New UK government attack on information rights
Time for some news from back home in Airstrip One… I’ve argued since our Report on the Surveillance Society came out back in 2006, that two of the biggest problems with information rights in Britain are:
- the lack of any constitutional protection for personal information and the consequent contingency of any laws on data protection; and
- the apparent belief on the part of the state that it has information rights over the personal information of citizens (or subjects, in reality).
Thus the state can demand information for the ID card scheme under threat of fines or even imprisonment, yet it is entirely the individual’s fault if information is incorrect.
Now, the ever-vigilant NO2ID campaign has noticed something that few others have, that hidden in a new criminal justice bill, the Coroners and Justice Bill is a measure to amend the Data Protection Act to enable government ministers to issue so-called ‘Information Sharing Orders’.
The clause (152, in Part 8, if you’re interested) reads as follows:
152 Information sharing
(1) After section 50 of the Data Protection Act 1998 (c. 29) insert—
“Part 5A Information Sharing
50A Power to enable information sharing
(1) Subject to the following provisions of this Part, a designated authority may by order (an “information-sharing order”) enable any person to share information which consists of or includes personal data.
(2) For the purposes of this Part—
“designated authority” means—
(a) an appropriate Minister,
(b) the Scottish Ministers,
(c) the Welsh Ministers, or
(d) a Northern Ireland department;
“appropriate Minister” means—
(a) the Secretary of State,
(b) the Treasury, or
(c) any other Minister in charge of a government department.
(3) For the purposes of this Part a person shares information if the person—
(a) discloses the information by transmission, dissemination or otherwise making it available, or
(b) consults or uses the information for a purpose other than the purpose for which the information was obtained.
(4) A designated authority may make an information-sharing order only if it is entitled to make the order by virtue of section 50C and it is satisfied—
(a) that the sharing of information enabled by the order is necessary to secure a relevant policy objective,
(b) that the effect of the provision made by the order is proportionate to that policy objective, and
(c) that the provision made by the order strikes a fair balance between the public interest and the interests of any person affected by it.
(5) An information-sharing order must—
(a) specify the person, or class of persons, enabled to share the information;
(b) specify the purposes for which the information may be shared;
(c) specify the information, or describe the class of information, that may be shared.
(6) An information-sharing order may not enable any sharing of information which (in the absence of any provision made by the order)”
Whilst this is not necessarily “as grave a threat to privacy as the entire ID Scheme” as NO2ID claim, the clause is written so broadly (a characteristic of New Labour’s approach to legislating) that it could mean that a Minister with the will could authorise any kind of personal information from any source to be used for as yet unspecified purposes for which it was never intended to be used. It is a blatant attempt to gut the already inadequate safeguards in the Data Protection Act, albeit in particular (ill-defined) instances and at Ministerial level, rather than a blanket provision applying to almost all public authorities (like say, the Regulation of Investigatory Powers Act(RIPA) which enabled local authorities to spy on people for tiny suspected infractions).
However, we shouldn’t allow the precedent to be set at any level…