A probation officer who disclosed a domestic abuse victims details to the alleged abuser has been fined £150 and ordered to pay court costs. Compare this to the fine of £300,000 that Tesco received for ‘false and misleading’ strawberry pricing, and it becomes very apparent just how inconsequential a fine of £150 actually is.
We have warned about lax attitudes to data protection in the past, highlighting the shockingly low reprimand and dismissal rate for data breaches. The fact that only a tiny fraction of staff are disciplined brings into question how seriously managers take protecting the privacy of their users and local residents.
Our reports on data breaches and the use of private investigators, as well as our submissions to the Leveson Inquiry and Joint Committee on the draft Communications Data Bill, have all called for the government to introduce custodial sentences for those found guilty of an offence under section 55, where personal data is obtained or accessed unlawfully. This stance is echoed by the Information Commissioner’s Office, the Home Affairs Select Committee, Lord Leveson, the Joint Committee on the draft Communications Data Bill and the Justice Select Committee.
Today’s detention of David Miranda, the partner of The Guardian’s Glenn Greenwald who interviewed whistleblower Edward Snowden, is a direct attack on freedom of the press and a chilling reminder that our anti-terror laws are in desperate need of reform. Whoever took the decision to have Miranda arrested and detained should be named and held publicly accountable for this flagrant abuse of anti-terrorism laws.
The law Miranda was detained under provides powers to deal with those suspected of involvement with acts of terrorism, not a license to interrogate those with knowledge of the activity of journalists. If a foreign government detained the partner of a British journalist we would rightly be up in arms.
It is clear that this was not a random stop and search. Only 0.06% of all people detained under Schedule 7 are detained for more than six hours. Miranda was held right up to the maximum nine hours. According to the Government “fewer than 3 people in every 10,000 are examined as they pass through UK borders.
In the latest development of over-zealous internet filtering, the British Library has blocked access to Shakespeare’s Hamlet because of its “violent content”.
The block was discovered by author Mark Forsyth, who attempted to check a line from the play over the library’s wi-fi network.
We have repeatedly warned that there is a fundamental issue with filtering legal content based on a subjective moral view, often made by a third party and not the person operating the network. Does the British Library really think that the content of Hamlet is so violent to justify access being blocked to one of the most famous plays of all time?
When parents worry about what their children might see over public wi-fi, does the British library think that the most pressing issue is if they are reading English literature?
A guest post by former Big Brother Watch director, Alex Deane.
Longstanding BBW supporters may remember that I was once Director of this parish. For the past two years, I’ve been a Common Councilman in the City of London, aka the Square Mile. These two things crossed over significantly this week, with the news (broken by Quartz) that a company named Renew, which had installed bins in the Square Mile, was using a data collection capacity installed in those bins to collect information about mobile telephone usage amongst passers-by.
Let’s lance one canard right now: I don’t care what they were using this data for, or intending to use it for. You’ve got no right to snatch data from the airwaves like this, no matter what your ostensible motive and no matter how innocent your alleged plans. This behaviour is wrong in and of itself and it is a good thing that this case has resulted in controversy for those carrying it out and attention for the issue; all the better as it has happened early in the development of this technology – or at least, this latest iteration of it.
Today a new Code of Practice on the use of CCTV comes into force, to sit alongside the new position of Surveillance Camera Commissioner.
The code is a step in the right direction towards bringing proper oversight to the millions of cameras that capture our movements every day. However, with only a small fraction of cameras covered and without any penalties for breaking the code, we hope that this is only the beginning of the process and that further steps will be taken in the future to protect people’s privacy from unjustified or excessive surveillance.
Given that the responsibility for legally enforcing the Data Protection Act with regard to CCTV (apart from private cameras, which remain exempt) will remain with the Information Commissioner, we are concerned that public confidence will not be helped if the process of making a complaint and action being taken is not straightforward. Equally, the situation of private cameras not being subject to regulation, with the only power available to the police to prosecute for harassment, is unsustainable as the number of people using them increases.
For privacy campaigners, the issue of big data has been a cause for some time, with a growing trend of governments, businesses and other institutions gathering increasing amounts of data which is then analysed, often without consent from individuals.
It seems that universities are increasingly thinking about using the vast amount of data collected to analyse how facilities are used and identify students who may fail or drop out of their course. By doing this, universities are acting like they don’t require permission to use the data in this way and are seriously undermining student trust.
One university is considering performing a full analysis of emails and other text interactions between staff and students for performance management purposes. The potential for mission creep once the scheme is in place is huge. What happens when a protest takes place, or any other actions that the university may frown upon, does that mean the university would then analyse emails to see who had taken part?
Our report on private investigators, published earlier this year, highlighted the growing use of the industry by public authorities, with particular concern being raised about the occasions that they were used without RIPA authorisation.
The research has spurred investigations into how public authorities are using private investigators, with two stories from this week alone detailing shocking incidents of staff being placed under highly covert and intrusive surveillance, including a mother having a GPS tracker fitted to her family car. The Home Office has agreed with us that the industry should be regulated, stating that operating as an unlicensed private investigator will become a criminal offence.
However, far more could be done to rein in who is allowed to launch surveillance operations and making them responsible for the investigators working on their behalf. If the FBI are required to go to court to get a warrant then there is simply no reason why in Britain we shouldn’t expect snooping operations to be signed off by a judge.
The Home Secretary yesterday confirmed plans to regulate private investigators, including a new penalty for working as an unlicensed private investigator or supplying unlicensed investigators of a fine of up to £5,000 and up to six months in prison.
In our report earlier this year, we warned that private investigators were potentially being used to circumvent surveillance law by public authorities, and also identified their work as being a major threat to privacy where the information could be used in court if it had been obtained by improper means. We are pleased the Home Office has agreed with our recommendation to regulate private investigators.
We also highlighted in our evidence to the Leveson inquiry how journalists were not the only people using private investigators and that the wider issue was essential to address. As recent revelations about SOCA show, this is a very real problem and potentially involves a much greater scale of illegal activity than seen in the media.
While the Data Protection Act does offer legal protections, at present you cannot be sent to prison for breaching Section 55. We believe that this change will improve privacy protections, particularly as it broadens out the range of activities that might have been difficult to prosecute under the DPA. It is also important that those hiring a PI will be held liable if they are not properly licensed.
There is much more work to be done to ensure that people’s privacy and confidential information is protected from untoward surveillance and intrusion, including more rigorous enforcement of the Data Protection Act and custodial sentences. Regulating private investigators is an important part of this process.
Going forward, we hope that the consideration of whether evidence is admitted in court takes into account whether the regulatory framework has been complied with, particularly where those involved are aware that they are acting without a license.
In light of recent debate about Twitter and trolling, the US State Department issued a rather timely statement:
“We believe that when public speech is deemed offensive, be it via social media or any other means, the issue is best addressed through open dialogue and honest debate.”
Those calling for prosecutions, users to be banned and active policing of what is and is not acceptable on Twitter should tread very carefully.
The statement was issued when one Government decided that a social networking site dedicated to discussing the role of religion in the country was offensive, and the person who organised the site was sentenced to seven years in prison and 600 lashes.
That Government was Saudi Arabia and if the West is to stand up for freedom of speech abroad, we need to remember that those same values – however uncomfortable they may be sometimes – must not be forgotten at home.
Over the last few years we have highlighted various privacy concerns about a range of government databases, from the National DNA Database to the DVLA database. Our report in 2011 found how nearly 1,000 police officers had been disciplined for unlawful accessing information over a three year period. Violations of the Data Protection Act included running background checks on friends and potential partners and passing on sensitive information to criminal gangs and drug dealers.
Today The Register has revealed that the RSPCA is able to access information from the PNC, despite not having any formal prosecution powers and not being a statutory-organisation. The information handed over is subsequently going unaudited by the Association of Chief Police Officers Criminal Records Office (ACRO) – run by the Association of Chief Police Officers – who also charge for the access. This is despite the PNC User Manual specifically stipulating that auditing is required for organisations that have had access to ‘sensitive information’. If auditing is not being carried out, it is impossible to know whether the RSPCA are using the sensitive data under necessity and proportionately and if they are deleting it when their investigation has concluded.