Feeds

ICO strengthens criticism of Government data sharing

Changes mind, speaks up a bit

Secure remote control for conventional and virtual desktops

The Government's controversial plans to share personal data between departments and with the private sector are "too wide" and the safeguards "weak" according to privacy watchdog the Information Commissioner's Office (ICO).

The ICO has released its second opinion on the contents of the Coroners and Justice Bill, which proposes legalising greater sharing of information between Government departments and with outside contractors and private companies who request it.

When the Bill's proposals were first published, the ICO was less critical.

"Some have suggested that the Bill’s information sharing provisions represent an unwarranted interference with the privacy of personal information. We do not agree. The provisions of the DPA will continue to apply to the sharing of personal information whether undertaken within the scope of an information order or otherwise," said its opinion, published on 22 January.

The ICO now believes that the proposed new law poses some dangers to privacy and for Government's accountability for the processing of personal data it has collected.

"The Bill’s information-sharing provisions are too wide, and its safeguards relatively weak," it said. "The provisions should only apply in precisely defined circumstances where there is a legal barrier to information sharing that would be in the public interest."

Rosemary Jay, a privacy law expert at Pinsent Masons, the law firm behind OUT-LAW.COM, warned of similar concerns when the Bill was published.

"It would allow for information to be shared with banks or other financial institutions," she said in January. "There is no restriction on purpose of the sharing so for example it would enable the Minister to make an order empowering the tax authorities to disclose the earnings of individuals to credit reference agencies."

Jay said that such disclosures could be made without the person whose information is being shared ever knowing about it.

The ICO is also concerned that the law will allow Government to make major changes in the field of information law without consulting Parliament.

"The Bill needs an additional safeguard, to prevent the use of information-sharing orders in the context of large-scale data sharing initiatives that would constitute significant changes to public policy," said the opinion.

The Bill allows the ICO to investigate Government departments it suspects of not processing or sharing information properly through the issuing of an assessment notice.

"The Assessment Notice provisions need to be widened, so the Information Commissioner can serve an assessment notice on any data controller," said the ICO's latest opinion. "The risks can be just as great outside the public sector and the boundary lines between the sectors are increasingly blurred. The House of Lords Select Committee on the Constitution supported this conclusion at paragraph 238 of its recent ‘Surveillance: Citizens and the State’ report."

In its first and its latest opinions, the ICO stressed that the fact that there is no penalty for failing to comply with an assessment notice makes it difficult to enforce them.

"The Bill should provide for a sanction for data controllers that fail to comply with an assessment notice," it said. "It is inconsistent that whilst there is a right of appeal against an assessment notice, there is no sanction for failure to comply with one."

The ICO also called attention to a definitional problem in the Bill. It says that "a person shares information if the person…consults or uses the information for a purpose other than the purpose for which the information was obtained."

The ICO said that this definition will cause problems. "This definition of ‘information sharing’ will cause considerable difficulty," it said. "Sharing information and using it for a different purpose are quite different activities; it is possible to share information without using it for a different purpose, or to use if for a different purpose without sharing it."

"This legally convoluted definition will pose a considerable and avoidable obstacle. If a definition of ‘information sharing’ is needed at all, [this section] should be deleted from it. If there is a need to address use of information for a different purpose, and we do not believe there is, then this should be covered by a separate provision," said the ICO. 

Copyright © 2009, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

The essential guide to IT transformation

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
This'll end well: US govt says car-to-car jibber-jabber will SAVE lives
Department of Transportation starts cogs turning for another wireless comms standard
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.