Out-Law News 3 min. read
16 Jan 2009, 9:15 am
A new law published for debate by Parliament suggests allowing data collected for one purpose by one department to be used for another purpose by another department. The data would be available for use on request by public sector bodies outside of central government.
But Rosemary Jay, a privacy expert at Pinsent Masons, the law firm behind OUT-LAW.COM, said that the law did not restrict sharing to the public sector.
"The power will allow information to be disclosed or used for other purposes and be subject to further onward disclosures," she said. "It extends to all information, not just personal data, and there is no restriction to sharing within the public sector."
"It would allow for information to be shared with banks or other financial institutions. There is no restriction on purpose of the sharing so for example it would enable the Minister to make an order empowering the tax authorities to disclose the earnings of individuals to credit reference agencies," said Jay.
Jay said that such disclosures could be made without the person whose information is being shared ever knowing about it.
The proposed new law, Coroners and Justice Bill, would insert amendments into 1998's Data Protection Act (DPA) to allow the wider sharing of information.
The DPA orders that all sharing of personal information is conducted in line with eight principles. People using personal data must do so for limited purposes, but the proposed changes to the Act would allow information collected for one purpose to be used for another, and by another person.
The new law would allow an authority, such as a minister, to order the transfer of data. "[The new law] creates an order-making power to enable a person to share information that consists of, or includes, personal data," said a Government explanatory note to the Bill.
"Sharing…includes both the disclosure of data between two or more persons (such as when one company provides its client list to another company for commercial purposes), as well as where a single person uses some data for a purpose other than that which it was obtained for," it said.
The guidance said that, for example, a Government department which gathered the information to collect tax could then use it in the provision of benefits.
Liberal Democrat shadow justice secretary David Howarth said that the changes were "more building blocks of [Government's] surveillance society".
"We’ll be told it’s vital to fight crime and terrorism, but soon local authorities will be asked to share our personal information with a range of public and private bodies for the most spurious of reasons," he said in a statement. "This is particularly troubling since the Government has already shown itself entirely incapable of keeping our personal data safe."
Justice Secretary Jack Straw said that the law change was designed to ease people's dealings with Government and its agencies.
"I think all members of the public are in two places on this. Data relating to you and your family should be protected and that is an absolute imperative," he told reporters. "But you don't want personally to give the same information again and again if it can be safely held and safely transferred."
Any minister making an order under the law must give 21 days' notice to the Information Commissioner's Office (ICO), which can then comment on whether or not the order is proportionate to achieve the stated policy objective.
Jay said, though, that that safeguard is not particularly strong, and that use of the new law could breach individuals' rights under the European Convention on Human Rights, which guarantees a right to a private and family without interference from the state.
"It must raise the risk that the Government could end up in breach of either the Convention rights or the Data Protection Directive," she said. "The safeguards are limited. The disclosures can be justified by any 'relevant policy initiative' and there is limited opportunity for consultation or external comment."
Pinsent Masons and Amberhawk Training are holding an Update session on 26th January in London where up to date data protection topics are the agenda. If you are interested in this event, please email [email protected] for a brochure.
