PUBLIC SECTOR AND PRIVATE SECTOR
55. The distinction between the public and private
sector is becoming increasingly blurred as public services are
provided through partnerships and other joint arrangements. Many
public sector bodies now employ outside firms to manage their
databases. In the public sector, and in joint arrangements, data-based
surveillance may be used to assist in the provision of social
benefits to individuals or groups, and in the identification of
people who may be either at risk of harm or who pose a risk to
others if they are not identified and properly treated. The Government
provided information on the many circumstances in which personal
information is, or will be, gathered and used by the public sector.
56. The development of "e-government"
and "Transformational Government",
including the sharing of personal data across departments and
agencies, represents a major innovation in the UK public sector.
What is sometimes called the "database state" (NO2ID,
pp 424-26) is the object of public attention when there are breaches
of security and data losses, theft or expenditure overruns.
57. The Government drew attention to the relationship
between central and local government, for example in respect of
the advice and guidance given by the Department of Communities
and Local Government (CLG) to local authorities on the use and
sharing of personal information in their revenues and benefits
departments. (pp 323-41) Local authorities are some of the
most frequent users of personal information. They are also among
those bodies which are permitted to conduct surveillance operations
under RIPA, and they
deploy and control most public-space CCTV systems.
58. Private sector surveillance is prevalent
in the majority of commercial environments, such as shopping centres,
supermarkets, stores, and banks. It has also become an inescapable
aspect of life on the internet, where the browsing behaviour of
online shoppers is routinely recorded and analysed by companies
and marketing firms. Surveillance now plays a major role in the
workplace, with many employers monitoring the behaviour of employees
in order to assess performance and prevent the use of online facilities
for private purposes.
59. There are many other instances of private
sector surveillance. The technology contained in mobile telephones
makes it possible for companies to monitor communications and
track geographic location. Camera systems can be used to watch
over warehouses, industrial and business premises that cannot
be patrolled easily or cheaply using guards. Domestic surveillance
devices can be readily purchased and installed in private residences.
60. The widespread use in CRM of consumer databases,
which are matched, mined, shared, rented, and sold commercially,
has become a central feature of business activity. Trevor Bedeman,
an independent consultant specialising in data and information
sharing, drew attention to data sharing practices within the private
sector. (p 385)
61. Credit referencing activities depend on the
processing of personal data, which is also indispensable for combating
financial fraud. Mike Bradford told us of Experian's concern to
maintain the trust of business clients and the public in the way
in which they safeguard and use personal data. (QQ 346, 350)
62. On the other hand, Toby Stevens, Director
of the Enterprise Privacy Group, told us that, although private
companies are obliged to comply with data protection principles,
human rights and related laws, there is no duty to offer privacy.
He argued that "privacy is, in fact, a secondary benefit
to the consumer arising from good commercial practice". (Q 343)
63. The RAE argued that schemes such as Oyster
cards and store loyalty cards "effectively collect data about
peoples' journeys and purchases by stealth, as the user may be
unaware that such information is generated when they are used.
It is not obvious that a loyalty card designed to attract customers
into a store will be used to harvest personal information used
in marketing, and it is not clear that the card should have to
function in that way." (p 435)
64. Mike Bradford told us that Experian were
actively working with government on how public and private sector
data can come together. (Q 362) The Government have also
been exploring ways of exchanging data with the private sector
to combat financial fraud through membership of CIFAS, the UK's
Fraud Prevention Service.
65. The Information Commissioner thought it was
not surprising that the police, the security services and other
agencies wanted access to private sector databases, but he alluded
to the dangers of a "free for all":
"It is a fundamental principle of data protection
that information collected for one purpose should not be used
for another unless certain requirements are met. So we are not
saying that there should never be access to private sector databases,
but we are saying that it should be controlled." (Q 18)
66. The trend towards more data sharing suggests
that the difficulty of tracing what happens to personal data,
and of maintaining clear lines of accountability and responsibility
for them, will increase over time, with implications for the current
regime of regulatory safeguards for the citizen.
67. In the following chapters, we consider these
issues in detail and offer recommendations on safeguards against
intrusions on privacy and excessive surveillance.