Lack of legal safeguards could lead to census data breaches, warns law professor

Information from this month's UK census is at risk of confidentiality breaches from data being shared with policing or intelligence services, warns a law professor

Information from this month's UK census is at risk of confidentiality breaches from data being shared with policing or intelligence services, a leading law professor has warned.

Census data may be shared with other organisations if it is deemed to be in the interests of national security, says Douwe Korff, professor of international law at London Metropolitan University.

Data could be shared under exemptions outlined in section 39 of the Statistics and Registration Service Act (SRSA), which all government statistics are subject to (see below), he says.

"The legal safeguards against breaches of confidentiality are so flimsy as to be useless. In a democracy under the rule of law, one should not have to rely on blind trust in the authorities; the law should guarantee restraint," he said.

The law that applies to the census data does not stand in the way of the UK police, or intelligence services, foreign law enforcement agencies or secret services, seeking access - not just in exceptional cases but for general "trawling" or "fishing expeditions," says Korff.

This could lead to data being used to create terrorist profiles or general profiles for policy-making, such as labelling young children as "probable" future criminals, or likely to become pregnant while still a teenager, he adds.

2011 census director Glen Watson says it is untrue that the raw census data may be acquired by the police, intelligence agencies or immigration authorities under the SRSA. "The UK Statistics Authority and the Office for National Statistics will never volunteer personal information for any non-statistical purpose," he said.

Watson also refutes claims that the data could be subject to the US Patriot Act, which allows personal data held by companies in the US to be made available to intelligence agencies, as US company Lockheed Martin will conduct census operations.

"Under the contractual and operational arrangements we have put in place, no employees of Lockheed Martin UK or of its US parent or of any other US company will be able to access personal census data. The US Patriot Act could not therefore be used to access such data," he said.

All of the data processing takes place in the UK and all of the data will remain in the UK, Watson says.

Section 39 of the Statistics and Registration Service Act 2007 states: 

Subsection (1) does not apply to a disclosure which:

(a) is required or permitted by any enactment,

(b) is required by a Community obligation,

(c) is necessary for the purpose of enabling or assisting the Board to exercise any of its functions,

(d) has already lawfully been made available to the public,

(e) is made in pursuance of an order of a court,

(f) is made for the purposes of a criminal investigation or criminal proceedings (whether or not in the United Kingdom),

(g) is made, in the interests of national security, to an Intelligence Service,

(h) is made with the consent of the person to whom it relates, or

(i) is made to an approved researcher.

Read more on Privacy and data protection

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.