Ten years ago, Data Protection policy was located in the Home Office’s Constitutional and Community Directorate, where you could find many of Whitehall’s permanently lost causes. Data Protection was too European to be popular in the Home Office, that most Europhobic of Departments. If you added the associations with Information Technology, then data protection was, departmentally speaking, in the basement. But it also perhaps meant that the highly competent officials and lawyers who worked on the Bill had a greater opportunity to influence the shape of the legislation than was perhaps usual; and, given the culture of the Department, they could work against the grain of the Directive.
Kicked out by a new Home Secretary (David Blunkett) to the Lord Chancellor’s Department, which mutated into the Department for Constitutional Affairs and then the Ministry of Justice, data protection has remained a small and predominantly legal policy area, the policy bearings being taken from within the periphery of the existing legislation. Privacy is not a concept deployed. Developments in ICT’s go unremarked. There is nothing of interest on data protection on the MoJ website. The recent high drama over data security should not be read as reflecting any fundamental policy changes or a change of heart about data protection. It merely reflected a long overdue need to achieve Whitehall compliance with the basics of the existing legislation.
Data protection became unpopular outside Whitehall too, because no one (except lawyers and privacy professionals) could understand the 1998 Act. But general guidance was a problem for the Information Commissioner. When it came to any test in Whitehall, departmental lawyers could be relied on to demonstrate mechanically correct applications of the 1998 Act, even if the outcomes were often deeply counter-intuitive in privacy terms. But this approach was exposed publicly because of Information Sharing. Sharing was critical to the success of two key policy objectives, the transformational government programme (reform of public services); and responding to the threat of domestic and international terrorism. Sharing was much more important to Government and Whitehall than data protection; and data protection, or the widespread confusion associated with it, should not be allowed to get in the way.
But in fact there was no real difficulty in reconciling the mechanical position on data protection with what the Government now wanted to happen in data sharing. Properly understood, it was suggested, data could be shared readily and extensively, while still complying with the requirements of the 1998 Act. It could be demonstrated that “data protection” didn’t mean “prevention” or “prohibition” of anything, or not very much – a bit like exposing the Wizard of Oz. It was embarrassing when the information sharing proposals were so roundly criticised by everyone with an interest in privacy. But the data protection thinking behind the proposals was wholly consistent with the long term and somewhat mechanical understanding of the 1998 Act.
We know the Conservatives have made commitments to roll back the database state and the transformational government programme, including information sharing; and review the operations of the national security state, to the extent that civil liberties and privacy of the individual are unduly threatened.
There will be privacy gains here, but they do not seem to be asking the connected questions about the 1998 Act, and what a correct understanding of it amounts to in terms of these undesirable developments.
If they are saying the developments are undesirable yet compliant with the 1998 Act, doesn’t that represent a significant contradiction between their privacy policies and the 1998 Act?
If they are saying the developments are not compliant with the 1998 Act, shouldn’t that be demonstrated, so we know there is a legal basis for their position, as opposed to a mere policy basis?