Enhancing the quality of scrutiny
366. We now consider more general ways of enhancing
the quality of parliamentary scrutiny. One obvious measure would
be to increase the involvement of the Information Commissioner
in the legislative process. David Smith, Deputy Information Commissioner,
told us that "where Bills are subject to parliamentary scrutiny
it is rather haphazard as to whether we get invited, whether
there is investigation of our areas." He wondered whether
there was "some scope to formalise that arrangement whereby
we have a right to be heard or something of that sort in the process
where there are significant implications in legislation for the
use and collection of personal information." (Q 8) Similarly,
Richard Thomas, the Information Commissioner, said that "we
would like
to have a stronger right to come forwardeither
the law requires some consultation with our office or that there
is a duty when a new scheme is being introduced to consult with
us." (Q 10) He noted that he did have a power "to
make a special report to Parliament" and accepted that "it
should have been used more frequently", but warned that there
were resource implications. (Q 15)
367. Graham Greenleaf, Professor of Law
at the University of New South Wales, went further and suggested
that the Information Commissioner should be under "a statutory
obligation to warn Parliament of any significant privacy dangers
that he perceives in legislation or regulation." He said
that the emphasis would be on the word "significant"
so that the Commissioner would not have to refer minor concerns
to Parliament. The advantage of a statutory duty, Professor Greenleaf
explained, was that the Information Commissioner would avoid having
to justify any intervention and would be less likely to face accusations
of playing "partisan games". (Q 80)
368. Professor Bert-Jaap Koops, Professor of
Law and Technology at Tilburg University Institute for Law, Technology
and Society (TILT), told us that the Dutch Data Protection Authority
works with its national parliament and provides advice on intended
legislation. (Q 513) Indeed, Professor Koops made it
plain that he considered such an advisory role to be an essential
part of the regulatory function:
"I see two functions for regulatory authorities:
one is to supervise the way that data protection law and also
privacy law is being implemented and lived up to in practice
but I think the other role could be equally important, which is
to provide parliaments with advice on intended legislation".
(Q 513)
369. Dr Pounder suggested that the Information
Commissioner should have the power to refer matters of concern
to Parliament for consideration and action. (Q 847) This
would exist in addition to the annual and extraordinary reporting
processes currently set out in the Data Protection Act 1998 (DPA).
370. We believe that the Information Commissioner
should have a greater role in advising Parliament in respect of
surveillance and data issues. We therefore recommend that the
Government should be required, by statute, to consult the Information
Commissioner on bills or statutory instruments which involve surveillance
or data processing powers. The Information Commissioner could
then report any matters of concern to Parliament.
371. Several witnesses stressed the importance
of Parliament, in the course of scrutiny, considering the effects
on society of surveillance measures. Liberty told us that "Parliament
is particularly well-placed to assess the wider societal impact
of measures which interfere with personal privacy. While the courts,
for example, often focus on individual cases, Parliament is better
able to look at the broader picture." This was particularly
important in the context of surveillance and data protection because
"it is only when one aggregates the impact of such measures
across the millions of people they affect that one can see the
real extent of their effect on privacy and their significant constitutional
implications." (p 103)
372. Professor Koops accepted the importance
of such an approach, but warned that "the policy and societal
debates often focus on the individual steps rather than on the
entire leap, and it is questionable whether the cumulative move
towards surveillance is evidence-based and well-considered."
(p 173) The reason for this, he explained, was that parliaments
were "incident driven" and tended to focus on "a
single measure which seems important because with this you can
prevent what happened last week, and so they look at each single
measure
[and] do not have the overall picture and disregard
the cumulative effect which all these measures together have on
privacy." (Q 507) Therefore, he suggested, "a key
recommendation for legislatures is to pay more attention to empirical
underpinning of surveillance measures and their cumulative effect,
to commission evaluation studies, and to use sunset clauses in
legislation in case a measure does not show effect." (p 173)
373. Professor Ian Loader, Director of the
Centre for Criminology, University of Oxford, also identified
a systemic failure to take a cumulative and evidence-based approach:
"I sometimes think that surveillance measures
in general, and let us take closed-circuit television cameras
as an example, are what you might describe as destined to succeed.
If it can be established that they have been a success in reducing
levels of crime or fear of crime, then the answer is that we need
more of them. If it can be established that they have not succeeded,
then the answer is always that we need more of them
It
seems to me that the consequence of that is that there is a ratcheting
up process going on here. In other words, that once you put certain
kinds of measures in place, it becomes very difficult to imagine
the circumstances in which you could successfully take them away
again, either legally, politically or culturally." (Q 610)
374. In Chapter 1, we drew attention to the spread
and increase in surveillance and data collection over many years.
It has been difficult for Parliament to scrutinise the piecemeal
way surveillance has developed to cover so many aspects of everyday
life. One way of increasing the ability of Parliament to take
a more cumulative and evidence-based approach is to establish
a Joint Committee of both Houses tasked specifically with considering
surveillance and data issues, both through bill scrutiny and through
wider policy inquiries. At the moment the remit of the JCHR only
touches on surveillance and data issues insofar as they engage
Convention rights. Similarly, the Constitution Committee can only
consider surveillance and data powers during bill scrutiny insofar
as they concern a point of principle affecting a principal part
of the constitution. Furthermore both Committees already have
a considerable workload. It is therefore desirable to set up a
new Joint Committee that could look beyond the "individual
steps" and single measures. The new Committee could scrutinise
new surveillance and data processing powers against the broad
policy context and consider empirical evidence on the effectiveness
of the techniques involved, and on their effects on society and
individual privacy. Such a Committee could build up a significant
body of knowledge and employ its institutional memory to ensure
continuity and consistency in legislative activity in this field.
375. We note the Canadian example of a parliamentary
committee on access to information, privacy and ethics, which
provides greater scrutiny of privacy protection issues. This Committee
is able to subject bills to pre-legislative scrutiny.[175]
376. We recommend that a Joint Committee on
the surveillance and data powers of the state be established,
with the ability to draw upon outside research. Any legislation
or proposed legislation which would expand surveillance or data
processing powers should be scrutinised by this Committee.
377. An important element in maintaining an evidence-based
and cumulative view of the surveillance landscape is the evaluation
of whether legislation already enacted is operating as intended.
As David Feldman, Rouse Ball Professor of English Law, University
of Cambridge, warned us:
"One of the features of legislation that
confers new powers on any agency is that they start by conferring
it to deal with what is billed as an exceptional problem or threat,
and usually the power is nicely limited and it is subject to carefully
thought out safeguards which provide a graduated system for ensuring
that the use of the power is properly limited and proportionate.
It then becomes, as it were, normalised and increasingly drifts
across into other functions, other agencies, and at the same time
what tends to happen is that the safeguards, which were carefully
thought out at the initial stage, get watered down, and that is
a pattern which has been a common feature of police powers, data
sharing powers, a whole range of powers to obtain and then use
information across a very wide range of statutory fields."
(Q 531)
378. The Government recently published its strategy
on post-legislative scrutiny, proposing that departments should
produce memoranda on most acts three years after enactment, with
the relevant House of Commons select committee (or other committees
where appropriate) then deciding whether to conduct further scrutiny.[176]
379. We urge the Government to give high priority
to post-legislative scrutiny of key statutes involving surveillance
and data processing powers, including those passed more than three
years ago. The statutes should be considered as part of a whole,
rather than in isolation. This post-legislative role could be
carried out effectively by a new Joint Committee on surveillance
and data powers.
172