The announcement from human rights organisation Liberty that it would boycott the UK Home Office’s consultation on the Law Enforcement Data Service, a new super-database for the police, is an indication of how far from acceptable the project is.
The proposed LEDS would combine the current Police National Computer (PNC) of people and property involved in lines of enquiry and the Police National Database (PND) of intelligence with others at a later date. It would include sensitive information on victims and on people unrelated to or cleared of wrongdoing.
The UK government has accepted that large amounts of data on the super-database would have nothing to do with crime, and intends to open up access to other organisations, such as the UK Border Force.
The UK does not have a good reputation for managing large IT projects of this kind, and the actions of the Home Office particularly have been repeatedly ruled unlawful in various cases regarding unlawful retention of surveillance or biometric data.
One of Liberty’s concerns is that the proposed database has no data retention policy - its contents would never expire or be removed – and the police have admitted that various types of data it has no legal right to hold will be transferred to the new database too. Another point Liberty highlights is that the system could allow data to be shared with non-policing organisations if there is a business case to do so. Excluded from the terms of the Home Office consultation was any consideration of how the database might be linked to the currently unregulated use of facial recognition technology that is fast becoming popular with police forces.
What legal basis has the UK to be doing any of this? Under the European Convention on Human Rights the UK is legally bound to protect and respect human rights – in this case under Article 8, the right to privacy. The European Court of Human Rights has ruled that merely storing private data is enough to trigger the protections of Article 8, meaning that the government has a legal obligation to act to uphold the protections of the convention in respect of this proposed database.
Rule of law
For the human rights protections not to apply to the Home Office’s super-database, three tests must be satisfied.
First, is the super-database consistent with the rule of law? In other words, is there a legal framework in domestic law within which it could exist compatibly with other laws?
Given that the police have admitted they have no legal basis for holding some of the personal information they currently hold, this would by itself be a violation of the rule of law. For those following, this disregard for the rule of law is unsurprising: the High Court ruled that a police policy of retaining 19m custody images for a minimum of six years was unlawful as far back as 2012, but rather than comply with the court ruling, the Home Office claimed that deleting the records would be too expensive.
The police have also been extracting data – even deleted data – from the phones of victims, witnesses and suspects without a clear legal basis. Even if there was a justifiable legal basis (there isn’t), the police cannot be trusted with such powers: between 2011 and 2015 there were over 1,000 instances of inappropriate or unauthorised use of data by police officers and police staff. This is not even considering the potentially discriminatory practices of the police, which even the European Court has been made aware of in relation to discrminatory stop and searches in the past.
Necessity
Second, the government must prove its actions are necessary. While fighting crime is a legitimate aim, the government has admitted that much of the super-database’s contents will have nothing to do with crime, which would therefore violate Article 8. Even with an established legitimate aim, the more or less indiscriminate mass storage of personal data would be of grave concern to the European Court of Human Rights. And there is no allowable exception under Article 8 that would allow sensitive information to be shared with non-police organisations for merely commercial purposes.
Proportionality
Finally, measures have to be proportionate. The European Court of Human Rights has ruled that indefinite retention of private information of individuals who have not been convicted is incompatible with Article 8 as it does not strike a fair balance between privacy and the obligation to fight crime. The storage of clearly irrelevant data cannot ever be compatible with Article 8. Together these rule out the very idea of the proposed super-database storing information on victims and suspects in perpetuity.
Given the vast amount of records to be stored, this will also contain information on political opinions, affiliations and activities, and if a measure is unjustified under Article 8, it will also be unjustified under Articles 10 and 11, the rights to freedom of expression and association and assembly, respectively.
Rights after Brexit
The scant disregard shown to the European Convention on Human Rights looks worse when we look to what lies ahead after Brexit. The European Court of Justice has ruled that where data retention seriously interferes with privacy, access should only be granted by a court or independent administrative body. This is due to Article 8 of the European Union’s Charter of Fundamental Rights, which protects personal data.
But the EU Withdrawal Act 2018 passed as part of the Brexit process will not incorporate the Charter of Fundamental Rights into UK law, which means that if this super-database were created there is no guarantee that there will be control and oversight by a judge or someone independent of the police. An additional concern is the new Data Protection Act 2018 which contains an immigration exemption: if the Border Force are granted access to the super-database, they can lawfully break the law and access and use data with disregard to many data protection principles.
This super-database would be the modern dream of totalitarian police forces, allowing them to establish at any moment who is related to whom and to what degree of intimacy. Liberty dies by inches and with each and every manoeuvre the UK is building and strengthening its surveillance apparatus. The European Court of Human Rights has said previously that states aren’t entitled to act as they please when it comes surveillance measures due to its corrosive powers to undermine democracy on the pretext of defending it. But clearly the Home Office does not care much for what the European Court thinks.