Feeds

Privacy groups demand one commissioner to rule them all

How many privacy commishes do we really need?

Choosing a cloud hosting partner with confidence

The UK needs a single privacy commissioner, and not the tangle of officials it is creating to police the area, an alliance of pressure groups claimed yesterday.

Terri Dowty, Director of Action on Rights for Children (ARCH), warned of the uncoordinated and ineffective proliferation of commissioners now operating in this area. Dowty made the call on behalf of a number of other campaign groups, including Privacy International, Genewatch UK and NO2ID.

The call came in a statement broadly welcoming of government proposals to cut back on its predecessor's over-bearing regulation of everyday life, Dowty expressed concern that the Protection of Freedoms Bill, which received its second reading in Parliament this week, proposes the establishment of two new commissioners for biometrics and CCTV. This would expand the number of commissioners responsible for privacy and surveillance from three to five.

However, Dowty said: "[this] will not necessarily lead to greater protection for the public and may even fracture the protection that already exists.

She went on: "The only way of providing meaningful oversight of freedom and privacy is to bring all of these commissioners into a single privacy commission".

Over the last few years, the UK has invested heavily in "Commissioners", with individuals bearing that title employed to look after areas as diverse as Children, Traffic and Immigration Services. We already have:

  • An Information Commissioner, responsible for promoting and enforcing compliance with the Data Protection Act 1998
  • An Interception of Communications Commissioner created by s57 Regulation of Investigatory Powers Act 2000, whose duties include the oversight (but not the investigation) of those who issue warrants and the procedures of those acting under warrants
  • A Chief Surveillance Commissioner with similarly limited powers, charged with keeping under review the operation of the powers and duties of directed and covert surveillance under RIPA.

The Repeal Bill proposes adding two more Commissioners whose remit would broadly cover issues of privacy. Clause 34 of the Bill would establish a Surveillance Camera Commissioner, responsible for advising the Home Secretary on the drawing up of a code of practice (on the use of surveillance cameras) "encouraging" compliance with the code and reviewing its operation.

Clause 20 would establish a Biometrics Commissioner, whose role would be limited to reviewing any national security determinations made under existing terrorism legislation or under Clause 9 of the Bill, and with the power to order the destruction of biometric material if it cannot lawfully be retained.

A spokesman for the Home Office told us that such rationalisation was not being proposed, because the areas covered by each Commissioner and the powers granted to each were wholly different. This response also implied a certain lack of joined-up thinking on the part of government, as they suggested that since some of these roles fell under the Ministry of Justice, some under the Home Office, a single view on the subject of Commissioner rationalisation was not possible.

However, according to those in favour of rationalisation, this is simply rhetoric disguising some very real flaws in current proposals.

First, as ARCH points out, there is already overlap of powers (on CCTV, for instance), leading to confusion as to which Commissioner is responsible for particular fields and also the creation of gaps that no single Commissioner feels empowered to cover.

Second, the proliferation of Commissioners has costs attached - and while these may not be massive (of the order of £2m for an "ordinary" Commissioner, and £17m for the Information Commissioner) there are clearly savings to be made.

Finally, by limiting the powers of individual Commissioners to such narrow areas, the government is failing to future-proof its Freedoms Bill and instead is creating an inevitable requirement for future Commissioners to be created in response to new threats to privacy, such as RFID, or additional obligations set by EU directives.

Is government really opposed to the idea of a Privacy Commissioner? Or is it possible, as Dowty suggests, that the idea just hasn't occurred to them? ®

Intelligent flash storage arrays

More from The Register

next story
Scrapping the Human Rights Act: What about privacy and freedom of expression?
Justice minister's attack to destroy ability to challenge state
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
4chan outraged by Emma Watson nudie photo leak SCAM
In the immortal words of Shaggy, it wasn't me us ... amirite?
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.