A quarter of government databases illegal, claim privacy experts

Many government databases are illegal, claims the report

A quarter of public sector IT systems are almost certainly illegal under European human rights or data protection law and should be scrapped or substantially redesigned, according to a report by a group of privacy experts.

More than half of the systems have significant problems with privacy or effectiveness and could fall foul of a legal challenge, said the report commissioned by the Joseph Rowntree Reform Trust, a political research body allied with the Liberal Democrats.

The National DNA Database, the ContactPoint index of all children in England, the NHS care record, and the proposed National Identity Register and communications database are all systems that are illegal under the Human Rights Act or the Data Protection Act, it claims.

Roos Anderson, a security expert at Cambridge University and one of the report's authors, told Computing that at least eleven of the systems contravene human-rights law.

"The eleven systems are not all databases - there's one profiling tool (ONSET) and three data sharing programmes. Of the seven databases only five are running. Two - the interception modernisation programme and the national identity register - are in the prototype phase," he said.

The Liberal Democrats and the Conservatives have promised to scrap the National Identity Register, as well as calling for ContactPoint to be scrapped.

Lord Shutt of Greetland, chairman of the Joseph Rowntree Reform Trust, said that of the 46 databases assessed in the report only six were given a green light.

"That is, only six are found to have a proper legal basis for any privacy intrusions and are proportionate and necessary in a democratic society," he said.

"Nearly twice as many are almost certainly illegal under human rights or data protection law and should be scrapped or substantially redesigned, while the remaining 29 databases have significant problems and should be subject to an independent review."

The government spends £16bn a year on databases and plans to spend a further £105bn on projects over the next five years, but it still does not know the precise number of the "thousands" of systems it operates, according to the experts.

The report also found that the benefits claimed for data sharing between government departments and databases are often illusory.

"Sharing can harm the vulnerable, not least by leading to discrimination and stigmatisation," it says.

The report recommends that government should share sensitive personal data only in strictly defined circumstances and, in almost all cases, sensitive data should be kept on local rather than national systems.

It also recommends that citizens should have the right to access most public services anonymously, and that the procurement and development of new database systems should be subject to much greater public scrutiny and openness.

Cabinet Office guidelines issued last year mean new databases and IT systems in the public sector must now be subject to Privacy Impact Assessments, though most of the systems examined in the report predate that guidance.

Commenting on the report Shadow Justice Minister, Eleanor Laing called on the government to adopt a less centralised approach to collecting personal information.

"This damning report documents the sea change in the relationship between the individual citizen and the state in the last decade under this government," she said.

Peers on the Lords Constitution Committee warned last month that the collection of personal data had become "pervasive" in British society and threatened to undermine democracy.

Last week the government confirmed it had dropped measures outlined in Clause 152 of the Coroner's and Justice Bill outlining greater information sharing between government departments, but promised to reintroduce the legislation at a later date.

A spokeswoman for Connecting for Health questioned the accuracy of the report.

"It is simply wrong to claim that the Summary Care Record and other aspects of the National Programme for IT are unlawful. This report is full of basic errors and below the standards usually expected for a Rowntree report," she said.