Evidence on Human Rights Legislation and Government Policy-Making Submission by Dr. C. N. M. Pounder, the Editor of Data Protection and Privacy Practice


There is a conflict of interest surrounding national security/policing issues



Download 130.65 Kb.
Page5/7
Date28.05.2018
Size130.65 Kb.
#51639
1   2   3   4   5   6   7

There is a conflict of interest surrounding national security/policing issues


There is an inherent conflict of interest possessed by all Ministers, in particular the Home Secretary, when devising legislation which affects human rights issues. For example, the Home Secretary is also politically responsible for the public bodies (e.g. police, Security Service) which want to interfere with private life. Consequently, it is difficult to avoid the conclusion that there appears to be an in-built bias, in any Home Office legislation, in favour of interference.

Parliament needs to consider how this conflict of interest can be addressed. The Lindop Report (Cmnd 7341, 1979) solved this dilemma by proposing a statutory code of practice produced by a Data Protection Authority, and a person within the Authority who was cleared to deal with security issues. Lindop stated that this would help to ensure that Security Service would be "open to the healthy - and often constructive - criticism and debate which assures for many other public servants that they will not stray beyond their allotted functions" (paras 23.21-23.24).


    1. There is uncertainty in the borders between policing and national security


According to the Security Service Act 1989: "It shall also be the function of the Service to act in support of the activities of police forces, the National Criminal Intelligence Service, the National Crime Squad and other law enforcement agencies in the prevention and detection of serious crime".

So if personal data are held by the Security Service in relation to supporting the serious crime purpose – are these data subject to section 28 of the Data Protection Act (national security) or section 29 (policing)? The difference is profound: the former is exempt from much of the Act and the Information Commissioner's powers; the latter is fully included and subject to the Information Commissioner's powers (although particular exemptions apply on a case-by-case basis).

Ministers have determined that the answer is "national security" and this can be deduced from a number of answers to Parliamentary Questions – most recently on 18 Mar 2004 (Column 494W; Harry Cohen; Question 159419). Mr. Blunkett responded that "The Information Commissioner's remit extends to the Security Service in so far as it is a data controller under the Data Protection Act 1998. Most of the information held by the Service falls under the national security exemption of that Act or the Freedom of Information Act 2000".

The Security Service also has a registration under the Data Protection Act with the Information Commissioner (reference Z8881167). It does not contain a description of any processing performed for the purpose of crime prevention – this contrasts with the various police forces who each carry this purpose in their notifications.

So suppose the police and security services hold the same personal data about a suspect who is wrongly identified as being involved in serious crime. Suppose further the inaccuracy in the personal data is recognised to the satisfaction of the agencies involved. The current arrangement means that the same personal data are subject to different data protection rules in relation to the police and security service. With the former, the Information Commissioner has the ultimate power to order the personal data to be deleted by the police and possesses powers to check whether this has been done. With the national security agencies there is no such obligation to delete and there is no supervision by the Commissioner.

The Government wants data retention on a massive scale (e.g. communications data, ID Card database, DNA profiles) mainly on crime prevention and national security grounds. Much of these retained personal data will relate to those who are not suspect nor have a criminal record. If data protection legislation creates the environment for good practices in relation to the processing of personal data which are acceptable to the policing bodies (even to criminal intelligence held by the police), it is difficult to see why the national security agencies should be exempt from these obligations. Such obligations to good data protection practice would serve to reassure the public.


  1. A case study in Article 8 scrutiny: Parliamentary scrutiny of the merger of the citizen information project with the identity card scheme


This part of the analysis provides an account of how a Government made a decision which impacts on the privacy of every UK citizen. The decision was not about national security or law enforcement or any purpose which requires any element of secrecy but concerns the minutiae of public administration. The analysis tells how the Citizen Information Project, which started life as a project to create a population register under the auspices of Office of National Statistics, was quietly transformed into an important justification for the proposed Identity Card scheme under the auspices of the Home Office. It demonstrates how Parliament is kept informed of issues which impact on the privacy of every UK citizen

The essential idea behind a population register is that all public authorities should be able to exchange (i.e. update and download) basic personal contact details from a central repository. Each resident in the UK would have an entry in this repository which would contain details of names used, addresses and previous addresses, sex, date of birth, and one or two identification numbers such as the National Insurance Number. The purpose of a population register is to facilitate joined-up government, to ease the burden of public administration and to have one central "look up" point for every citizen. There is no hiding place from such a system because everyone in the UK uses public services at one time or another.

Because basic contact details needed for the Citizen Information Project (CIP) were also to be stored on the National Identity Register (NIR), the name given for the database associated with the ID Card, it soon became obvious that there was an overlap between the CIP's population register and the register of those who have to obtain an ID Card. The main differences between the two projects related not to content of the respective databases but rather to what (and how) the personal data were to be used, accessed and disclosed. Whereas the CIP project centred on the general purpose of easing public sector administration and on widespread data sharing, the ID Card was mainly being promoted for the purposes relating to counter-terrorism, crime, immigration control and illegal employment, with limited data sharing.



    1. Download 130.65 Kb.

      Share with your friends:
1   2   3   4   5   6   7




The database is protected by copyright ©ininet.org 2024
send message

    Main page