Previous Section Back to Table of Contents Lords Hansard Home Page

The infringement proceedings assert that, in line with the data protection directive, consent for interception must be freely given, specific and informed. UK law, on the other hand, has allowed that interception is lawful when the interceptor has reasonable grounds for believing that consent has been given. The EU Commission is also concerned that the UK does not have an independent national supervisory authority dealing with such interceptions. As the clock is ticking on the two months given by the Commission for a response, will the Minister now commit to a review of the consent provisions under RIPA, and will he commit to establishing responsibility for private sector communications interception and storage, under the aegis of either an existing body such as the ICO or a new independent authority?

Answers to Parliamentary Questions confirm that the Government are considering utilising deep-packet inspection as part of the interception modernisation programme, which was confirmed to me in Written Answer HL2760. The use of DPI has been one of the main objections in the Phorm saga because of its potential to uncover personal information by reading the data part of internet traffic, rather than just the header. I do not believe that it is consistent with RIPA, but the Government have not made clear whether or not it is.

23 Apr 2009 : Column 1664

Will the Minister explain what uses DPI is being considered for as part of the interception modernisation programme? Will he confirm that one of the reasons why the Home Office has been unwilling to clarify its position on Phorm-like systems is because it is interested in using the technology itself, perhaps in the “black boxes” being considered as part of the communications database?

Before the Minister suggests to me that this is just a conspiracy theory on my part, this morning I received the answers to freedom of information requests to the Home Office from Mr Phil Main that confirm that the department e-mailed Phorm’s legal representative on 23 January 2008, offering the company the draft paper for its comments on exactly how targeted online advertising would comply with provisions under RIPA. I find it extraordinary—shocking, even—that the Home Office, when drawing up what was legal under RIPA, would consult the very company that may or may not be acting legally. That is beyond any question of “poacher turned gamekeeper”, and I would be grateful for the Minister’s comments.

On the crossover between the public and private sectors, there have been revelations in the news over the past few days that the Department for Business, Enterprise and Regulatory Reform gave E.ON secret police information regarding the peaceful protest at Kingsnorth. It is one thing for the police to gather intelligence about a demonstration, but it is quite another for the Government to be able to access that information and then leak it to a private company. That sort of informal data sharing should be governed by clear and transparent rules in the same way as sharing between databases, especially at the crossover between public and private bodies. Not only should data be kept for very clear purposes, but we must remember that the way in which it is shared can be dangerous.

Fortunately, we in this House will not be faced with the appalling provisions that were originally in the Coroners and Justice Bill because they were withdrawn in the House of Commons in the face of united opposition to them. Very wide data-sharing powers were proposed, and I am glad that the Government realised that they would never get them through this House.

I am glad that the noble Lord, Lord West, is answering these points today. On Tuesday, when I asked him my Question about protest, I had not realised that it was his birthday so I had no opportunity to put on the record my wishes to him about a happy birthday. I am able to do so only belatedly, but now the date of 21 April will be burnt into my memory and I shall never forget again.

3.50 pm

Baroness Hanham: My Lords, perhaps I may follow that by saying that I was done out of my speaking part on the same day by the Deputy Leader of the House calling the Liberal Democrats at the last minute. I, too, had been poised to wish the noble Lord happy birthday. Now he has it on at least three occasions, because I said it to him informally as well.

Like other noble Lords, I thank the noble and gallant Lord, Lord Craig, for giving us another opportunity to debate this extremely important subject.

23 Apr 2009 : Column 1665

As he stressed, the importance of civil liberties and the balance between the requirement of the state to have a limited amount of information and the need to guard against intrusiveness are the main ingredients that we need to be addressing.

One of the main questions arising from the debate is that this country is now, in the assessment of the organisation Privacy International, ranked as the most invasive surveillance state and the worst at protecting individual privacy of any western democracy. Is that a sobriquet with which we are happy to live? As other noble Lords have said, including the noble and learned Lord, Lord Woolf, in his excellent speech, the balance between the state and the right of the individual is now clearly of great importance.

There are always sound and beguiling reasons for the collection and retention of data. One of the most prevalent reasons currently, as has been said, is for the protection against and detection of terrorism—for who can argue against the need to provide security and safety? That is the rationale that lies behind the new e-Borders scheme and the retention of DNA and it was, at least initially, the ground for the Government deciding to introduce identity cards. I was enormously encouraged by the stringent critique made by the noble and learned Lord, Lord Steyn, of this proposal. I agree with him: if people in this country begin to realise that they are going to have to carry identity cards, they will be less than happy about it. Identity cards are already on the way, however. We have already introduced biometric visas for foreign nationals. That information will be put on passports in the future, and more information will be contained as time progresses.

As other noble Lords have said, most recently we have had the EU directive, which this Government have agreed to implement, that all e-mail and internet traffic should be kept indefinitely, so that such information can be interrogated at any time to check on the position and activities of anyone suspected of crime. That is, of course, the initial rationale for it. Other noble Lords have drawn attention to the use of CCTV and the increasing technology to control drivers and road law. It is hard to know whether to laugh or weep at the general justification for the retention of details to keep us all safe.

In addition to those databases associated with prevention of crime and terrorism, there are others that collect information for social or good purposes, such as the NHS IT system. That system will, although it is taking a long time to become operational, contain information on every patient in a hospital or doctor’s surgery. Then there is ContactPoint, the comprehensive database on children, and the national pupil database, which will carry even more details on children’s progress through their school lives.

The fact that this information is designed to be accessed and transferred to other public bodies without the consent of the person in question raises many concerns, most especially where children are involved. Noble Lords may have seen the recent publication by the Nuffield Foundation on the widespread sharing of often highly sensitive personal data in the context of Every Child Matters. It states:

23 Apr 2009 : Column 1666

“The data sharing, and the improper use of children’s consent for this, was criticised by the Foundation for Information Policy Research ... in a study carried out in 2006, ‘Children’s Databasessafety and privacy’. The study also concluded that the data sharing was in violation of European law”.

We have heard a bit about that this afternoon.

There are now an alarming number of “best of reasons” databases on children, including the national childhood obesity database, which will calculate and retain details of a child’s body mass index. There is also, as already mentioned, ContactPoint, which came about as a result of the Victoria Climbié disaster to try to prevent the situation that occurred when several agencies were involved in overseeing that poor child’s life, each failing to liaise properly with the other. ContactPoint was billed as,

However, together with the other child systems, it is a further encroachment on what should be a right for families to bring up their children in privacy—unless, of course, they are doing something very wrong.

So much is done for the best possible reasons. However, the downsides are beginning to be well understood, particularly the inability of the Government to guarantee the safety and confidentiality of information, with disks lost in the post or left on a train. The Information Commissioner had recorded 277 breaches of data confidentiality at the end of October 2008, with a further 99 in the three months to January 2009. That is considerable number of breaches, some worse than others.

The other downside is the encroachment on people’s lives and the impossibility of having one’s name or details removed from any of these databases, even if one wants that. The worst of these, of course, is the DNA database, which now has details of some 5 million people, all having been screened as part of a criminal investigation. It is nigh impossible for someone who is cleared of any involvement in a crime to have their details removed, whether proved guilty or not.

I and my party are not against a database for serious offences, particularly for those who have been found guilty. However, we object to the amalgamation of an enormous number of details about a lot of people who should have no contact with enforcement agencies of any sort. A number of voices have now been raised in concern about what is going on. The Home Affairs Select Committee, the European Court of Human Rights—I hear what the noble and learned Lord, Lord Woolf, says—the Government’s own ethics committee on DNA and, most recently, the Rowntree report Database State have all said that the unlimited retention of DNA samples is at worst illegal and at best unethical. Does the Minister not think that the most recent statistics, which indicate a fall in the number of crimes for which DNA matches were available, should give the Government pause for thought?

As the noble Baroness, Lady Miller, mentioned, the Government were, as a result of the decision of the European Court of Human Rights, going to undertake some form of public consultation on DNA retention, with primary legislation following in a forensic White

23 Apr 2009 : Column 1667

Paper. However, it now seems that even that limited exposure to public scrutiny may be denied as attempts are made to shoehorn amendments into the Policing and Crime Bill to give the Home Secretary the right to make regulations on the retention and destruction of photographs, CCTV images and fingerprints. The questions raised by the holding of all this material, and its possible destruction, should not be a matter for a limited debate on a regulation—if, indeed, it ever comes to Parliament. The European Court of Human Rights made it clear that there was a need for greater openness and accountability around the governance of DNA data and the destruction of fingerprint samples. What are the Government going to do to ensure that those strictures are met? I have some sympathy with what the noble Lord, Lord Soley, said about the usefulness of DNA collection, but usefulness and the case and causes for which it may be collected do not necessarily run together.

The subject raised by the noble and gallant Lord, Lord Craig, today and in the debate initiated by the noble Earl, Lord Northesk, a couple of weeks ago is becoming one of enormous complexity, yet it really rests on the words of the Information Commissioner, who said:

“Before new databases are launched careful consideration must be given to the impact on individuals’ liberties and on society as a whole. Sadly there have been too many developments where there has not been sufficient openness, transparency or public debate”.

The Government need to heed what is being said and take note of the creeping concerns that, to quote the Information Commissioner again, this time on the subject of a communications database:

“The plans are a step too far for the British way of life”.

We need to be aware of the British way of life and ensure that we do not transgress it or trespass on it.

4 pm

The Parliamentary Under-Secretary of State, Home Office (Lord West of Spithead): My Lords, I am very grateful to all those who have spoken in this important debate and particularly to the noble and gallant Lord, Lord Craig of Radley, for this Motion for Papers. It is only right and proper that this debate is taking place. The debate seeks to consider the profound question of the role of the state in protecting individual freedom, including privacy and civil liberties, while ensuring protection from those who would seek to do us harm. A number of speakers raised that issue, which is the nub of the matter.

While there will always be people on either side of the debate claiming that things have gone too far in one direction or another, the role of government is to protect and balance both types of freedom. In an era of rapid technological change—this was touched on by my noble friend Lord Soley and the noble Earl, Lord Erroll—it is right that we constantly satisfy ourselves that we have that balance correct. That balance is maintained by a strong legislative framework; namely, the Data Protection Act and the Human Rights Act. As Article 8 of the European Convention on Human Rights, as set out in the Human Rights Act, stipulates:

23 Apr 2009 : Column 1668

“Everyone has the right to respect for his private and family life, his home and his correspondence. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others”.

It is the very fact that privacy is a qualified right—one that needs to be balanced against collective interests such as national security and prevention of crime—that creates the debate. The technology of the 21st century has completely reshaped the way we live our lives. Each day all of us give out a huge amount of personal information about our finances, travel arrangements, phone calls, internet use and purchases. We all recognise the benefits this brings us as individuals. The use of personal data is essential to protecting the public and, as my noble friend Lord Soley explained, to delivering efficient, effective and joined-up public services. It is required to tackle severe threats including serious crime and terrorism, to protect the public from crime more generally and anti-social behaviour, and to help people get access to the benefits and new opportunities to which they are entitled. We want to create services that improve people’s lives and are simple and easy for them to use.

Technology has dramatically improved our capability to protect people from serious crime and terrorism. The use of communications data helped to avert at least 35 threat-to-life situations, including murders, in 2006-07. DNA techniques have helped bring thousands of serious offenders to justice, helping police to solve around 1,000 rapes and murders in 2006-07. Employment checks have prevented around 80,000 unsuitable people gaining work with children and vulnerable people between 2004 and 2007. Focused targeting of dangerous individuals has helped us to pre-empt many attacks and bring serious criminals and terrorists to justice. I mention those figures to show some of the things that can be achieved. But such changes are also challenging to our capabilities. We need to modernise our safeguards to ensure that personal data are protected, that they are kept secure, and that there is an effective and transparent means of redress when things go wrong. These are difficult things to do, and we are trying hard to achieve them.

We have strict controls on the way in which data are held in the public sector and who has access to them. For example, the DNA database, which a number of speakers have raised specifically, can be directly accessed only by a very small number of people and for limited information, to allow for potential crime scene matches.

Departments are also investing time and energy on implementing the mandatory minimum standards set out in the Data Handling Procedures in Government report published in June 2008, to make certain that personal information is managed properly and used securely for the public’s benefit. That was the report that came after the study post the HMRC issue where there was a major error. I understand the concerns regarding the loss of data by government departments in the past. Such losses are unacceptable, as I have said on the Floor of the House a number of times.

23 Apr 2009 : Column 1669

We have done a lot to tighten this up, and we are continuing to do it. A major teaching effort is required there. In the Home Office, we have taken a number of steps to improve our management of personal information. One such step is the publication of an information charter setting out the standards that the public can expect when the Home Office requests or holds their personal information, how they can access their personal data and what to do if they do not think that standards are being met.

We are also committed to the independent oversight of information and making sure that the public are confident that the information we hold is accurate and secure. A number of speakers have touched on that and on the concerns that that raises. For example, the ID cards scheme will be overseen by a newly appointed independent commissioner, the Identity Cards Act strictly limits the provision of information, and we will make it easy for people to check what is held about them and who has checked their information.

We need to make sure that policies are proportionate and balance the respect for privacy with the potential harm. Sophisticated surveillance techniques must be used to deal with severe threats to the public from serious criminals and terrorists. But it is equally important that ordinary, law-abiding people are free to go about their daily lives without fear of intrusion. That is why, last week, the Government launched their public consultation on the use of the Regulation of Investigatory Powers Act—RIPA—explaining and seeking views on which public authorities should be authorised by Parliament to use which covert investigative techniques, and how they can do so in compliance with the law to combat crime and terrorism and to protect public safety, but not to investigate trivial offences, which is not appropriate.

Closed circuit television has been a vital weapon in fighting crime for a number of years, and I shall come to some further related points later. The reassurance that CCTV provides to the law-abiding public is quite evident to me. I live in Hackney, and people there have told me that they like having CCTV covering certain areas, and I think that it is the same across the nation. However, there are accusations of invasion of privacy and, if CCTV is to work effectively, it must be operated in a way that commands the confidence of the community that it is there to serve. The Home Affairs Select Committee made a number of recommendations in respect of CCTV, including the establishment of a national body, the undertaking of further research into the effectiveness of CCTV as a deterrent to crime, the creation of standards to enhance the value of CCTV images and a review of retention periods for CCTV footage. All these important issues will be addressed as part of the work being undertaken by the National CCTV Strategy Programme Board.

The issue of personal privacy and public protection will, rightly, always be a live debate. This Government are committed to making sure that Britain is a safe place to live, while maintaining its long-standing traditions of liberty and privacy. A number of speakers have talked about that, and I assure noble Lords that it is absolutely the view of the Government as well that

23 Apr 2009 : Column 1670

they should be maintained. We will be as open and transparent as possible with the public about what we do and why.

That is why we are launching a public consultation on the way that we maintain our ability to access communications data in the face of a changing world of communications technologies. We will shortly publish a public consultation paper with proposals on a new retention framework to effect the implications of the judgment on DNA in the light of the finding from the judgment and the requirement of the European Court. We will draft regulations for consideration and for submission to Parliament later this year for approval. That point was remarked on by the noble Baronesses, Lady Miller and Lady Hanham. I hope that covers some of those points.

We are establishing a public panel to help us to understand public concerns around ID cards. We will listen to and engage with the public to make sure that we strike the right balance for the continued protection of the country and its citizens.

Let me touch on some of the specific points that were raised. The noble and gallant Lord, Lord Craig, is quite right that there has not been a detailed look at exactly what benefit CCTV has in reducing crime. That has not been done in a proper, empirical way, although we have a lot of evidence that is not empirical. The national CCTV strategy programme board will be doing a lot more work on this. We know, for example, that ANPR is a very useful tool. We know that CCTV played a key role in the investigation into the London terrorist outrages in the attack on Tiger Tiger and then on the airport in Glasgow. We were almost able to catch the men just before they set off to attack the airport—that is how good we were at using that CCTV and how important it was. Sadly, we just missed them, and so they got there.

The noble and gallant Lord, Lord Craig, also asked about the period for which CSPs are required to retain communication data. The answer is 12 months. I was also asked about the Constitution Committee report on surveillance. We are currently preparing the response, which will be issued very shortly.

The noble and gallant Lord said that crime was not going down. I am always wary of quoting statistics. We all know about statistics—one has to assume that they are correct and, if one is basing things on them, there is no doubt whatever that there has been a major fall in crime since 1997. Overall crime has fallen by 39 per cent, violence by 40 per cent and burglary by 55 per cent. We are facing some challenges in that there seems to be a slight rise again in burglary, but overall those are the sorts of figures that we are talking about.

I touched on the protection of personal data. A specific point was raised about Google Street View. The Information Commissioner has stated that he is satisfied that Google is putting in place adequate safeguards to avoid any risk to the privacy or safety of individuals, including blurring registration plates and faces. Google is also providing access to a mechanism by which anybody can report an image that causes them concern and request for it to be removed, which will then be done.

23 Apr 2009 : Column 1671

I have touched on ensuring how data are kept up to date and secure, stemming from the review on data handling. That was mentioned by the noble and gallant Lord, Lord Craig, my noble friend Lord Soley and a couple of other speakers.

Next Section Back to Table of Contents Lords Hansard Home Page