Coroners and Justice Bill: Adiós checks and balances
Speed and efficiency isn't always a good thing.
I was given a complete box set of Yes Minister / Yes Prime Minister for Christmas, which is both a favourite series of mine and an excellent training course for dealing with government. It is, however, a bit dangerous because it can lead one to a certain cynicism, when, for example, a fundamental change to data protection is tagged on to another Bill right at the end. Say, clauses 152-154. Having said that, I'm sure Sir Humphrey would have far more devious tricks up his sleeve.
It is right that the BCS should collectively think very carefully before levelling criticism at, well, anyone really; it is an unusual move for BCS to be starkly in opposition to a proposal in a Bill because it is so difficult to get agreement across our diverse community. Yet that is the position we have arrived at. Let me quote to you from our position statement issued yesterday:
"Of the forty or so inputs we have received directly on these proposals from people inside and outside BCS, all agree on one thing: these proposals are far too ill-defined and general for their stated purpose, are as a result potentially dangerous, and will do more harm than good. As experience in the last century and elsewhere suggests, it is unwise to rely on the benevolence of a government to sensitively deploy such wide-reaching and general powers as these. In the wrong hands, it would permit the restriction - and ultimately the destruction - of the right to personal and corporate data privacy."
More than that, a government does not have to be benign to accidentally run over some of its citizens. Not only are there concerns over content, there are concerns over the way it was introduced:
"BCS believes strongly that the process being used to introduce Information Sharing Orders as part of a much larger bill concerned with other matters precludes sufficient public debate, discussion and parliamentary scrutiny of proposals that involve novel and very general - some would say draconian - powers of great significance to every UK citizen and organisation."
For BCS, that's pretty strong stuff. If we say something like that, we need to make sure we are diligent in the way we gather and form this opinion... and it helps if we are right too! This position is based on wide-ranging work going back to 2006 and earlier, consultation across member groups from health, security,, education, ethics and many more. It is built on quite probably thousands of hours of volunteer time spent sharing, discussing, forming and scrutinising the principles and good practice in information governance, privacy and data protection. Worth listening to then, I think.
I can imagine that some of you will be wondering how on earth legislation like this even gets proposed - it looks... well, the polite phrase is 'ill-advised'... to those with understanding of data protection. Let me try and offer an explanation that doesn't require some sort of conspiracy against 'the people' or demonic posession:
Running a government is hard. There are lots of things governments want to do where information sharing is fundamental. New things, and more efficient versions of old things, often require some level of data sharing. Legislating on every little bit is complex, tiresome and very expensive. Putting in place huge governance structures just to copy or merge some databases seems wasteful or even pointless. More importantly, if you cost it out to do it like that, you may not be able to afford it. Should that be a reason to do nothing?
If you're inside the civil service, you realise that actually you and your colleagues are decent sorts who aren't about to ship everyone off to a concentration camp, so why bother with these expensive accoutrements? There are more important concerns. Data protection stuff is to protect citizens from nasty greedy corporations, not from their government. Expediency and efficiency is surely good for the country. For Ministers, the arguments are similar, but they are under pressure to do all the new exciting things, only to discover that the costs snowball inside that nasty black box that is IT, and your officials tell you it is because of data protection. A bit of legislation should sort that out.
I mention this because it is important to understand that well-intentioned, intelligent and sensible people can sometimes make mistakes - not everyone lives and breathes the reasons for information governance. I have no doubt that those who drafted this legislation were intending this to enable all sorts of public benefit, but the BCS view is that this will in the end undermine what trust there is in government use of personal information rather than help rebuild it. Let's all hope that this erosion of trust can be avoided.
Search this blog
Comments (6)
Leave CommentI also share both the concerns on how it is trying to be introduced and what it could lead to. There is a key principle at stake here.
Report Comment
It appears most of my blog got lost, so here it is again ...................................... I also share both the concerns on how it is trying to be introduced and what it could lead to: .................................................... There is a key principle at stake here 'Data must be processed for limited purposes and in an appropriate way (Data is relevant and used for specific purposes for which it was obtained and not disclosed to third parties without necessary, justifiable reasons, consent or a statutory obligation)' ................................... Surely if this is passed, then this principle will be broken as data provided for one purpose can be used for any other purpose the Government wishes: To me this is one of the most key aspects of data protection: Yes they are trying to stay within the clause by giving themselves more statutory obligations, but surely if you provide the government data for a specific purpose, then what gives them the moral right to use it for another purpose, (unfortunately this legislation would give them the legal right): .......................................... With regards to how they are introducing it, this to me smacks of knowing that if done standalone, it would cause a far concerns, be debated properly and very unlikely to be passed: .................................... On your last comment 'Let's all hope that this erosion of trust can be avoided', I believe this has already started and events have proved the government cannot be trusted with protecting data, this legislation which just make that erosion worse and already has by trying to bring it in via a back door: ......................... I will be all for any actions the BCS or other bodies can do to stop it, as in its current form, there is no limit to what the government could do with any personal data held by it.
Report Comment
I think it is entirely appropriate for the BCS to be expressing its concerns in this area. Indeed, I think the organisation would lose credibility if it tried to stick to a line of "computers are computers, and policy is policy, and our remit is computers...". Policy measures like the Coroners and Justice Bill make it starkly clear that the boundary between technology and legislation is of crucial interest to those on both sides of it, not just on the policy side. I agree with what you say about the civil servants in this: all my encounters have been with dlilgent, decent and ethical people who (for one) are not about to ship everyone off to a concentration camp, and (for another) are far more concerned with the massive problem confronting them - which is to turn a maelstrom of conflicting and inconsistent legislation into workable systems and processes. The problem in that respect is that, ultimately, the civil servants are there to do as their masters instruct.
Report Comment
I agree this is a good step by the BCS. But let's be clear. These clauses suggest a much deeper problem for IT professionals with Government IT than this polite article wishes to imply. It may be as claimed that government drafters intend to take a practical line to enable more transparent, usable, efficient public services. It may also be said that traditionally the professional experience in the BCS takes a similarly practical line in design and implementation of ITs and when responding to IT issues. But the argument here is not and should not be levelled at enabling well intentioned implementation plans. It is an argument that shows a clear split in views of the overlying systemic IT policy design or what looks from this Bill to be rather the lack of it. The BCS response reflects a nagging concern that IT policy is being drafted that inevitably skews systems design to be at odds with basic computer science and lessons from years of practical professional experience. The most important foundation for IT policy in the round is that it establishes and manages public confidence in the technologies and services. It may be the belief in the government that conjoining disparate databases and systems creates beautiful public service babies. Medical science suggests a lesson for computer science to show separating conjoined babies is far from trivial. My personal view is there needs to be a scaling down of government IT expectations in the short term with a commensurate increase in longer range planning that puts user trust at the heart of policy and implementation. A fully professionalised BCS should and can be at the heart of giving government and politicians and the public as well as the IT industries confidence that IT now requires deeper public policy foundations if the myriad of promises and good intentions being made are to be met.
Report Comment
There are many long term issues with the way that IT is addressed from a policy perspective, and this Bill does indeed suggest a lack of understanding of the potential dangers it would create. One of the fundamental problems is that there is little interaction between policy generation and implementation (and associated bodies of knowledge); there is no appreciation of the art of the possible. Some have argued that our political systems prevent such an interaction, but I don't believe that to be the case. However, it does mean that BCS has to present issues in a way that is relevant and understood, and in this cases leverages the consensus views on data protection at a policy level (that we continue to contribute to). Short version - we have to move things on incrementally.
Report Comment
It is clearly inappropriate for these changes to be included in an unrelated bill. Giving ministers the power to vary legislation may be necessary, but needs careful scrutiny first; it appears for instance that Welsh ministers will receive powers this way that I cannot imagine the tortuous LCO process granting. It seems curious that by 50D(4), the Commissioner has to state whether he "is satisfied of the matters in section 50A(4)(b) and (c)", but not apparently of 50A(4)(a), "that the sharing of information enabled by the order is necessary to secure a relevant policy objective". So nobody has to check that the order is necessary?
Report Comment
Post a comment