House of Lords Constitution Committee report on surveillance and privacy

By EDRi · February 11, 2009

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The report Surveillance: Citizens and the State recently issued by the House
of Lords Constitution Committee supports privacy and considers executive and
legal limits must be imposed to surveillance and data collection.

The report is a positive step in the promotion of individual freedom and
liberty and offers some recommendations in this direction.

One of the recommendations, following a suggestion from the UK Computing
Research Committee’s, is that the encryption of personal data should be
mandatory in some circumstances and that the Government should introduce
appropriate regulations in this sense. “We believe that encryption has a
vital role to play in ensuring the security of data, and that the Government
should insist upon its use as appropriate throughout the public and private
sectors,” says the report.

It also mentions that with the large majority of data loss cases occurred in
UK there had been no reference to data encryption which would have
diminished the potential impact of the losses. Even in cases when the data
were encrypted, unfortunately the password was attached to the storage
device or even lost.

Encryption company PGP Corporation also believes “More needs to be done to
educate staff on the importance of safeguarding information.” According to a
research conducted by privacy research firm the Ponemon Institute on behalf
of PGP, the average cost of a single lost record is almost 70 euro. Phil
Dunkelberger, chief executive of PGP stated that “organisations are taking
desperate measures to preserve their reputation and retain customers; this
study shows they simply cannot afford to lose out to competitors as a result
of poor data security.”

The Constitution Committee also recommended in its report that the data
controllers should be fined for “deliberately or recklessly breaching the
data protection principles”.

A very important recommendation is that DNA profiles of non-convicted people
should not be retained in the National DNA Database (NDNAD). “We expect the
Government to comply fully, and as soon as possible, with the judgment of
the European Court of Human Rights in the case of S. and Marper v. the
United Kingdom, and to ensure that the DNA profiles of people arrested for,
or charged with, a recordable offence but not subsequently convicted are not
retained on the NDNAD for an unlimited period of time.”

The Committee believes that the Regulation of Investigatory Powers Act
(RIPA) should be clarified recommending the Government to introduce “a
system of judicial oversight for surveillance carried out by public
authorities, and that individuals who have been made the subject of
surveillance be informed of that surveillance, when completed, where no
investigation might be prejudiced as a result. We recommend that
compensation should be available to those subject to unlawful surveillance
by the police, intelligence services, or other public bodies acting under
the powers conferred by the Regulation of Investigatory Powers Act 2000.”

The report also recommends that the Government consultation on proposed
changes for RIPA 2000 should “consider whether local authorities, rather
than the police, are the appropriate bodies to exercise such powers” having
in view that there have been cases when local authorities misused the
surveillance powers granted in RIPA. “These cases demonstrate that the
regulatory controls introduced at the time are insufficient.” If the local
authorities are found to be the right bodies to exercise the powers given by
RIPA, the report recommends that these ” Government take steps to ensure
that these powers are only exercised where strictly necessary, and in an
appropriate and proportionate manner.”

The report also acknowledges the necessity of an independent review of the
CCTV benefits and effectiveness in stopping, detecting and investigating
crime and calls for a legally binding code of practise in using CCTV by
private and public bodies. “The government has been clear that where
surveillance or data collection will impact on privacy they should only be
used where it is necessary and proportionate. The key is to strike the right
balance between privacy, protection and sharing of personal data,” says the
report.

The general message of the report is that the UK society witnesses
a very high level of surveillance affecting privacy and private life. “The
expansion in the use of surveillance represents one of the most significant
changes in the life of the nation since the end of the Second World War.
Mass surveillance has the potential to erode privacy. As privacy is an
essential pre-requisite to the exercise of individual freedom, its erosion
weakens the constitutional foundations on which democracy and good
governance have traditionally been based in this country.”

Following this report, the Government is to provide a written response
within the next two months. Further on a debate will be scheduled in the
House.

Lords Constitution Committee report on surveillance and privacy (6.02.2009)
http://www.openrightsgroup.org/2009/02/06/lords-constitution-committee-report-on-surveillance-and-privacy/

Constitution Committee – Second Report
Surveillance: Citizens and the State (21.01.2009)
http://www.publications.parliament.uk/pa/ld200809/ldselect/ldconst/18/1802.htm

Lords say surveillance society erodes foundations of UK (6.02.2009)
http://www.theregister.co.uk/2009/02/06/lords_reject_government_dat

Data breach costs rise to £60 per record, say researchers (5.02.2009)
http://www.out-law.com//default.aspx?page=9773