Surveillance: Citizens and the State - Constitution Committee Contents


Memorandum by JUSTICE

INTRODUCTION

  1.  Founded in 1957, JUSTICE is a UK-based human rights and law reform organisation. Its mission is to advance justice, human rights and the rule of law. It is the British section of the International Commission of Jurists.

  2.  JUSTICE welcomes the Committee's inquiry into the impact of surveillance and data collection upon privacy and the relationship between citizens and the State. Although we recognise that surveillance and data collection can sometimes be a legitimate tool (eg in the fight against crime)—few would dispute the usefulness of such developments as search engines and databases—but such advances also have an obvious potential to interfere with individual privacy if not properly regulated. In particular, they place an unprecedented amount of personal information in the hands of the state. However benign the state's intent, the potential for misuse is vast.

  3.  JUSTICE has long been concerned with the impact of various kinds of surveillance[20] and data-collection—from the increasing use of public and private databases to the growth of CCTV—on the protection of privacy as a fundamental right. For instance, we first pressed for data protection controls in our 1970 report, Privacy and the Law. In 1998, we published Under Surveillance: Covert policing and human rights standards, arguing for much closer regulation of governmental powers in this area.

  4.  Sadly, the development of effective legal and practical safeguards for individual privacy have lagged far behind the pace of technological developments and the uptake of surveillance technologies by both the public and private sector. Indeed, as a number of recent reports have shown,[21] the UK has the dubious reputation as a market leader among western nations in a number of surveillance-related fields, from the scale of the national DNA database ("NDNAD"), the number of CCTV cameras per capita, to the adoption of biometrics in passports and drivers licences. Due to constraints of space, however, this submission is not meant to provide a comprehensive analysis but instead, it deals only with the broader human rights issues arising from surveillance and data-collection.

PRIVACY AS A PUBLIC GOOD

  5.  In the debate over surveillance, it is often assumed that the interests at stake are those of the general public versus the individual's interest in maintaining his or her privacy. We think such a view is both simplistic and mistaken, relying on a false opposition between the public interest and the individual right to privacy.

  6.  In our view, privacy is best understood as a public good. By this we mean that there is a collective interest in maintaining a society in which personal privacy is protected. There are a number of reasons for this, not the least of which is that a free society is one that respects individual freedom to live a life without undue interference or scrutiny. Another reason is the belief that individuals are more likely to be contribute to the maintenance of a good society where they recognise that that society is concerned to protect their own rights, including the right to privacy.

  7.  The maintenance of privacy as a collective good, however, requires not only governmental action but also restraint. In our view, threats to privacy are likely to come as much from unnecessary and over-intrusive governmental measures, such as the Identity Cards Act 2006, as from surveillance or data-gathering by the private sector. Too often, the government's enthusiasm for the administrative or forensic benefits of new technologies appears to outstrip its respect for privacy. The importance of restraint by government is particularly important in the context of the UK's common law tradition.

PRIVACY AND THE COMMON LAW TRADITION

  8.  Unlike the overwhelming majority of European jurisdictions,[22] the UK is a common law jurisdiction. The way in which privacy is protected under UK law therefore differs significantly from the way in which it is protected in continental legal systems, notwithstanding the overarching protection provided by the right to respect for private life under Article 8 of the European Convention on Human Rights ("ECHR"). In particular, because the conventional approach of the common law is one of "negative liberty" (ie whatever is not prohibited by statute is permitted),[23] privacy was traditionally protected by the absence of legislation rather than a specific set of legal principles.[24] It was therefore unnecessary for the common law to develop such principles.

  9.  Even with the growth of new technologies and governmental measures impinging on privacy, however, the courts have remained reluctant to develop a common law right of privacy, primarily because of a concern that it would involve regulation of a kind far more detailed than common law rules are normally able to achieve and, indeed, far beyond the democratic competence of the courts to provide.[25] The data protection principles in Schedule 1 of the Data Protection Act 1998 ("DPA"), for example, would have been well outside the institutional capability of the courts to develop.

  10.  For this reason, the common law right to privacy has remained significantly underdeveloped, by contrast with most European jurisdictions and, indeed, even by comparison with many other common law jurisdictions.[26] Although section 6 of the Human Rights Act 1998 imposes a positive duty on public authorities to act compatibly with Convention rights—including Article 8 ECHR—it is important to bear in mind the limitations of Article 8. As a qualified right, it affords significant leeway to national authorities to interfere with personal privacy for various governmental purposes.[27] Nor is the European Court of Human Rights in a position to develop a UK law of privacy in the absence of action by the UK courts and Parliament. Most of all, the protection to privacy afforded by Article 8 should be seen as "a floor, not a ceiling".[28] Although we regard the Human Rights Act 1998 as a constitutional document and the rights protected therein as constitutional rights,[29] it is also important to bear in mind the limitations of the legal framework for protection of constitutional rights in the UK.

  11.  Also, while we welcome the influence of comparative law, particularly in terms of understanding the UK's obligations under the ECHR and EU law, we are concerned at the government's reliance on examples of European practice in debates on privacy measures, eg the widespread use of ID cards in many continental jurisdictions. In our view, it is unhelpful to cite the experience of European jurisdictions on such matters without having regard to the wholly different sets of checks and balances that exist in those jurisdictions to protect personal privacy. Given the widespread lack of understanding of the differences between the common law and continental legal systems, such examples can only have a deeply misleading impression.

  12.  Ultimately, while Article 8 ECHR and section 6 of the Human Rights Act provide an important check against arbitrary and intrusive measures, it is a mistake to suppose that judicial supervision is enough to maintain privacy as a public good in the UK. In particular, Parliament cannot abdicate to the courts its responsibility to govern well, in particular by restraining the executive's enthusiasm for the administrative benefits of surveillance and data-collection.

THE NEED FOR GOVERNMENTAL RESTRAINT

  13.  In our view, the government typically fails to address in a principled manner the core elements of the right to privacy under Article 8 ECHR: (i) whether a particular measure that interferes with personal privacy is necessary; and, if so, (ii) whether the interference is proportionate to the particular aim that the government seeks to pursue. In short, the government frequently seems more concerned with whether it could establish a new database, etc, and not with the more important question of whether it should.

  14.  A prime example of the government's failure to take the principles of necessity and proportionality to heart is the increasing scope of the National DNA database ("NDNAD"), to include the retention of DNA samples of those persons arrested but either not charged or subsequently acquitted.[30] The genetic information contained in DNA represents the most intimate medical data an individual may possess. The retention and use of an individual's DNA sample without their informed consent, together with the knowledge that an unspecified number of people may have access to that information over an indefinite period via the database, surely constitutes a grave interference with personal privacy. While the legitimate interest in the prevention and detection of crime may justify the retention of DNA profiles of those proven guilty and charged, it cannot be used to justify the indefinite retention of DNA of individuals who are by law presumed to be innocent.[31]

  15.  Although we predict that it is highly likely that the ultimate effect of these provisions is that UK government will be found in breach of Article 8 ECHR, we reiterate our view that privacy is too important a matter to be left to the courts alone. It is the responsibility of Parliament to ensure that governmental measures affecting privacy are no more than are strictly necessary and that any such measures are carefully tailored to keep any interference with privacy to a minimum.

INADEQUATE COVERAGE OF EXISTING PRIVACY LEGISLATION

  16.  If Article 8 ECHR by itself is insufficient to provide wholesale protection of privacy under UK law, it is equally a mistake to suppose that existing privacy safeguards, such as the DPA or the Regulation of Investigatory Powers Act 2000 ("RIPA"), are capable of providing comprehensive protection. This is particularly evident in relation to the regulation of CCTV cameras.[32]

  17.  In 2003, for instance, the European Court of Human Rights found that the lack of any legal remedy for a person whose failed suicide attempt was captured on CCTV and then distributed to the media by the local authority meant that the UK was in breach of Article 8 ECHR.[33] Although the facts of the case show a measure of support for the use of CCTV (the CCTV operator contacted the police), they also highlight the manifest lack of effective regulation for how CCTV is used. Although the DPA governs certain aspects of CCTV usage (specifically the handling of sensitive personal data), it does not provide—and was never intended to provide—a comprehensive legal framework governing CCTV placement and usage.[34] Indeed, it is unclear whether the DPA safeguards even extends to CCTV used for undirected or passive surveillance, since the Court of Appeal has held that "personal data" within the DPA applies only to "information relating to an identified or identifiable individual".[35]

  18.  Similarly, in our recent report on intercept evidence,[36] we noted that the UK is virtually alone among common law countries in allowing the interception of telephone calls, emails, letters and faxes by authorisation of the Home Secretary rather than by a judge. The framework for lawful interception of communications in Part I of RIPA provides for only ex post facto judicial supervision of only the most limited nature. It is instructive to compare the detailed, open and transparent reports produced by the Canadian[37] and US[38] federal governments on the use of electronic surveillance with the paucity of information available under the report of the UK Interception of Communications Commissioner.[39] It is equally striking to note the similarities between the UK's system of intercepts without prior judicial authorisation and the system of warrantless surveillance operated by the National Security Agency and recently held unconstitutional by the US federal courts.[40] In our view, the power of the Home Secretary to issue interception warrants for both intelligence and law enforcement purposes should be replaced with a scheme for judicial authorisation of interceptions. This would bring the UK into line with the practice of virtually every other common law country.[41]

21 June 2007
























20   By "surveillance", we mean not only "directed" or "intrusive" surveillance as defined in subsections 26(2) and (3) of the Regulation of Investigatory Powers Act 2000 (ie covert surveillance by law enforcement or intelligence bodies likely to obtain private information about an individual, including private residences), but also what might be termed "passive" or "undirected" surveillance, eg information gathered by a CCTV camera. Whether it is analytically helpful to describe large-scale practices of data-gathering, retention, sharing, mining and profiling as "surveillance" per se is something we do not address. But the practices of data-mining etc have an obvious common factor with surveillance: the use of personal data for the purpose of monitoring, policing or regulating individual conduct. Given that data gathered for one purpose (eg health care) may readily be used for another (eg investigating criminal activity), it makes sense to consider the general establishment of databases by the public and private sector as an aspect of the surveillance debate. Back

21   See eg Royal Academy of Engineering, Dilemmas of Privacy and Surveillance: Challenges of Technological Change (March 2007); Surveillance Studies Network, A Report on the Surveillance Society (September 2006). Back

22   The only other EU member state with a common law system is the Republic of Ireland. However, the right to privacy is there recognised as an unenumerated constitutional right implied within the scope Article 40.3 of the 1937 Constitution: see eg the Supreme Court decision in Kennedy v Ireland (1987) IR 587 per Hamilton P: "Though not specifically guaranteed by the Constitution, the right to privacy is one of the fundamental personal rights of the citizen which flow from the Christian and democratic nature of the State. It is not an unqualified right. Its exercise may be restricted by the constitutional rights of others, or by the requirements of the common good, and it is subject to the requirements of public order and morality ... The nature of the right to privacy is such that it must ensure the dignity and freedom of the individual in a democratic society" [emphasis added]. Back

23   See eg Lord Steyn, "Democracy, the Rule of Law and the Role of Judges", Attlee Foundation Lecture, 11 April 2006: "The spirit of liberty is the dominant theme of the common law. Whatever is not specifically forbidden, individuals and their enterprises are free to do. By contrast the government and its agencies may only do what the law permits; what is done in the name of the people requires constant examination and justification". Back

24   As Lord Hoffman noted in Wainwright v Secretary of State for the Home Department (2004) 2 AC 406 at para 31: "There seems to me a great difference between identifying privacy as a value which underlies the existence of a rule of law (and may point the direction in which the law should develop) and privacy as a principle of law in itself. The English common law is familiar with the notion of underlying values-principles only in the broadest sense-which direct its development. A famous example is Derbyshire County Council v Times Newspapers Ltd [1993] AC 534, in which freedom of speech was the underlying value which supported the decision to lay down the specific rule that a local authority could not sue for libel. But no one has suggested that freedom of speech is in itself a legal principle which is capable of sufficient definition to enable one to deduce specific rules to be applied in concrete cases. That is not the way the common law works" [emphasis added]. Back

25   See eg Malone v Metropolitan Police Commissioner, [1979] 2 All ER 629 per Megarry VC at 649: "telephone tapping is a subject which cries out for legislation"; Lord Hoffman in Wainwright, n5 above, para 33: "[the creation of a tort of invasion of privacy] is an area which requires a detailed approach which can be achieved only by legislation rather than the broad brush of common law principle". Back

26   The more developed right to privacy in some other common law jurisdictions can be attributed to the greater constitutional role accorded to the courts in those jurisdictions in protecting fundamental rights, see eg the development of the right to privacy by the US Supreme Court in Roe v Wade 410 U.S. 113 (1973). Back

27   See Article 8(2): "There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others". As the European Court of Human Rights noted in Peck v United Kingdom (2003) 36 EHRR 41 at para 77: "In cases concerning the disclosure of personal data, the Court has also recognised that a margin of appreciation should be left to the competent national authorities in striking a fair balance between the relevant conflicting public and private interests". Back

28   Labour Party Manifesto 1997: "The incorporation of the European Convention will establish a floor, not a ceiling, for human rights". See also eg Lord Woolf, "Human Rights and Minorities", 13 April 2003: "It is acknowledged that the introduction of the [ECHR] in domestic law provides a `floor not a ceiling' for the protection of human rights. It is of crucial importance that we continue to build upwards"; Feldman, "The Impact of the Human Rights Act on English Public Law", British Institute for International and Comparative Law, 7 October 2005: "We also know that the [ECHR] and the transformation of the Convention rights into municipal law are intended to operate as a floor, not a ceiling: authorities are free to adopt a higher standard of human rights protection than that required by the Strasbourg court so long as they do not fall below the Strasbourg standard". Back

29   See eg Lord Steyn, "Democracy, Rule of Law and the Role of Judges" Attlee Lecture, 11 April 2006, "The second premise of the democratic idea is that the basic values of liberty and justice for all and respect for human rights and fundamental freedoms are guaranteed. It is enshrined in the Human Rights Act 1998 which is our Bill of Rights". Back

30   See Sections 63 and 64(1A) of the Police and Criminal Evidence Act 1984, as amended by the section 82 of the Criminal Justice and Police Act 2001 and section 10 of the Criminal Justice Act 2003. Back

31   We note that the view we have expressed here is at odds with the 2004 judgment of the House of Lords in R v Chief Constable of South Yorkshire (ex parte S and Marper) [2004] UKHL 39 in which the House concluded that the retention of DNA samples of persons arrested but not subsequently convicted did not interfere with the right to respect for personal privacy under Article 8(1) of the European Convention on Human Rights, and-even if it did-was a legitimate restriction under Article 8(2). With respect, however, we consider the decision of the House in Marper to be deeply flawed. We further predict that it is unlikely to be upheld by the European Court of Human Rights on appeal. For further details, see our January 2007 response to the Nuffield Council on Bioethics consultation on the ethical issues arising from the forensic use of bioinformation. Back

32   We use the term CCTV generically. As the Royal Academy of Engineering report notes, n2 above, p33: "the term CCTV is now for the most part a misleading label. Modern surveillance systems are no longer `closed-circuit', and increasing numbers of surveillance systems use networked, digital cameras rather than CCTV". Back

33   Peck v United Kingdom (2003) 36 EHRR 41. Back

34   C.f. the comment of Lord Hoffman in Wainwright, n5 above, para 33: "Counsel for the Wainwrights relied upon Peck's case as demonstrating the need for a general tort of invasion of privacy. But in my opinion it shows no more than the need, in English law, for a system of control of the use of film from CCTV cameras which shows greater sensitivity to the feelings of people who happen to have been caught by the lens". Back

35   Durant v Financial Services Authority [2003] EWCA Civ 1746. Back

36   Intercept Evidence: Lifting the ban (JUSTICE, October 2006). Back

37   See eg Public Safety Canada, Annual Report on the use of Electronic Surveillance-2005Back

38   See eg Report of the Administrative Director of the United States Courts on Applications for Authorizing or Approving the Interception of Wire, Oral or Electronic Communications, 2005. Back

39   See eg Report of the Interception of Communications Commissioner for 2004 (HC 549; SE/2005/203). Back

40   See American Civil Liberties Union v National Security Agency, US District Court, 18 August 2006 (Case no. 06-CV-10204). Back

41   See our 1998 Report, Recommendation 2, pp 19-22. Back


 
previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2009