“The Government has announced a database to…”
My heart now sinks when I see these words. IT solutionism has a mesmerising power over governments everywhere but seems to exercise particular power over the Irish State. It allows them to announce a crisp remedy for a (frequently mis-defined) problem. All they need do is spend public money and through the magic of computers and surveillance tech they can assert they can actually get rid of that problem.
However, a very significant decision this week from the Court of Justice of the European Union (the EU’s top court, whose decisions are binding on member states) may force a change in government behaviour.
Asked to rule on the legitimacy of the Romanian government’s laws allowing for citizens’ data to be shared by the government between institutions without the knowledge of the person whose data it is, the Court delivered an emphatic decision.
Articles 10, 11 and 13 of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, must be interpreted as precluding national measures, such as those at issue in the main proceedings, which allow a public administrative body of a Member State to transfer personal data to another public administrative body and their subsequent processing, without the data subjects having been informed of that transfer or processing.
In the life of this one government alone we’ve seen announced a series of database building initiatives. Not all of them will survive this ruling. The Irish Water database, for example, was assembled from disparate sources on foot of legislative provisions analogous to the Romanian law found illegitimate by the Court.
It will be for the Data Protection Commissioner’s office to take the next move.
***
Let’s build a data base!
The government hasn’t been slow to announce databases as solutions for all sorts of problems. Implementation has frequently proved more complicated.
Rural crime panic? Build a database of car movements through CCTV cameras on motorway exits that read and record number plates.
Want to charge people for their houses?
Build a database of addresses by sequestering info from other state, semi-state and private bodies.
Want to number the population but use it in ways not permitted by the existing PPS numbering system?
Build an entirely new parallel numbering system.
Want to create a new water utility and make everyone pay for it?
Build a database of every man woman and child in the state and try to track where they live from all the other databases you can think of.
Want to have a database of all the children in the state, linked to their PPS number and their mother’s ID for some unexplained reason?
Build a database of all the schoolchildren in the state by threatening to cut off the education funding of any children whose parents refuse.
The Bara decision is very interesting as it doesn’t require consent to the processing, just a clear lawful condition and an upfront transparency about what is being done and why.
I fear that the lack of maturity in information management in Irish govt departments means they jump to the “build a database” answer without going through an appropriate planning process. The DPC bemoaned this very loudly in the weeks immediately after her appointment (she told a forum organised by DPER in November 2014 that it would no longer be acceptable for Public Sector bodies to call her office at 4:30 on a Friday looking for sign off on a thing that was going live the following Monday… the tone suggested this was not an exaggeration).
It appears that the response of Departments to this admonishment may have been to simply stop phoning the ODPC at all.
Also, you cite “strategic” publicly announced database systems, that doesn’t include the countless pushes for bulk data feeds from public bodies to government departments that have been made with extremely questionable legal grounds (and in some cases zero legal basis).
Bara may be a good trigger for the Sir Humphreys to revisit the review of the Data Sharing and Governance Bill that Castlebridge produced for our mutual clients Digital Rights Ireland https://castlebridge.ie/products/whitepapers/2014/09/data-governance-and-sharing-bill-consultation-submission