15 August 2011
The Equality and Human Rights Commission is today publishing a report that shows current privacy law is failing to stop breaches of personal data privacy and is not keeping pace with the rapid growth in personal data collection.
In response to the research findings the Commission wants the government to bring in changes that will better protect personal information.
The report shows that the way government and its agencies collect, use and store personal data is deeply flawed. They may be unaware that they are breaking the law as the complexity of the legal framework means their obligations are unclear.
It also finds that it is difficult for people to know what information is held on them, by which government agency or private sector body, or how it is being used. For example, as there is currently no law regulating the use of CCTV cameras it would be very difficult for someone to find which organisations hold footage of them.
It can be hard to check the accuracy of personal data held, to hold anyone to account for errors in the data or its misuse and to challenge decisions made about someone on the basis of that information. Calling any public or private organisation to account is made more difficult because people often may not know what their rights are or know when a breach of those rights has occurred.
Breaches of privacy are likely to get worse in the future as demand for personal information increases and as new technology is developed for collecting, storing and sharing that data that are not covered by existing legislation or regulations. Piecemeal reform of relevant laws, such as the proposals in the Protection of Freedoms Bill, although welcome, may not be sufficient to ensure people’s rights are protected.
Multiple breaches of personal data privacy – including the amount of information and how it is collected, loss of data, data being passed between agencies without permission and the use of surveillance – underline the pressing need for the state and others to reform how information about people is collected, used and stored.
One example of a breach of information privacy came to light in November 2007 when the Government revealed that HM Revenue and Customs had lost a computer disc containing the child benefit records of more than 25 million people. Less than a month later, the Government then disclosed that a computer hard drive had also gone missing in the United States, this time with the personal details of some three million UK learner drivers.
In response to the report’s findings, the Commission is making three recommendations to government:
Geraldine Van Bueren, a Commissioner for the Equality and Human Rights Commission said:
“It’s important that the government and its agencies have the information they need about us to do their job, for example to fight crime, or protect our health. However, the state is holding increasing amounts of information about our lives without us knowing, being able to check that it’s accurate or being able to challenge this effectively.
“This needs to change so that any need for personal information has to be clearly justified by the organisation that wants it. The law and regulatory framework needs to be simplified and in the meantime public authorities need to check what data they have and that it complies with the existing laws.”
Ends
For more press information contact the Commission’s media office on 020 3117 0255, out of hours 07767 272 818.
For general enquiries please contact the Commission’s national helpline: England 0845 604 6610, Scotland 0845 604 5510 or Wales 0845 604 8810.
The research Protecting Information Privacy was carried out for the Equality and Human Rights Commission by Charles Raab (University of Edinburgh) and Benjamin Goold (University of British Columbia). The views in the report are those of the researchers, not expressly those of the Commission. The Commission is publishing the report as a contribution to the debate on information privacy.
Legislation and regulations that protect personal information privacy are set by parliament and specific Commissions, not by the Equality and Human Rights Commission. The Commission’s role as a regulator in this area is to encourage compliance with the right to privacy in relation to domestic and European law and international treaties. These include the Human Rights Act, the European Convention on Human Rights and orders made by the European Court of Human Rights.
Personal information privacy is covered by numerous laws including:
The regulators of these laws include:
The Equality and Human Rights Commission is a statutory body established under the Equality Act 2006, which took over the responsibilities of Commission for Racial Equality, Disability Rights Commission and Equal Opportunities Commission. It is the independent advocate for equality and human rights in Britain. It aims to reduce inequality, eliminate discrimination, strengthen good relations between people, and promote and protect human rights. The Commission enforces equality legislation on age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, sexual orientation, and encourages compliance with the Human Rights Act. It also gives advice and guidance to businesses, the voluntary and public sectors, and to individuals.