Yet More Concern For Data Sharing And Digital Economy Bill
Some time ago we covered the political mess that is the Digital Economy Bill that will affect all of us in future in Britain. It is a sizeable Bill that proposes to legislate everything from regulating the BBC to allowing access by private corporations to your personal data.
Publication of the proposals came on 5 July of the called Digital Economy Bill.
Part 5 is the central area of concern. Not only does it apply to leaked material published by journalists that now take the form of criminal offences but it allows the disclosure of public information not just to government departments but private corporations such as utilities suppliers:
- to improve public service delivery (clause 29);
- to gas and electricity suppliers (clause 30);
- by gas and electricity suppliers (clause 31);
- by a civil registration official (clause 38);
- to reduce debt owed to the public sector (clause 40);
- to combat fraud against the public sector (clause 48);
- for research purposes (clause 56); or
- to the Statistics Board (clause 65).
Part 5 proceeds on the basis that there are pre-existing prohibitions of the sharing of information but there is no pre-existing prohibition on of the sharing of information among public authorities. This is language deliberately designed to reassure that information held about the public is protected in such a way. There are obviously some protections, but they are quite specific and narrow such as section 50 of the Child Support Act 1991. These specific protections impose criminal liability for disclosure of information held by certain public authorities.
Get Briefed, Get Weekly Intelligence Reports - Essential Weekend Reading - Safe Subscribe
Of course, the Official Secrets Act 1989 also creates a series of offences for the disclosure of official information but the nature of the information in question is very limited (for example information relating to security and intelligence or defence matters).
In short, there is currently no general statutory restriction on public authorities disclosing information to each other (or to anyone else).
Perhaps the most serious is that Part 5 creates a number of new criminal offences. It imposes criminal liability on those who receive information and then disclose it to third parties. For the offence to be committed, the information in question must constitute “personal information”, which is information which relates to and identifies a particular “person”, including a body corporate. This extends itself to include any information about an identified company, now defined as “personal information” – even something as basic that a particular corporation had secured a government contract.
From Dan Tench – a partner in the Litigation Department at Olswang LLP:
Even more significantly, these provisions would also impose criminal liability on the third parties who receive the information if they subsequently disseminate it. In both cases, the offences would be committed even if the disclosure of the information by the original public authority (absent the provisions of the Bill) would not itself constitute a criminal offence.
In addition, the proposed defences are very limited, for example where the disclosure was for the purposes of preventing loss of human life or responding to an emergency. No general public interest defence is currently included.
So imagine if an official at the Environment Agency discloses some information to a say, a local authority, to “improve public service delivery” pursuant to the provisions in clause 29. An individual at the local authority considers that this information reveals a serious iniquity relating a corporate entity and passes it on to a journalist on a national newspaper. The newspaper then publishes the information. It would appear that under these provisions the individual at the local authority, the journalist and most probably the newspaper would all be committing criminal offences.
By contrast, if the official at the Environment Agency had equally taken umbrage with the information in question, he or she had revealed it to the journalist and it had been published on those circumstances, it is unlikely that any offence would have been committed.
There seems no logic in that. It is true that it might be a somewhat rare circumstance when these conditions might apply but making criminal disclosures of any information in any situation is surely something which should be done only with the greatest of care, not least because of the consequences to freedom of expression.
So for these reasons, the media should be alive to these provisions and would be prudent to oppose them in their current form.
It should be noted that the average age in the House of Lords is close to 75 – these people are the least qualified in society to understand the technical outcomes of such important legislation.
The overriding concern given by the report is one of confusion across Government.
This would be worrying at any time, but with the Digital Economy Bill currently being debated in the House of Lords the issues raised by the PAC must not be ignored.
Part 5 of the Bill outlines the Cabinet Office’s plans to “improve” data sharing of our personal information across Whitehall, local councils, charities and in some cases private companies in order to improve public service delivery but also to create a new digitised approach to our civil registration documents.
Whilst these plans sound like a move in the right direction, little consideration has been given to the security of the data, or the engagement with us; the people providing the data. Indeed, if Part 5 proceeds without amendment, the law will ensure that the Government will control our data and we will have no say or understanding of what is happening whatsoever.
Big Brother Watch are currently campaigning for amendments to Part 5, arguing that the safeguards are too weak, that citizens should have to give their permission every time their information is shared and that no data sharing should happen for spurious reasons.
This report shows we were right to be concerned.
The PAC outline that there is no consistent approach to reporting data breaches across Whitehall, with just two departments allegedly accounting for 98% of all non-reportable data incidents between 2014 and 2015.
Furthermore they raise concern with the skills of the civil servants responsible for protecting the information.
These two areas will be fundamental to the plans in Part 5 of the Bill and yet it is clear that Government is simply not ready to make such sweeping changes to data sharing without looking at the ability of Departments to reach the high expectations.
We are now increasingly digital by default so improving data services is a logical and critical requirement, but improving the way government shares data is not as simple as asking citizens to hand over everything and trust government departments and officials to simply do the right thing with it. If Government believes that the ability to minimise data collection isn’t yet a technical possibility, then the intention should be to ensure that engagement with the citizen by keeping them informed as to what is happening and when with their data is emphasised.
As the wealth of data breaches has revealed, and as the poor performance of officials to explain the problems has confirmed, handing everything over to government departments and wishing for the best with little ongoing engagement with our data, is increasingly looking like a fool’s errand.
We hope that the Lords heed the concerns of the PAC and work together to ensure that Part 5 doesn’t create a data sharing approach which leaves us even more vulnerable to data breach.
If you want to learn more about Part 5 of the Digital Economy Bill and what it means for you please have a look at the range of Factsheets we have produced on it.