Month: September 2019

by Laura Spencer Laura Spencer No Comments

Boris, don’t let the government get its hands on your data.

The UK parliament has hit a stalemate. It’s a mess and until there is a majority in Parliament, it will continue to be at deadlock. Boris Johnson no longer even fits the definition of a ‘prime minister’, that being, “The Prime Minister determines the general direction of Government’s activities by holding majority in the house”. However, after last week’s fiasco (Boris failing on two accounts to pass a general election) not only does he no longer hold a majority in the house, he also doesn’t determine the direction of the governments activities.

Although some people disagree with the actions that have been taken by Boris thus far, is he making the right decision by ignoring the most recent ‘Humble Address’ that was put forward?

A Humble Address is a proposal to the monarch. It can be discussed and amended by the parties, but once it has been agreed upon, it is usually binding on the house. It has only been used a total of 3 times since 1886, suggesting, bulk data collection of the conservative party couldn’t be passed any other way than through an arcane tool such as a Humble Address.

But, why is this significant?

Well, last week, Boris Johnson decided to ignore the Humble Address that was proposed to the conservative party. The Humble Address (in summary) has requested the following;

All communications, formal and informal, written or electronic, to and from public members of the conservative party, must be sent to the government to review so that they can see what has been said about Boris Johnson’s decision to suspend parliament.

The Humble Address also asks for…

 All documents to be surrendered to the government which relate to ‘Operation Yellowhammer’ (what will happen if we leave the EU with no-deal- the worst-case scenario).

 Instead Boris ignored parliaments request to see all internal communications and provided parliament with a six-page document of the information on Yellowhammer that they had requested.

But, was Boris right to do that?

The answer is simple, yes.

Under the Data Protection Act 2018 (DPA’18) a data subject’s rights can be waived if it significantly inhibits an organisation’s legitimate need to process data for scientific, historical, statistical and archiving purposes. Simply collecting all the data from a member of the conservative parties’ business and personal mobiles does not fall into this category and therefore the DPA cannot be waived. Data subjects, under the DPA’18, also have the right to restrict processing if the processing is deemed unlawful. This data processing is highly unlikely to be legally enforceable. The only reason the government can lawfully collect someone’s personal communications is when there is a risk of state security, e.g. a person who is demonstrating online radicalism who is a suspected terrorist. Also, just because these people are members of the conservative party does that mean their right to privity should be compromised? They’re still members of the public and therefore should not have to give up this right just because they work for the government. Bulk data collection of the conservative party is therefore not legally enforceable as most of this data, particularly about their personal lives, would not be necessary in the investigation, giving the data subjects the right to restrict this type of processing.

However, this is not the only reason this Humble Address is not legally enforceable. Just think about the type of data which is being transferred and how is it being transferred. This data will fall under ‘special category data’ which, under the DPA’18, is particularly sensitive and therefore greater measures of security must be taken when collecting, storing, processing and transferring it. You cannot just rely on the six-legal basis’ for processing this type of extremely sensitive data. Political opinion is ‘special category data’ which will clearly be harvested within these communications.

Within the Humble Address, it states that these communications must be sent to the government, without being followed with a provision as to how this data will be securely collected, transferred or stored. Publicly announcing this is almost like giving a leaflet to hackers inviting them to hack the government. Prime bate for cyber criminals, sensitive and special category data lurking in the murky waters of the UK governments desktops.

Boris, don’t let the government get its hands on your data.

Top