Previous Section Back to Table of Contents Lords Hansard Home Page

As we on these Benches said at Second Reading, it is important that we should make the best use of modern data systems to detect fraud. The methods adopted, however, must be not only effective but proportionate. We have serious reservations about some of the detail of the privacy implications of Part 3, which are reflected by the amendments tabled by my noble friends and me—not only my noble friend Lord Henley on the Front Bench but my noble friends on the Back Benches.

Part 3 would increase the scope of the existing practice of data matching by giving the Home Secretary the power to extend the purposes for which data matching can be undertaken, by increasing the involvement of private bodies in data-matching exercises and by amending the terms of the Data Protection Act 1998. This kind of mass data collection, data sharing and data mining is a familiar theme in Home Office legislation, we find. It raises serious ethical and constitutional issues.

These schemes have the potential to change the nature of the relationship between the state and the citizen, turning us, if we are not careful, from a nation of citizens into a nation of suspects. We are particularly concerned that these fishing expeditions could and would be used to identify patterns, trends or profiles that suggested the possibility of future criminal behaviour. That would be permitted by the Bill, which would authorise data sharing and data mining for the purposes of preventing fraud or other criminal behaviour, not merely investigating crimes and fraud that have already been committed or attempted.

We are not yet persuaded that it would be appropriate to mine data to predict the likelihood of fraud or other types of criminal behaviour with the aim of preventing them before they occur or are even attempted. I return to my enjoyment of some of the films one can see these days. The process we are being invited to agree to in this part of the Bill reminds me of “Minority Report”. Perhaps noble Lords will remember the Tom Cruise film. It is a scary future where individuals are arrested before any offence has even been committed. There is a series of personality profiling and the hero finds himself about to be arrested for a murder he has not committed and had not even thought of committing.

Some patterns, trends or personal profiles identifiable by any data-mining exercise might well suggest that a type of future behaviour is likely. Why should this be used to justify preventive action, particularly where this could be detrimental in some way to the person concerned? Not everyone follows normal or typical patterns, trends or profiles? We do not easily fit what those who are writing software programs would like us to comply with. Just because a person grows up in an area where nine out of 10 young people may commit crime at some time in their lives, it does not follow that he or she will follow suit. Individuals surely should be judged on the basis of what they do rather than what others who live near

21 Mar 2007 : Column 1270

them or who may be like them have done in the past. Data mining to identify patterns of behaviour indicative of future risks cannot be 100 per cent successful. The fear is that it could lead to innocent people being unjustifiably identified and targeted. I beg to move.

Lord Dholakia: We have put our name in support of these amendments. Clause 61 deals with the disclosure of information to prevent fraud, Clause 64 deals with data protection rules and Schedule 6 is about data matching.

We are well aware of the importance of this information in tackling fraud. In the very informative session that the Minister arranged with SOCA on this matter, fraud and trafficking in people and drugs seemed to be very high on the agenda. Everything must be done to give them the necessary powers but not at the expense of the dangers inherent in some of these clauses.

I support almost everything the noble Baroness, Lady Anelay, said. We are concerned about Part 3 which, like Part 1, is very problematic and obviously we will have to come up with appropriate recommendations for amendments on Report. Let me take an example given to us by Liberty. I make no apology; this is another German example but nothing to do with cannibalism, which the noble Baroness, Lady Anelay, talked about earlier. The example is an interesting one. It says that German law restricts the ability of the state to conduct data-mining exercises to investigate crimes that have already been committed. Not surprisingly, it places even more stringent restrictions on the ability of state bodies to mine personal data in order to identify the possibility of future criminal behaviour. In a recent case, the Federal Constitutional Court considered an anti-terrorist initiative that involved each of the federal state’s police forces co-operating in a Germany-wide data-mining exercise with the objective of identifying potential al-Qaeda terrorists. The court found this oppression to be unconstitutional and held that data mining for the purpose of crime prevention is permissible only if there is a clear and present risk. They identify three areas: the existence of the Federal Republic of Germany, the security of the Federal Republic of Germany or one of its federal states, and the life, limb or liberty of an individual. A general threat of terrorist attacks, as was assumed after 11 September, or political tensions with a particular state were considered to be insufficient justification. In order to mine data to prevent crime, the German police authorities would have to demonstrate a clear and persistent danger of, for example, an imminent terrorist attack. This was the example given to us by Liberty.

I think at this stage we need to tease out the Minister’s intention regarding these clauses, then on Report perhaps we could come up with an appropriate amendment to share our concern on this matter.

6.15 pm

Lord Crickhowell: We come back at this part in the Bill to some very important issues with which some of us are all too familiar. Those who were leading with

21 Mar 2007 : Column 1271

the Identity Cards Bill on the national identity register will recall all too vividly some of the issues we debated at length. It is essential to remember that the national data register is under construction; a great deal of information is already being gathered. Many other sources of data are being put together on the citizen; not all of them are reliable. Within the past few days, we have learnt about the extraordinarily large number of passports issued on entirely false data. That must mean that on the passport register there is a remarkable quantity of entirely unreliable information.

Against this background of a very large quantity of data being collected on the individual citizen, some of which may not be at all reliable—indeed some of which we know to be completely unreliable—we should take the greatest care with the powers we provide in this Bill. I am not a lawyer but I am advised that data sharing or data mining can be regarded as a fishing exercise and therefore possibly contrary to the European Convention on Human Rights. Certainly against the great tradition of English law it is a high-tech version of a general search warrant. Therefore we should be extremely careful about going down this road and even more careful about the way in which we share information and pass it from one organisation to another.

Data matching can be a very useful operation, particularly if you are trying to sell something, and many of us in our briefs have been given good examples of that. There are aspects of data sharing that can benefit the citizen. It may just be a terrible nuisance for the citizen. One of the examples given in a brief that I have read is that of the TV licence. That really stirred me up because alongside my home in Wales is a cottage—I live in an old converted water mill and it was the miller’s cottage owned by my father, then by a brother and now by a nephew—which has never ever had a television set. At the moment it is empty. But of course the data-sharing operation has gone into practice and so the data have gone in from the rating organisations which have guessed that there is a property paying rates. That is checked against the data in the television records which show that there is no television set. Then all sorts of things begin to happen and in comes an endless stream of letters. I feel rather strongly about that because the cottage is frequently empty—it is only used as a holiday home—and so those letters are very often delivered to my house and I have to forward them at first to my brother and now to my nephew. Occasionally I open them and they contain language which is really appalling. They threaten the citizen in a pretty rough way. They imply that he cannot possibly have a property that does not have a television set and if he does not do something about it pretty promptly, he will be in real trouble.

It may go further than that. It may not just be a nuisance, because with data sharing you can trace who has prompted an inquiry. One could come to the conclusion that because the particular property has prompted an inquiry on 20, 30, 40 or 50 occasions, there must be a criminal there deliberately ignoring

21 Mar 2007 : Column 1272

the law on holding a television licence. That is the possibility we are dealing with and it shows why we must be so careful.

There may on occasion be very good reason for passing on information when one starts sharing data, but if there is not, it can be harmful to the individual. If data are passed on by the regulatory body, referred to in these provisions, to another organisation in the private sector, credit could suddenly be refused. Once credit has been refused, the individual may be in even greater difficulty. We should be extremely cautious about a casual widening of the powers of bodies to fish for data, share the results and potentially damage the rights of the citizen.

Clearly, if the person has a criminal record there are very good grounds for passing on that data, as my noble friend suggested in her amendment. But if there are no grounds and one is merely putting data together because the possibility exists that they may throw up information that is useful and can be passed on to other organisations, the Government need to justify that and show what safeguards are to be provided. We shall come to some of those in amendments to later clauses and the degree of supervision that I believe is essential if we are to go down this road.

The Government cannot expect to get away with changes in the law of this magnitude by saying, “We know there is an awful lot of serious crime around and we know that serious criminals are inventive, so we have to provide blanket powers just in case, occasionally, by using them, we will prevent a crime that may not otherwise occur”. We must equally be sure that we do not cause damage to innocent citizens because we have too little regard for the protections previously provided by the law extending the powers to individuals who are casual in their use.

Lord Burnett: I agree very much with what the noble Lord, Lord Crickhowell, has said. These are very far-reaching provisions; it is a statement of the obvious that the more who know about a matter, the less confidential it is. We owe it to our fellow citizens to scrutinise these provisions very carefully.

The Minister said on Second Reading that the powers to be given to Her Majesty’s Revenue and Customs would not include powers to go on fishing expeditions and trawl for information. She owes it to us and our fellow citizens to reconcile that statement with these provisions and to set out exactly what protections there are for the individual. The leaking of some of this information could be deeply damaging to entirely innocent people.

Baroness Scotland of Asthal: It will be a great pleasure to be able to quieten the beating heart of anxiety. I listened with great interest, as always, to the noble Baroness, Lady Anelay, exploring her fears—fishing expeditions, citizens becoming suspects, minority reports. The descriptions became ever more glamorous but I am afraid that they were not terribly accurate. I hope that I can assist the noble Baroness—we are doing nothing so dramatic.

21 Mar 2007 : Column 1273

On the assertion about fishing expeditions, let me make it clear that that is not what we are doing. I know that that is the anxiety, and I hear what the noble Lord, Lord Burnett, says as well. But nothing which is proposed is prevented under the Data Protection Act. Neither the Audit Commission nor law enforcement agencies nor any other body will be given new powers indiscriminately to collect or mine data held by the public sector. The data-sharing provisions will allow the public and private sectors to share information on suspected fraudsters to inform decisions on applications for services. This information will be shared on a case-by-case basis.

The data-matching provisions allow the national fraud initiative, currently run every two years, to match data sets to detect fraud. The Audit Commission will continue to carry out pilot studies before any new data sets are introduced to ensure that a significant match rate occurs, such that further investigation might be warranted by the body concerned. The new provisions do not in any way release the bodies involved in data-sharing and data matching from complying with data protection and human rights legislation. So there is no change there.

The noble Baroness says that data matching will predict fraud before it occurs and that that is what the patterns and trends imply. I assure her that that is not so. Patterns and trends help to predict risks of actual fraud and so assist in targeting efforts on to areas where actual fraud is occurring. That is the experience.

Lord Burnett: The Minister makes a perfectly valid point. Clause 61(4)(a) provides that nothing in the clause authorises a disclosure which,

The Minister just used the expression “actual fraud is occurring” and she talked earlier of suspected fraudsters. Could she enlighten us on who is a suspected fraudster, who decides who is a suspected fraudster and whether suspected fraudsters will come within the ambit of these provisions?

Baroness Scotland of Asthal: The patterns and trends help to predict the risks of actual fraud taking place, so it assists in targeting efforts on areas where it is believed that actual fraud is occurring. It sets the framework to help us look with greater acuity at the areas where activity is occurring. If any Members of the Committee would like to see what the national fraud initiative is doing, I am sure they would find it very helpful. It gives a clear, graphic example of how this works.

I am very conscious that this is the Committee stage, not Second Reading, so after making these few initial points, I intend to go through the amendments to demonstrate why the concerns are not there. Let me say to the noble Lord, Lord Crickhowell, that I look forward to the scrutiny that this will be given. He gave a graphic example of why we were right to say that biometric data are of assistance in terms of identity. We were not talking about legitimate individuals having their information retained or given to the Passport Service; we were dealing with

21 Mar 2007 : Column 1274

fraudsters who were able to make repeated applications using what appears at first blush to be appropriately valid documentation demonstrating identity, thereby obtaining false identities which were subsequently used to commit crime and acts of terror. If their biometric data had been held on the database, we would have been able to identify them as the frauds they were when they made the second application. The fact that we do not currently have the rigour to identify, and differentiate between, those who make repeat applications is a major difficulty.

6.30 pm

Lord Crickhowell: I am grateful to the noble Baroness for giving way. The other day I read in some detail about a breakthrough in a test case where biometric information did not prove a reliable way of protecting against fraud—but that is not the point that I was making. Regardless of whether you have biometric information, we are dealing in these amendments with a great deal of information that is not biometric and never will be. I do not want to jump ahead to a debate that we will have on Clause 64. There are some, better lawyers than me—I keep confessing to the noble Baroness that I am in deep water in these legal exchanges—who argue that Clause 64, which deals with data protection rules, opens up the whole thing so that the protection which she says is in the clause, under the data protection legislation, is not in fact there. We could get into the problem of debating two parts of the Bill at once, but we will have to come back to this to make sure that the data protection laws apply in this case.

The Earl of Northesk: To develop the point a little, I ask the noble Baroness to clarify an important point: where information is exchanged between discrete public authorities with the intention of deriving patterns or trends, how on earth, in truth, can that be consistent with the second data principle?

Baroness Scotland of Asthal: It is consistent with the second data principle. We have been careful to consult the Information Commissioner throughout this process to ensure that he is content that his powers in relation to these issues will prevail. Therefore, to return to this Committee stage, and directing my attention to the amendments, I shall deal with the amendments in the name of the noble Baroness so that I can, I hope, demonstrate why her concerns and fears are not set out. I will take a little time over doing so because I understand that this begins to set the framework for our discussions from now on.

The noble Baroness and the noble Lords propose that the purposes for which data sharing and matching are undertaken should be narrowed. That is the purport of these amendments; it is not for the prevention and detection of possible fraud but for the detection of actual or attempted fraud. That is the drive. These amendments strike, therefore, at the objective that these provisions seek to achieve. I will attempt to explain why this is so. Prevention is a

21 Mar 2007 : Column 1275

fundamental plank in the fight against fraud or, indeed, any crime. I would hope that noble Lords would agree that prevention is better than cure when there is a threat of criminal activity.

Public authorities receive numerous applications for services and benefits. This clause is addressed to helping to prevent fraudulent applications to these public authorities. The difficulty for them is in identifying the fraudulent from the true. Setting the threshold at the level suggested by the amendment would mean that public authorities would not be able to check the seemingly honest application against any information held by an anti-fraud organisation. That plays directly into the hands of fraudsters who will, by their nature, seek to conceal their attempt. It would defeat the clause’s purpose and whole object. I do not know if that is the intention of the noble Baroness; given her traditional approach to these matters I would be deeply surprised if it was.

The type of fraud prevention that the clause seeks to allow is well established in the private sector. If we apply for banking services our applications will routinely be checked to ensure that we have not previously submitted fraudulent applications. The Government do not see why it should be any different for applicants for benefits and services provided by public authorities. In relation to Amendments Nos. 110C and 116A, if the reasons for undertaking data matching were extended to include crime more generally—by means of the order-making power provided for in new Section 32G(1)—it is proposed that this should be for the detection of actual or attempted crime. The removal of the reference to preventing fraud would mean that the Audit Commission would lose the opportunity to use data matching to identify risk areas, where systems are open to abuse and need to be improved. It is a key role of an auditor to identify such risks. The national fraud initiative has to date played an important role in helping auditors to discharge this aspect of their statutory duty. They have been congratulated on the efficacy of their work.

Furthermore, it is unclear what exactly the noble Lords and the noble Baroness seek to achieve by this amendment. The national fraud initiative currently identifies real fraud—£111 million of it in the 2004-05 cycle. That is real and substantial. We would be loath to take a retrograde step that failed to enable us to stamp this out. It is possible, however, that the noble Baroness intends this amendment to have the effect of enabling the Audit Commission to undertake data matching only when it is known that actual or attempted fraud has occurred. If so, it reflects a fundamental misunderstanding of what data matching is designed to do.

If I have interpreted this amendment correctly, the noble Baroness has based it on the assumption that the Audit Commission or the participating bodies will know from the outset whether there has been any actual or attempted fraud or crime. The whole purpose of data-matching exercises is to identify anomalies that we would not otherwise know about. There can then be further investigation to establish if any actual or attempted fraud has been perpetrated.

21 Mar 2007 : Column 1276

That is the methodology if one looks at the initiative engaged in now, and which has proven to be so successful. I say only briefly now—I will make this point again later—that if a body already knows that there has been fraud or attempted fraud, there will be no need for it to participate in data matching at all.

Amendments Nos. 106A and 107A stand in the names of the noble Lords, Lord Henley, Lord Dholakia and Lord Burnett, and the noble Baroness, Lady Anelay, and so are backed by a joint force. They have also suggested that the anti-fraud-organisation information sharing covered by Clause 64 be limited to the detection of actual or attempted fraud rather than to the prevention of it. These amendments are a continuation of the amendments that the noble Lords propose to Clause 61. On that clause, I hope that I explained the difficulties that we envisage if the formulation of, “detecting actual or attempted fraud”, was substituted for “preventing fraud”. The cover which is provided by Clause 64 is intended to apply to the form of data sharing envisaged by Clause 61. There should be consistency between the terms used.

For these reasons we resist the amendments. However, I am very grateful to the noble Baroness because she has enabled us to explore the framework within which the following amendments sit. We may deal subsequently with the issue of notification and the second data protection principle. That issue was raised by the noble Lord. I can deal with it now but it may be more convenient for us to deal with it in its place.

Next Section Back to Table of Contents Lords Hansard Home Page