Privacy is an important right that feeds into other rights; for instance, a lack of privacy can undermine family life, confidential services and a free press. Who would want to tip-off a journalist, reveal sensitive details about oneself, or engage in a controversial political idea or demonstrate in order to change public policy if the state can record you on CCTV, track where you drive with ANPR, or have access to records of who you have contacted by phone, or e-mail, or by social networking?
I have long argued that the Data Protection Act is not equipped to protect the individual (see the reasons specified in the blog “Government want powers over CCTV and ANPR”). I also think that reliance the Human Rights Act cannot be assumed as its protection is not accessible to the public at large; an individual complainant has to take on the state in the Courts and this is an unequal struggle. For example, when Marper took his DNA database case to the European Court of Human Rights, his legal advisors were “a man and his dog” acting in a pro-bono capacity; on the other side was a dozen Home Office lawyers and leading silk funded by the taxpayer.
I have concluded that the Data Protection Act needs strengthening in four ways. These are:
1. There should to be a linkage between the Human Rights Act and the Data Protection Act, implemented by the Sixth Data Protection Principle; the Information Commissioner would then be able take action if assessments under this Principle raised breaches of Article 8 (human rights). Note that by implementing a narrow privacy right limited to the processing of personal data, the exemption from the Sixth Principle for the Special Purposes (i.e. freedom of expression purposes in Section 32 of the Act) is left undisturbed. So, prior to publication of the material, an investigative journalist would be unaffected by this linkage (which is the current position).
2. There should be a new power for the Commissioner to serve a formal notice that could result in a Court determining whether or not legislation that requires the processing of personal data is consistent with Article 8. The ability to serve such a notice, in my view, would work in the same way that the nuclear deterrent works. Civil servants and Ministers would not want to take the risk of a notice being served, so the mere fact that the Commissioner could “drop the bomb” would encourage Civil Servants and Ministers to draft legislation that took account of the obligations under both Acts. It also reduces the risks associated with unscrutinised statutory instruments.
3. The Information Commissioner (and other important regulators) should report to Parliament, be funded by Parliament (and not funded by sponsoring Departments of State which may have vested interests to protect), and be able to raise matters to be scrutinised by Parliamentary Committees. This mechanism ensures Parliament is well informed on a particular matter and can express a view.
4. Finally, the Section 10 right to object in the Act should become simple to operate in circumstances where the processing of personal data is not justified by reference to the purposes specified in Article 8(2) (of human rights). Such a right would operate as easily as the right to object to the processing of personal data for a direct marketing purpose, and would not interfere with processing of personal data for powerful public interest purposes, such as crime prevention or national security. However, it would arise when personal data sharing is undertaken merely for purposes of administrative convenience.
Readers who are interested in the wider privacy concerns should access the downloads available on www.amberhawk.com and down load the two articles entitled “Nine principles for assessing whether privacy is protected in a surveillance society” The articles have been published in the academic press and explain: • In Part 1: why the current framework of privacy protection in the UK is deficient. • In Part II: nine principles that rectify the problems identified in Part 1 and promotes specific improvements to the data protection/human rights regime.
Finally, I should alert readers to the fact that we are going to announce the content of our Data Protection Update sessions in October and November, very soon. If you want advance details, just e-mail info@amberhawk.com
Comments