Database State

Outline UK government systems for identity, health, criminal justice, social security Data protection and human rights standards Designing privacy-friendly e-government systems

UK government systems for identity, health, criminal justice, social security

Data protection and human rights standards

Designing privacy-friendly e-government systems

Scale of DWP systems Fields Cases System 700 8m Income Support Computer system 9,800 92m Customer Information System 15,500 6.5m Pensions Transformation Programme 1,300 480,000 Customer Management System

Identity management Central National Identity Register of all those over 16 living in UK longer than 3 months with biometrics, biographical data and audit trail ContactPoint database of all 11m children in England and Wales with biographical data and links to services used National Identity Registration Number can be used to link up other databases

Central National Identity Register of all those over 16 living in UK longer than 3 months with biometrics, biographical data and audit trail

ContactPoint database of all 11m children in England and Wales with biographical data and links to services used

National Identity Registration Number can be used to link up other databases

National Programme for IT Central Summary Care Records with biographical data, allergies and prescriptions Regional Detailed Care Records Central Secondary Uses Service for administration and research

Central Summary Care Records with biographical data, allergies and prescriptions

Regional Detailed Care Records

Central Secondary Uses Service for administration and research

Criminal justice National DNA Database with 5.1m profiles ONSET system attempts to identify potential young offenders National Fraud Initiative collects much sensitive information but absolved from liability for any confidentiality breaches National ANPR system keeps up to 18bn records pa for up to 5 years Communications database proposed

National DNA Database with 5.1m profiles

ONSET system attempts to identify potential young offenders

National Fraud Initiative collects much sensitive information but absolved from liability for any confidentiality breaches

National ANPR system keeps up to 18bn records pa for up to 5 years

Communications database proposed

DP and human rights standards Interference with private life must be based on detailed, clear, precise, foreseeable law ( Copland v UK ) Systems must limit access to data to those who have a proportionate requirement for access ( I v Finland ) Bleeding-edge states have a particular duty to consider impact of databases upon privacy ( S & Marper v UK ) Only 5 of 46 databases reviewed met these standards

Interference with private life must be based on detailed, clear, precise, foreseeable law ( Copland v UK )

Systems must limit access to data to those who have a proportionate requirement for access ( I v Finland )

Bleeding-edge states have a particular duty to consider impact of databases upon privacy ( S & Marper v UK )

Only 5 of 46 databases reviewed met these standards

Privacy-friendly e-government Privacy Impact Assessments are needed much earlier in policy cycle, and include ECHR compliance checks Sensitive personal information should be kept on local systems and shared only with the subject ’ s consent or for a specific lawful purpose

Privacy Impact Assessments are needed much earlier in policy cycle, and include ECHR compliance checks

Sensitive personal information should be kept on local systems and shared only with the subject ’ s consent or for a specific lawful purpose

Final thoughts The UK is a model for how not to do e-government, as the ECtHR is recognising It is dangerous to allow these large centralised databases to proceed in the hope they will later be ruled illegal Governments need to build privacy into systems by design at a much earlier stage

The UK is a model for how not to do e-government, as the ECtHR is recognising

It is dangerous to allow these large centralised databases to proceed in the hope they will later be ruled illegal

Governments need to build privacy into systems by design at a much earlier stage