Surveillance: Citizens and the State - Constitution Committee Contents

  Q760  Lord Norton of Louth: What role do you think parliament should play in this? Is their more of a role that it should take on? There have been criticisms that perhaps it is too willing to go along with government demanding more surveillance powers and so on. I think you are implying in Germany that the legislature is more active in this sphere. Is there a role that parliament should be playing that it is not playing?

  Professor Fedtke: The role of parliament is predominantly to legislate and the detail of legislation, which we have talked about this morning on various occasions, is a task for parliament to apply its mind to and to try, in my personal opinion, to draft the statutes which authorise surveillance and the use of data in very specific terms. That, in itself, is a formidable task for parliament and is very difficult to do. There are data protection commissioners who report to parliament. These reports should be taken seriously and should be as elaborate as possible because that is one source of knowledge for parliament to actually see what is going on. It is an independent commissioner after all with powers to ask for information, to ask how things have happened, where things have gone wrong, to request access to data to actually establish what happened and these reports should offer quite a lot of information for parliament to work with. Parliament in Germany, as I mentioned earlier, goes beyond its usual remit on one occasion when there is a threat to the nation as a whole, national security threats of the highest order. That is where parliament, in the form of a special commission, itself authorises surveillance and only parliamentarians can say to go ahead or not to go ahead. That led to a constitutional court case some years back because individuals felt this denies them access to the courts. That is a problem in terms of the balance of power between the institutions. The court came down five to three in favour of this existing model with substantial criticism, of course, because access to courts and the role of the judges is extremely important and should not be curtailed lightly. Data protection is a joint effort and it is not just parliament but the courts themselves which should play a strong role. I think the judge, if there is enough manpower for that, is a good person to actually authorise specifically important or infringing measures. There are the independent bodies and the commissioners. Again I would like to stress the importance of internal measures within public authorities. That is very important and more can be done there I think.

  Q761  Lord Norton of Louth: It is almost a passive role for parliament in terms of being the recipient. Is there more it should be doing?

  Professor Oliver: I do think it is important to distinguish, at the moment at least, between the House of Commons and the House of Lords because your chamber is much more independent and there is not a government majority, and for all the reasons that we know one can rely on the House of Lords to make it much more difficult for the government to legislate in ways that give too much power in relation to surveillance and so on. Whether that would remain the case as and when the House of Lords becomes largely elected is a matter we cannot go into. When it comes to parliamentary procedures, I myself am very interested in the idea that committees scrutinising Bills and Draft Bills could develop standards against which Bills, or provisions in Bills, that are to do with surveillance would be tested. My own sense is that those standards could partly be developed by committees themselves so after a period when several Bills have been looked at you will find a committee is repeatedly getting concerned about whatever it is and you could say that is the standard. My own sense is that does not prevent parliament voting for this thing that seems to be contrary to standards but at least it is not going to be done by mistake. It should feed back into the governmental process where Bills are being drafted because then the minister will be able to say "we are going to get in trouble with the House of Commons, or whoever, if we do it. We want to do it but let us brace ourselves". I think that would be entirely desirable.

  Q762  Lord Norton of Louth: From your previous work I believe you ascribe quite a role to this particular Committee.

  Professor Oliver: Absolutely, yes.

  Q763  Lord Rowlands: Your reply promoted the question I was about to ask. We have seen a lot of evidence about privacy impact assessments within government departments. Would it be a good idea that any department bringing a Bill before the House would have to undertake a privacy impact assessment and publish it and reveal the degree to which it has assessed what impact this Bill will have on privacy matters?

  Professor Oliver: That sounds like an excellent idea.

  Q764  Lord Rowlands: We can build powers into the legislative process. Do you think that individual privacy is sufficiently protected by the common law in the United Kingdom?

  Professor Oliver: No, I do not. It has made enormous strides, partly under the influence of the Human Rights Act, in relation to privacy and the press. I think individuals do now have a great deal more protection against the press than they did some years ago but it does not say much about relations between the individual and the state or other relationships which are not to do with the press. There is a lot to be said for common law development: it is incremental, it is trial and error and it avoids the political disputes you get. If the government were to introduce a Bill about privacy you would get Fleet Street up in arms and then it is difficult but if the courts do it they get there. But I think there is a limit to what the common law can do.

  Q765  Lord Lyell of Markyate: This question follows immediately on from that. To what extent are issues about privacy likely to be resolved by the courts in the future? We have the recent Murray case, the J K Rowling case. We had the earlier case of Mr Justice Jack where the Court of Appeal thought he had gone a bit too far in limiting the powers of the press. Some of us in this Committee are worried that judges will be limiting freedom of speech, which is another very important aspect even though it is sometimes unpleasant. To what extent do you think the courts are going to get this right and provide the right balance under the Human Rights Act?

  Professor Oliver: One can only guess. I do have quite a lot of faith in the ability of the courts to find balances. There are conflicts between the freedom of the press and privacy, and where you draw the line is not easy, but it would not be any easier if the idea was that there should be an Act setting it out. One can imagine the Act would go on and on about things. The Human Rights Act already has this peculiar provision about the importance of freedom of the press in it and I think a statute about it would have many, many more of those. I just happen to like judges and I like the common law method and I have a bit of faith in it but I do not believe it can solve all the problems.

  Q766  Lord Morris of Aberavon: I am concerned about the Data Protection Act and how far it is an adequate organ for the privacy of citizens' personal data to be protected. The exceptions and exemptions created under the Act, are they too broad and should they be narrowed? Is not the Act itself contradicted by the Freedom of Information Act?

  Professor Fedtke: A Data Protection Act is an enormous advantage in whatever form because it does provide a very thorough broad basis on which public authorities and citizens can draw in the absence of specific legislation. Specific legislation is more helpful, as I said again and again, to actually identify specific dangers and balance them to the aims of public authorities. As far as the exemptions are concerned, it is true that the Act does specify a long list of exemptions and that begs the question what happens if these exemptions are invoked, what regime will take hold in the absence of the application of the Data Protection Act. The answer again is design specific legislation for those particular areas, whether it is media which have exemptions under the Data Protection Act, whether it is security agencies which have exemptions under the Data Protection Act or whether it is the police which have exemptions under the Data Protection Act. I would try to design special statutes which address those specific areas. In that case, I do not really see a problem with the fact that the Data Protection Act is not applicable across the board because that will not be the case in a system like Germany because special legislation will kick in. How do you define particular aspects? How do you define national security, for instance, which is one of the grounds for an exemption? It is very difficult to phrase that in detailed terms. The Data Protection Act, as it is, is a very substantial piece of legislation already. If you try to introduce additional interpretations to make that more specific and to make the exemptions more workable, that could double the size of the Act at the end of the day. That is one of the main problems, the definition of these exemptions, to try to find language which specifically says under what conditions there will be an exemption. That is the main problem and that is where the data protection is quite broad at times and leaves a lot of flexibility and room for interpretation.

  Q767  Baroness Quin: Professor Oliver, at the beginning you talked about your concerns about sharing of personal data between departments of government but I wanted to ask about the sharing of personal data between the public and the private sectors and how concerned you are about that. Does that undermine any constitutional safeguards or principles and is the private sector in some way less constrained than the public sector?

  Professor Oliver: There is a concern. There was an example in the news a few days ago where the social security department was talking about sharing information with the power supply companies about which people were on benefits so it could check that people were on the right tariff, so poor people got the low tariff. I was rather horrified at the idea that, without thinking about the implications of disclosing information to private bodies, particularly about somebody's poverty or their income level or whatever it was, the sharing of information should be suggested without evidently the minister in question thinking it was a peculiar thing to do. I am a bit concerned about the sharing of information with private bodies and that is just an example. The government possesses pretty personal information which we hope they will not abuse, but private power companies or Tesco might well. It worries me, and it worries me partly that there does not seem to be a culture in government that sets alarm bells ringing and asks "is this something we should do?" Maybe there should be a code somewhere or statutory provisions to limit that.

  Q768  Viscount Bledisloe: I have a related question about retention of data. We were told that if the police ask somebody who is on the scene of a crime but is not a suspect for his DNA or his blood because they want to eliminate him, unless he actually says at the time "I want that torn up after you have finished this investigation" it will be kept forever, or virtually forever, and can be used for other purposes. Do you think that is the right way around or do you think he should be asked at the end of the inquiry shall we destroy it or can we keep it?

  Professor Oliver: My own sense is there should be a presumption that it should be destroyed unless the person in question specifically agrees otherwise.

  Professor Fedtke: I would go one step further and say not just a presumption that it is destroyed but a clear timetable when data has to be destroyed, again specific data and specific instances. DNA is extremely important, sensitive information. I think there should be a clear rule saying after one month, after three months, after the close of the investigation. There should be a clear time line rather than just a presumption a public authority will do it. There should be statutory provision which says so.

  Q769  Viscount Bledisloe: It may well be that the inquiry is rolling on forever. I would have thought they could keep it as long as the inquiry was alive rather than for a set period of time. Would that not be better?

  Professor Fedtke: Absolutely. It depends on the context. Data is extremely contextual and its importance in the way you deal with it is relevant. Of course if you have a criminal investigation which drags on for a long period of time you would not want data to be destroyed within a month or three months. Of course you wait for the formal close of that investigation and then say from that point in time we will ensure that data is destroyed. Another brief idea here when it comes to the erasure of data, I would look closely at internal safeguards. Public authorities should be under a duty to document that data was destroyed or erased from data bases on a particular day, at a particular time, by a particular officer so there is a paper trail of what public authorities do with the data they have retained and are supposed to destroy. You could add that that particular function, destruction or erasure of information, is to be placed under the scrutiny of one particular high-ranking official possibly with a special legal qualification. You can introduce different levels of control within the public authority to ensure that destruction of data is done.

  Chairman: Can I thank you both for being with us and for the evidence you have given which is greatly appreciated.

previous page contents

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2009