Whitehall’s “illegal” database campaign
News that up to a quarter of all government databases may be illegal comes as little surprise.
A report by the Joseph Rowntree Reform Trust claims that as many as 25% of all Whitehall databases are probably in contravention of European privacy, human rights and data protection laws and should either be scrapped or redesigned.
The Trust funds political campaigns in the UK that promote democratic reforms and social justice.
It considered 46 Whitehall databases and found that a quarter of them are “almost certainly illegal” under human rights or data protection laws.
“The collection and sharing of sensitive personal data may be disproportionate, or done without our consent, or without a proper legal basis; or there may be other major privacy or operational problems,” explained the report.
Those singled out in this category are:
• The National DNA database, which holds approximately four million records, including those of nearly 40,000 children, and has already been condemned by the European Court of Human Rights. The Trust says that over half a million of its records are of innocent people who have not been convicted or cautioned for any offence and who have no pending legal proceedings against them;
• The National Identity Register, which will store biographical information, biometric data and administrative data linked to the use of an ID card;
• ContactPoint, the national index of all children in England. It will hold biographical and contact information for each child and record their relationship with public services, including a note on whether any sensitive service is working with the child;
• the NHS Detailed Care Record, which will hold GP and hospital records in remote servers controlled by the government, but to which many care providers can add their own comments, “wikipedia-style”, says the report, without proper control or accountability;
• The Secondary Uses Service, which holds summaries of hospital and other treatment in a central system to support NHS administration and research;
• The electronic Common Assessment Framework, which holds an assessment of a child’s welfare needs. It can include sensitive and subjective information, and is too widely disseminated;
• ONSET, a Home Office system that gathers information from many sources and seeks – extraordinarily – to predict which children will offend in the future. This suggests an emerging programme for a highly interventionist state;
• The Audit Commission’s National Fraud Initiative, which collects sensitive information from many different sources and, under the Serious and Organised Crime Act 2007, is absolved from any breaches of confidentiality;
• The communications database and other aspects of the Interception Modernisation Programme, which will hold everyone’s communication traffic data such as itemised phone bills, email headers and mobile phone location history;
• The Prüm Framework, which allows law enforcement information to be shared between EU member states without proper data protection.
But perhaps the most interesting of the Whitehall programmes to be condemned by the Trust is the Department for Work and Pensions’ cross-departmental data sharing programme, which involves sharing large amounts of personal information between government departments and the private sector.
Just listing these initiatives in the light of the inexorable ‘mission creep’ of such projects (either by design or incompetence) is enough to give serious pause for thought.
Factor in the increased sharing of data across borough and county borders in the name of citizen relationship management and you can begin to see the big picture: an imminent future in which the state can intervene in people’s everyday and private lives to an extraordinary degree, all in the name of efficiency and security.
Twenty-nine other databases are listed as being problematic and potentially illegal. The Trust recommends that these be scaled back and should offer people increased opportunities to opt out.
The findings suggest that the widespread extension of surveillance and data-gathering about British citizens may be exploiting the Internet’s ability to move more swiftly than legislation, and a culture of datasharing by stealth is being allowed to become the norm.
However you look at it, the Trust is suggesting that a large majority of the government’s IT programme is, or may be, illegal and of questionable value.
If “the innocent have nothing to fear”, as legend has it, then what of those innocent people whose data is incorrect, corrupt, or has been tampered with, stolen, or lost? Or retained on these databases despite there being no apparent reason for them being there?
The outsourcing industry will increasingly be called in to underpin these programmes. We should be wary of where all this is heading; the possible legal and social implications of the relentless, multibillion-pound pursuit of modernity, and the more mundane repercussions of a future government putting a red pen through this wasteful and dangerous campaign.