The House of Lords debated the retention of personal data yesterday. Shadow Security Minister Baroness Neville-Jones spoke for the Conservatives:
"As the contributions to the debate have already shown, all sides of your Lordships’ House are well versed in and understand the argument that the collection and retention of personal data are necessary for the efficient running of public services, and to aid our security services and the police in the fight against terrorism and serious organised crime. However, as has also been said, unchecked this justification is leading to an exponential increase in the amount of personal information that is collected, retained and accessed by all manner of different bodies. The Information Commissioner has said that personal information has become the “lifeblood” of government and business, and that is certainly the case, but it is also true that this can be tolerable only if the information is used properly and intelligently.
My noble friend mentioned the report produced by the Joseph Rowntree Reform Trust called Database State. It assessed 46 of the UK’s national databases and found that fewer than 15 per cent of them were effective, proportionate and necessary with a proper legal basis for any privacy intrusions. That in itself seems to be quite a statement of the rocky basis on which a lot of present practice now sits. Tellingly, it also found a quarter to be,
because of problems with privacy and effectiveness. These included the National DNA Database and the national identity register. The report recommended that many centralised databases be scrapped or substantially redesigned—again, another point about the basis on which we are operating being rocky.
The process must be regulated by law on a detailed basis, not left to the exercise of executive discretion within the far-too-loose regulatory framework of RIPA. In establishing regimes for data collection and retention,
Are we going to get any primary legislation? The Government would do well to come clean on their intentions, since failure to do so obliges one to examine the scenarios that could develop without primary legislation. It is not hard to imagine a scenario—with or without primary legislation—in which, because of the vast quantities of information collected, and an inability to separate communications data from content, it would be argued that access must now be made more efficient by having a centralised database that holds the data in a standardised format. So, without Parliament ever having given its agreement, the Government could then come to hold a vast database of communications. In case the House thinks that I a
If such a central database were to come into existence, it could be interrogated using data-mining technologies, pattern recognition and deep packet inspection. I am aware of the arguments used in justification for this: for instance, that it would increase the chances of successful pre-emption of crime. That may be so, although we do not have proof of this thesis. However, it is clear that there is a counterpart downside: access so easy and so extensive would carry with it a loss of governance and system control. It could get us very near being treated as guilty unless and until proven innocent.
It is not just that legislation in the field of surveillance and data processing does not contain sufficient detail and specificity to allow Parliament to scrutinise the proposed measures effectively. Other noble Lords have made the point that we have seen over the years a constant creeping of surveillance powers. Your Lordships’ House will be familiar with the examples of local councils snooping on ordinary people for things such as dog fouling and putting rubbish in the wrong bins.
As many noble Lords know, the Regulation of Investigatory Powers Act 2000 stands out as an example of these creeping powers. When the Act was passed, local authorities were not included in the list of public authorities that could access communications data. During the passage of the Bill, the then Home Secretary and Minister of State responded to concerns expressed that it would extend the power to a range of public sector bodies, including local authorities, by giving assurances that such powers would not be made available to them. But lo and behold, in 2003 two orders were passed that gave a number of additional public authorities,
“Clearly, if an assurance has been given you like to try and ensure that that assurance is maintained, but … sometimes there are things that happen two, three, four, five, six years later … despite the assurance that was made there is a need to change”.
I have two comments. First, it is hard to see what has so changed in our national life that it is necessary and right to give all 474 local councils in England, every NHS trust and fire service, the Environment Agency, and even the Royal Mail and the Royal Pharmaceutical Society access to communications data or surveillance powers, or how that increases the security of the nation. Secondly, it would be a sad day when the House could no longer place reliance on assurances from Ministers.
It is not surprising that the Rowntree report found that over two-thirds of the population no longer trust the Government with their personal data. How will the Government address this huge deficit in trust? The issue has been accurately described by my noble friend as the creeping subordination of the individual to the state."