JRRT / FIPR Database State (.pdf) report.
To make it easier for politicians and the mainstream media, the acadmeic and other expert authors have awarded a "traffic light status" to dozens of UK Government database systems:
Red means that a database is almost certainly illegal under human rights or data protection law and should be scrapped or substantially redesigned. The collection and sharing of sensitive personal data may be disproportionate, or done without our consent, or without a proper legal basis; or there may be other major privacy or operational problems. Most of these systems already have a high public profile.
The Report categorises 10 such systems with the red status.
Amber means that a database has significant problems, and may be unlawful. Depending on the circumstances, it may need to be shrunk, or split, or individuals may have to be given a right to opt out. An incoming government should order an independent assessment of each system to identify and prioritise necessary changes.
There are 29 such amber databases mentioned.
Green means that a database is broadly in line with the law. Its privacy intrusions (if any) have a proper legal basis and are proportionate and necessary in a democratic society. Some of these databases have operational problems, not least due to the recent cavalier attitude toward both privacy and operational security, but these could be fixed once transparency, accountability and proper risk management are restored.
So even the "green" status databases need to be substantially improved:
Of the 46 databases assessed in this report, only six are given a green light
It is extraordinary that the UK Government does itself not commission and make public such an independent report, at least annually..
How else are the politicians and civil servants and the public to know if the billions of pounds being spent annually is actually producing the intended benefits, and is not also creating dangerous side effects ? None of the supposed checks and balances like OGC Gateway Reviews, National Audit Commission resorts, the Information Commissioner's Office etc. have kept pace with the growth of the Database State, let alone ensuring that we get value for money, and that these systems do not actually make things worse than before, through centralised incompetence or corruption.
We are willing to bet that no Cabinet Minister even knows the names of all of the databases which his or her department has created or shares our private data with, let alone exactly what they all do, and whether or not they are really being run to the highest possible standards or not, as is always claimed..
Even this Report did not have the time or the money to examine several massive UK Government databases or database sharing of personal and sensitive personal data, some of which may have national security implications e.g.
- the DWP Longitudinal Study (which links the 24 year tax history , names,addresses etc. from HMRC with the DWP's own benefits and pensions etc.data),,and which has been used to produce Geographical Information System maps,pf all of the racial and ethnic minority people and their home addresses. This is for the laudable purpose of checking whether or not the DWP's unemployment polices are discriminating against these people or not,but the side effect is to have created an automatic "ethnic cleansing" / racial discrimination / genocide infrastructure tool, if that data were to be abused in the future.
- the Ministry of Defence's TAFMIS (Training Administration and Financial Management Information System)database, including over a 1.7 million names and addresses of past ad current military personnel and / or their families, an unencrypted version of which was on a laptop computer which wasstolen from the back of a parked car. - see MoD statement confirms loss of the 1.7million record TAFMIS recruitment database, yet again
- the London Congestion Charge, London Lowe Emission Zone Oyster Travel Card and Transport for London's CCTV cameras data all being handed over "in real time, in bulk", in secret to the Metropoiltan Police Counter -terrorism Command, for dodgy "database trawling" of innocent people's "travel patterns", all made exempt from scrutiny or prosecution by the information Commissioner, die to the Certificate of ecemption,signed by Home Secretary Jacqui Smith, which cripples the Data Protection Act with respect to this mass surveillance snooping. - see London ANPR mass surveillance snooping - Chief Surveillance Commissioner Sir Christopher Rose refused to get involved
Although the Report mentions data sharing with other European Union countries,it does not delve into what gets shared with ,say,the US Government, e.g. the
We are not wholly convinced by the Report's estimate that the National Fingerprint Database IDENT1 should be given a "green" status, rather than "amber", since we do not actually believe that
But fingerprints are an accepted part of criminal justice record-keeping and (unlike with DNA) the fingerprints of acquitted people are deleted. We rate the IDENT1 system itself as Privacy impact: green.
The ECHR judgment in the Marper case, also specifically mentions fingerprints as well as human tissue samples and DNA profiles of innocent people not being deleted when they should have been.