The Government's proposals for the UK identity card, published in April, include legislation that would allow for extensive records to be kept tracking an individual's use of the card.
Law enforcement agencies and security services would be given wide access to these records, which are among other data items stored in the central registry database which supports the card scheme.
Giving evidence to the Home Affairs Committee in Parliament yesterday, Mr Thomas said he greeted initial plans with "healthy scepticism." But as the details of Government plans became apparent, this turned to "increasing alarm".
He warned that the scheme represents "a really significant sea change in the relationship between state and every individual in this country."
Mr Thomas explained that he was not against identity cards in principle; but his concern was with the national identity register that appears to be at the heart of the Home Office plans.
Warning that the British plans are more ambitious than those of any other country, Mr Thomas said the cards, which include biometric data, also represent a "very, very attractive proposition for criminals."
The Home Secretary's official spokesman accused the Information Commissioner of "grandstanding" and Shadow Home Secretary David Davis called the attack "irresponsible". But Dr Chris Pounder of Masons, the firm behind OUT-LAW.COM, and editor of Data Protection and Privacy Practice, expressed his support for the views of Mr Thomas.
Dr Pounder attended yesterday's meeting and commented afterwards:
"The Information Commissioner's comments are in line with our written evidence to the Committee. In that evidence we say that if the draft ID cards bill is enacted in its current form, there needs to be higher level of privacy protection than that which is currently provided by the current Data Protection Act.
"For instance there needs to be enhanced powers to the Information Commissioner, and a link created between the Data Protection Act and Article 8 of the Human Rights Act which calls for public authorities to respect an individual's privacy."
"We think that the Principle dealing with rights in the Data Protection Act could be amended to state that:
'Personal data shall be processed in accordance with the rights of data subjects under this Act and in particular, any processing of personal data shall respect the private and family life and correspondence of each data subject.'
"This would allow the Information Commissioner to directly deal with complaints from individuals who allege that their personal data associated with the ID card scheme have been processed in a manner which is not proportionate in human rights terms."