Data Protection Act: Save us from our Protectors
23.10.2013
Clearly Government and bosses are panicking about the slow take-up rate of the new biometric ID Cards, and are embarking on a more forceful approach, that is to say joint-ventures on work-sites. This is happening at the very time the Data Protection Commissioner has ordered a police enquiry on private sector CEOs who have been using fingerprinting for attendance illegally.
Introduction
Thinking people are quite rightly taking their time, and not rushing in to submit data to the Ramgoolam data-base. Thinking people are listening to the arguments. On the Government side, there is less argument than propaganda. They broadcast mindless ads, chanting “Mon identité, ma fierté!” or they patronize citizens, “It will be better for you, therefore we are forcing you to have one.” Or, they resort to lies, saying “You do not have to carry the new card” when, to all intents and purposes, you do: As from September, 2014, if we do not manage collectively to stop this horrid scheme, if you don’t “forthwith” present your card when a policeman tells you to, or present it when and “to such person and at such place as may be directed” by him (Section 2c of the ID Card Act of 2013), he can get you locked up for 5 years. How is that for changing the day-to-day balance of forces between police and a citizen walking, cycling or driving down the road?
Police will have no access, you’ve got to be joking!
One of the few rational points that the Government makes is a claim that the new biometric ID database is protected by the Data Protection Act of 2004, and that therefore, inter alia, the police will not have access to data. If only. I’m writing this article to clear up how much “protection” from the Police there actually is from these “Data Protection Act”, so you will know how much protection we will need against our “protectors”.
In Section 7, the Powers given the Data Commissioner, who implements the Act, are vast: “to do all such acts as appear to him to be requisite, advantageous or convenient for, or in connection with the carrying out of these functions.” These functions include “exercise control on all data processing activities”, like the ID Card process. And to do these functions, the Data Controller can according to Section 8, by giving “notice in writing served on any person, request from that person, such information as is necessary or expedient for the performance of his functions”. So far, so good.
Then at section 9, right before our very eyes, we read the following amazing, unbelievable, incredible, gob-smacking clause (amended in 2009 for the ID card database): “The Commissioner may delegate any of his investigating and enforcement powers conferred upon him by this Act to any officer of his office [so far, still so good] and to any police officer designated for that purpose by the Commissioner of Police.”
So, the Data Commissioner can be replaced at any time in a blink of an eyelid by a policeman. So, the Data Commissioner is part of the police, when you think of it. So much for Ministerial assurances that the hands and eyes of the Police will be kept off the ID data-base by the Data Protection Act. The Act hands all and any data to the police on a silver platter. As you know, as well as biometric fingerprints, home address, biometric photo, the ID data-base data may later include “such other particulars as may be prescribed” by Regulation. See National ID Card (Misc Provisions) Act 2013.
Don’t say you were not warned!
So, this makes us ask how the Commissioner gets appointed in the first place, and how s/he gets removed. Search as I will, I find nothing in the Act that explains the immaculate conception of this powerful officer, who can by a whim delegate any or all his/her investigating and enforcement powers to the police. Can we adduce that the Commissioner is named, and made to “lev pake ale” by the Minister?
When Protection of the Data Protection Act is Removed Altogether
And, as well as the police being able to control all and any data, there are exemptions where the Data Protection Act, itself, tells you it does not protect you or your data anymore, thank you. It even tells you which of the eight Data Principles get suspended.
Section 45 tells us that all “Personal Data are exempt from any provision of this Act where the non-application of such provision would, in the opinion of the Prime Minister be required for the purpose of safeguarding national security.” This means the Prime Minister’s opinion is all that is needed. This reminds us of the hallucinatory “lanate” in sugar exports. And of the CCID’s increasing role of pulverizing political opponents of the Regime: Since 2010, the CCID have been used politically, even against leaders elected to Government: against the President of the MSM, the President of the PMSD, against the MSM leader three times, against the Health Minister, and against two Attorney Generals. I say this to say how quickly “derive” occur during the tumultuous times of economic crisis, which have only just begun.
Section 46 tells us that “The processing of personal data for the purposes of –
(a) the prevention or detection of crime;
(b) the apprehension or prosecution of offenders; or
(c) the assessment or collection of any tax, duty or any imposition of a similar nature,
shall be exempt from -
(i) the Second, Third, Fourth and Eighth data protection principles; [this includes exemption from: “personal Data shall be obtained only for … lawful purpose”, should be “not excessive” and should be “accurate”, and “shall not be transferred to another country”]
(ii) sections 23 to 26; [this includes sensitive personal data like
‘(a) the racial or ethnic origin;
‘(b) political opinion or adherence;
‘(c) religious belief or other belief of a similar nature;
‘(d) membership to a trade union;
‘(e) physical or mental health;
‘(f) sexual preferences or practices;
‘(g) the commission or alleged commission of an offence; or
‘(h) any proceedings for an offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings’
and
(iii) Part VI of this Act in respect of blocking personal data [This Part is headed “Rights of the Data Subject”.
Do I need to write anything more in order to persuade people that the best strategy is to go slow on converting your Card? Keep your old one. And please inform people, particularly young people that the old cards are legal tender until mid-September 2014.
Lindsey Collen
for LALIT
21 October, 2013
