asked Her Majesty’s Government:
Whether they will introduce legislation to protect privacy in response to the growth of pervasive computing.
My Lords, there are already in place regulations to protect privacy in the electronic communications field. The Privacy and Electronic Communications (EC Directive) Regulations 2003 and the Data Protection Act 1998 implement the relevant EC directives in this respect. The Government will keep this legislation under review as the use of technology develops over time.
My Lords, I thank the Minister for that reply. I am sure that he will know that 8 billion embedded microprocessors are produced each year, which is an alarming number. The Parliamentary Office of Science and Technology states in its POST note that it is important that the volume of transmitted data should be kept to a minimum, that transmissions should be encrypted and sent anonymously without reference to the owner and that security should be treated as ongoing. The Minister has said that security will be treated as ongoing. Evidently, there is some concern about whether manufacturers should be encouraged to build in safeguards from the very earliest stage. Will the Minister comment on that?
My Lords, I do not know whether trying to keep the amount of information to a minimum is a realistic strategy. This will clearly be a huge and developing trend in the future; now that microprocessors have in-built communications, this will be a growing field. The Privacy and Electronic Communications Regulations were introduced to address just these questions. They require, for example, a system of consents for processing location-based data. Service providers are required to take appropriate technical and organisational measures to safeguard the security of services. For the moment, that seems to be appropriate legislation but, as I said, we will need to keep it under review as the technology develops.
My Lords, what is Her Majesty's Government’s view on the report of the Leeds NHS trust, which stated that there were 70,000 instances of illegal access to patient data in one month?
My Lords, patient data would be covered by the Data Protection Act. Clearly, if there is that number of instances of illegal access to data, there is something wrong with the systems in that place. That should be taken up in the light of the Data Protection Act.
My Lords, is the Minister aware that the British Computer Society has appointed an expert committee to look into the implications of pervasive computing? If any legislative changes are required, it would be sensible to wait until that committee had reported. On medical applications, does the Minister agree that the use of devices for sending data from within a patient’s body to outside recorders has proved to be an enormously valuable diagnostic tool, with no privacy implications for the patients?
My Lords, we must wait and see how the technology develops before we rush into any kind of regulation to control it. There have, as yet, been no complaints to the Information Commissioner on this area of location-based services. Information taken out of people’s bodies by such technology can clearly be enormously helpful medically.
My Lords, does the Minister agree that the issue is as much about ownership of the huge amount of data routinely collected about all of us as it is about privacy? If so, what stance do the Government take on the questionable legality of the Home Office authorising the DNA database to be used by the Forensic Science Service to research whether race and ethnicity can be determined from DNA samples?
My Lords, the Question was about pervasive computing, which is a specific area. The whole area of data protection is covered by the Data Protection Act 1998. Pervasive computing is a completely different subject.
My Lords, does not the Minister agree that there is—according to this POST note, for example—debate about whether the Data Protection Act covers the matter? The National Consumer Council is concerned about whether people could have all their information transmitted from, say, their home—or even their body, as was described in relation to medical things—and not know that it was being obtained or what use it was likely to be put to. That could be a bad use.
My Lords, as I said, there are two pieces of legislation: the Data Protection Act 1998 and the Privacy and Electronic Communications Regulations. The second obviously covers the security of data communication from one place to another. As I said, that involves issues of consent and security, which are well covered in that legislation. Of course, it may turn out that the legislation does not properly cover the subject and that there are issues to be considered. As I said, however, there have been no complaints on that point as yet.
My Lords, will the Minister explain what pervasive computing is?
Yes, my Lords. This is an interesting subject. Some microprocessors now have in-built communication facilities. The most obvious example of that is radio identification. I do not suppose that the noble Lord ever goes to the back of his local supermarket, but if he did he would see that packages that are brought in have an identification code that can be read electronically without taking the goods off the pallet. That is done by radio communication and is an enormous step forward in efficiency. The same principle applies to smart keys; one can open a car door from a range of three feet with a smart key, using the same technology.