Thursday, July 17, 2008

UK - traffic data retention

Privacy tsar: Gov't comms database 'a step too far'
see also Information Commissioner's Office annual report

The UK's privacy tsar has made a plea to the government not to rush through a centralised database of all UK communications.

Speaking at the launch of the Information Commissioner's Office's Annual Report 2008, information commissioner Richard Thomas said the rumoured database of UK phone and internet communications would be "a step too far for the British way of life".

A database of all calls, emails and internet traffic, to be stored by the Home Office for at least 12 months, is thought to be included under proposals for "modifying procedures for acquiring communications data" in the draft Communications Data Bill.

The annual report from the Information Commissioner's Office (ICO) also revealed that the ICO had issued nine enforcement notices for data-protection breaches this year to bodies including Carphone Warehouse and Greater Manchester Police, and had carried out 11 prosecutions.

On Tuesday, the ICO also served enforcement notices against HM Revenue & Customs (HMRC) and the Ministry of Defence (MoD) following the departments' high-profile data breaches.

Echoing concerns aired in the report, Thomas said in a statement: "There needs to be the fullest public debate about the justification for, and implications of, a specially created database — potentially accessible to a wide range of law-enforcement authorities — holding details of everyone's telephone and internet communications."

Thomas said privacy was already being quietly eroded, citing the examples of the expansion of the DNA database, and the centralised collection and retention of data from automatic number-plate-recognition cameras.

Thomas said: "Before major new databases are launched, careful consideration must be given to the impact on individuals' liberties and on society as a whole. Sadly, there have been too many developments where there has not been sufficient openness, transparency or public debate."

Both the MoD and HMRC are now required to show steps they have taken to improve data-protection compliance in response to the ICO enforcement notices.

The ICO received 24,851 enquiries and complaints concerning personal information in 2007-08.

No comments: