My Lords, I very much agreed with those who said that the regulation must certainly apply to the big boys in the computer and
digital world. I shuddered when the noble Baroness, Lady Lane-Fox, quoted from that wholly incomprehensible Brussels jargon from the regulations.
I received last week a letter as chair of Marlesford Parish Council. We have seven members and only 230 people live in Marlesford. Our precept is only £1,000 a year. A letter from the National Association of Local Councils warned me that the GDPR will impose,
“a legal obligation to appoint a Digital Protection Officer … this appointment may not be as straightforward as you may be assuming, as while it may be possible to appoint an existing member of staff”—
we have no staff, just a part-time parish clerk who is basically a volunteer. It continues:
“They must by requirement of regulations possess ‘expert knowledge of data protection law and practices’”.
I am afraid that will not be found in most small villages in the country, so I hope that one result of this Bill will be to introduce an element of proportionality in how it is to apply, otherwise the noble Baroness, Lady Lane-Fox, who was so right to draw our attention to the threat of incomprehensibility, will be right and we will all lose the plot.
The time has come to have a reliable and secure link between the state and its citizens, and the capabilities of the digital world that underlie this Bill give us that opportunity. There are good reasons for that. First, apart from the excellent national census which was founded in 1841, with the latest information having been collected in the 2011 census, Governments have an imperfect knowledge of their customers, paymasters or stakeholders—whatever you would like to call the rest of us. The various links have many defects which result in serious failures in the duties and obligations of the state. The first of those is to ensure that those who need financial help or support get it and do not go short as a result of funds going to those who do not need them or are not entitled to them. In this, the national insurance system has been incredibly difficult to organise properly. Again and again people have tried, and again and again they have failed.
Secondly, the National Health Service, which many of us believe to be a pillar of our British way of life, is chronically short of funds. Large sums are spent on free medical treatment for those who are not entitled to it. For example, under the reciprocal healthcare scheme within the EU, which is based on repayments made by each EU Government, we pay more than 10 times as much to other EU Governments for their treatment of our citizens as we collect for treating theirs. That is a gap of £500 million. In the case of the NHS treatment of non-EU citizens, the failure to collect charges now costs £1 billion a year.
Thirdly, control of our borders is inadequate, largely due to the failure of our passport system, an issue I have raised many times in your Lordships’ House.
Fourthly, there are serious defects in policing, combating digital crime and other aspects of law and order. To give just two examples, there are problems for our security services in protecting us from terrorism and identity theft, which is a growing problem. My proposal involves giving every citizen a unique identification number that would be backed by centrally held biometrics to confirm the identity of the citizen.
The UIN would supplement and eventually replace the plethora of other state numbers, which include those for national insurance, the registry of births and deaths, national health, HMRC, passports, driving licences, the police national computer, the national firearms register and custodial sentences. Citizens would be required to know their own UIN and to give it to those with a legitimate reason to ask for it. The UIN would be printed on passports, driving licences and so on. To assist those without such documents, it might be helpful to make available a plastic card with the person’s name and UIN. Such a card would not be mandatory and it would have no validity in and of itself. It would not of course be an identity card, any more than a credit card or business card would be. Needless to say, it would have no biometrics of any sort on it.
Access to the biometrics would be carefully restricted to those on a need-to-use basis, and those with such access would have data relevant only to their need to know. The verification process would be based on real-time use of the biometrics. The authority would take the biometrics from an individual when necessary, and such action would be limited to appropriate members of government agencies. They would include the police, immigration officers, security people and so on. The biometrics could then be compared with the central record. Important decisions to be made would include which biometrics should be used, such as facial recognition techniques, fingerprints and so forth. The introduction of the UIN would be gradual, depending on the logistics of collecting the biometrics. Existing numbers would continue to be used for a while. Proper data protection would be key to the viability, security, integrity and public acceptability of the UIN. All I am asking is for Her Majesty’s Government to set up a study of what I propose. I am afraid I am not very confident that they will.
In 1997, I tabled an amendment to the Firearms (Amendment) Bill to set up a national electronic record of all firearms, similar to the excellent one that had long been in use by the DVLA. The amendment was passed and became part of the Act, but for the next 10 years the Home Office used every technique from the “Yes Minister” book to resist implementing it. Thanks to widespread support in this House—including from, if I may so, the noble Lord, Lord McNally, in his ministerial position—the amendment was eventually accepted and it has been in useful operation for the past 10 years.
However, I am worried about whether the Government always move as fast as they should on these computer matters. Sometimes they seem rather out of their depth. I remember, in 1966, as a keen young member of the Conservative Research Department, I was sent to carry the bag and take notes for Ernest Marples, a great political figure, around the world, to America and Japan, to see how we could use new techniques—electronic techniques and all the rest—to run the Government better. When I came back, all bright-eyed and bushy-tailed, I met a very senior official, a charming Under-Secretary from the Ministry of Health. I said to him, “You know, I’ve just been in America and Conrad Hilton has this wonderful system. He tracks
everything that happens in his hotels: where the money goes, what the clients do and all the rest of it. Your hospitals are really rather like hotels—couldn’t you start doing the same?” He looked at me and shook his head and said, “Mark, before we spend government money on computers, we have to be sure they are here to stay”.
8.26 pm