Alison McInnes MSP super ID database speech

Speech from Scottish Liberal Democrat justice spokesperson Alison McInnes MSP in Scottish Liberal Democrat debate on Privacy and the State.

*Check again delivery*

Liberal Democrats are proud to once again stand up against the erosion of civil liberties and unnecessary state intrusion. Proud to seek a fairer balance between the individual and government at every level.

We have led the debate time and again in council chambers, at Holyrood and at Westminster. We introduced laws governing DNA retention. We stopped plans for a Snooper’s Charter. And we abolished the intrusive ID card system.

Speaking of which, some members may recall the debate in this Parliament on ID cards back in 2008.

Fergus Ewing, then Minister for Community Safety, lauded the warning of the then Information Commissioner, who said:

"The more databases set up and the more information exchanged from one place to another, the greater the risk of things going wrong. The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made…Put simply, holding huge collections of personal data brings significant risks."

Ministers ought to reflect on their previous anxieties.

In 2008 the Scottish Government told us it was “finding ways to share personal data securely and with the strictest controls, without creating a large centralised database.” Today, it’s an altogether different story.

Back then the Minister urged us to look to Germany where, and I quote Fergus again, “the use of unique ID numbers and the storage of personal data on a central register are prohibited”. Today, the Scottish government is advocating the wholesale use of unique identifiers. 

And in ignoring its own warnings, the privacy of each and every one of us will be compromised.

Some members have referred to the fact that George Lyon, introduced the 2006 Act.  Indeed he did, but as Willie Rennie highlighted, the proposed repurposing of the register is fundamentally different from what could have been envisaged then because it is shifting from an opt-in to a mandatory system. And there was never any suggestion anyone would seek to extend the scope of the NHS central register to allow access to 120 public bodies.

We have heard “the nothing to hide, nothing to fear arguments” again this afternoon – and that just demonstrates the lack of understanding of the issue.  That is a narrow way of looking at privacy.

Rightly privacy campaigners, the SCVO, NO2ID, the BMA and many more have spoken out.

On Monday, the frank and deeply critical verdict of the Information Commissioner’s Office was revealed. It bluntly warned against “the creeping use” of unique identifiers, such as the UCRN, which “could become the national identity number by default”.

The Information Commissioner’s Office concluded the proposals could breach the Data Protection Act and the European Convention on Human Rights. This is because:

-       they shift away from the current model based on consent and opting-in to what is in effect a compulsory system;

-       the case has not been made why these organisations need our data;

-       and the required privacy impact assessments have not been carried out.

We should all be alarmed that the consultation on extending access to the NHS central register

·         was not accompanied by these assessments.

·         did not set out alternative solutions, additional security arrangements, costs or a timescale.

·          lacked an analysis of the social, financial and technological implications of the scheme.

The Scottish Government has done nothing to dispel these reasoned, principled concerns today.

Last October, John Swinney published the Scottish government’s principles for identity management:

·         large centralised databases “should be avoided”  and

·          “If a public service organisation needs to link personal information from different systems and databases (internally or between organisations), it should avoid sharing persistent identifiers”

Less than six months later, in pursuit of nothing more than administrative expediency, he has turned his back on those principles.

Of course we need means to verify our identities. And government must be able to authenticate these to prevent fraud or establish entitlement. However, aggregating our personal information to the extent proposed, and the use of a single Unique Citizen Recognition Number, universal across the public sector, is unprecedented.

Linking databases in this way is dangerous and illiberal because it opens up the possibility of tracking and mapping the public services accessed from birth. Powerful data mining and profiling would become conceivable – the aggregation of small bits of seemingly innocuous data to build a picture of an individual person –child or adult - while barring people from knowing what the state knows,  or indeed being able to correct errors in that data.

As professor Solove, an internationally known expert in privacy law, points out “Privacy is often threatened not by a single egregious act but by the slow accretion of a series of relatively minor acts. In this respect, privacy problems resemble certain environmental harms, which occur over time through a series of small acts by different actors. Although society is more likely to respond to a major oil spill, gradual pollution by a multitude of actors often creates worse problems.”

The UK Government has specifically ruled out a national database on five separate grounds, including fears of national surveillance and risks to the security of a single database. As Willie Rennie highlighted, it is pioneering alternative approaches that avoid costly, unwieldy super databases.

Presiding Officer, a string of data breaches have eroded public confidence in the ability of the state to store and handle our personal information sensitively and responsibly.

Personal information is regularly  lost by the NHS. It is found on memory sticks in hospital car parks or in toilets. It is left on public transport or sent to the wrong address. There were more than 800 such NHS incidents between 2009 and 2013. Councils lost data on 360 occasions during the same period.

As Fergus Ewing highlighted in 2008, extending the number of people who can access this information only multiplies the risks of catastrophic data losses and abuse. Yet today his government advocates this – why?

It proposes to allow 120 public sector organisations access to our personal data via the enhanced and augmented NHS central register. Why?

We need to know why information should be disclosed to each body. The merits of every claim to our personal data must be interrogated, not granted on a whim.

Presiding Officer, secondary legislation is intended to establish comparatively minor, technical details. The repurposing of this database is anything but minor.

The Information Commissioner’s Office has said there needs to be a “proper debate”. But every member knows an order subject to the negative procedure restricts this to a handful of MSPs.

The risks are great, and this afternoon’s short debate has only served to highlight how much patently still needs to be evidenced and explored.

So this must be the subject of the most meticulous scrutiny, meaningful engagement and a vote of our entire Parliament.

Only primary legislation can prevent the creation of a shadowy, sweeping ID database by the backdoor.

That is why we hope the Government will be persuaded that this should not be the only occasion on which the entire Parliament debates and votes upon this issue. That is the simple aim of our motion today. I urge everyone to support our motion.

Share this post on social media: