The Government has decided not to have a specific “DNA Commissioner”. This means that because DNA data are personal data, the Information Commissioner will become the prime regulator in relation to the Government’s DNA retention provisions. However, as will be discovered, the Commissioner will have his hands tied behind his back by the legislation as currently drafted.
For example, the intention is that DNA data will be retained for specific periods of time (e.g. those convicted of a recordable offence have indefinite retention - see yesterday’s blog). This means that the Information Commissioner cannot enforce the Fifth Data Protection Principle dealing with retention, as the law has specified the lawful retention period. Neither can the Commissioner effectively regulate DNA data that relate to individuals who have died, because those data are not personal data.
Note the Data Protection Act cannot balance the interests of the police in retention of DNA data versus the interests of the data subjects in having DNA data deleted. It is the Home Secretary who determines where that balance of interests lies, even though the Home Secretary has political responsibility for the police and a vested interest in the outcome of any DNA retention policy.
The Home Secretary argues that he is protecting individuals. In a written statement, he says under the heading “Destruction of DNA and fingerprints profiles before the end of retention period” that “Currently, Chief Officers may consider the exceptional destruction of DNA and fingerprints under the exceptional case procedure. We propose to introduce greater transparency by setting out in statute more clearly defined criteria where deletion would be appropriate. This should bring greater clarity to the public and also the police”.
This, frankly, is a load of tosh. If you look at the Crime and Security Bill, a Chief Constable must delete DNA data if its collection was unlawful. Hang on a second - this is not a protection - it is a statement of the bleeding obvious! What would you say if someone argued thus: “I know the personal data were collected unlawfully, but I will continue processing in any event”.
Then there is a condition that requires deletion of DNA if there is mistaken identity. This is also very limited: for example, if a police officer misinterprets the evidence and makes an arrest of the wrong person, then this is not a case of mistaken identity. He has arrested the right person but on false grounds.
Finally the Chief Constable can determine whether it is “appropriate” to remove the DNA data depending on the circumstances of the case. It is with this latter provision, the Government has deliberately reduced the protection afforded to data subjects by the right to object granted by Data Protection Act.
The Act’s right to object would allow a data subject to argue that although the police have processed the DNA data in accordance with its statutory needs, the processing has caused substantial unwarranted distress or substantial unwarranted damage. Note that this right to object balances the various interests, has an independent umpire (the Commissioner) and an accessible appeal process (The Tribunal) to determine whether or not DNA should be retained or not.
By contrast the Government’s “greater clarity” procedure lets the data controller who is responsible for the processing of the DNA data in the first place (the police) decide whether the data should be deleted or not.
In short, the kind of “balance” that is achieved by letting Count Dracula decide whether patients or vampires should receive blood transfusions from the NHS.
Comments
You can follow this conversation by subscribing to the comment feed for this post.