House of Lords report warns of 'Surveillance State'

Updated March 2009

In its recent report, 'Surveillance: Citizens and the State', the House of Lords has made sweeping recommendations for the review of data processing and surveillance powers, stating:
"We regard privacy and the application of executive and legislative restraint to the use of surveillance and data collection powers as necessary conditions for the exercise of individual freedom and liberty."

The UK, it says, now leads the world in the use of CCTV with some four million cameras in use. Its DNA database contains details of over 7% of its citizens, compared to just 0.5% in the USA.

The Government has highlighted that the use of such measures have proven to be essential tools in law enforcement and the protection of the public. Whilst the report accepts that surveillance has now become a necessary part of modern life, it criticises the selective way in which some surveillance and retained personal data is used.

The report considers the following four elements of the current legal framework relating to surveillance and data use:

• The Human Rights Act 1998;
• The Data Protection Act 1998 (DPA);
• The Regulation of Investigatory Powers Act 2000 (RIPA); and
• The law of breach of confidence.

It looks at how effective this regime is at controlling the surveillance activities of the state and the private sector and considers the trends that arguably pose a challenge to the current system of regulation. The report then goes on to make 44 recommendations that should be implemented to further protect individuals from invasions of their privacy. The recommendations include:

• the introduction of a legally binding regime for the use of CCTV by both the public and private sector;
• insistence upon the use of encryption as appropriate throughout the public and private sector;
• a review of the procedures set out in RIPA;
• a review of the law governing citizen's consent to the use of their personal data; and
• amendments to the DPA requiring government departments to produce Privacy Impact Assessments before introducing any new schemes for collecting or processing data.

There are also a number of recommendations for increasing the powers for the Information Commissioner's Office (ICO) including:

• new powers for the Information Commissioner to levy fines on data controllers for deliberately or recklessly breaching the data protection principles;
• a greater role for the Information Commissioner in advising Parliament in respect of surveillance and data issues;
• that central and local Government work with the Information Commissioner to raise public awareness of privacy issues; and
• the expansion of the remit of the ICO to include monitoring the effects of government and private surveillance practices on the rights of the public at large.

The report also makes a specific recommendation to public and private sector organisations stating:

"As surveillance is potentially a threat to privacy, we recommend that before public or private sector organisations adopt any new surveillance or personal data processing system, they should first consider the likely effect on individual privacy."

A full copy of the report can be seen at the United Kingdom Parliament website.

Comment
This report from the House of Lords follows an earlier report from the Information Commissioner in relation to the development of a 'surveillance society'. Both reports express concerns at the increase in Government and private data collection schemes. If recommendations are adopted, public and private sector organisations can expect increased scrutiny into, and regulation of, their surveillance and data processing practices.

This publication is intended for general guidance and represents our understanding of the relevant law and practice as at March 2009. Specific advice should be sought for specific cases; we cannot be held responsible for any action (or decision not to take action) made in reliance upon the content of this publication.