Friday, 17 July 2009

Tory view on privacy, database state, state-citizen relationship

The full text of the speech by UK shadow immigration minister, Conservative MP Damian Green (referred to in my previous post about Damian Green’s speech on identity, personal data, privacy & technology), is now available (PDF).

I’ve edited that post to link to the speech.

The three tests for policy proposals on delivering government services via technology are said to be control, choice, and consent:

"[control] the citizen should be able to hold his own identity information. This is perfectly possible, as shown by security freeze laws passed in 47 US states. This allows the citizen to control his personal data through the right to freeze, or lock access, to their credit file against anyone trying to open up a new account or to get new credit in their name...
Every audit trail of information should be known to the citizen, and only the citizen should decide who has access to the audit trail. Only a properly warranted security officer with a specific purpose should be able to intrude...

[choice] The law must in some cases dictate the transaction between the citizen and state: whether we pay taxes or are entitled to a particular benefit. But apart from these
transactions the test of choice would mean that the basic choice, of whether to engage or not in a particular transaction with the state, would be the citizen’s. In transactions such as the claiming of benefits, when clearly an identity needs to be proved, it will be for the citizen to assert his identity in a suitable way. It may be slightly inconvenient to have to take a passport or driving licence to show your picture to an official, but if the alternative is to give up the choice of whether you can prove who you are, this seems hugely preferable. The world, and our privacy, will be safer if there are multiple sources of truth.

[consent] The test of consent would ensure that you have explicitly approved of what is being done with your private information. The notion of “implied consent” (such as is being used in NHS databases) which means that unless you explicitly withdraw from a system it is assumed that you agree to your information being available to all is a dangerous nonsense. Private companies have to make you agree explicitly to them using your information. It is if anything more important that the state should have to go through similar hurdles before using it. Google or the Nectar card companies may know lots about you, but at least they can’t arrest you on the basis of what you may have told them. If something goes wrong, then there must be a powerful system of redress, perhaps in the form of greatly enhanced powers for the Information Commissioner..."

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.