If the press response is anything to go by, the policy paper “Revising the rise of the Surveillance Society”, published by the Conservative Party yesterday, promises much in relation to enhanced privacy. Indeed, there is much to be welcomed. However, if you apply the principles underpinning “Nine principles for assessing whether privacy is protected in a surveillance society” (a download section of the main Amberhawk web-site), you will soon find significant gaps.
For example, the policy paper’s commitment to Parliamentary scrutiny is limited to “any new powers of data sharing to be introduced into law by primary legislation”. This is welcome, but it only relates to new powers. Thus all existing data sharing powers in relation to all legislation enacted by all previous governments do not fall within this commitment, which also does not apply to existing general order making powers relating to the content, use or retention of personal data.
The commitment to “replace the Human Rights Act with a British Bill of Rights” could serve to diminish privacy rights. The problem is that a Bill of Rights that contains a privacy right has to define exemptions from that privacy right for law enforcement purposes, public health, public safety etc etc. If these exemptions are drafted differently from those specified in Article 8 of the human right’s construction, then it means that more individuals may have to seek protection of the European Court of Human Rights. This prospect arises because the policy document does not state that there is to be a compete derogation from the European Human Rights Convention.
In any event, the actual commitment in the policy is to “examine the current level of protection afforded to individuals against the surveillance state”; it is not a commitment to improve the level of protection afforded to individuals. After examination, nothing could be changed.
In addition, the policy paper is silent in its definition of a privacy right in the context of the press. I have always argued that there can be a linkage between the Data Protection Act and Article 8 in a way that does not interfere with the exemption in the DPA in relation to the press. This linkage would also mean that the Information Commissioner could act where excessive powers are used by Ministers – something that is a clear policy objective of this document.
There is a welcome commitment to make an empowered Information Commissioner report to Parliament. However, other Commissioners in the privacy field (e.g. the Surveillance Commissioner, the Interception of Communication Commissioner or the Intelligence Services Commissioner) are left untouched by its analysis. These Commissioners will still report to the Home Secretary (not to Parliament) and the wider order making powers that Home Secretaries enjoy in the context of national security and serious crime will still apply (as they exist in legislation already enacted).
In my Principles article, I argue that if there is a prospect of very intrusive surveillance, then this should be balanced by more powers for the regulator. This is not the case in the context of these Commissioners (who have far too few powers) and the policy document does not change their status.
Some of the proposals relating to security are curious – for example, to task the Information Commissioner to issue security advice. This is ill-advised – best practice security advice from security experts is already widely available from widely recognised international standards bodies (for example), and it is difficult to see what the Commissioner can add.
The proposals with respect to the access to communications data do not target the correct problem. As I mentioned in a previous blog about the Annual Report of the Interception Commissioner (see 9th September), there were 504,000 requests for communications data in total, of which 1,553 requests were made by 123 Local Authorities. The policy document focuses on Local Authorities and requires them to obtain a judicial warrant; however such Authorities only make 0.3% of total requests and their frequency of request is just over one request for access a month each. In other words, 502,500 other requests are left unaltered by the policy document.
Finally I make a comment about the commitment to scrap the ID Card scheme and the National Identity Register. This commitment is much diminished as the policy is silent about the Passport database. As this database is intended to collect biometric fingerprints, names, addresses and other items that would have appeared on the National Identity Register, this omission in effectively means that some ID Card functionality can be continued via the Passport database. The fact that the Royal Prerogative applies to passports means “no Parliamentary approval is needed”.
If the Conservative Party means what it says about accountability, this important Passport database should become subject to primary legislation.
Finally, I do not want to appear too negative as it is important to recognise that a major political party has issued a detailed policy document on privacy to lead a public debate. This is an important publishing event. But I do think that this policy document been hastily issued to deal with short term issues that are in the public consciousness. In my view, it lacks a long-term policy focus on how to settle privacy policy so it correctly balances the interests of the state with that of the citizen.
“Reversing the rise of the surveillance state” document is linked to http://www.conservatives.com/News/News_stories/2009/09/Reversing_the_rise_of_the_surveillance_state.aspx
Comments