Diversity and Inclusion - best laid plans
Fintech meet up
Out-Law Analysis | 24 Aug 2007 | 2:54 pm | 8 min. read
It is without doubt that the perpetrators of the failed terrorist attacks in July were traced by using personal data stored on surveillance systems – most notably from data stored on CCTV, Automated Number Plate Recognition systems and from communications data stored by the telephone companies. This success will only deepen the resolve of all Western governments to retain these kinds of personal data for longer periods, and it is my view that the vast majority of individuals have no problem with this. We all want to help the authorities capture terrorists.
However, mass retention of personal data combined with wide-ranging legal powers has its dangers. This mix will inevitably facilitate function creep beyond the "find the terrorist" purpose because a valid reason can always be found for processing personal data for different purposes. Since mass surveillance systems costs millions of pounds, such reasons will also arise from the need to obtain value for money.
Function creep is very easy for Government to justify. For example, what is the justification to limit access to surveillance data only for anti-terrorism purposes? Why should serious crimes that are not terrorist related – a brutal murder or rape, for instance – be excluded? If other serious crime becomes an acceptable reason for using these retained data, why not all violent crime? After all, surely we want to find the perpetrator who attacked and mugged a pensioner and stole the £10 in her purse?
And if the authorities use these retained data for a £10 theft, why not use access to the personal data to trace a £400 Council Tax arrears, or an £80 fine for dropping litter. Then, if the retained data are used in tracing £100 of debt, why not use the personal data to improve efficiency of service delivery and save £100? It is this kind of reasoning which explains why function creep is inevitable and why the Government chose, contrary to all its public consultation documents and without Parliamentary debate on the subject, to allow the ID Card database to be used for a general administration purpose by all public authorities.
Mass data retention also facilitates new forms of surveillance and the emergence of new data mining or profiling techniques – mainly because it is known that the personal data exist and have been retained. For example, the fact that the DNA database covers about 5% of the population has resulted in techniques to use the retained DNA to identify individuals whose DNA can be linked to the DNA data on the database.
In future, the linking of retained personal data associated with surveillance databases will give the authorities a picture of where you live and work, where you drive, who you call, where you spend your money, and what public and private services you use. In fact, all the authorities need to link divergent database and develop a profile every member of the population.
The legislation that Government has enacted to facilitate data retention, surveillance and its subsequent sharing has the effect of negating much of the protection afforded by the eight Data Protection Principles. For example, if legislation states that certain items of personal data can be retained for purpose X, for Y years, and disclosed to anybody for purpose Z, then it is going to be very difficult to argue that for these purposes and items of personal data, the First Principle (process data fairly and lawfully), Second Principle (obtain data only for specified and lawful purposes), Third Principle (avoid using excessive data) and Fifth Principle (don't keep data longer than necessary) have been breached. As the disclosure for purpose Z is likely to be also subject to the exemption from the non-disclosure provisions, the Fourth (keep data accurate and up to date) and parts of the Sixth Principle (the rights of the data subject to object to disclosure) are also negated with respect to any disclosure. As any transfer, for example to the USA, is likely to be in the "substantial public interest", then the Eighth Principle (don't transfer data to a country with inadequate data protection). In summary, Principle Seven (keep the data secure) is the last man standing.
It is my belief that additional safeguards are needed and these safeguards have to meet ten "standards of trust". These will demonstrate to the public that their privacy interests are safeguarded and that they can trust the complete process, from law-making to dealing with law-breaking.
The standards are:
These 10 trust standards have to be met in a transparent way that can publicly demonstrate that safeguards are in place; mere reliance on data protection and human rights law is insufficient. Meeting these standards in turn requires changes to Parliamentary procedure, to the Commissioner's powers and to the individual's level of protection. These additional safeguards are outlined below..
Parliament has traditionally balanced the public interest by scrutinising the executive. To assist this:
a) any procedure that establishes proportionality before any activity is commenced;
b) the criteria that measure the success of the activity; the compilation of records that show that the activity was properly authorised including the statistical data which can used to demonstrate transparency or that the interference was justifiable in terms of outcomes from performing the activity; or
c) require a Privacy Impact Assessment or audit or both to be undertaken.
Dr Chris Pounder is the editor of the Pinsent Masons publication Data Protection Quarterly and runs data protection training for organisations across the UK. In June 2006 he gave oral evidence to the Home Affairs Select Committee on the 'Surveillance Society'.
Diversity and Inclusion - best laid plans
Fintech meet up