Previous Section Back to Table of Contents Lords Hansard Home Page

It is not just that legislation in the field of surveillance and data processing does not contain sufficient detail and specificity to allow Parliament to scrutinise the proposed measures effectively. Other noble Lords have made the point that we have seen over the years a constant creeping of surveillance powers. Your Lordships’ House will be familiar with the examples of local councils snooping on ordinary people for things such as dog fouling and putting rubbish in the wrong bins. That is why I am very unhappy that during our consideration of the statutory instrument last week the noble Lord, Lord West, said that the other place was “confused” in its consideration of the instrument because it debated access to communications data and not only the retention of those data. Frankly, it is putting it rather kindly to say that he cautioned your Lordships’ House against making a similar mistake of confusing data retention and access. It is not your Lordships’ House that is confused—you retain data so that you can have access to them. There is little useful distinction to be made between retention and access in practice—the two go hand in hand. Does the noble Lord accept that you cannot separate those two issues so cleanly? You cannot look at one-half of the legislative framework in isolation from the other. If you do, you get exactly what we have seen over past years: a constant creeping of powers of surveillance and a concomitant decline in public trust as legislation is misused against ordinary people.

This is a constant theme in this House. This House is not full of hysterics; it is full of sane, ordinary people of experience and it is concerned about the powers that are being used and developed by the state which can invade the privacy of ordinary individuals without good reason.

As many noble Lords know, the Regulation of Investigatory Powers Act 2000 stands out as an example of these creeping powers. When the Act was passed, local authorities were not included in the list of public authorities that could access communications data. During the passage of the Bill, the then Home Secretary and Minister of State responded to concerns expressed that it would extend the power to a range of public sector bodies, including local authorities, by giving assurances that such powers would not be made available to them. But lo and behold, in 2003 two orders were passed that gave a number of additional public authorities,

2 Apr 2009 : Column 1193

including local authorities, access to communications data and the power to use directed surveillance and covert human intelligence sources.

The then Minister of State said about the previous assurances that had been given:

“Clearly, if an assurance has been given you like to try and ensure that that assurance is maintained, but ... sometimes there are things that happen two, three, four, five, six years later ... despite the assurance that was made there is a need to change”.

In its report, Surveillance: Citizens and the State, the Select Committee on the Constitution concluded,

I have two comments. First, it is hard to see what has so changed in our national life that it is necessary and right to give all 474 local councils in England, every NHS trust and fire service, the Environment Agency, and even the Royal Mail and the Royal Pharmaceutical Society access to communications data or surveillance powers, or how that increases the security of the nation. Secondly, it would be a sad day when the House could no longer place reliance on assurances from Ministers.

It is not surprising that the Rowntree report found that over two-thirds of the population no longer trust the Government with their personal data. How will the Government address this huge deficit in trust? The issue has been accurately described by my noble friend as the creeping subordination of the individual to the state.

I suggest that we need five things. The first is an emphasis on having separate disaggregated databases rather than centralised databases. That is not to say that there should be no information-sharing between different systems and users but—this is the second thing that is needed—there certainly needs to be greater regulation and oversight of the transfer of data. Thirdly—this is related—I would like the role and office of the Information Commissioner greatly enhanced. I welcome the recommendations of the Select Committee on the Constitution that the Government should consult the commissioner at an early stage of policy and legislative development, that he should have a greater role in advising Parliament on surveillance and data issues and that he should help the Government undertake a review of the law governing citizens’ consent to the use of their personal data. I suggest that we need greater independence and much greater governance in this whole area.

Fourthly, I would like to see legislation in this field contain sufficient detail to allow Parliament to scrutinise proposed measures effectively. Explanatory Memorandums in this sort of legislation are very important, and they need to be much more helpful to legislators when they are trying to understand and grapple with some of the difficult technical issues which, as I say, have great import for our civil liberties. Here, again, I look to the Minister to confirm whether a prototype of a centralised database for communications data is under consideration. That is the point I referred to earlier, and it is relevant to whether in practice we are going down the road of a centralised database in the area of communications, even if we are not authorised to explicitly.

2 Apr 2009 : Column 1194

Finally, we need a review of RIPA as soon as possible, and the powers it hands out need to be substantially curtailed. I look forward to hearing the Minister’s response.

12.32 pm

Baroness Byford: My Lords, I join other noble Lords in thanking my noble friend Lord Northesk for bringing this important debate to us today. He highlighted the importance of the difficulties of data sharing, the need for good management of those data and the balance between data held and the rights and privacy of information for people.

I shall speak mainly on the issue of data where it concerns our children and young people. The quantity of legislation concerning data collection, transfer and use is daunting. I shall start with SI 2006/2601, the Education (Information about Individual Pupils) (England) Regulations 2006. The instrument was made on 21 September 2006, was laid before Parliament on 3 October and came into force on 31 October. It laid a duty on school governing bodies to supply scheduled information within 14 days of a request from the local authority or the Secretary of State. The information for the local authority relates to each child in its schools and consists of their gender, date of birth, unique pupil number, surname, first name, ethnic group, date of admission to the school, first language, year group, usual mode of travel to school, address, details of special educational needs, whether in care, whether eligible for free school meals, education details, whether on the gifted and talented register and absence details. Details on pupils who have been excluded are also required. I wonder whether that is all really necessary.

Within days of these data being transmitted to the local authority, they are forwarded electronically to the Department for Children, Schools and Families. The governing body of a secondary school in Warwickshire wrote to the department expressing its concern about the dangers of holding information about young people on a single database and seeking the reasons for doing so. The department responded with three pages of text, in the course of which there was the following statement:

“Data is needed at the individual pupil level to ensure that funding is accurately allocated (for example, to ensure pupils are not double counted in instances where pupils are legitimately dually registered at two institutions; or where there are ‘duplicate pupils’, that is where a pupil has not deregistered from one school on moving to another)”.

The cost of compiling and holding records for 11 million youngsters is surely hundreds of times greater than the cost of any dual funding, even if it were not simpler to lay on the local authorities a duty to ensure that double counting did not happen within their jurisdiction.

On 1 September 2007, access to the database was extended to further education institutions, primary care trusts, work-based learning providers, researchers into educational achievement, learning providers registered with the UK register and institutions in higher education. In 2008, the Statistics Board was given access to most of the information on the database, including all personal identification. Have there been any other statutory instruments or manoeuvres used to widen access even further? Do the Government plan to use these data for

2 Apr 2009 : Column 1195

any other purposes, such as allowing potential employers to access them, either to check on applicants or to hunt for possible future staff?

This database is not the only one that the Government have wasted our money on. A Written Answer in the other place on 22 April 2008, at col. 2028W of Hansard, showed that ContactPoint had so far cost £103 million, with a further £121 million to be spent by March 2010, at an annual running cost of £41 million. ContactPoint has been the subject of much questioning, particularly from Members in another place. It will be able to access national data sources from within the DWP, the DCSF, the Department of Health and the Office for National Statistics and compare fragments of data that are duplicated therein.

On 17 March 2008, the Member for Basingstoke pointed out, at col. 604 of Hansard, that nine other children’s databases feed into ContactPoint, which is maintained by the DCSF in addition to the national children’s database and the Connexions database, which supplies information about children’s choices beyond school. I was concerned about this when we took the Children Bill through in 2004, and my noble friend Lord Northesk spoke at great length about it. At Second Reading, I raised the whole question of data and data processes, saying:

“Indeed, it appears that we are not to have any influence over the four data processes: the creation, amendment, access and destruction of data held on children. Who will be responsible for setting up each of the databases and the rules governing their operation?”.

I asked whether that would be just one national database and, of course, we have found that it is not. I said:

“Who will be allowed to add, amend or delete information? Who will be able to access the information held on the databases and what rules will govern that access? Who will delete the completed records? What rules or anticipated rules will there be? Will they be mandatory or will exceptions be made? More importantly, will young people have access to their own information? What access will families have to the information held on the lists? Is it envisaged that each LEA will have a local data base containing information on each child at the authority’s schools? Will the name of a child coming to the attention of one of the other authorities for a serious reason ‘go forward’ to the national data base?”.

These questions have not been answered adequately. I went on:

“Finally, who will ultimately expunge the records, or will they carry on throughout a child’s life into adulthood? These are questions which are certainly not tackled within the Bill. I am not the only one who is frightened that these personal records may be held by the state for time immemorial. This could have real repercussions on jobs, insurance and many other aspects of daily living”.—[Official Report, 30/3/04; cols. 1299-1300.]

Will the Minister also tell us whether, following my comments on the Children Bill, any other statutory instruments have had the same effect? What is the Government’s thinking on that?

Many of these children need help and I am not belittling the need to hold data on children, but surely it has got to the stage of perhaps being disproportionate. I am sure that I am not the only person to criticise the Government for their data collection mania. Deloitte carried out a review of the security of ContactPoint. The Government decided on 13 February 2008 to publish only the executive summary of the Deloitte

2 Apr 2009 : Column 1196

report, as reported at col. 2635W of Hansard on 5 March 2008, and then decreed that the resultant risk assessment, to be completed by May 2008, would remain unpublished. Why? The Government exist for the defence of the realm. These records held centrally, when taken with the increasing statutory provision for interdepartmental data sharing, will mean that young people who will now be on the database will have every detail of their lives—including place of employment from HMRC, sickness records from their PCT, marriage, car ownership, court appearances, parenting and housing—recorded by the state. We have reached a frightening stage.

I turn to a more recent letter, which the noble Lord sent on 31 March to the noble Baroness, Lady Maddock, in response to the 27th report of the Select Committee on the Merits of Statutory Instruments from the 2006-07 Session. The report drew special attention to the draft Children Act 2004 Information Database (England) Regulations 2007. These are very important. Paragraph 8 of the report, which covers the 2006 regulations, says:

“We stressed the concern expressed by some commentators about whether a database covering all children in England was a justified and proportionate response to the need to improve communication among professionals in relation to the smaller (though significant) number of children in need of specialist help”.

In paragraph 11, the committee points out that the DCSF’s summary states that there were 256 responses to the consultation, and explains that,

I wonder how much bearing that had on the outcome.

Finally, I turn to comments in paragraph 23, which deal with and are equally clear about the desirability of improving communication between professionals involved in the provision of services for children. The committee was not persuaded that the scheme provided by the regulations was an entirely appropriate approach to that objective. The report says:

“We do not consider that the Government have demonstrated conclusively that a universal database is a proportionate response to the problem being addressed, or that the additional benefits of a universal approach justify the additional costs and risks, as compared with a selective approach which would not include a child in the database unless or until the child’s needs for specialist or targeted services became apparent”.

In the letter that the noble Lord sent to the noble Baroness, Lady Maddock, he said that access is restricted to those,

I picked up on this sentence. I asked the Minister to clarify who would need it as part of their work. It seems to be a very open door. The second comment that I want to pick up on is:

“Mechanisms will be in place to prevent trawling”.

Perhaps the Minister could tell us more about that. I picked up on two more comments in his response. One was:

“It is important and appropriate to cover every child in England because any child or young person could require the support of additional services at any time”.

2 Apr 2009 : Column 1197

I do not belittle that; I agree with it. The letter goes on:

“It is not possible to predict accurately in advance which children will have additional needs— estimates show that 3-4 million children and young people will need additional targeted and specialist services at any one point in time”.

What about the others? Finally, I pick up on the comment at the end of the second page:

“The Department for Children, Schools and Families has consistently made it clear that it will not extend ContactPoint beyond its current phase”—

perhaps the noble Lord will tell us what that current phase is—

I shall listen with interest to the Minister’s response.

12.47 pm

Lord Campbell of Alloway: My Lords, it is a sheer privilege to follow my noble friend Lady Byford, with the question “Who will expunge the records of these children?” ringing in my ears. The point was made that the Government should deal with this assault on the individual by primary legislation. I do not need to say why. My next point is that the Minister has been asked highly important, relevant and critical questions which need an answer. He cannot answer all of them orally today, but they have to be answered. Will he undertake today to send all who speak in this debate a letter answering every single question? I refer not only to the questions of my noble friend but those from the noble Lord, Lord Maclennan, and other noble Lords, particularly my noble friend Lady Neville-Jones. This is not a joke. I really mean what I am asking. We must have answers to those questions. We have to know where the Government stand on this. We have no idea at the moment, or, at least, I have no idea.

I should have opened by saying that it is a great privilege to support my noble friend Lord Northesk. As one of the originators in understanding the data protection system, he has studied this matter for years and has always put his knowledge and expertise at the House’s disposal. I am very grateful to him for having done so again today in opening this debate.

This is not a prepared speech; I came to listen. I agree with every word that the noble Lord, Lord Maclennan, said. We usually, but not always, agree. On this occasion, I compliment him on his speech. It was beautifully prepared; he asked some questions; and they have to be answered.

I agree also with every word of the Church’s appreciation of the legal aspect of this matter—I shall come to another legal aspect in a moment which has not been quite touched on. The same goes for the contribution of my noble friend Lady Neville-Jones, who as a former security officer speaks with considerable authority on this matter, certainly as regards primary legislation. I want to say a word of appreciation also for what the noble Lady, Lady Saltoun, said. She gave an example of hideous, ridiculous, unacceptable interference with humanity which went right beyond the realms of inconvenience. One owes her a word of gratitude for having brought it to our attention.

2 Apr 2009 : Column 1198

I do not want to take much time. I turn to the legal aspect and the need for primary legislation. We have no domestic privacy law, nor have we ever had. Whether you are for it or against it is quite irrelevant; it is a matter of fact. We accepted into our law the European Convention on Human Rights. I shall not deal with article this and article that, and one thing and another—this is not a legal speech. We accepted the principles of that convention, drafted largely by members of the English Bar, years ago, and they are now used as part of our privacy law.

One has to accept that judges, on the facts and circumstances of each particular case, have to try to interpret those articles as they relate to a case. The judgment in the case of Max Mosley is related only to the facts and circumstances of that case; it is not of general application to all cases. You will find in the context of the problems arising from this question that the courts here will do their best to interpret the impact of the law on the case. Whether and how that will work is at this stage wholly unpredictable. Given that serious point, the Government must now really get down to the business of introducing their own legislation in conformity with the Human Rights Act.

12.56 pm

Lord Roberts of Llandudno: My Lords, many different approaches have been taken to this matter of security and freedom. I am sure that the Minister will answer the questions as they have been raised or, even, as the noble Lord, Lord Campbell, mentioned, write to us if there are any for which there is not time for an immediate answer today.

The crucial issue of freedom versus security has come up time and again. One extreme would be to tag us all so that exactly where we were and everything that we were doing could be known. I am told that mobile phones can nearly do that now: we can be located wherever we are. The other extreme, however, does not really exist, because we are all bound by law and to act within its framework. The problem always is where you draw the line between freedom and security. I shall raise just three concerns today.

Any scheme which limits freedom must be as fair and near-foolproof as possible. Plato spoke of the philosopher kings. Although they might succeed, our society is one of human beings, who make mistakes. We have all, therefore, to take extra special care. When we legislate, especially, we have a tremendous responsibility, because what we do here affects every person within the kingdom.

The Home Office needs to look closely at some of its recent projects, because they raise grave doubts as to its general approach. I have brought up in this House on a number of occasions the problem of the passport personal interview offices. The Home Office website says that 69 offices are up and running, so anybody going for a passport for the first time has now to have a personal interview. But it does not work like that, because there are supposed to be 22 remote-community personal video links, which I do not see as having been established. There are therefore some parts of the country, such as Anglesey and west Sutherland, which has a widely scattered population,

2 Apr 2009 : Column 1199

that do not have that facility. The network is not complete. Is it fair for the system to be instated at all when it does not affect everybody in the same way? What are the Government doing to get the passport personal interview network really up and running so that 100 per cent of the people are dealt with in exactly the same way?

How realistic and effective is this project? I asked about three months ago how many applications there had been. If memory serves me right, about 246,000 personal passport interviews had taken place. That was good; they were going to sieve out those who were not worthy of a British passport. But not one applicant had been refused. I ask the Minister, very sincerely, how effectively the passport personal interview network is proceeding. First, I question whether the passport personal interview offices, as an example of what the Home Office is doing, are really effective. Secondly, any network of information needs to be secure. In March 2009, a memory stick containing information on hundreds of police investigations went missing in Edinburgh. It was not encrypted. In January 2009, a disk containing personal details about 2,000 staff of the British Council was lost. In December 2008, Leeds Council apologised for losing a memory stick containing unencrypted details of 5,000 nursery age children. In September 2008, Ministry of Defence computer files with records of thousands of serving and former RAF staff were stolen. And so it goes on: incidents in Surrey, Lancashire and Glasgow, all in the past six months. Altogether, in the 12 months ending in December 2008, 29 million personal records were lost. Surely the whole system is not fit for purpose.

Finally, I turn to the financial priorities. In a time of economic hardship, can we afford some of these new projects? The noble Baroness, Lady Neville-Jones, mentioned ID cards. In October 2006, the Home Office gave the cost of their introduction as £5.4 billion, but by May 2008 it had increased by 37 per cent. The total cost now must be in the region of £11 billion to £12 billion. Is this good money given the current economic climate? On 24 March, just a week ago, the Home Secretary said in another place that it would cost £40 million to scrap the scheme. Is £40 million ever well spent? In Wales, we used to say—I am sure that it is said everywhere—that a stitch in time saves nine. To save in this way would be a help in the present economic climate.

Next Section Back to Table of Contents Lords Hansard Home Page