The draft legislation identifies five statutory purposes behind the ID card scheme. Whilst two of these purposes deal with the Card's use in connection with entitlement or identification, the other three statutory purposes focus on the collection of personal data for, and the disclosure of personal data from, the central registry database.
This shift of focus in the Bill, to the needs of the central registry database, is reflected in the main objectives of the draft Bill, as specified in its first 25 clauses. Of these 25 clauses, seven relate to collecting personal data for the central registry database, two relate to maintaining the database, and six relate to disclosures from the database – a total of 15 clauses. By contrast, only three clauses concentrate on ID cards and five clauses control identity checks. Yet it is these eight clauses which define the title of the Bill - the "Identity Cards Bill".
In its original consultation document, "Entitlement Card and Identity Fraud", the Home Office stated that "it is most unlikely that entitlement information relating to specific services would be held on the central register". However, in the draft Bill published last week, the central registry database are now to contain "access records".
These "access records" include "particulars of every occasion on which a person has accessed an individual's entry and of the person who accessed it". Thus, for instance, if an individual card-holder uses a service during which the service provider checks identity or entitlement, then there can be a record which links the service provider with the card-holder.
If the Government is successful in bringing the draft Bill into law, and establishing the ID Card system, the provisions will create an electronic fingerprint of everyone who uses a service which requires an ID Card check. It will in turn create pointers to sources of detailed information, held by the service provider, about the services used by each UK citizen.
Annex 4 of the Explanatory Memorandum accompanying the draft Bill explains that personal data associated with the use of the Card will be kept indefinitely. It follows that records which give details of each time an ID Card references the central registry database are likely to be retained for the lifetime of each UK citizen.
Under the Bill, the police and security services will be given powers to require disclosure of these access records for purposes "connected with" serious crime. Because this disclosure is subject to a statutory provision, the exemption from the non disclosure provisions will apply (section 35(1) of the Data Protection Act). This means that most of the data protection principles do not apply to the disclosure.
Paragraph 9 of Schedule 1 of the Draft ID Card Bill also states that details of all those to whom data are disclosed "may be held". This means that there is no compulsion to hold records of disclosure in certain circumstances. Where disclosure to the security services and the police is involved, there are certainly arguments for such details not to be recorded. In such circumstances the National ID Card Commissioner and the Information Commissioner, who will control the uses of data, might not know important details of accesses by the police and the security services, potentially limiting their powers in overseeing the ID Card scheme.
Dr Chris Pounder, editor of Data Protection and Privacy Practice, published by Masons (the law firm behind OUT-LAW) commented that:
"The Government's proposals, if enacted in their current form, could amount to the lawful, secret, unrecorded access by the police and security services to centralised details which could, over time, list all the important public and private services used by each card-holder during his or her life-time".
"This raises very serious and new privacy concerns about the central registry database, as the two Commissioners charged with protecting privacy in the ID Card scheme could be in the dark about the volume and nature of the access requests to the central registry database by the security service and police."