Part of the debate – in Westminster Hall at 3:24 pm on 19 March 2009.
I suspect Sir John, that you would not allow us to go too far down the route of repeating the debate of a couple of days ago. However, the issue was the same then as today—control. If Facebook or Bebo are being used as, I suggest, there is evidence to show they are being used, there may be a case for retaining the data. However, it is a question of the controls that are imposed, who has access, and retention. They are the issues that need to be dealt with.
Hon. Members will be familiar with the human rights group Privacy International, which in 2006 produced a report that stated that Britain is the worst western democracy at protecting individual privacy. The two worst countries out of the total in the 36-nation survey were Malaysia and China, but Britain was in the bottom five, with, according to Privacy International, "endemic surveillance". It listed several areas of concern, including "World leading surveillance schemes" and
"Lack of accountability and data breach disclosure law".
The list specified that the commissioner has relatively few powers, and mentioned data retention, which we have talked about, as having made great steps forward without the required controls necessarily being in place. It also mentioned the identity card scheme with biometric data and—the subject of much debate a couple of days ago—the use by local authorities and other organisations of the Regulation of Investigatory Powers Act 2000, in a way that was, I believe, never intended, to track people just to identify whether they live where they claim to in relation to securing school places.
Privacy International clearly has strong reservations, as does the Select Committee, about the way in which the Government are dealing with those data, privacy and surveillance issues. When the Select Committee published its report, the then Home Office Minister, now the Minister for Employment and Welfare Reform, Mr. McNulty, stated that the Government were listening and were tackling or reviewing the issues that the report raised. He said that they were taking those matters very seriously. I hope that in the time that the Government have had to consider the report, they have acted on some of the things that they said they would do.
On storing, sharing and securing data, the Select Committee report stated:
"The Home Office should work with the Information Commissioner to raise public awareness of how the Home Office collects, stores, shares and uses personal information."
We know from the Government's response that they have taken some action. To see what action they have taken, people should go to the published information charter, for which a website address is given in their response. I hope that the Minister will tell us that a little more action than that has been taken, because I imagine that my constituents who have just received letters about ContactPoint would not necessarily know that they should go to that website to find out how their data will be handled. I suspect that, with the exception of me, probably nobody in my constituency knows that they should look at that website to see how the Government are dealing with that issue and raising public awareness of how data are handled. I hope that the Minister will reel off a substantial list of further actions that have been taken since that issue was raised.
The Select Committee report also said:
"The Home Office should publish a report on an audit of the data collections managed by the Department and its agencies, outlining as far as possible without compromising security the technological and procedural safeguards currently in place."
We know from the Government's response that they are addressing that issue, or at least that the Home Office has noted the Committee's recommendation. The Government's response goes on to say that work is under way, which will take some time to be completed, and that
"then consideration will be given to which elements it would be possible to publish."
I want the Minister to tell us how much progress has been made on that and whether anything is in the public domain already. If the Government are considering different types of data collection, how many of those audits have been completed, how many are under way, and when will a full list of them be published so that people can consider them?
The Select Committee has previously inquired into identity cards, which I cannot fail to mention, because that scheme is the greatest example of curtailment of our freedoms. Mr. George might disagree with me on this issue, but I have concerns about the Tesco trip that he was talking about. Clearly, it must be a priority to ensure that our citizens our safe—that is a given—but many people are concerned that they should be allowed to make that trip to Tesco without being required to produce an identity card. It is no business of anyone else's what they do when they go about their daily business, if all they are doing is going to Tesco to buy a pint of milk. They should be allowed to do that without someone stopping them in the street, particularly if they are from a black or minority ethnic community, because they are much more likely to be stopped if the controls are very tight.
Such a system would significantly curtail our rights, and it would carry all the associated risks that come with Government IT projects, such as overrunning and the significant risk of data breaches. Also, it would be an ongoing consideration for every citizen that they must provide information to ensure that the register, and therefore their identity card, does not go out of date, leaving them subject to challenge when they enter or leave the country. My experience of France in the 1970s was that the police did not stop people like me when they did their controls in the underground system. Instead, they stopped Algerians, Tunisians and others whom they could clearly identify as being of a different colour. That is a real risk.
We had much discussion about the Regulation of Investigatory Powers Act 2000 a few days ago, which I do not want to go over again. However, the Select Committee raised that issue in its report, highlighting concerns that we need to raise public awareness of how and why communications data might be collected and used. We need much tighter controls on how those data are accessed, how the matter is governed by RIPA, and how various bodies may access data under the guise of RIPA.