Personal data privacy breaches 'should carry a jail term'

PA
Updated

Jail terms should be imposed for serious breaches of personal data privacy, MPs said as they warned new European Union protection laws did not go far enough.

An investigation of the use of "big data" by the Commons Science and Technology committee backed a watchdog's calls for those guilty of "de-anonymising" information to face being put behind bars for up to two years.

It said ministers should invoke existing powers to make "malicious" cases criminal offences after the Information Commissioner told them he "wept" at the paltry punishments handed out.

Regulations agreed in Brussels are expected to come into force across the 28-member bloc within the next two years but the committee said domestic legislation should be strengthened straight away.

Bigger fines planned by the EU - of between 2% to 4% of a guilty body's worldwide turnover - were insufficient, the committee concluded, and criticised loopholes appearing to allow re-use and de-anonymisation in cases of "legitimate interests".

The increasing use of huge shared datasets means data that was anonymised can now sometimes be traced back to a particular individual by piecing together a "jigsaw" of elements.

Tory MP Nicola Blackwood, the chair of the committee, said: "'The use of 'big data' is already bringing big benefits.

"Exploited further, big data will be transformative, unlocking new life-saving research and creating unimagined opportunities for innovation.

"But big data is also raising legitimate concerns about privacy and the way personal data is being used and sometimes re-used in ways which re-identify previously anonymised data.

"There is often well-founded distrust about this and about privacy which must be resolved by industry and Government.

"A 'council of data ethics' should be created to explicitly address these consent and trust issues head on.

"And the Government must signal that it is serious about protecting people's privacy by making the identifying of individuals by de-anonymising data a criminal offence."

The committee also warned that a shortage of specialist skills was "approaching crisis levels" - not only jeopardising economic potential but putting at risk the quality and security of data.

It was told that ensuring firms made better use of their data could boost UK productivity by 3% and called for a re-examination of immigration rules to ensure they were not unnecessarily curbing recruitment.

Other measures backed by the report included the full introduction of a "kitemark" quality assurance scheme devised by the Commissioner and compulsory data protection audits of local councils.

Sections 77 and 78 of the Criminal Justice and Immigration Act 2008 allowed for the creation of a criminal offence with a maximum term of two years - but it has never been acted on.

Ms Blackwood MP said: "A debate is needed at this critical juncture, now that the new EU data protection regulation has been agreed.

"The Government must contribute to that debate by clarifying its interpretation of the effect of the EU Regulation on the re-use and de-anonymisation of personal data, and introduce changes to the Data Protection Act 1998 as soon as possible to strike a transparent and appropriate balance between the benefits and the privacy concerns."

Advertisement