MPs propose new safeguards for Government uses of personal data

The Committee examined surveillance in public and private life, from CCTV and plans for a national ID card to credit card records and search engine logs. Warning of the risks of excessive surveillance, the House of Commons Home Affairs Committee called for a new approach.

"In the design of its policies and systems for collecting data, the Government should adopt a principle of data minimisation: it should collect only what is essential, to be stored only for as long as is necessary," said the report, released yesterday.

It warned that the Government "should resist a tendency to collect more personal information and establish larger databases."

The report sets ground rules for the Government and its agencies to build and preserve trust.

"Unless trust in the Government’s intentions in relation to data collection, retention and sharing is carefully preserved, there is a danger that our society could become a surveillance society," it said. Information Commissioner Richard Thomas first warned that the UK was a risk of "sleepwalking into a surveillance society" in 2004.

The Committee has recommended that Government should:

• Give an explicit undertaking to adhere to a principle of data minimisation and should resist a tendency to collect more personal information and establish larger databases;
• Only create a major new database, share information or implement proposals for increased surveillance in circumstances when there is a proven need;
• Take responsibility for safeguarding the personal information it collects and should exercise this responsibility before collection takes place;
• Hold information only as long as is necessary to fulfil the purpose for which it was collected. If information is to be retained for secondary purposes it should normally be anonymised; and
• Design every system with a focus on security and privacy.

In addition, the report sets ground rules for the Home Office. The Home Office should:

• Not routinely use the administrative information collected and stored in connection with the National Identity Register (the database associated with the ID Card), to monitor the activities of individuals; 
• Take every opportunity to raise awareness of how and why the surveillance techniques provided for by the Regulation of Investigatory Powers Act (RIPA) might be used, and keep under review the effectiveness of the statutory oversight of RIPA powers; and
• Ensure that any extension of the use of camera surveillance is justified by evidence of its effectiveness for its intended purpose, and that its function and operation are understood by the public.

The Committee also recommended that the Information Commissioner should lay before Parliament an annual report on surveillance. The Government should make a formal response to this report, it said, also to be laid before Parliament.

Committee Chairman Rt Hon Keith Vaz MP told OUT-LAW: “What we are concerned with is the tendency to collect more and more data just because the technology allows it and for data to be used beyond the purposes it was initially collected for."

"For example, we would completely object to any attempt to use data on children for the purposes of predictive criminal profiling rather than child protection and we want an assurance from Government that this kind of thing will not happen,” he said. “The key issue is trust – the public don’t have much choice over the data held on them by public bodies, so they must be confident about how it is being collected, stored and used – otherwise we are in danger of becoming a surveillance society."

Dr Chris Pounder, a data protection expert with Pinsent Masons, the law firm behind OUT-LAW.COM, gave oral and written evidence to the Committee. He welcomed the report's emphasis on trust.

"The thrust of my oral evidence was that the public had to trust that the surveillance and data sharing was limited in accordance within the rules, it had to trust that staff involved in data sharing were properly trained and that procedures for authorising the data were properly maintained, and the public had to trust that Parliament did not enact legislation that provided for function creep," he said.