Clause 152

Notes towards a call to action on Clause 152

NO2ID Parliamentary Briefing on the Coroners and Justice Bill, 22 January 2009

  • "Buried among the numerous complicated and controversial provisions of this legislation is a single clause, clause 152 in the first draft of the Bill, which is a profound threat to privacy, liberty and the rule of law. It is enabling legislation that converts the Data Protection Act into a machine for massively increasing the dealing by government in information of all kinds. It is designed to allow ministers to use a fast-track regulatory procedure to sweep away data protection, human-rights considerations, confidentiality, legal privilege, and ultra vires when they would stand in the way of any use, acquisition or dissemination of information in pursuit of departmental policy.
  • "The availability of broad data-sharing along these lines would be a profound change in the way the country is governed, potentially altering the function of almost all other legislation. It should not be introduced at all, but certainly not without proper public debate. There has been no such debate.
  • "It would be a disaster if the “information sharing order” (ISO in what follows) were to be successfully smuggled through Parliament in this manner."
  • "The developing philosophy of ‘government by information management’ that we characterise as “the database state”, has become Whitehall orthodoxy without any systematic public debate, and the ISO should be regarded as the outcome of a desire to manage the citizen centrally as a single file, rather than permit separate relationships with separate organs of state, and of an impatience with mediating institutions such as Parliament and the rule of law. In this view, information sharing is seen as one-sidedly good for everyone. This is set out very clearly in a series of official documents on “Transformational Government” (The key ones are exhibited here: http://www.no2id.net/datasharing.php )."

Objections to information sharing provisions in principle

"We think that the “barriers” are not random obstacles. They are principles that have evolved in the courts and been captured in statute precisely because they protect things in human life that are worth protecting."

  • Detailed quotes from NO2ID's submission to the Thomas-Walport Review and a report by the Home Affairs Committee
  • "Ministers would be enabled to remake the law ad lib by regulation; and be subject only to the most flaccid test – whether sharing contributes to

the expedient pursuit of departmental policy."

Objections to information sharing provisions in practice

  • "...large scale sharing inevitably means large scale loss."
  • "Even ignoring the costs to liberty and privacy it should be very closely monitored for the sake of the public purse."

Information sharing provisions: Objections to process

"It introduces an entirely novel principle and does it in a single clause. Yet all the surrounding language and publicity is designed to minimise the consequences of what is being done. A series of “safeguards” are suggested to be in place. But, examined closely, they are no such thing."

NO2ID’s recommendations

  • "Information sharing, privacy and data security are all matters of great public concern and profound political importance in an information age. They ought to be openly debated and significant changes made only in the open. Hasty fixes driven by the convenience of officialdom are (even leaving aside all the points above) unlikely to produce anything good. While we could afford to ignore clauses 151, 153, and 154 did they appear by themselves – as so much legislative displacement activity – Parliamentarians should demand that the matters covered by Part 8 of the Bill are dealt with openly, in separate, fully timetabled legislation, and should make it absolutely clear that they will not permit such a broad enabling power as the ISO at all.
  • Clause 152 is so dangerous that no conceivable amendment makes it tolerable in a democratic society. It should be struck out.

SHARING THE MISERY: The UK’s strategy to circumvent data privacy protections

  • "The mass exchange of personal information has the potential to deliver some benefit, however it also presents vast risks associated with governance, privacy, security and human autonomy. In the rush to institute data sharing, these aspects have largely been ignored."
  • "Previously people’s consent was required, but now the consent of the governed is not longer being sought. In fact, the Government’s proposal eradicates consent from the governing framework, thus placing not only our data at risk but also fundamental tenets of our democracy."


== Summary
 of 
key 
points ==


  • "The information sharing provisions in the Coroners and Justice Bill constitute the gravest threat to data protection in the 25-year history of the Data Protection Act, and are among the most wide-ranging and potentially intrusive proposals ever laid before Parliament.
  • Clause 152 of the Bill will permit an almost limitless range of data sharing opportunities both within government and between commercial organisations, including, but not limited to:
    • Provision without patient consent of NHS files to medical research organisations
    • Massive expansion of the national DNA database, including for purposes other than the detection of crime
    • Bulk provision of NHS and other medical files to the insurance industry;
    • Disclosure of police intelligence data to private investigators and investigation departments of companies;
    • Bulk transfer of personal financial data to HMRC and other government departments
    • Disclosure of all vehicle insurance data from insurance companies to DVLA;
    • The sharing of client and customer lists between companies and with the government including, e.g. harvesting of biometrics by indirect means such as from ‘Clubscan’ databases, under pressure from licensing authorities;
    • Routine sharing of information from government departments to the intelligence and security services, without parliamentary approval., and vice versa (currently now forbidden);
    • Transfer of UK police data to foreign police agencies in Europe and elsewhere;
    • Disclosure of police records to social services and children’s data systems, and vice versa;
    • Disclosure of Automated Numberplate Recognition data to the Highways agency and other organisations;
    • Access by Criminal Records Bureau to police intelligence data, and an Information Sharing Order could also permit employers to share CRB check data;
    • Full disclosure of telecommunications data from service providers to government;
    • Automatic population of the National Identity Register with, e.g. complete electoral roll and tax records (effectively, near-universal registration without consent);
    • Sharing of data between council tax records and national databases including the electoral roll, and between national databases to councils for collecting council tax;
    • Bulk disclosure of hotel registration data to police and HMRC
    • In the context of anti-prostitution policy, STD clinic data to be shared with the government;
    • Routine transfer of background data of air travellers to destination countries but also to benefits authorities and HMRC − or DCSF to track down people taking their children to Disneyland in term time;
    • Disclosure of personal information held by local authorities to central government agencies and police;
    • Bulk disclosure of banking and communications administrative data to television licence enforcement authorities;
    • Disclosure of spending habits and product transaction data to government for purposes of monitoring personal carbon usage;
    • Routine disclosure of farmers’ personal financial details to EU farm subsidy programmes;
    • Disclosure of individual school and university academic and schooling records to funding authorities, and disclosure of personal financial details of families to access regulator to monitor university entrance;
    • Data on students' course attendance and library borrowing passed to immigration and security services in bulk;
    • Information from party conference registrations passed on from police to government departments and electoral commission;
    • Census data passed to government departments.

Summary

  • This policy has been the overarching vision of the UK Government since the late 1990s. We are surprised it has taken so long to devise a policy of this breadth and with such disregard for even the most basic safeguards. Despite continuous debates about genetic databases, health databases, and biometric databases, everything has been done to ignore debate on this policy. This can serve only to destabilise any decision made by Parliament on these other matters. To conclude, the problems with this law are as follows:

1. Based on an illegitimate consultation process over a ten-year period, created to justify whatever the Government drafted into law. Even the Information Commissioner’s Office has been compromised.

2. Avoids Parliamentary scrutiny by pushing orders through secondary legislation.

3. Consists of meaningless protections and oversight, where the ICO may provide comments to Parliament in a process where Parliament is not permitted to amend the order.