to privacy versus freedom of expression, asked, at col. 1247, why,


    "this country--alone among European nations--should fail to reconcile these competing principles in an acceptable manner?".
I suggest that it is because our situation in law is historically different. We have no written constitution and our citizens have not had the right to privacy that perhaps they assumed they had. Common law gave no right to protect one's reputation. Even the Swiss constitution of the 1720s gave the citizen a right to protect his or her reputation. Virtually all the developed economies including the US--I emphasise that to the noble Viscount, Lord Astor--have a right to privacy. The United Kingdom has stood alone in that we have not developed that right to privacy, possibly because of the lack of a written constitution.

I seek to prove my point further. Let us consider what happened during the early days of the directive. It was considered by Standing Committee B in the House of Commons. I was a Member at the time and I believe that the government were either ignorant or misleading on the material they put before the committee. The directive was considered again by Standing Committee B in the House of Commons in 1994 when again the government deliberately misled the committee, or had a lack of understanding of what the directive sought to achieve. As I understand the position, the Minister at that time talked about the free movement of all data. We are discussing only the free movement of personal data

2 Feb 1998 : Column 452

in this case. It is not a matter of hampering the free market by preventing the movement of all data; this is purely a question of the privacy of individuals and their personal data. The directive was considered twice in the European Parliament in 1992 and 1995. I am sorry to say that the United Kingdom abstained in 1995. The Times said that we opposed the directive. That was not the case; we abstained. I refer to related legislation, the Human Rights Bill and the Data Protection Act 1984.

During that period, some of us in the United Kingdom worked to construct a mosaic of personal privacy legislation without the relevant legislative underpinning. A little of that was included in the copyright Act. I created the computer hacking legislation and co-sponsored the access to medical records Bill. I submitted an access to employee records Bill. Others submitted similar material in both Houses of Parliament. However, those attempts were not successful because there was no underpinning of a right to privacy on the part of the British Parliament. Why is privacy now needed? I shall take a moment to consider that. If we have left it aside since 1351, why do we need to return to it in 1998? We are now all members of the global village. As I see it, homo habilis turned rapidly into homo mobilis. With the development of speech it is tempting to suggest that he turned into "homo chatterbox" and even "homo eavesdropper" and "homo gossiper". It is almost as if the need to know about each other's lives and actions in the finest detail forms an essential part of human understanding. Perhaps it reinforces our identities. Or, in the pre-paper, pre-radio and pre-electronics era, perhaps it was virtually the only realistic way of gathering immediate topical knowledge rapidly.

For whatever reason, today the global village mimics the pre-industrial era way of life so closely that we now know all, or nearly all, there is to know about each other. Remorseless electronic scrutiny by government, the media, security, or insecurity, forces, expose our every facet of behaviour. The difference lies not in what is known about us but by whom. Today it is not the neighbours, the schoolmistress, the doctor, the vicar, the postman, the milklady or the village shopkeeper who collect and store knowledge on us and share it with others. It is strangers, even potential enemies such as blackmailers, thieves, murderers, paedophiles or rapists. Potential threats also come from government and government servants.

I return to health and social services records. The data collection in which government and government agents now indulge is dramatic and far-reaching, and is unknown to most citizens. A free society owes its citizens a duty to try to stem that invasion of the privacy that we in the United Kingdom have effectively never had.

When one talks about data collection, one is immediately challenged that one is trying to protect politicians. I am not interested in privacy for public figures. My interest lies in privacy for ordinary citizens. A public figure is not a private person. One sacrifices privacy for a cause when one chooses to take up the banner of politics, religion, and so on. Questions may still arise regarding the treatment of public figures; however, I suggest that they do not relate to the public

2 Feb 1998 : Column 453

figures themselves. I ask whether or not a person's family should not be sacrosanct, particularly the children.

What about accuracy? All those of us who have been used to media coverage, in this Chamber and elsewhere, know full well how many times we get close to a story and find out how inaccurate it is. I speak particularly of the print media, not of radio and television. Radio and television came later into our world and have light legislative straitjackets. They have a duty of accuracy inbuilt. The print media do not--I wish that they did.

And what about the right to reply? It is supposed to be there. It is mostly not exercised. The privacy of private citizens concerns me deeply. Their privacy can be destroyed regularly, and is, by the intervention of the media or from outside sources, even from government.

How has the European Union protected its citizens? There, again, lies a point of difficulty between ourselves and other European Union states. There are extreme variations between the national laws of member states on data protection. Greece is still shaking from the aftermath of the use of military files on its citizens. It has no legislation at all. Denmark has a fully thought-through system and has had a register for a long time. Germany has a federal spread of difference. Indeed, I believe that the current directive stems from Stuttgart--and Stuttgart is a city whose citizens really like to be private. Perhaps too much flexibility, rather than too little, has been put in place to allow the directive to function. However, European Union fundamental principles are at stake.

Then, of course, there is the great spread of knowledge. To take the example of surveillance, of those who can watch us, there are advertisements for equipment that is freely available. It can be purchased with no legal hampering at all. It calls itself "equipment to end uncertainty". It may end the uncertainty of the person who listens; it creates multiple uncertainty for those who are listened to. There are room and telephone transmitters; body wires; wire taps; radio and computer controlled systems; specialist receivers and recorders; recording and transmitting equipment; and counter-surveillance equipment. Those examples represent a very small fraction of the material that is on offer. Is there a means to protect yourself if your opponent is extremely complex and sophisticated? What about encryption? The US is indeed a superpower in that field with its investment in global permanent listening and recording sweeps of telephone calls, faxes and E-mails permanently and internationally. Is privacy possible at all today?

Realistically, the answer is no--not with the big brotherhood of global satellites in operation. But practically, on the ground and in most circumstances, the answer is yes--if we can work at it, as a determined element of a nation's culture. We cannot look to the IT industry, for example, to protect us. Staff loyalty is not there. In the computer field there is negligible loyalty to the employer; and negligible loyalty, therefore, to employer records, because 20 per cent. to 30 per cent. of employees in the computer industry move every year. There are 50,000 vacancies which are very highly priced. The rapidly growing demand in quickly outdated skills means that computer people are

2 Feb 1998 : Column 454

highly skilled, always restless, always looking for something new, some way in which to exercise their skills more efficiently, and therefore they do better to move on. There is no practical reason for them not to do so. Let us think of that for a moment in terms of government, particularly in relation to health and social security records. UK citizens have enjoyed no similar privacy rights to those of other citizens. That is the novelty of this legislation.

Perhaps I may turn for a moment to public access to personal files. Access has been offered to us as a palliative instead of privacy. It is not a nirvana; it is a second best. If we look at access to personal files in Russia and East Germany, we look at people going to see their KGB and Stasi-held files. There is a Pandora's Box of suspicion.

However, I do not believe that such horror stories strengthen the case for government secrecy. They demolish it. Trust is the basis of civil and family life, as are openness and transparency. The informer society destroys the bond on which society is built.

So there are some areas of conflict in this piece of legislation. I turn to data-matching. We may feel that our records are safe within individual public service sector departments. We are wrong on two counts. First, matching takes place interdepartmentally; and secondly, there is inadequacy of control against invaders from outside. All are against incompetencies within the system, where the duty of accuracy may not be understood and there are insufficient funds in government to put the matter right.

In relation to data-matching, we should possibly talk about database linkage. We held a statutory instrument debate on that subject on 18th December. There may be a need for government departments to put together a working group. An example is DTI work on British standards. The Home Office, the Department of Trade and Industry and other departments all have IT work flowing through which will be impacted by current legislation.

The best defender of the individual's interest is the individual. The problem is that, against government, the individual has no weapons at all. Ownership should be the key. Perhaps Britain could take a leadership role and explore the possibility of European Union citizens having ownership of records that government hold on them--except, of course, in cases of security, such as the United Kingdom police computer, and, in cases of tax-gathering; namely, the Inland Revenue. In that way we could give back to the citizen that which the Government have on him or her. That would fit very well indeed in terms of health records with the smart-card genesis.

I suggest that we examine ownership of records, that we explore with the media codes of conduct--which are no substitute for legislation. If media intrusion on the lives of private citizens is to be allowed by means of an exemption from the Government, I suggest that we put those codes of conduct before this House in order to examine them. I suggest also that exemptions in secondary legislation should be examined closely, since semi-governmental bodies are also affected.

2 Feb 1998 : Column 455

The Government have talked about bringing rights home. But they have not yet answered the question, "To whom?". I suggest that within this Bill we can explore the possibility of those rights coming home to the individual citizen.


Next Section Back to Table of Contents Lords Hansard Home Page