Overlooked - Liberty

More documents

Recommendations

Info

Overlooked: Surveillance and personal privacy in modern Britain 109 8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects. The Schedules set out the circumstances in which data processing is permitted in relation to data and sensitive personal data 214 . These circumstances include the giving of consent, processing to protect vital interests of the data subject, and processing by public bodies in relation to their work. The DPA also contains exemptions to the data protection principles for purposes such as crime detection and collection, tax collection, national security and health, education or social work. The DPA has historically proven to be a partially effective mechanism for regulating and controlling the processing of personal data. However, in recent times, further shortcomings are perhaps becoming apparent. The decision in Durant, referred to in the section on CCTV, has shown the limitation of scope of DPA in relation to CCTV, although the new draft guidance from the Information Commissioners Office (ICO) does seem to lessen the negative impact. It is also now arguable that technological developments, particularly in relation to the scale of automated data processing possible when data matching and data mining, are outstripping the DPA. To take the second data protection principle as an example: ‘data shall only be processed for one or more specified purpose’. The section on Identity Cards mentioned that this principle was being seen as an obstruction to effective information sharing by government departments. Whether or not this is the case, the second principle does not seem well-equipped to deal with mass data processing. At the time of the Data Protection Directive and of the passing of the DPA in the mid and late 1990s, the processing of data was still largely that of single pieces of data for single purposes. There is nothing within the DPA or inherent to the second principle to limit this other than that the purposes for which data are processed need to be specified. This is done by registering the purposes with the ICO. This obligation will not place any significant limitation on data matching practices. Data matching will usually be done for the purposes of crime detection and prevention. If this or any other purpose is notified to ICO, there is no other express limit within the DPA of the scale on which the processing takes place. The Commissioner is given no specific power to refuse an application for notification so long as it is made in the prescribed form. The third data protection principle, that ‘personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed’ would appear to place some limitation on scale. However, the requirement that data be not excessive would appear to apply to the amount of data relating to a particular individual rather than the number of people who have had their data processed though data matching. Coupled with concerns over the adequacy of the DPA when applied to modern processing techniques, are the more practical considerations over the ability of the ICO to limit excessive data sharing. There is an inherent limitation upon the effectiveness of a publicly funded body in regulating the public sector. This is no reflection on the work of the ICO, which has frequently drawn attention to privacy issues and highlighted the dangers of the ‘surveillance society’. The current Information Commissioner, Richard Thomas, has often demonstrated a willingness to comment on Government 214 Sensitive personal data is defined by S.2 DPA and relates to data concerning the racial or ethnic origin of the data subject, his political opinions, his religious beliefs or other beliefs of a similar nature, whether he is a member of a trade union, his physical or mental health or condition, his sexual life, the commission or alleged commission by him of any offence or any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.
110 Overlooked: Surveillance and personal privacy in modern Britain proposals. When giving evidence to the House of Commons’ Home Affairs Committee on the subject of Identity Cards, he described their introduction as a ‘very significant sea change in the relationship between the state and every individual in the country’ 215 . Despite these interventions, the capability of the ICO in regulating the public sector must be limited. Not only is it also a public body but it has resource limitations. The ICO polices not only data protection but also the legal freedom of information framework. The budgetary and resource restrictions under which the ICO operates means its ability to police data protection is necessarily limited. If the statutory framework and accountability is limited in its ability to temper privacy invasions, then what reform other than a new single piece of legislation would be appropriate Liberty believes a mix of targeted statutory reform, effective guidance, enhanced enforcement and improved accountability should be at the heart of improved privacy protection within the United Kingdom. Findings Set out below are the main findings of this work. They cover both findings of fact (such as the growth of the national DNA register) and findings of opinion (such as the implications of the growth of the National DNA register). They cover both overarching points relevant to several of the specific areas of study as well as the context-specific findings arising from each section. General 1) Possibly the most significant sea change in the nature of information privacy is the blurring of a distinction between historically distinct forms of surveillance. For example, targeted surveillance has typically been interpreted as led by human intelligence against specific individuals or organisations in the course of a criminal investigation. Meanwhile, mass surveillance arguably was not surveillance in a strict sense in that it would not be targeted at any person but involved the retention and dissemination of visual or information data in anticipation of use at a further point. Mass surveillance also covered a wide range of activity covering public service access, state benefit entitlement and so on. Demarcation between previously separate forms of surveillance is blurring through the increasing use of data matching and data mining. These activities typically involve automated trawling though seemingly innocuous data to identify anomalous or potentially suspicious patterns. Data matching and mining increasingly are being identified in departmental White Papers as an effective and resource-efficient crime-detection tool. This is filtering through into legislation with the Serious Crime Bill currently before Parliament making specific provision for data matching to combat fraud. Consideration of moves towards data matching and mining should also make reference to profiling. Profiling essentially involves the same data filtering techniques but as yet has not been specifically proposed by the Government as a legitimate and proportionate crime detection device. Profiling is concerned more with identifying information relating to an individual than about details of income, benefits and so on. As a consequence, it is inherently more invasive and touches on more sensitive subject matters such as ethnicity or religion. However, as has been discussed, it is increasingly being referred to as a potentially justifiable method of data filtering, particularly in response to national security concerns. 215 http://www.publications.parliament.uk/pa/cm200304/cmselect/cmhaff/130/4060801.htm
Page 1 and 2:
Overlooked: Surveillance and person
Page 3 and 4:
Acknowledgements I would like to th
Page 5 and 6:
II Overlooked: Surveillance and per
Page 7 and 8:
iv Overlooked: Surveillance and per
Page 9 and 10:
2 Overlooked: Surveillance and pers
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
10 Overlooked: Surveillance and per
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66: 58 Overlooked: Surveillance and per
Page 107 and 108: 100 Overlooked: Surveillance and pe
Page 115: 108 Overlooked: Surveillance and pe
show all

Overlooked - Liberty

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?