Privacy groups demand one commissioner to rule them all
How many privacy commishes do we really need?
The UK needs a single privacy commissioner, and not the tangle of officials it is creating to police the area, an alliance of pressure groups claimed yesterday.
Terri Dowty, Director of Action on Rights for Children (ARCH), warned of the uncoordinated and ineffective proliferation of commissioners now operating in this area. Dowty made the call on behalf of a number of other campaign groups, including Privacy International, Genewatch UK and NO2ID.
The call came in a statement broadly welcoming of government proposals to cut back on its predecessor's over-bearing regulation of everyday life, Dowty expressed concern that the Protection of Freedoms Bill, which received its second reading in Parliament this week, proposes the establishment of two new commissioners for biometrics and CCTV. This would expand the number of commissioners responsible for privacy and surveillance from three to five.
However, Dowty said: "[this] will not necessarily lead to greater protection for the public and may even fracture the protection that already exists.
She went on: "The only way of providing meaningful oversight of freedom and privacy is to bring all of these commissioners into a single privacy commission".
Over the last few years, the UK has invested heavily in "Commissioners", with individuals bearing that title employed to look after areas as diverse as Children, Traffic and Immigration Services. We already have:
- An Information Commissioner, responsible for promoting and enforcing compliance with the Data Protection Act 1998
- An Interception of Communications Commissioner created by s57 Regulation of Investigatory Powers Act 2000, whose duties include the oversight (but not the investigation) of those who issue warrants and the procedures of those acting under warrants
- A Chief Surveillance Commissioner with similarly limited powers, charged with keeping under review the operation of the powers and duties of directed and covert surveillance under RIPA.
The Repeal Bill proposes adding two more Commissioners whose remit would broadly cover issues of privacy. Clause 34 of the Bill would establish a Surveillance Camera Commissioner, responsible for advising the Home Secretary on the drawing up of a code of practice (on the use of surveillance cameras) "encouraging" compliance with the code and reviewing its operation.
Clause 20 would establish a Biometrics Commissioner, whose role would be limited to reviewing any national security determinations made under existing terrorism legislation or under Clause 9 of the Bill, and with the power to order the destruction of biometric material if it cannot lawfully be retained.
A spokesman for the Home Office told us that such rationalisation was not being proposed, because the areas covered by each Commissioner and the powers granted to each were wholly different. This response also implied a certain lack of joined-up thinking on the part of government, as they suggested that since some of these roles fell under the Ministry of Justice, some under the Home Office, a single view on the subject of Commissioner rationalisation was not possible.
However, according to those in favour of rationalisation, this is simply rhetoric disguising some very real flaws in current proposals.
First, as ARCH points out, there is already overlap of powers (on CCTV, for instance), leading to confusion as to which Commissioner is responsible for particular fields and also the creation of gaps that no single Commissioner feels empowered to cover.
Second, the proliferation of Commissioners has costs attached - and while these may not be massive (of the order of £2m for an "ordinary" Commissioner, and £17m for the Information Commissioner) there are clearly savings to be made.
Finally, by limiting the powers of individual Commissioners to such narrow areas, the government is failing to future-proof its Freedoms Bill and instead is creating an inevitable requirement for future Commissioners to be created in response to new threats to privacy, such as RFID, or additional obligations set by EU directives.
Is government really opposed to the idea of a Privacy Commissioner? Or is it possible, as Dowty suggests, that the idea just hasn't occurred to them? ®