Examination of Witnesses (Questions 240-259)|
Mr Gareth Crossman, Dr Eric Metcalfe and Dr Gus Hosein
6 FEBRUARY 2008
Q240 Lord Peston: On a large scale,
Dr Metcalfe: On a large scale.
Q241 Lord Peston: Let me give you
an example, if we were to go into the private office of any government
minister, except that it is usually a mess, but in theory they
have got a great number of phone numbers, telephone numbers, and
a whole lot of records, but that is not what you have got in mind
when you are worrying about this kind of problem is it? I am trying
to get to the basis of what it is you want us to focus on.
Dr Metcalfe: It is a question of core
principle as well as a question of scale. Private individuals
can collect information. I can stand on a street corner in the
village that you refer to and make a note of the comings and goings
and that, in and of itself, my private legitimate act, or at least
lawful act, can in doing so gather a lot of valuable information
which people might not want to be disclosed. However, we are talking
matters of scale when private companies collect information and
also when governments collect information. Governments obviously
have the power to request and indeed require a great deal more
sensitive information about private individuals than I can standing
on a street corner.
Q242 Lord Peston: Yes, of course,
but that goes back to the scale point and you have made that point.
I am really just trying to understand from this particular question
what it is you want us to focus on because, after all, the outcome
of all this will be a report at some stage. Is your view that
when we are looking at databases, and we will accept that we are
now talking large-scale, and first and foremost government, what
we ought to focus on is individual rights in this matter, that
should always be a focus when we are looking at it, and within
those rights the particular right to privacy. If I were asking
what your philosophy of all this is, would that be a fair summary?
Dr Metcalfe: That would be a fair summary.
Q243 Lord Peston: But it would not
then rule out the creation of databases, it would question every
database in those terms.
Dr Metcalfe: Absolutely.
Lord Peston: That is very helpful.
Q244 Lord Morris of Aberavon: In
JUSTICE's written evidence, you said that "the common law
right of privacy has remained significantly underdeveloped"
in the light of new technologies. Why is that and how would you
define the common law right to privacy? It seems to me that one
of the strengths of the common law has been its adaptability.
The same law that applies to horse-drawn carriages as to motor
cars, and one could give dozens of illustrations. Why has this
come about? Why has the common law not kept up with this need?
Dr Metcalfe: As we indicated in our written
evidence, it was not that the common law had not been concerned
with privacy but it has not been felt necessary to address or
protect privacy by means of overt rules, it has primarily been
a matter of non-regulation. It has been interesting, since the
Human Rights Act, in particular, to see the development of common
law in this area. You can trace a very interesting line from the
Earl Spencer case in 1998, when the European Commission on Human
Rights, as it was then, indicated that it thought the law in relation
to breach of confidence in the United Kingdom would be sufficient
to protect individual privacy rights. Then you had the Douglas
v. Hello! case in 2000, and more recently the cases of Douglas
v. Hello! 2005 in the Court of Appeal and Campbell v. Mirror
Group. We find the courts are now beginning to develop the
traditional common law breach of confidence principles and use
that to act as a more general remedy for breaches of a person's
Convention rights since the Human Rights Act came into force.
I would certainly say that the common law is now being used in
a way to develop and protect individual privacy. What is interesting
is that it took the incorporation of the European Convention on
Human Rights into our domestic law to actually prompt that development.
Traditionally, I think judges have been reluctant to use the common
law to fashion a broad-based common law right to privacy, primarily,
on democratic concerns because they feel that, if I understand
it correctly, it is more a matter for Parliament. Privacy involves
the balancing of so many interests across so many different areasbanking;
collection of personal information defamation; the balance between
the right to free expression and personal privacythat they
felt that the common law was not a very good tool. Still a criticism
can be made that the law in relation to breach of confidence,
while it is increasingly used as a remedy in relation to privacy
rights here in the United Kingdom, it is perhaps not sufficient.
In the most recent House of Lords case, Lord Nicholls describes
the breach of confidence as being better understood as a tort
of the misuse of personal information. That is a welcome development.
The concern, however, is that even framing it as a misuse of personal
information, it does not quite go far enough because the ingredients
of the tort are still relatively closely defined and not as broadly
defined as we might like. When I spoke of the common law by the
way I was not merely referring to the role of judges, I was referring
to our common law tradition, which is also the way in which Parliament
writes its laws.
Mr Crossman: Privacy is such a huge area
that it is often very disparate areas. There is very little relationship
between the development of the common law of privacy in relation
to the application of Article 8 to media privacy and breach of
confidence, which is an area heavy in case-law, there has been
a lot of case-law about it, compared with what other aspects of
privacy you might be talking about such as mass informational
surveillance. Common law through the courts has been well developed
in the former area, because it is about an individual's rights.
When you are talking about mass informational surveillance, it
is very much more difficult to pin the tail on whose rights are
being involved because if you take the application of Article
8the right to privacyit impacts on a very large
number of people, but only in small ways, such as information
being passed around about them maybe in an excessive manner. The
way the Human Rights framework works is that you need to be a
victim in order to bring an action, so that if you are talking
about someone subject to a control order, for example, it is very
easy to identify who the victim might be in order to bring a Human
Rights Act case. That is why there has been little common law
development with the exception of a few cases, it has not been
an area which has been particularly developed. My view is that
for specific areas you need to have more Parliament-led statutory
basis for regulation through improved data protection laws; through
formal statutory regulation of CCTV; through review of the way
that regulatory investigative powers work. That is a far better
focus for statutes than it is through common law development.
Q245 Chairman: Before I call Lord
Lyell, could I ask whether you think that it would be in the public
interest in this country for the Government to be required to
undertake privacy impact assessments, as in the United States
and in Canada?
Dr Hosein: I think that would be a highly
recommended step forward. Australia led the way in rights impact
assessments, followed by Canada and the United States. However,
there is still the ability to write a privacy impact assessment
on a highly invasive system and make it all make sense. For instance,
the US visit system in the United States, that fingerprints all
foreigners visiting the United States, stores those fingerprints
for 100 years and stores the biographical data for 75 years, has
a privacy impact assessment. It checks all the boxes and complies
with the rules of the US Government but we would also argue that
it does not protect privacy in any way. We have seen a regulatory
impact assessment for the Identity Cards Act that also disclosed
very little. So, in order to make privacy impact assessments work,
we need to make sure that the requirements fulfil the purpose
of the impact assessment, which is properly to assess the privacy
issues and the data protection issues even when they might differ.
Q246 Lord Rowlands: Some of the members
of the Committee are going to Canada and the United States; are
there any other illustrations of practices in either of those
countries on which we should particularly focus?
Dr Hosein: What is most interesting about
the comparison with other countries such as the United States
is the high-level public debate. Let us use, for example, the
current controversy as to whether or not the President can authorise
interception of communications of suspected terrorists whether
in the United States or abroad. That is causing a constitutional
crisis. Yet, as we have discussed so far this morning, that is
the law of the land in this country. It is interesting to see
the differences in political culture in how that reflects the
law. In comparison, much is said about how awfully the United
States has conducted itself on surveillance issues since 11 September
2001, but for what it is worth, on the surveillance issue, it
has generally been more regulated than the conduct of UK and EU
Lord Rowlands: But equally, if any of you had
any information that would help us to prepare for our visit, we
would be grateful.
Q247 Viscount Bledisloe: But if it
is totally unclear in this country what is or is not the right
to privacy, it would be very difficult to make a privacy impact
statement, would it not?
Dr Metcalfe: It is clearer now with Article
8. As Mr Crossman indicated, common law rights for breach of privacy
are centred around private individuals and confidential information
which they have identified as confidential, and most of the case-law
has related to celebrities and newspaper or media groups, so we
are talking about the development of a very small area of the
media pool. Mr Crossman indicated very broadly that there are
many more issues in relation to that. Article 8 cuts across the
board and provides a very good general principle establishing
the right to privacy. The difficulty with Article 8 is that for
members of the Council of Europe, it does not specify the particular
legal principles that you have to adopt because it is written
to embrace both civil law and common law jurisdictions. To a certain
extent, civil law jurisdictions, based on Roman law and Napoleonic
law, are slightly more comfortable with the regulation of personal
identity because their legal systems are structured differently,
whereas in this country, as we referred to in our written evidence,
you have a tradition of simply protecting privacy by not regulating
it; by not legislating in ways that interfere with it, and that
provides the real challenge.
Q248 Lord Lyell of Markyate: How
can Parliament act as a restraint on "the executive's enthusiasm
for the administrative benefits of surveillance and data-collection",
which you urge in your very good paper; how can it do it in practice?
I have one suggestion to make in a moment.
Dr Metcalfe: I am not sure that it can
restrain the enthusiasm any other way except by refusing to pass
laws in relation to those areas, or refusing to pass disproportionate
laws. The obvious check that Parliament has over the executive
is in the making of laws. The executive can propose them, but
it is for Parliament to decide ultimately what laws are made,
and to scrutinise those laws very closely in terms of their proportionality
and, going back to the basic point, the necessity. Is it actually
necessary, for example, to create a national identity card?
Q249 Lord Lyell of Markyate: Can
I suggest to you that the way to do itthere is this awful
word "transparency" but it is to make it obvious who
is responsiblebefore one is surveilled or one's property
is entered, or whatever, that some minister or public official
has to be responsible for giving the authority, and they can be
seen to have done that and they can be criticised if they are
disproportionate. Would that not be a good protection?
Dr Metcalfe: It would depend on the kind
of interference that we were referring to. Obviously, in some
casesand interception is an obvious onethere will
be very good reasons: you would not want to make an interception
warrant public, or you could not make the terms of it public without
losing the obvious covert benefits that come with that. With other
kinds of authorisations, for example, it would be a lot better
if there was a specific database of decisions in relation to the
placement of CCTV cameras. So, I agree that greater transparency
as a whole is a very good general principle. The difficulty I
have in answering that question is that a lot would depend on
the particular kind of interference in the particular area we
were talking about.
Dr Hosein: One way we could enable Parliament
to view these issues in a clearer way is to see it as a public
policy issue and perhaps, controversially, not as a rights issue
and not as a security issue. The ID card is a great example where
ID cards were promised by the Government as a security issue and
so therefore opposition to ID cards was, "oh, you're interested
in a selfish right of privacy in favour of the state's need for
security". Instead, if you approach it as a public policy
issue and ask, "Can you build this database? How much will
it cost to implement this system? What are the ramifications across
Government and the private sector?" Then you will see that
often, as we have found over the past 15 years, when you design
privacy into the development of law and technology, the technology
becomes more feasible and more likely to work. When you do not
design it in, that is when they start falling apart and you end
up with these massive databases that can never be built. To recap:
see it as a public policy issue first, with the connotations of
security and individual rights.
Mr Crossman: There is one very specific
constitutional suggestion that I would make in response specifically
to that question. Whenever legislation is passed, Parliament has
been able when considering privacy to determine of proportionality:
what is the appropriate exercise of these powers by different
bodies. What you find when you look at pieces of legislation with
privacy impact is that frequently you will see that what has happened
is that Parliament is asked to pass the framework for primary
legislation; the detail as to who actually exercises these powers
and what powers are exercised is reserved for secondary legislation.
As, of course, you will all know, secondary legislation goes through
on the Aye or the Noe. You do not, as a Parliament, have the opportunity
to consider if you have ten public bodies who are to be given
these powers, eight of them you might say, "absolutely appropriate,
but I am not happy with these two. I think that would be disproportionate."
There is no constitutional reason whatsoever why Parliament could
not be permitted to determine to amend resolutions. There are
two precedents for this: first, in the Civil Contingencies Act,
Parliament has the opportunity to amend resolutions passed under
this Act. Early drafts of the Identity Card Act had the ability
for Parliament to amend resolutions in relation to determinations
by the Secretary of State as to who was designated. So, there
is no constitutional basis why this cannot happen. I would suggest
that it is absolutely appropriate when Parliament is being asked
to consider which bodies have exercise of which powers, that they
be able to make a determination as to which of those it is appropriate
to have. The reality is that does not happen because Parliament
is simply given a piece of secondary legislation and asked to
approve or disapprove it.
Q250 Baroness O'Cathain: Mr Crossman,
to you again, your written evidence says there is no justification
for the National Identity Register associated with the Identity
Card Act. But on the other hand, you said that there is justification
for other information on a database such as the Children's Index,
which is now called, Contact Point. Can you explain why you draw
Mr Crossman: Absolutely. I should start
by qualifying the first part of the comment. At Liberty we look
at things essentially from a human rights perspective and when
you are dealing with a qualified right such as Article 8the
right to privacyyou look at it in a qualified manner that
you will not do if you are talking about an absolute right, such
as the prohibition on torture. For a starting point, I would not
say, "there is no situation whatsoever in which a national
compulsory identity card scheme could be justified". I cannot
say that as an absolute. To do that would be to necessitate saying
that the previous schemethe wartime scheme of compulsory
national identificationwas not justified. I do not have
an opinion as to whether it was, I suspect it might have been,
so I do not take an absolutist position on this. What I would
say is that this scheme, proposed as it was with the justifications
that were given for it and the societal consequence that I believe
would flow from it, was unjustified. There is a distinction there
between saying that you cannot justify a particular type of database
and saying, "is what the Government is proposing justified?".
In relation to the Children's Index, I would say that there is
perfectly legitimate basis for a limited database of children
who have been identified "at risk" to be stored with
appropriate access for those individuals who might have responsibility
for their care. What the Government proposed originallyit
has been limited somewhat as it has been whittled downwas
a mass informational database of every single child with very
random entry criteria, such as causes for concernwhatever
that meantwith a huge amount of public access to it which
my belief was not only had privacy implications but would prove
to be counter-productive, in that anyone working with children,
because this came out of the death of Victoria Climbié,
anyone working on the coalface of Social Services is always going
to record information for fear of being the person who did not
record something, information overkill, meaning that you cannot
see the wood for the trees, and those children who are genuinely
at risk being overlooked because there is so much data. That is
why, for me, proportionality, legitimate purpose, is at the heart
of approaching any particular database.
Q251 Lord Rowlands: But is this not
going to be, whether you like it or not, subjective? Dr Metcalfe,
earlier on, mentioned I think in a critical fashion, the collection
of medical records on a central basis. I would find personally
particular comfort from the fact that my records are on a central
basis so that if at the weekend I had an accident, somebody could
access immediately what medication I was on when I might not be
able to tell them and therefore they might not make mistakes.
I would not object to that. So how does the individual subjective
view of whether we want to be on databases link in to this whole
idea of proportionality or indeed whether we should or should
not have them?
Dr Hosein: You would begin by letting
individuals choose to be in a database or not to be in a database.
It is a whole opt-in process.
Q252 Lord Rowlands: Opt-in, not opt-out?
Dr Hosein: Yes, opt-in. I do travel a
lot on weekends and I want my file on the database. But that does
not mean the database ought to be designed the way it has been
designed, which is potentially 400,000 people across the country
would have access to your medical records. There are ways of designing
this technology so it limits what is absolutely necessary to hold
the net record and limits who has access to it under what circumstances.
But that is not how it is being designed now.
Q253 Lord Rowlands: But if I had
criminal intent I would certainly not opt in. How do you run a
voluntary database when many of those who would not want to be
on that database for illegitimate reasons would not obviously
volunteer or contact?
Dr Metcalfe: I think it goes back to
the points about necessity and proportionality and there is obviously
a difference in, say, a criminal database where people have been
convicted of criminal offences. Their choice as to whether their
records should be stored is obviously going to be non-existent
and this is down to public policy reasons. Whether medical information
should be stored is for a completely different reason. I should
just make clear my point about the objections to the medical records
database is not to the principleI agree with you there
are very sound reasons why you would want to have your medical
records available electronically and if the option comes it is
one that I would think strongly about exercising. But it should
be my choice.
Q254 Lord Rowlands: So the principle
of opt-in is the thing?
Dr Metcalfe: The principle of opt-in
but that would be case-by-case. That would not say that is necessarily
the model you would follow for every database. There are some
databases for example, the National Identity Register, even though
I accept that there are legitimate purposes in its creation and
there are doubtless useful benefits that will flow from its creation,
it is simply not necessary. It is not necessary to store that
massive amount of personal information.
Q255 Baroness O'Cathain: On opt-in
and opt-out, what nobody has yet said is that people will not
have the necessary information to know whether they should opt
in or could opt in. Everybody in this room would almost certainly
know what was going on and say, yes. On this latest example of
organ donor, I am sure all of us would know what to do about opt-in
and opt-out, but ask any ordinary Joe Bloggs in the street about
opt-in and opt-out of a donor organ system, how would you get
the message across? In order to cover the points that Lord Rowlands
made about the medical database and he being on holiday and his
medication being known, is it not better to do it on the basis
that everybody should be on it.
Dr Metcalfe: Again, this comes down to
the case-by-case point and I think there are very good reasons
for having an organ donor system which is opt-out and a medical
records system which is opt-in. One obvious distinction which
can be drawn is that once you are dead you do not actually have
particularly strong interests or the interests that you would
have tend to be outweighed by the interests of the living. In
relation to medical records, we have had very detailed conversations
with the NHS on this. Our disappointment is that there is an obvious
opportunity for a public information campaign.
Q256 Lord Peston: I disagree very
strongly with your remarks on opting-in and opting-out of medical
records. If you go to the excellent walk-in NHS clinic just opposite
the Army & Navy, which is a superb walk-in place where you
can get some treatment for all sorts of things. You go in and
you are asked to provide information about your medical condition.
When I went the first time I said, "But look surely you just
log into my GP and you will get my medical records?". They
said, "No, we are not allowed to do that". So, I said,
"what do you do?" "Well, I am now going to ask
you about your whole medical history." So I sit there for
20 minutes giving them my medical history, so we waste that 20
minutes, which is what you think is right. But supposing I say
to the doctor who was seeing me, "oh, I am exercising the
right of privacy here, I am not going to tell you my medical history",
which is what you are saying I would have the right to do. How
is the doctor to treat me remotely? The doctor would just think
I was barking mad. I would have thought in any rational society
the one thing that ought to be available to all legitimate people,
namely the medics, is a patient's records; they ought to be there,
and I find your position extraordinary, that you would advise
people of their rights to opt out of telling a doctor what their
medical condition was. It is barmy, and I think that most people
would regard it as barmy.
Dr Metcalfe: It would be barmy if you
were in a situation of seeking treatment to refuse to tell the
Q257 Lord Peston: But why am I going
to see a doctor?
Dr Metcalfe: Your reason for seeing a
doctor may be completely different. Let me put it to you this
way, in order for the doctor to give you any kind of treatment,
the doctor has to obtain your consent and not merely your consent
but your informed consent. Why should you need more informed consent
for sticking a needle into someone or performing a minor surgical
operation, than the informed consent that should be involved in
transferring your individual personal sensitive medical information
to a national database? If you can obtain informed consent, and
doctors are well skilled at explaining complex medical procedures
to patients, it is hard to see why they cannot take five minutes
to explain the consequences of transferring medical records.
Q258 Lord Peston: Have you had any
recent medical experience, personally?
Dr Metcalfe: With going to a doctor?
Q259 Lord Peston: I will give you
an example, when you are in hospital you are always asked for
your date of birth because that is used to identify all the treatments
you are getting. Now, supposing I exercise the right to privacy
and say, "I'm not going to tell you my date of birth",
and then they cannot identify the drugs that they have to give
me. I really think that taking this right of privacy in this area
is taking us well beyond what any rational person would think
was sensible. I wanted you to emphasise your philosophy in my
Dr Metcalfe: It is an extreme example
of someone refusing to share information with their consultant
physician, but the point I would make is that individual bears
the cost, if they irrationally refuse to provide their treating
physician with the information they need, then they themselves
bear the cost.