There are victories in the war on surveillance. Just this April, years of campaigning by the Open Rights Organisation, Privacy International, NO2ID and Liberty, among others, helped kill off the British government’s ‘Snooper’s Charter’ that sought to monitor all our internet and social media usage in a ‘massive extension of state power’ as even one Conservative called it, while a committee of MPs said the bill ‘trampled on the privacy of British citizens’ while adding nothing to their security. When Deputy PM Nick Clegg refused to back the bill, this rare good deed seemed to be the fatal blow.
But for every high-profile victory, another stealthy assault on our privacy continues as the government thinks our most private medical data is its to sell. The privatization of the NHS will abolish our medical privacy in the name of profit. Since 1 April, information held about us by our doctors, from our illnesses, to our NHS numbers and postcodes, is being uploaded to the NHS’s new Health and Social Care Information Centre (HSCIC) to analyse health trends and allocate health services, while for-profit companies or any other approved ‘customers’ can access the data. Guidelines allow explicitly identifiable data to be disclosed without patients’ consent, and data already possessed by the HSCIC can be used for ‘secondary purposes’ – whatever they are.
Promises the data will be ‘anonymised’ and secure are worthless – ways will be found to identify people and the data will be hacked or left on mislaid laptops. Meanwhile, the confidentiality that underpins the patient-doctor relationship is eroded. People may not seek medical help and will suffer in silence, while the data that is aggregated will be skewed and all policies or resource-allocation based on it, leaving epidemics to thrive under a delusion of happy stats.
The Coalition is consistently inconsistent regarding privacy. Last December, the same Conservatives and Liberal Democrats who had opposed Labour’s national DNA database, and whose Freedoms Bill reined in Britain’s police DNA database and its ever-expanding mass of samples from innocent people, floated proposals for a national NHS database of patients’ DNA that would be sold to research companies like Google. Again, the incredible claim was made that our DNA, the code that identifies us beyond all else as individuals but over which we have no control or ownership, will be anonymised.
Again, this same Coalition, which in 2010 binned Labour’s hated ID cards, has proposed NHS ‘entitlement cards’ to stem health tourism by enabling Brits to distinguish themselves from undeserving foreigners. Ironically, Labour first introduced ID cards as ‘entitlement cards’, before vaguely claiming ID cards could fight terrorism and we should be grateful for having to present the card to buy stamps while a state database logged every transaction and the data was sold or hacked.
And we see how at an international level the worst ideas can be resurrected and the best ideas corrupted by function creep. MEPs are now working on a new Data Protection Regulation to update the 1995 version (the basis of the UK’s Data Protection Act). But the updated form already has some 3,000 amendments, thrown on by Liberal and Democrat parties backed by big business, that will strip EU citizens ‘naked’ by ‘making it almost impossible for them to control who sees their personal information and even how it is used,’ according to the Naked Citizens Campaign report, amid weakening consent, worsening profiling and data to be used for purposes way beyond what people agree to. Most revealing is the fact that the European Parliament wants to extend companies’ existing right to cite ‘legitimate interests’ that mean companies decide their business interests can prevail over consumers’ rights and interests, to include third parties that consumers know nothing about, let alone consent to.
Such ‘legitimate interest’ was Google’s defence for its move last year to merge 60 separate data privacy policies across all its services and combine all accrued for any purposes into one universal procedure. Critics said users didn’t know what information was kept, how Google combined it or for how long, with Google’s description of its rights to consumer data containing the word ‘may’ more than any other word. In April 2013, a half-dozen EU countries started legal action to demand Google specify what is being collected, and better present its data policies… hardly stopping Google in its tracks. Moreover, any new law would take until 2015 to implement; by then it will be trumped by the new Data Protection Regulation.
Repeatedly, what the one hand gives, the other takes away. With every safeguard is a contradictory, over-riding caveat. For sure, the Snooper’s Charter will rise from the dead in some other hideous form. With enough determination, we win battles in the war on surveillance, but it’s not without irony that we must always be most vigilant about the powers that be.
Postscript, 8 May: Since this article was published, the absence of the Snooper’s Charter from the Queen’s Speech proved its demise – however, the speech cryptically said the government would ‘bring forward proposals to enable the protection of the public and the investigation of crime in cyberspace’ with regard to the problem of there being more mobile devices in use than there are Internet Server Protocols to identify them. In other words, the door is open for a new law to track our web usage – and another battle begins.
There is, however, another victory for privacy campaigners, as the Health Secretary Jeremy Hunt conceded that people could in fact opt out from having their medical data being shared: ‘GPs will not share information with the HSCIC if people object,’ and patients can ‘veto... that information being shared in the wider system’. Now all the government needs do is tell everyone of that right of veto...