Data Protection (Hansard, 20 January 1982)

I beg to move,

That leave be given to bring in a Bill to make provision for the protection of data in accordance with the European Convention.

The Bill would enable in particular the setting up of an independent data protection authority as recommended by the Lindop committee in 1978.

The need for control over the collection and use of personal information has grown enormously over the last decade. I pay tribute to my many hon. Friends who have been active in this cause over several years and, in particular, to my hon. Friends the Members for York (Mr. Lyon) and Nuneaton (Mr. Huckfield), both of whom have presented Bills to meet this need.

A previous White Paper revealed that no fewer than 220 different functions of Government involve computerised personal information about identifiable individuals. Most of these computerised Government data banks contain anything from 10,000 to 1 million names. In addition, as the records become computerised, separate systems can be linked so that, for example, Government officials could have almost instant access to all the information now held separately on one individual—for instance, information about family relationships, previous and present addresses, criminal records, income tax and VAT returns, medical treatment including any history of mental ill-health, credit rating, social work reports, political and trade union activities and so on. I submit that legislative controls are needed to ensure that any Government, present or future, do not abuse the new technology in the name of efficiency or security.

That is, however, by no means the only danger. Computerised data banks are particularly vulnerable to espionage, eavesdropping and error. However, manually stored data banks can equally threaten the individual's privacy in several disturbing ways. Information on him may be collected unlawfully, by underhand means or without his consent. The information may be inaccurate, incomplete, out of date or irrelevant. Other people may have access either to some or to all of this information that he thought was stored confidentially and that they ought not to have. Information given for one purpose, wholly legitimately, may be transferred without his consent, and perhaps even without his knowledge, for an entirely different and perhaps highly embarrassing and damaging purpose.

This matter is serious because a person may suddenly find that, for totally unjustifiable reasons of which he may not even be aware, he is suddenly prevented from acquiring a credit card or he may be denied hire-purchase facilities. More seriously, information about criminal records going back several years, an investigator's report based on malicious gossip, or speculation about an individual's politics or sex life can suddenly block promotion or lead to abrupt dismissal.

Worst of all, simply wrong information being fed in, against which the individual at present has no defence, can do irreparable damage. I quote the case, recently reported in the newspapers, of Mrs. Jan Martin. While she and her husband were motoring on the Continent, a lorry driver saw them at a cafe in Holland and thought that he 292 recognised Mr. Martin as a member of the Bader-Meinhof gang. The lorry driver reported this to the Dutch police, who passed the information to London. Shortly afterwards, Mrs. Martin suddenly found herself barred from a job with a film unit under contract to a company that had by one means or another gained access to the information. It was only because her father happened to be a senior police officer with contacts at Scotland Yard that the whole truth came out.

I would add only that the National Council for Civil Liberties, to which I pay a warm tribute for its long-standing campaign for the right to personal privacy, has dozens of individual case histories of persons who have had similarly damaging experiences but have not had the benefit of such high-level and fortunate contacts.

One other relevant matter to which I draw particular attention is the police national computer, which now holds over 36 million entries, and the Scotland Yard computer, which by the middle of the 1980s will store information equal to that on one fifth of the population of the whole Metropolitan police area. As hon. Members will know, there have recently been several highly damaging leaks reported from these records.

It is interesting to see what the Lindop committee said about this. It was denied access by the Home Office to the plans for the Metropolitan police special branch computer. The Committee concluded: We do not have enough evidence to give a firm assurance … that the public need not be unduly alarmed by the use of computers for police purposes. Its scepticism has been corroborated by the report a week ago that persons were being entered on special branch files in Devon and Cornwall and, I presume, everywhere else, for such wholly inappropriate reasons as that they were anti-nuclear campaigners, that they opposed blood sports, or that they were members of the anti-apartheid movement. While, of course, one must insist that individuals cannot have access to criminal intelligence and genuine security files, I believe that we should consider the Swedish system whereby a duly authorised security-cleared person could inspect such files to ensure that they do not contain improper data.

Against this background, the Bill would aim to remedy the major threats against privacy which arise from several sources. For example, the use of most bugging devices and telephone taps is not at present illegal. It is not a criminal offence to obtain confidential information by deception or to release that information to others who should not have it. There is almost no right to bring an action for damages against an invasion of privacy. There is, with one exception, no legal right for the individual to see files kept on him or her, and criminal records are far from being entirely secure against the intrusions of private agents or employers.

Not only personal privacy but Britain's economic interests need safeguarding. The commercial director of Lucas Industries has recently been reported as saying that unless the Lindop committee recommendations are implemented urgently, British industry will be unable to move computer data freely between Britain and abroad and, therefore, The British balance of payments will suffer dramatically. For those reasons alone it is vital to bring Britain up to international standards in this respect

The Bill would do that because it is wholly in line with the Council of Europe convention for the protection of 293 individuals with regard to automatic processing of personal data, which the Government have signed but not yet ratified.

In outline, the Bill would establish an independent data protection authority. I should like to make it clear that I strongly reject the view that has been floated that the Home Office itself should be the watchdog body for privacy legislation. That is wholly unacceptable.

The Bill would incorporate the substantive principles of the convention as I have indicated them. Specifically, it would give individuals the right to see and, if necessary, challenge and correct the contents of personal records held on them. It would require the operators of data banks, both manual and computerised, to register with the authority, and place a duty on the authority to issue statutory codes of practice, giving detailed guidance on how to comply with these principles. I emphasise that the voluntary codes of practice, which I gather the Government may be considering, are wholly unacceptable if the serious abuses that have been revealed are to be effectively redressed. The British Medical Association and many other bodies have rightly refused to countenance voluntary codes of practice. It would also give the authority the power to investigate complaints and ensure compliance with the codes of practice, with the power to de-register data banks that failed to meet the standards.

I believe that the Lindop recommendations command widespread support in this country. For too long Government have done nothing. I hope that all those who believe that personal privacy should be protected against the increasing encroachments of an authoritarian State will support the Bill.