GCHQ, one of the three UK intelligence agencies, has issued a public statement in which it has specifically denied that it is developing technology which would enable it to access all internet traffic in the UK. The statement, which was made in response to weekend media reports on GCHQ’s Mastering the Internet Programme (MTI), is unusual in that the agency does not usually comment on media stories. The statement is plainly designed to reassure the public than the State is not secretly sanctioning the development of highly intrusive surveillance strategies. Its release follows in the wake of an announcement made by the Home Secretary on 27 April 2009 that the government had shelved plans to create a superdatabase that would centrally store all communications data in Britain (see the earlier post on the Super Database).
Tag: privacy
Police DNA Database Cut Down to Size
The Home Secretary, Jacqui Smith, will this week unveil plans to remove from the police national database DNA information relating to up to one million innocent people. The proposals come in the wake of the ECtHR’s judgment in Marper in December 2008 that the practice of retaining the DNA profiles of innocent people on the database constituted an unjustified interference with the Article 8 right to privacy. Privacy campaigners have welcomed this development but continue to lobby for further limitations on the database, including removing the DNA profiles for minor offenders. See further Tim Pitt-Payne’s article on the Marper judgment in the New Law Journal.
Super Database – Not so Super After All
The Home Secretary has this week announced that proposals to create a State run super database, which would track everyone’s use of email, internet and text messages, have been scrapped. The announcement is hardly surprising. It was always going to be difficult to persuade the public that such a database could be kept secure, particularly in light of recent high profile controversies about large scale losses of electronic personal data by government agencies. Moreover, allowing the State to develop such a vast single repository of electronic communications data was always going to raise questions as to whether the resulting interference with private rights was proportionate and was otherwise consistent with the State’s obligations under the Data Protection Act 1998. The Government has now issued a consultation paper on new plans to allow telecommunications companies to retain the communications data for a period of 12 months. See further the Home Secretary’s Ministerial Statement.
Rethinking RIPA
On 17 April 2009, the Home Office launched a consultation on plans to stop investigatory powers being used under the Regulation of Investigatory Powers Act (RIPA) for trivial purposes. It seeks views on questions including: which public authorities should be able to authorise key investigatory techniques, for example, the use of communications data or covert surveillance in public places under RIPA; the purposes for which these investigatory techniques should be used; the option of raising the rank of the local authority employee authorising the use of investigatory techniques to senior executive; and whether elected councillors should play a role in the authorisation. The consultation follows on from a spate of public outcrys about the use of surveillance powers by public authorities, including not least the use of covert cameras by local authorities to watch how residents use their rubbish bins and the use of covert surveillance techniques to track a family which the local authority suspected may be living outside the local school catchment area. The issue of how the investigatory powers available under RIPA should be used is particularly current in view of the recent controversy over techniques used by the police to photograph protesters, many of whom it is argued are merely peaceful demonstrators.
Include me out
In the past few days there has been a lot of media coverage about online behavioural advertising – see for example this article published earlier this week in the Financial Times, under the euphonious title “A deeper peeper”.
One important issue in this context (e.g. in assessing whether this form of advertising involves unfair processing of personal information under the Data Protection Act) is the extent to which individuals can opt out of having information collected about their web usage. An opt out facility is offered by this site, which is maintained by a number of online advertising companies (including Google).
If you want to see whether Google is collecting information about your advertising preferences, or if you want to change that information, then you can do so here.
There’s an important general point here. Privacy will in future depend increasingly on two things. One is the development of tools to enable individuals to protect their privacy. The other is the willingness of individuals to find out about those tools and to use them. The Information Commissioner issued a report on this subject – entitled “Privacy by design” – in November 2008.
The other side of the coin, as far as behavioural advertising is concerned, is that some individuals will actually welcome the prospect of receiving advertisements that are targeted to their individual interests. For instance, a number of Amazon users are happy to see book recommendations that reflect their previous use of the Amazon site.
Bad Phorm?
The European Commission has announced that it is mounting a legal challenge in respect of the use of targeted online advertising in the UK. The challenge follows complaints which were made to the Commission in response to BT’s act of testing the technology on BT broadband users without their consent. The technology, which is the brainchild of a company called Phorm, enables internet service providers (ISPs) to profile what sites internet users visit so as to enable advertising companies more astutely to target their adverts on individual users. The Commission has taken the view that the UK has breached EU data protection laws by permitting the deployment of the technology in the absence of user consent. The Information Commissioner’s Office has previously stated that the use of the technology would be permissible if operated on the basis that users have opted in to the system. The Commission’s challenge raises real questions as to the legality of Google’s recently launched behavioural targeting system. See further my post on this system below.