Feeds

back to article Expert: UK would break its own rules with web-snoop law

The UK government will have to create a new exemption to the rules for processing sensitive personal data in order to facilitate any new "fast-track mechanism" for data-sharing by its departments and public bodies, an expert has said. However, data protection law specialist Kathryn Wynn of Pinsent Masons, the law firm behind Out …

COMMENTS

This topic is closed for new posts.
Thumb Down

Why Bother?

I don't know why they are even wasting their time thinking about such things - everyone knows that these organisations only care about the DPA in terms of "can we tick the box" and never actually adhere to it's principals.

I'm sure that there will be nothing to stop individuals short-cutting any process that is put in place by simply copying data to a (unencrypted) thumb drive then giving it to whoever has asked for it (over the phone with no formal request or paper trail of course).

6
2
Flame

Re: Why Bother?

They don't even need to be so shady. They just say it's for "counter fraud" purposes, thereby sidestepping every protection put in place by the DPA.

It follows the letter of the law but it's so far off the spirit as to be laughable. It's pretty clear the counter fraud provisions were intended to be used when individuals were already suspected of fraud, not for the wholesale data matching and fishing expeditions currently carried out.

If you work for central/local govt., civil service, NHS, armed forces, have a student loan and/or claim housing benefit, tax credit, income support, disability benefits etc. then your details (including bank account info) have already been matched, mined and fished many times over by the so-called Counter Fraud Initiative.

We've got New Labour to thank for that, and if you think your data wasn't silo'd somewhere (*cough* National ID Database *cough*) then you're almost certainly mistaken.

0
0
Silver badge
Devil

So what?

This would have mattered under Napoleonic law. There a new law have to explicitly amend any relevant old law to keep the whole system coherent. Additionally, no law can override a fundamental right without an applicable amendment to the constitution. This puts a very good systems of checks and balances.

UK is not using Napoleonic Law. Under UK law:

1. The parliament is sovereign and cannot be bound. It can vote through any frigging drivel to its liking period and it does not matter if it suspends in part or in whole any right including part or all of the Magna Charta. There is no fundamental right in the UK law. There is no fundamental right to life, privacy, liberty, whatever. It is all left to the parliament's decision (I am tempted to say "whim").

2. Any new law can override any old law and precedent without mentioning that explicitly and keeping the "coherence" of the system is left to the courts (and the lawyers).

So this overrides the Data Protection Act... From a UK legal standpoint - "Yeah, so what?"

Now should it be that way is another matter (IMO it is about bloody time to have a constitution and a working legal system).

2
1
Silver badge

Re: So what?

"There is no fundamental right to life, privacy, liberty, whatever." -- You will find some rights in the Declaration of Human Rights, such as the right to life, a family and free (as in freedom) travel.

4
0
Gold badge

Re: So what?

Mostly true, but I believe that any Act that wishes to override the Bill of Rights has to say so explicitly or else it fails. There may be other niceties, particularly if a proposed law would violate a treaty signed by Her Gracious Maj with some other sovereign (such as all the EEC/EU stuff). We *do* have various bits and bobs lying about the place that perform functions equivalent to a constitution. We just haven't seen any particular need to gather them all into one definitive text.

This reticence is almost certainly caused by Fear -- anyone qualified to undertake such a task almost certainly believes that the process would flush out a number of contradictions between existing, binding commitments. Best not to expose too many of those to daylight, old chap.

3
0
Silver badge
Devil

Re: So what?

Quote: "You will find some rights in the Declaration of Human Rights". You are missing the point. UK parliament is sovereign and cannot be bound.

The Declaration of Human Rights is _NOT_ fundamental as far as UK legal system is concerned. Nothing is. Any law can modify any right in any way it likes and as long as it has been voted through by the parliament that will be it.

As an example - UK had a "Declaration of Human Rights" before. It is called "The Bill of Rights of 1689". So how much of it stands today?

0
0
Anonymous Coward

Surely...

...it is a good thing that parliament can't tie its own hands?

0
0

Re: So what?

I've often wondered about how a UK constitution could work. It would have to be put in a position where it overrides existing laws and sentences. It would be bloody messy, but if it's something that we truly believed was the fundamentals of life in our country, and core to our humanity, I don't see any other way of doing it.

I also find it difficult to argue for a "fixed" constitution. There are things that we do all agree on, but I don't think we all agree on them in the same manner. For instance, I think that everyone has the right to life, but those in favour of capital punishment wouldn't agree, and anti-abortionists would raise it, and who knows where morality will be in 200 years time? I mean, it's the same sort of problem that America faces with the right to bear arms. Regardless of whether gun law is good in the States or not, I don't see owning a weapon as a fundamental human right, and there are plenty of other things that some people might think were fundamental which I wouldn't agree with.

As a result, I've come to the conclusion that if I were to ever live to see a UK constitution, it would only work (i.e. not be rejected by the populace, or misused, or misapplied) if a couple of criteria were met:

1. It could change. It can (and would have to) be a very difficult process, but if something really is seen to not be relevant any more by the population, why should it continue to be fundamental to our laws?

2. It would have to be decided democratically. The people would have to have a feeling that they had direct input into it. How this would be managed I'm not sure, but it would require a referendum on the selected rights at the very least. I might not like the outcome, but I have faith in democracy, and am happy to accept the consequences of being in the majority/minority on issues, whichever it turns out to be.

3. It would have to have absolute authority. Once decided, it would have to be the very foundation of UK law.

Now, this is where I'm unsure whether or not it's actually workable, but I don't see it being feasible, and accepted under any other scenario.

1
0
Silver badge

Re: So what?

It used to be said in former times that Parliament could do anything except change a man into a woman. With the recent advances in technology, that exception may already have been ruled out.

0
1
Thumb Down

a privacy impact assessment...

Plod, local council etc. (insert as required); will this impact our privacy? No, right ho then, collect as much as you can and anyone who wants the information can have it.

3
0
Facepalm

Foolishness!

Foolish, foolish OutLaw.com thinking that the UK.Gov.PLC actually has to abide by, respect or even pay lip service to law!

1
0
Silver badge

Controlled sharing

I'm willing to share sensitive personal information with departments according to necessity and context. I'll share financial info with HMRC and DWP, but I wouldn't share it with anyone else. Likewise I give personal info to the Census that I wouldn't give to anyone else.

So I hope this doesn't become a blanket sharing scheme. Whatever is shared should be on the basis of necessity, not on the basis of availability.

I don't see any reason why the departments shouldn't be forced to publicise exactly what info is shared (just as, eg, PNR data is publicly defined).

1
0
Anonymous Coward

Re: Controlled sharing

Exactly. All this information was gathered for specific purposes. This just sounds like a blank cheque to combine any of it in any way the government thinks is convenient. If I remember correctly, that is what we were told would *never* happen.

0
0
Anonymous Coward

UK no longer has Rule of Law

It has Rule By Law.

1
0

DPA exemptions

The real questions are

1. proportionality - can they share personal data to pursue a petty offense or just because it's easier than a proper process with individuals' consent?

2. what are the mechanisms of oversight and redress?

As we have seen with much legislation introduced in the last decade, governments seem unable - or more likely unwilling - to distinguish between national security and serious crime on the one hand, and petty crime and "public interest" (making life easy for public servants) on the other.

This failure to make a clear distinction has resulted in a massive rise in public mistrust, so that even when there may be justification for an initiative on the first set of grounds, the public is deeply suspicious of how that initiative may be exploited for other than it's declared purposes.

1
0
Bronze badge

I suspect this is partly why some factions make such a fuss about the Human Right Act and the European Convention on Human Rights. They falsely blame all the trouble on the EU as well.

And some of the rights can easily conflict. That's why we have courts, but oh! the screaming about interfering judges.

They're not investigating crimes. They don't have a suspect to point to. They can't exploit the wiggle room that is built into all these things. This isn't just collecting the information that a Police State collects, and far more. It is setting up the privileged apparatus that is essential to a Police State.

1
0
Silver badge

Making people worried about giving sensitive information to the police is merely gibberingly insane.

Making people worried about giving sensitive information to their doctors, and the doctors worried about collecting such information, goes rather beyond that.

3
0
Anonymous Coward

Proofreading fail

I always assumed that there was some quality control on OUT-LAW's side as I have never before seen silly mistakes in one of their articles.

0
0
Silver badge

Maverick unit detected... alert, alert!

'Wynn said that the government risks "cutting across" the existing rules unless the new law is carefully drafted and contains "robust" privacy safeguards'.

She may not realize it yet, but she is about to experience an abrupt career change.

0
0
Anonymous Coward

Government Profiling

This could easily mean that the government is laying the foundations of another national ID card scheme, but with a comprehensive profile of each person. Think how much easier it would be for the police to track potential criminals.

1
0
Silver badge

Re: Government Profiling

This could easily mean that the government is laying the foundations of another national ID card scheme, but with a comprehensive profile of each person. Think how much easier it would be for the police to track all citizens.

FTFY

0
0
Anonymous Coward

This is the first step

On a path to complete data sharing among all public service departments.

Apply for a council house and they will be able to see if you are "known to police" and if they have any intelligence on you so they can exclude you. Given that the government under wacky jacky considered anyone on the DNA database as a criminal waiting to be caught its not surprising they want to share that information with each other.

Given the desire to scan every passport at the borders it wouldnt surprise me if the PNC and Borders Agency computers are linked and also cross referenced with the ANPR system.

2
0

"The DPA contains an exemption which states that personal data can be processed for the purposes of the prevention or detection of crime without having to inform individuals if informing the individuals would jeopardise the ability to prevent or detect crime."

That's OK then - since virtually everybody has probably committed a crime against one of the myriad of laws and regulations that abound the Statue Book, it will always be possible to find a "potential" crime to justify the shared snooping..

0
1
Anonymous Coward

Sir Humphrey Appleby's 'Need to Know' Everything

"The ICO's guidance advises organisations to employ 'need to know' principles to restrict access to personal data they hold, and assess whether a data sharing arrangement needs to be ongoing or on a one-off basis."

Before I even got to that part of the article, I was thinking of Sir Humphrey Appleby in Yes, Prime Minister, needing to know whatever was restricted on a 'need to know' basis, on the grounds that he needed to know in order to know whether or not he needed to know. The result, of course, was that he needed to know everything.

It's all to easy to imagine the police saying that they need unfettered access, on demand, to all data, otherwise how are they to know whether or not such data contains evidence of crimes yet to be detected? The detection of crime, after all, is where you discover that there are crimes to be investigated that you didn't otherwise know of. So, for the purposes of detecting crime, the police need to know everything that could, potentially, contain evidence of crimes to be detected and investigated.

Wasn't this the kind of thing the ConDem coalition was supposed to stop? Didn't they tell us that their shared commitment to civil liberties was the common bond that would hold the coalition together?

1
0
This topic is closed for new posts.