Blowing raspberries at parliament

July 28, 2007

It seems we’re far from alone in objecting to government by last-minute ministerial statement. From the BBC yesterday:

The number of written statements issued by the government in the final days before Parliament’s summer recess has angered opposition parties. With more than 100 statements published on the eve of the 76-day holiday, shadow Commons leader Theresa May said it showed “disdain” for MPs. The Lib Dems said the government’s reluctance to share information at an earlier stage bred suspicion.

But Commons leader Harriet Harman said the timing was for “practical” reasons.

…Ms May said the timing raised suspicions that bad news was being buried

Surely not? What the BBC doesn’t mention is that the decision to turn eCAF into a national database represents far more than a delay in answering questions. It is a fundamental policy shift.

The government had pushed through the ContactPoint regulations by apparently accepting concerns about security and potential Article 8 breaches, and offering assurances that ContactPoint will contain only minimal information on each child.

Even while that they were parroting these assurances to both Houses during debate last week, they were planning to create another system to hold monstrous levels of personal detail about children using public services. This isn’t burying bad news. It’s taking the mickey. I wonder if anyone sniggered as they published the statement?


And you thought ContactPoint was bad?

July 26, 2007

The government has delivered an astounding parting shot as it heads off for the long summer holidays. Hard on the heels of the ContactPoint database comes the announcement that eCAF will also be a national database.

If you don’t know what eCAF is, go and read all about it to understand just how serious this is.

It is despicable that the announcement was made in a written ministerial statement the day before recess. The plans were not mentioned in any of the debates on the regulations for ContactPoint last week.

Suddenly ContactPoint looks positively benign. Those 330,000 users will now have access to the full, in-depth assessments of up to 6 million children and their families, all held on an inevitably insecure national database. It simply beggars belief, and knocks on the head any faint hope that the Brown regime might offer relief from spin and deceit.

Fingerprint guidance arrives (breathholding not required)

July 25, 2007

Jim Knight, minister at the DCSF (isn’t there a furniture store called that already?) issued a written statement on school fingerprinting on Monday, just in time for Greg Mulholland’s adjournment debate.

All of this coincided with the publication of guidance on taking children’s fingerprints in schools. The problems around informed consent continue:

The Data Protection Act 1998 does not specify when a person is (or may be considered to be) too young to give consent. It is a matter of judgement that must be made on a case by case basis by the school as the data controller. Only where a pupil is judged to be unable to understand what is involved will his or her rights be exercisable by the parent or someone with parental responsibility for the pupil.

OK, so what data protection and information security expertise is made available to the child so that s/he can reach an informed decision? What are the criteria for assessing a child’s competence, and who makes that assessment? We would suggest that a teacher is no more qualified to assess a child’s understanding of data protection than a DP lawyer is to assess a child’s readiness to sit GCSE History. Is each child really assessed individually, or is there an assumption that because some children in a class will understand, all of them will?

Although we were originally promised joint guidance from the government, Becta and the Information Commissioner, the ICO has in fact issued their own, slightly more nuanced, guidance.

For the purposes of the Act the pupils themselves are “data subjects”: it is they who should in the first instance be informed and consulted about the use of their personal data. Deciding when children are mature enough to decide how their personal information should be used is difficult. On the one hand, as children mature they are entitled to an increasing measure of autonomy. On the other hand, while children might understand a simple explanation of why their fingerprints are being taken, they may well not appreciate the potential wider implications.

There is nothing explicit in the Act to require schools to seek consent from all parents before implementing a fingerprinting application. However, unless schools can be certain that all children understand the implications of giving their fingerprints, they must fully involve parents in order to ensure that the information is obtained fairly. Parents play a central role in their children’s education, in terms of support and guidance, and also in terms of legal liability, for example in case of truancy. They therefore rightly expect to be informed and consulted when biometric systems are introduced in their child’s school.

That’s a bit more like it, but misses some crucial points. Since there is nothing explicit about age in the DPA, we have to turn to the common law position that parents are responsible for their children until they reach 16. It’s not just a matter of consulting them because they can ‘rightly’ expect to be consulted: it’s a matter of law.

Yes, of course children as data subjects must have a say in what happens to their data – but they also have rights under Article 5 of the UN Convention on the Rights of the Child to consult their parents in the exercise of their rights, and parents have the corresponding right to give such guidance ‘in a manner consistent with the evolving capacities of the child’.

It would be a brave child who said in front of a whole class that she wanted to go home and talk to her parents about it first. It is up to teachers – and any other practitioners – to make sure that a child is given the opportunity to exercise her rights. Otherwise she is not giving informed consent.

Jim Knight says in his statement:

We give schools complete freedom to run their own affairs and I back every head teacher’s right and professional judgment to choose technology to improve their day-to-day running—but it is plain common sense for them to talk to parents about this and all issues relating to their pupils to demystify how schools operate.

I have seen at first hand how well these systems work. They can speed up lunch queues, remove the need for children to carry money and take away the stigma of singling out those on free school meals. Moreover, they can enable schools to register pupils more easily as they move from class to class.

Completely absent is any justification in terms of the best interests of the child, one of the four ‘cornerstone’ Articles of the UNCRC (Article 3).

This whole issue is a good example of the problems that arise when a government – or a school, or any other public body – forges blindly ahead without thinking through the full implications of their actions, and then tries to fit the law to the consequences.

The final nail

July 25, 2007

Another of our increasingly sporadic blog postings. The Children Act regulations got through the Commons Delegated Legislation Committee on Monday. Not really a surprise, but it’s human nature to hang on to the last, faint rays of hope just in case there’s an outbreak of collective common sense.

The pace of the last few weeks has been pretty punishing, and we’ve never been so glad to see recess approaching out of the fog. It’s definitely time for a re-charge.

Contactpoint – coming to an LA near you

July 19, 2007

The regulations got through the Lords yesterday, despite spirited performances from the opposition. Hansard tells the story.

Future capital

July 17, 2007

Just in case anyone still believes that the ‘Every Child Matters’ agenda has anything to do with child protection – or even access to decent services – take a look at this.

Stand by your beds

July 17, 2007

The Conservatives and Liberal Democrats are cracking their knuckles and doing warm-up stretches in preparation for the debate on the ContactPoint regulations tomorrow. From the Lords’ Order Paper:

Children Act 2004 Information Database (England) Regulations 2007 Lord Adonis to move that the draft Regulations laid before the House on 4 July be approved.

To whichBaroness Morris, leading for the Conservatives has tabled the following amendment:

at end to insert “but this House regrets that adequate safeguards are not in place to ensure the protection of the information collected”.

While Baroness Walmsley, for the Liberal Democrats has tabled this one:

at end to insert “but this House regrets that the cost is likely to be disproportionate to the benefit and could have been more effectively and safely spent on professional staff”.

Children’s Database regulations

July 16, 2007

We’re still here, but still a bit too busy to post just at the moment.

The ‘Contactpoint’ regulations will be put before the Lords this Wednesday, and the Commons Delegated Legislation Committee next Monday. It really is quite extraordinary that the explanatory memorandum came out during the Blair/Brown handover, the draft regulations just after the car bombs and now the parliamentary scrutiny is just before recess, when some MPs and Peers will already be heading off on holiday. It doesn’t exactly inspire us to optimism about any new dawn of spin-free politics.

the Lords’ Merits of Statutory Instruments Committee has reported on the regulations. Their summary:

We are in no doubt about the importance of these Regulations. They set out the details of the “ContactPoint” database which will hold basic identifying information on all 11 million children in England under the age of 18, and which will be accessible to over 300,000 users. The Government have shown a thoroughgoing commitment to preparing for the national operation of the scheme, through large-scale expenditure and wide-ranging engagement with all interested parties. However, the Government have not in our view conclusively demonstrated that a universal database is a proportionate response to the problem being addressed. While the Government have taken the need for security seriously, the scale and importance of the scheme increase the risk that any accidental or inadvertent breach of security, or any deliberate misuse of the data, would be likely to bring the whole scheme into disrepute.

Our submission (one of many to various select committees that have kept us burning the midnight oil) can be seen here.


July 7, 2007

From the BBC:

A police officer who sold secrets to a private investigator has been jailed at Southwark Crown Court for 15 months. Det Sgt Paul Dennis, 48, passed details of car owners, previous convictions and police inquiries to Owen Griffin, 53, a former colleague turned private eye.

The Police National Computer has one of the most substantial audit resources of any system and yet, as the Independent Police Complaints Commission commented five years ago:

Every year sees complaints alleging the unauthorised disclosure of information from the Police National Computer. Forces have reviewed their methods of preventing unlawful entry but there will always be a few officers willing to risk their careers by obtaining data improperly.

Shh! The ContactPoint regulations arrive

July 3, 2007

Very quietly, the regulations to bring the children’s information-sharing database – ContactPoint – into being have slipped on to the draft statutory instruments website. There’s also an explanatory memorandum. (pdf)

There doesn’t seem to be a date yet for the debate, but the Lords select Committee on the Merits of Statutory Instruments will be taking oral evidence from the DfES (or whatever it’s called nowadays) on July 10th.