2018: Threats, Opportunities and Databases

When it comes to Scotland, Open Rights Group’s work in 2018 provides some enormous opportunities – and threats too. This is a quick rundown of some of the areas we expect to stay high on our agenda throughout the year. If you are interested to find out more and get involved, make sure to sign-up to Open Rights Group’s mailing list, or come along to one of our local group events in Aberdeen, Edinburgh, or Glasgow.

A Biometrics Commissioner for Scotland? (Perhaps more…)

Scotland is notable for its lack of an independent body overseeing the use of biometrics in policing. Last year, an inquiry lead by John Scott QC asked for recommendations for a policy and legislative framework for police use of biometrics. The quick answer would be to create one, immediately. Our submission went further, calling not only for a body to oversee poilce use of biometrics, but for that body to incorporate all issues devolved to Scotland that involve biometrics.

The use of biometrics is more than just a crime and justice discussion in Scotland, It includes systems run by NHS Scotland, and Scotland’s schools, which have discussed possible uses for biometrics in the past, a subject that may return. This shoud be reflected in institutional development. This opportunity shouldn’t just be about plugging a gap but building for the future.

The report from John Scott is slated to come out some time in the first few months of this year. There is expected to be a public consultation this year too. Open Rights Group are going to be watching closely to make sure Scotland gets the institution that we need.

A review of the Freedom of Information (Scotland) Act 2002

In August of 2017, a coalition of civil society including Open Rights Group Caled for post-legislative scrutiny of the Freedom of Information (Scotland) Act 2002. This process would look at whether a piece of legislation had achieved its intended purpose. In short, the Freedom of Information (Scotland) Act 2002 isn’t working. Journalists are locked out of holding bodies to account and bodies involved in providing public services are not covered by the legislation.

While the Information Commissioner in Scotland is doing solid work reviewing the Scottish Government’s own record under the Act, Open Rights Group and others think this is a time to look at the Act itself.

Are the exemptions too broad? Are there bodies that should be included but aren’t due to redundant definitions of “public bodies”? Does the Act still fulfil the purpose of facilitating openness and transparency in Scotland? These are questions a committee of MPSs would be best placed to seek answers to. The Information Commissioner won’t be looking at those questions, someone has to, and has to do it soon.

At the moment, the Public Audit and Post-Legislative Scrutiny Committee is considering reviewing the Act. We expect to see the Committee make a decision on whether to scrutinise the Act in the near future. For many, including Open Rights Group, the need for the review is blindingly obvious.

Scotland’s Online ID System

The saga continues. At the end of 2017, the Scottish Government announced the next step of their years old plan to develop a robust, secure, and trustworthy mechanism by which an individual member of the public can demonstrate their identity online, to access public sector digital service.

One thing is for sure, it won’t be involving matching records to the NHS Central Registry. That proposal from the Scottish Government was dropped last year after a 2 year consultation where the risks of such a move were repeatedly laid out. These included creating a system without passing primary legislation, and thus avoiding informing the public or having a wider debate, and possible violations of the Data Protection Act 1998.

However, there are still questions to be asked about how they intend to achieve this goal without (a) creating citizen super-database or (b) linking existing databases. The former would, fundamentally, be trying to create the sort of ID system akin to New Labour’s failed attempt, and the latter plainly in breach of the Scottish Government’s own Identity and Privacy Principles.

Vulnerable Persons’ Database

A database of people involved in any kind of contact with the Police (victims, perpetrators, support staff like translators), which none of the people involved actually know they are part of. This has been stirring up concern since BBC Scotland first reported on it in September 2017. Recent reports put the number of unique individuals at 815,000, astonishingly the equivalent of 1 in 5 Scots. This database is shared across other public services like schools and social services, all under the banner of the cosily named Vulnerable Persons’ Database.

Further, there is no retention or deletion policy, which goes some way to explain the huge number of entries. It also means that the Database is in breach of the Data Protection Act 1998, something which Police Scotland are currently working on to bring it in line. However, this fix is more than just a policy development exercise. Given the massive data collection, it is only right that everyone who is added to the VPD should be notified and given the opportunity to request removal. Lack of consent and clarity got Police Scotland into this mess, it is only right that leading with transparency, clarity, and seeking consent, is the solution.

Feedback welcome

These are just four areas that we are expecting to see action in Scotland in the next twelve months. Not to mention the continued problems with Police Scotland oversight, electronic voting trials, data sharing in Scotland, Codes of Practice for hacking by Police Scotland, and a new Defamation Bill (phew). 

This is going to be busy time for all of us. What do you think? Are these your picks for the biggest things afoot in Scotland for digital rights in 2018? If not, let us know what you think would be on your radar by emailing scotland@openrightsgroup.org or attending one of our upcoming meet-ups.

Remember, Open Rights Group exists to preserve your human rights when it comes to technology. We are just getting started in Scotland and are eager to learn about others experiences and expectations. This is your movement, make your voice heard. Join Open Rights Group and help us to meet the challenges of 2018 head on.