Clause 20
Borders, Citizenship and Immigration Bill [Lords]
4:00 pm
Damian Green (Shadow Minister, Home Affairs; Ashford, Conservative)
This is a new set of amendments in that they were not debated in another place. This is very much a continuation of our previous debate in the sense that we are seeking to achieve much tighter controls over the use and disclosure of customs information. This is one of the most serious weaknesses in this part of the Bill. We have all agreed that we are in favour of the principles behind it, but the problems with the clause illustrate both the practical and principled difficulties of moving in such a direction. There are a number of key questions that the Bill, as it stands, fails to address satisfactorily for us to avoid any abuse of the important personal data that will be shared between people.
The Minister knows the sorts of questions that are likely to be asked. Who will hold the data, for a start? Will they be held entirely inside UKBA or HMRC, or will they be held by private contractors if the data management is given to them? Will important personal data be held outside this country, as we have seen in some cases? There is no reason in principle why that should be any more or less secure than data held in the country, but is he aware from previous problems that when data that have been stored outside this country go missing, people feel even less secure than they do when they discover that they have been lost here?
Another important set of issues relates to proportionality. Are the data collected worth collecting in terms of the rewards that will come from the successful use of them? There can always be arguments along the lines of, “Well, if it helps to stop one serious criminal and solve one case, then it is worth while,” but we need to have a debate at a slightly higher level than that, and suggest that we introduce some kind of test of proportionality about the widespread collection and retention of important personal data.
The other issue that I hope the Minister will address is cross-referencing. In many ways, that is at the heart of the group of amendments and of the wider issue, about which my party and I feel very strongly. Across Government—more specifically, across the Home Office—many databases are being set up, each of which contains people’s most private and personal information. They are gradually being linked with each other. If the Minister has his way, the heart of the scheme will eventually be the national identity register. But even without that, there will be nothing left that cannot be collected by the Government and switched from database to database, searched by other parts of the Home Office and Government. He will recognise the genuine and increasing public alarm at that. Although each individual database may be justifiable in some sense, it is the aggregation of all the information that rightly causes people to be increasingly concerned.
We want our amendments, particularly amendment 11, to be accepted so that they challenge that whole process and start reversing it. For example, amendment 11 would remove the phrase
“consent (which may be general or specific)”
and insert “specific consent”, which would exert much more control over what can happen to the data. Amendment 12 talks about “exclusively” relating to the information. Again, that would narrow the field where activity may happen. We also suggest leaving out subsection (2)(b), so removing the Secretary of State from the clause. We are seeking to ensure that any onward disclosure of personal information is approved by the individuals concerned.
I dare say that the Minister will argue that that kind of principle cannot be applied to criminals, as we need to be able to chase them. My response—which goes to the heart not only of this argument, but a lot of other arguments—is that the problem is that everyone in the country is now a suspect. Every individual is now being treated as though they are a potential criminal, and the gains for fighting crime that we might get from that approach are outweighed in the long run by the losses of turning every citizen in the country into a potential suspect, and treating them as such through the collection, dissemination and cross-referencing of information by the Government.
All of that would be true, and I would argue it just as strongly, even if I believed that the databases were 100 per cent. accurate and secure. However, the arguments that I advance are much stronger given the situation we are in, as we know that any large database inevitably contains a huge number of errors. Furthermore, as has been dramatically illustrated many times to the general public, none of those databases is particularly secure.
The Government, and some private operators, have an appalling track record when it comes to storing and securing personal data. Every breach of data security not only endangers the privacy of the individuals concerned, but inevitably costs the taxpayer thousands of pounds in investigations, internal reviews and potential litigation. If someone were to look at the matter dispassionately, they would ask whether the British state is the sort of body that should be allowed to collect and disseminate large amounts of private information. If the state were a private company that had to obtain a licence to do that sort of thing, it would have lost its licence by now as it is simply not fit to do it.
Last November, the Prime Minister said, in what I thought was a moment of blinding candour:
“We can’t promise that every single item of information will always be safe.”
He is right—practicality tells us that—but he does not go on to think about whether we should be collecting all that information and whether, through this part of the Bill, we should be allowing ourselves to collect information and supply it around the Government.
This is not a general complaint, it is specific to HMRC and some of the people who now work in UKBA and whose powers we are extending. November before last, the Chancellor of the Exchequer had to reveal that HMRC had lost two discs containing the names, addresses, bank accounts and national insurance numbers of 25 million people. That was probably the most dramatic and damaging of all the data losses. Beyond that, the personal details of thousands of criminals have been lost—the names, addresses, details of conviction and even the jail release dates of 130,000 criminals were lost when a computer memory stick went missing. It was being used by an employee of PA Consulting, the firm at the heart of the identity card plans.
The Department for Transport has already featured in our debate, and the Driver and Vehicle Licensing Agency lost the details of 3 million learner drivers after a computer hard disk went missing. Perhaps worst of all, last year we discovered that the Crown Prosecution Service had lost a disk containing more than 2,000 DNA profiles received from crime scenes in the Netherlands for over a year.
Even when fighting crime, and introducing the sort of measures that the Minister will argue that the legislation is about, we cannot have much confidence in the Government’s ability to use efficiently the vast amount of private information that is being obtained to fight crime. There are many other examples with which I will not weary the Committee.
I hope that the Minister recognises the principle behind our argument. We should not simply be allowing ever-increasing amounts of data to be collected and ever-wider numbers of individuals or institutions within Government to pass that information between each other, without proper checks and without, at the very least, specific knowledge of why they are doing it, who is allowed to do it and who is allowed to give consent for it to be done. A couple of our amendments have concentrated specifically on that last point. General permissions should not be given such that whole classes of people can start exchanging the private information of British citizens. If there is a specific reason to do it, that is arguable, but specific, not general, consent has to be necessary.
As I observed in one of our debates this morning, it is easy for people to make general points about how Parliament should act in better ways to uphold the privacy of individuals in this country. It means, in practical terms, that we must get to the heart of the legislation to see whether another piece of the protective undergrowth is being cleared by small, apparently innocuous, parts of the Bill, which do not appear to be very much to do with personal privacy, and stop that happening. We are seeking to do that with our three amendments. I hope that Members on both sides of the Committee who actually care about privacy and the ability of people to keep information about them private will recognise the strength of the arguments behind the amendments.