EPIC --- Privacy and Human Rights Report
|Title Page Previous Next Contents | Country Reports >United Kingdom of Great Britain and Northern Ireland|
The United Kingdom (UK) does not have a written constitution. Recently, there has been a growing consensus among the political parties that a more formal constitution and bill of rights is necessary. Consultations are expected to begin in 2007.
The Human Rights Act provides for a limited incorporation of the European Convention on Human Rights (ECHR) into domestic law, including the right of privacy. The Act came into force on October 2, 2000. Thus far, the courts have cautiously implemented the rights. A right of privacy is slowly emerging in the cases from the law of confidence that has been used as far back as 1849 to protect the unauthorized disclosure of personal information. The House of Lords acting as the highest court ruled in October 2003 that there is no general common law tort for invasion of privacy and that the ECHR does not require the UK to adopt one. However, the Lords ruled in May 2004 that a tabloid newspaper violated model Naomi Campbell's privacy under Article 8 by publishing that she was undergoing drug treatment and printing pictures of her leaving the treatment center. More recently, the Court of Appeals ruled in May 2005 that following the European Court of Human Rights (ECtHR) case on Princess Caroline, there is an obligation of states to protect individuals from invasions of their personal lives and a duty on courts to follow that obligation.
There is a long history of recognizing privacy from government intrusion in the UK. The statesman William Pitt in the 18th century said, "The poorest man may in his cottage bid defiance to all the force of the Crown. It may be frail; its roof may shake; the wind may blow through it; the storms may enter, the rain may enter - but the King of England cannot enter; all his forces dare not cross the threshold of the ruined tenement!"
However, the current privacy picture in the UK is decidedly grim. The UK has been the world leader in adopting intrusive surveillance technologies such as biometrics, surveillance cameras, computer databases, and DNA testing, largely implemented without debate. The Information Commissioner has warned that the UK is “sleepwalking into a surveillance society.” A 2006 ranking of 37 countries by Privacy International found the UK level of surveillance was “endemic,” lower than any other EU country and at the same level as Russia, China and Singapore. The Labour government's political stance to appear tough on crime and its large Parliamentary majority resulted in an unprecedented number of new laws limiting human rights, including freedom of assembly, privacy, freedom of movement, the right of silence, and freedom of speech in the past ten years.
The Parliament approved the Data Protection Act in July 1998 to implement the European Union Data Protection Directive. The legislation, which came into force on March 1, 2000, applies to records held by government agencies and private entities. It creates eight data protection principles based on the Directive to be followed. These provide for limitations on the use of personal information, access to, and correction of, records, adequate security, and requires that entities that maintain records register with the Information Commissioner.
The Act is quite complex and is considered not very effective at promoting privacy and implementing the EU Directive. It has been described by the courts as a "cumbersome and inelegant piece of legislation." The Information Commissioner noted in his 2004 report that it "is not the most elegant or easily understood statute. It is not written for the casual reader." Its complexity results in it being often incorrectly cited as a justification for the mishandling of data by public and private authorities.
The protections it does offer are being undermined. The government is pressing to allow public bodies to be able to share more information and has initiated a series of proposals to allow sharing in the name of e-government, population registration and local government. A high level Cabinet committee (MISC 31) has been set up “to develop the Government's strategy on data-sharing across the public sector.” In September 2006, it was reported widely that the Cabinet had agreed to a new “vision statement” which would allow for the routine sharing of information when the government determined it was “in the public interest.” It was widely criticized by civil society groups and opposition parties but was welcomed by the Information Commissioner. To date, the proposal has not been made public. A separate proposal for the creation of electronic life records was withdrawn in December 2004 after two parliamentary committees found the regulations the government proposed exceeded the authority of the law.
The Court of Appeals issued a controversial decision in December 2003 narrowing the definition of personal information protected under the Act and limiting individuals' right to access personal information held in manual files. The European Commission has sent a letter of formal notice to the UK government that it may not be in compliance with the EU Data Protection Directive, although both the EU and UK governments have refused to release the letter.
The Children Act, approved by a slim vote in November 2004, creates a national database of all children in the United Kingdom. Over 300,000 people will have access to this database. Children’s advocates and the Parliamentary Joint Committee on Human Rights expressed concern that it violates Article 8 of the ECHR and criticized the bill. The government admitted that it might violate the ECHR but claimed that it was proportional because it involved children
The National Health Service is in the process of creating a national database of all patients’ records that will have few limits on access. Civil society and doctors groups have been urging patients to opt out of the system.
The UK has the largest DNA database in the world. It has grown rapidly in the last ten years from 700,000 to over 3 million samples. Over five percent of the population is now in the system including hundreds of children under the age of ten. The law was changed in 2001 to allow for the inclusion of samples even if a person was found not guilty or never charged (except in Scotland). It was further amended in 2003 to allow the demanding of a sample in any arrest, no matter how minor or dubious the crime and since 2005 it now includes a sample from any deceased person. The House of Lords ruled in 2004 that DNA and fingerprints could be kept even if there was no conviction. The case is pending in the ECtHR. It was also revealed in 2006 that a private company that tests DNA for the government has been secretly keeping samples and the Home Office had given permission to a separate study to see if ethnic backgrounds could be determined by the database.
Under a voluntary moratorium agreed to between the government and insurance industry in 2001 and renewed in March 2005, insurance companies will not demand or use the results of genetic tests for policies under GBP 500,000 unless approved first by the Genetics and Insurance Committee until 2011. Only the test for Huntington’s disease has been approved. Tests done for a research study do not have to be disclosed. However, family history information can still be used. The level of protection for employees is less clear. The Information Commissioner released the final version of the Employment Practices Data Protection Code in June 2005.
The Crime and Disorder Act 1998 provides for information sharing and data matching among public bodies in order to reduce crime and disorder. There are also several other laws that affect privacy, most notably those governing medical records and consumer credit information. Other laws with privacy components include: the Rehabilitation of Offenders Act 1974, the Police Act 1997, the Broadcasting Act 1996, Part VI, and the Protection from Harassment Act 1997. The House of Commons Culture Media and Sport Committee recommended the adoption of a privacy law relating to the media in June 2003, but the Government immediately rejected the proposal.
There is also a poor culture of security for the protection of personal information. Personal information from government computers is regularly disclosed inadvertently or for profit. The Information Commissioner released two reports in 2006 revealing a growing illegal trade in personal information among police and private detectives who obtain information through bribery or impersonation. The Foundation for Information Policy Research (FIPR) estimates that more than 200,000 illegal requests for information are made each year by private investigators under false pretenses.
The Office of the Information Commissioner is an independent agency that maintains the register and enforces the Data Protection and Freedom of Information Acts. The Commissioner, Richard Thomas, was appointed in 2002. As of 2006, there were 276,000 databases registered with the Commission. The agency received 22,059 new cases in 2005-2006, up 13 percent from the previous year. There were 16 prosecutions for unlawfully obtaining or selling of personal data and ten for failure to register databases. The Commissioner is also responsible for enforcing the Privacy and Electronic Communication Regulations. Over 25 percent of its cases involved the regulations.
The Commissioner has relatively limited enforcement powers for privacy. He can only audit or “name and shame” violators with the permission of the controller. He cannot impose fines for violations of data protection principles. Currently, penalties are limited to modest fines unless another statute which has greater penalties is violated. Under the Enterprise Act 2002, the Commissioner can now apply for an enforcement order to a court for breach of the regulations. The Commissioner has also been criticized by civil society organizations for often taking a hands-off approach to enforcement and authorizing the increase in the use of intrusive technologies such as fingerprinting children for school lunches and library privileges. He has called for more powers including the imposition of prison sentences of up to two years for violations of Section 55 (unlawful obtaining of personal information) and the Department of Constitutional Affairs began a consultation in 2006 on increasing penalties for willful or deliberate misuse of information.
The Information Tribunal (formerly the Data Protection Tribunal) can hear appeals of decisions and notices. It has only issued 14 decision relating to data protection since 1990. In 2006, it upheld a notice against the Scottish National Party for violating the Privacy and Electronic Communications Regulations for making unsolicited phone calls.
Interception of communications is regulated by the Regulation of Investigatory Powers Act 2000 (RIPA). Part I authorizes the Home Secretary to issue warrants for the interception of communications and requires Communications Service Providers to provide a "reasonable interception capability" in their networks. The Home, Northern Ireland or Foreign Secretaries of State and the Scottish First Minister normally authorize telephone taps for national security purposes. It further allows any public authority designated by the Home Secretary to access "communications data" without a warrant. This data includes the source, destination and type of any communication, such as mobile phone location information and partial web browsing logs (but the full URL is considered content subject to a warrant). Part III allows senior members of the civilian and military police, customs, and members of the judiciary to demand that users hand over the plaintext of encrypted material, or in certain circumstances decryption keys themselves. This has not been implemented yet, but the government held a consultation in 2006 on bringing it into force. Part II sets rules on other types of "human intelligence" powers that had not been previously regulated under UK law. Many legal experts, including the Information Commissioner, believe that many of the provisions violate the ECHR. The Home Office has issued dozens of codes and regulations on its use in the past five years. Currently, evidence obtained from interceptions is not admissible in court but there is a growing discussion by both political parties and civil rights groups on changing the rules.
Over 200 agencies, police forces and prisons are now authorized to intercept communications. In 2005-2006, there were 2,407 warrants for interceptions of telephone and mail issued in England and Scotland under RIPA, up from 1,466 in 2002. There were also 5,143 modifications of warrants. The government refuses to disclose the number of national security interceptions.
In 2005-2005, there were over 439,000 requests for communications data. According to the Home Office, most of the requests were for address information. There has been considerable controversy about who has access to communications data. In June 2002, the Home Office announced that the list of government agencies allowed under RIPA to access communications data was being extended to more than 1,000 different government departments including local authorities, health, environmental, trade departments and many other public authorities. This resulted in a substantial public outcry, especially after the Surveillance Commissioner admitted in his annual report that "I clearly cannot carry out meaningful oversight of so many bodies without assistance" even before the proposed expansion. Home Secretary David Blunkett announced a few weeks later that he had "blundered" and withdrew the order. A more restricted order was adopted in December 2003. However, nearly 800 bodies now have access to communications data including 475 local authorities. The Government began a consultation in June 2006 on revising the code of practice on acquisition and disclosure of communications data.
The process is overseen by the Interception of Communications Commissioner, previously a former high court judge who acted more as a cheerleader than a watchdog for the technique. A new Commissioner was appointed in April 2006. Every year the Commissioner has found errors in the process but has also decreed that they were not deliberate and were remedied. He found 66 errors in 2005-06, up from 44 in 2004 that included tapping wrong numbers or monitoring domestic targets using the intelligence services. The Commissioner also found nearly 4,000 errors in the obtaining of communications data by communications providers and public authorities in 2005-06. The Commissioner said that he had not found “any instances of willful or reckless conduct” but refused to provide more details on any of the errors. In at least one case not mentioned by the Commissioner, police in Suffolk were revealed (by a request under the Data Protection Act) to have obtained the phone records of a journalist who had called to inquire about an old case in order to discover his sources.
The Investigatory Powers Tribunal hears complaints from individuals that they have been subject to illegal surveillance. It received 80 complaints in 2005 and for the first time ever, it found a violation of RIPA. In January 2003, it ruled that its procedures should be changed so that some of its hearings may be made public.
There is a long history of illegal wiretapping of political opponents, labor unions and others in the UK. In the late 1970s and '80s, MI5, Britain's security service, tapped the phones of many left-leaning activists including current MPs and members of the Government. The ECtHR has strongly criticized the practices of the law and this has resulted in several significant changes to the law. In 1985, the ECtHR ruled that police interception of individuals' communications was a violation of Article 8 of the ECHR, which resulted in the adoption of the Interception of Communications Act 1985. The ECtHR ruled in 1997 that police eavesdropping of a policewoman violated Article 8, which resulted in the adoption of RIPA.
The Privacy and Electronic Communications (EC Directive) Regulations 2003 came into force in December 2003. The regulations implement the EU Directive on Privacy and Electronic Communications (2002/58/EC). They place new rules on cookies and require opt-in for most e-mail and SMS spam. The rules have been criticized for lacking any real deterrent or enforcement powers. The Information Commissioner said in April 2004 and January 2006 that the office needed additional powers to stop spammers from continuing to conduct their activities while under investigation. A survey of UK businesses in January 2007 found that 30 percent did not follow the requirements. In December 2005, there was a successful complaint under the Regulations against a spammer in small claims court which resulted in a judgement of £300. Several UK bodies have signed a Memorandum of Understanding with the US Federal Trade Commission and related Australian government bodies in July 2004 to facilitate cooperation in anti-spam efforts under the regulations. Under a 2005 EU agreement, the Office of Fair Trading (OFT) will have the power to investigate and seize equipment in spam investigations.
The United Kingdom has an extensive system of anti-terror legislation that it has developed over the past one hundred years. A number of new laws have been introduced in the last ten years. In December 2001, the Parliament approved the Anti-terrorism, Crime and Security Act (ATCS). The law allows the Home Secretary to issue a code of practice for the “voluntary” retention of communications data by communications providers for the purpose of protecting national security or preventing or detecting crime that relates to national security. It only applies to data that is already being held by the communications service providers (CSPs) for business purposes. The Code of Practice was approved in December 2003. Under it, some communications data can be retained for up to one year. An opinion commissioned by the Office of the Information Commissioner found that the access to information retained under the act for non-national security purposes would violate human rights and would be unlawful. The government has proposed modifying the ATCS and RIPA to make data retention mandatory and expanding its use to include serious crimes, not just terrorism offenses. A leaked submission by the police and intelligence services to the Home Office in 2000 proposed a seven-year data retention scheme.
The Terrorism Act, 2000 allows for police to stop and search any person or vehicle in designated areas (including all of London) without giving a reason. There were 22,672 stops in 2005-06, which resulted in 27 arrests. The NGO Statewatch estimates that many of the terrorism stops are made under other legislation and the official figures are only half of the actual numbers. The powers have been controversial because of the lack of limits. Asians are found to be more likely to be stopped 30 percent more than other races in London. It has also been used against political protests. In one notable case, a protestor at the Labour Party conference who was heckling Prime Minster Blair was arrested under the Act. Reviews by Lord Carlile and the Association of Chiefs of Police are likely to recommend limits on the powers.
Additional legislation was adopted in 2005 and in 2006 following the bombings in the London transport system in July 2005. These focused on other aspects including detention periods, “control orders” and increasing penalties for “encouraging” terrorism.
The Police and Criminal Evidence Act 1984 (PACE) allows police to enter and search homes without a warrant following an arrest for any offense. Police have the right to stop and search any person on the street on grounds of suspicion. The police stopped and searched 851,200 persons and vehicles under the Act in England and Wales in 2004-05, up 14 percent from the previous year.
The Office of the Surveillance Commissioners review other investigatory techniques under RIPA Part II and PACE. According to their last report, there were 2,310 authorizations including 435 for "intrusive" authorizations for break-ins into homes under the Police Act 1997 and Part II of RIPA for 2005-06. The Commissioners ordered that one be quashed for lack of adequate justification. There were 23,628 authorizations by law enforcement and 6,924 from other bodies for directed surveillance in the same period. They also stated that they have concerns about new technologies not considered by Parliament including tracking devices, Automatic Number Plate Recognition (ANPR), covert cameras and special identification dyes.
There has been a proliferation of CCTV cameras in hundreds of towns and cities in Britain. It is now estimated that there are over four million cameras in Britain, and the average citizen is recorded over 300 times each day. The camera networks can be operated by police, local authorities or private companies, and are often partly funded by Home Office grants. Their original purpose was crime prevention and detection, though in recent years the cameras have become important tools for city center management and the control of "anti-social behavior." Many of the systems have been enhanced with technology for facial recognition but the jurisdictions that have installed the systems have admitted that the technology has yet to result in an arrest.
The systems are increasingly being connected together with databases. In London, a system for "congestion charging" uses a sophisticated number plate recognition system to charge motorists who drive into central London during business hours. It was revealed that the system was organized in cooperation with the intelligence services that use it with facial recognition systems to monitor the drivers of the cars. The government announced in January 2005 that it was expanding its pilot program of ANPR nationwide. Traffic cameras have also spread across the country. The Surveillance Commissioners in their annual report urged the Home Secretary to consider new legislation to authorize ANPR.
There has been growing criticism of the use of the cameras. The ECtHR ruled in January 2003 that a Council's release of CCTV footage of an attempted suicide for a campaign on CCTV violated the man’s Article 8 right to privacy. Motorists across the UK have engaged in vandalism of traffic cameras and they are widely criticized for being used for fundraising rather than traffic safety. There is also a growing body of literature that the cameras are not nearly as effective as the proponents claim. A Home Office study released in 2005 found many problems with the systems. In all but one area studied, crime did not show a statistically significant decrease and even increased in a majority of areas for unknown reasons. CCTV also did not improve perceptions about safety significantly and did not change behaviors. In nearly half of the areas, support for CCTV and its perceived effectiveness declined once it was installed. On the design of the system, the study found that many systems were installed without clear objectives based on feelings that CCTV was "a good thing," a perceived need to "catch up" if other jurisdictions had already installed then, and a pressure to bid for it based on the existence of funding more than actual need. Technical consultants were often not challenged on the installation of the systems and police were not consulted adequately. The Scottish Centre for Criminology found that the cameras did not reduce crime, nor improve public perception of crime problems. A study in June 2002 found that in many areas with CCTV crime increased and street lighting is a more effective deterrent.
The Identity Cards Act was approved in March 2006 after years of contentious debate. There has been no national ID card in the UK since 1952, when the House of Lords ruled that requiring the disclosure of the card was not lawful and the National Registration Act was repealed. Since that time, the issue came up every few years and was been soundly rejected each time due to public opposition. After Sept 11, a series of Home Secretaries had proposed the card and it was adopted as a government position in 2004.
The bill was only adopted in the face of a constitutional crisis after the Lords refused five times to agree to the bill as adopted by the House of Commons. The bill was strongly opposed by a wide variety of groups including the Conservative party (the official opposition which initially supported it), the Liberal Democrat party (the third largest political party), the Law Society, and the Information Commissioner. The Information Commissioner, Richard Thomas, expressed strong concerns over the government's plans for a biometric national identity card and database. He particularly criticized the scheme's "disproportionate and excessive" storage of personal information and the wide range of uses that would "permit function creep into unforeseen and perhaps unacceptable areas of private life."
The Act requires the creation of a central National Identity Register and the issuing of "voluntary" ID cards that will include biometric identifiers. There are heavy penalties for a large number of new offenses including failing to register to receive a biometric scan, and to update a home address. It gives the Home Secretary the power to issue regulations to vastly expand the scope of the scheme, including making the card mandatory for certain classes of people and extending use of the register and the types of information held in it. Safeguards and oversight are minimal - for example, the new National Identity Scheme Commissioner's powers are limited to reviewing unauthorized disclosures instead of allowing the existing Information Commissioner oversight powers.
The National Identity Scheme will be phased in over 10 years or more years starting in 2008 with biometric visas for non-EU nationals. Starting in 2009, citizens requesting new passports will be required to register and will be required to have a card in 2010. Documents released by the government in March 2007 indicate that they plan to make the scheme universally compulsory by 2014 if the Labour Party wins the next election.
The scheme could cost at least GBP 15 billion to implement, and billions more to integrate with existing public and private sector systems, but the government is refusing to release many details of the costings claiming reasons of commercial confidentiality.
There is continued opposition to the scheme even after its adoption. Public support has dropped from 80 percent to around 50:50 for and against, and 82 percent of the public believe there's a danger their personal information will be divulged improperly from the ID database. Polling from the Home Office estimates that at least 15 million people will refuse to register for the database. The Conservative Party has said it will cancel the scheme when it is elected into power next.
The Department of Constitutional Affairs announced in October 2006 that extensive pilots of e-voting would take place in the 2007 elections. A review of the process found that the systems were poorly designed and insecure. There were numerous problems including unreliable registers, incorrect ballot displays and poorly designed cryptographic receipts. Some electronic counts had to be abandoned while others had significant delays in counting or severe discrepancies between the counts.
The Freedom of Information Act (FOI) was enacted in November 2000. However, its full implementation was delayed until 2005, the slowest implementation of any FOI law in the world. In the period that it has been in effect, it has received considerable interest and use and appears to be working for at least some types (mostly non-controversial) of information. There were over 33,000 requests to central government bodies in 2006, down from 38,000 in 2005. In June 2002, the Scottish Parliament approved a Freedom of Information Act that is regarded as somewhat stronger than the UK Act. It also went into effect in January 2005.
The UK is a member of the Council of Europe (CoE) and has signed and ratified the CoE Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (Convention No. 108) and the European Convention for the Protection of Human Rights and Fundamental Freedoms. In November 2001, the UK signed the CoE Convention on Cybercrime but still has not ratified it. The UK is a member of the Organization for Economic Cooperation and Development (OECD) and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.
The Isle of Man Data Protection Act 2002 came into force in April 2003. The Office of the Data Protection Supervisor enforces the Act. The Data Protection (Bailiwick of Guernsey) Law of 2001 was approved in March 2002. The Isle of Guernsey Data Protection Commissioner enforces the Act. The EU Article 29 Working Group released an opinion in June 2003 finding that the law is adequate. In Jersey, the Data Protection (Jersey) Law went into effect in December 2005. The Data Protection Commissioner enforces the Act.
 See Future Britan website <http://www.futurebritain.org/>
Rights Act 1998 (c. 42), available at
 Prince Albert v. Strange, 1 Mac & G 25 (1849).
 Wainwright and another v. Home Office, (2003) UKHL 53, (2003) 4 All ER 969. October 16, 2003.
 Campbell v. MGN Ltd (2004) UKHL 22, 2 WLR 1232. May 6, 2004; see also Information Commissioner – Annual report and accounts for the year ending March 31, 2003, July 2003, available at <http://www.informationcommissioner.gov.uk/>.
 Douglas v. Hello (2005) EWCA Civ 595.
 William Pitt, Earl of Chatham, Speech on the Excise Bill in Bartletts Familiar Quotations, 10th ed. (1919); see also e.g. Entick v. Carrington, 95 Eng. Rep., 807 K.B. (1765).
 For a
comprehensive overview of recent developments in the deployment of surveillance
technologies in the UK, See FIPR,
Technology development and its effect on privacy & law enforcement, February
2004, available at
 Information Commissioner’s Office, e-newsletter, 3rd edition, November 2006.
 Privacy International, Leading surveillance societies in the EU and the World, September 2006. <http://www.privacyinternational.org/article.shtml?cmd=x-347-545269>
 Data Protection Act 1998 (c. 29) <http://www.hmso.gov.uk/acts/acts1998/19980029.htm>. Replacing Data Protection Act 1984 (c. 35), available at <http://www.hmso.gov.uk/acts/acts1984/1984035.htm>.
See, e.g., Bainbridge D.
et al., Tilting the Windmills –
Has the New Data Protection Law Failed to Make a Significant Contribution to
Rights of Privacy, 2 Jnl of Information, Law and Tech (2000), available at
 Campbell v. MGN Ltd, Court of Appeal (Civil Division), (2002) EWCA Civ 1373, (2003) QB 633. October 14, 2002 (Opinion of Lord Phillips).
 See Final Report of the Bichard Inquiry regarding problems of police understanding the DPA rules (2004), available at <http://www.bichardinquiry.org.uk/>; "Couple with No Gas Found Dead," BBC News Online, December 22, 2003, (British Gas blaming deaths of elderly couple on DPA after BG cut off gas to apartment).
Chancellor's Department Consultation Paper, For Your Information: How Can The
Public Sector Provide People with Information on, and Build Confidence in, the
Way It Handles Their Personal Details?, April 2003, available at <http://www.lcd.gov.uk/consult/datasharing/datashare.htm>;
Performance and Innovation Unit (PIU), "Privacy and Data-sharing: The way
Forward for Public Services," April 2002, available at
<http://www.number-10.gov.uk/su/privacy/index.htm>; Office of National
Statistics, The Population Register Proposal, available at
 Increased Sharing of Information Proposed, Financial Times, September 13, 2006.
 Office of National Statistics, Modernizing Civil Registration, available at <http://www.statistics.gov.uk/registration/whitepaper/default.asp>; Ministerial Statement on the Modernisation of Civil Registration, 1 March 2005, available at <http://www.gro.gov.uk/Images/FST_Statement_010305_tcm69-15715.pdf>.
 Durant v.
Financial Services Authority, (2003) EWCA Civ
 "European Commission suggests UK’s Data Protection Act is deficient," Out-Law. July 15, 2004.
 Children Act 2004, (C. 31). Available at <http://www.hmso.gov.uk/acts/acts2004/20040031.htm>.
 Joint Committee On Human Rights - Nineteenth Report, September 8, 2004.
 See Moritz Y. Becker, A formal Security Policy for an NHS Electronic Health Record Service, University of Cambridge, Computer Laboratory, March 2005, available at <http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-628.html>.
National DNA Database Annual Report 2005-2006
Genewatch, The Police National DNA Database: Balancing Crime Detection, Human
Rights and Privacy, January 2005
 Regina v. Chief Constable of South Yorkshire Police, (2004) UKHL 39.
 Police DNA database 'is spiralling out of control', The Observer, July 16, 2006.
and Moratorium on Genetics and Insurance, March 2005, available at
 See Genewatch, "Genetic Testing in the Workplace," June 2003, available at <http://www.genewatch.org/HumanGen/publications/Reports/GeneticTesting.pdf>.
 Information Commissioner’s Office, Employment Practices Data Protection Code, June 2005.
 Access to
Medical Reports Act 1988 and the Access to Health Records Act 1990.The Health
and Social Care Act 2001. Mostly repealed by the Data Protection Act
 Consumer Credit Act, 1974. Replaced by Consumer Credit Act 2006. <http://www.opsi.gov.uk/acts/acts2006/ukpga_20060014_en.pdf>
 House of Commons Culture, Media and Sport Committee, Privacy and Media Intrusion, Fifth Report of Session 2002–03, June 2003.
 Information Commissioner’s Office, What Price Privacy?: The unlawful trade in confidential personal information May 2006.; What price privacy now? The first six months progress in halting the unlawful trade in confidential personal information, December 2006. Available at <http://www.ico.gov.uk/>.
 See Information Commissioner – Annual Report 2005-2006, July 2006, available at <http://www.informationcommissioner.gov.uk/>.
 See Written testimony of Chris Pounder, Editor of Data Protection and Privacy Practice to Home Affairs Select Committee, July 2007.
 Department of Constitutional Affairs, Increasing penalties for deliberate and willful misuse of personal data, July 2006. <http://www.dca.gov.uk/consult/misuse_data/consultation0906.pdf>. Responses available at <http://www.dca.gov.uk/consult/misuse_data/cp0906.htm>.
 See Information Tribunal <http://www.informationtribunal.gov.uk/ourDecisions.htm>.
of Investigatory Powers Act 2000. (c. 23), available at
Interception of Communications Act, 1985 (c. 56).
see Y. Akdeniz, N. Taylor, C. Walker,
Regulation of Investigatory Powers Act 2000 (1): Bigbrother.gov.uk: State
Surveillance in the Age of Information and Rights, Criminal Law Review 73-90
(February 2001) available at <http://www.cyber-rights.org/documents/crimlr.pdf>.
 Home Office, Consultation on the draft code of practice for the Investigation of Protected Electronic Information, June 2006. <http://www.homeoffice.gov.uk/documents/cons-2006-ripa-part3/>; FIPR Response to the Home Office: “Consultation on the Draft Code of Practice for the Investigation of Protected Electronic Information – Part III of the Regulation of Investigatory Powers Act 2000”, September 2006. <http://www.fipr.org/060901encryption.pdf>.
 See Home Office RIPA pages <http://security.homeoffice.gov.uk/ripa/>.
 Report of the Interception of Communications Commissioner for 2005-06, February 2007. For a historical overview, see Statewatch, Telephone Tapping and Mail-opening Figures 1937-2004, available at <http://www.statewatch.org/news/2005/nov/uk-tel-tap-rep-2004.htm>.
 Report of
the Chief Surveillance Commissioner for 2000-2001, Cm 5360, January
 "Blunkett Shelves Access to Data Plans," The Guardian, June 19, 2002.
 Regulation of Investigatory Powers (Communications Data) Order 2003, available at <http://www.opsi.gov.uk/si/si2003/20033172.htm.>; Amended by Statutory Instrument 2005 No. 1083, The Regulation of Investigatory Powers (Communications Data) (Amendment); Order 2005, available at <http://www.opsi.gov.uk/si/si2005/20051083.htm>.
 Home Office, “Consultation on the Revised Statutory Code for Acquisition and Disclosure of Communications Data - Chapter II of Part I of the Regulation of Investigatory Powers Act 2000,” June 2006, <http://www.homeoffice.gov.uk/documents/cons-2006-ripa-part1/>; FIPR Response to the Home Office, “Consultation on the Revised Statutory Code for Acquisition and Disclosure of Communications Data – Chapter II of Part I of the Regulation of Investigatory Powers Act 2000,” September 2006, <http://www.fipr.org/060901commsdata.pdf>.
 He noted in
his 2003 report that, "I have been impressed by the quality, dedication and
enthusiasm of the personnel carrying out this work on behalf of the government
and the people of the United Kingdom."
See correspondence between Commissioner
and PI, available at
 “Anger as police obtain journalist's mobile records to discover source,” Daily Mail, December 1, 2006.
 In the Matter of Applications Nos. IPT/01/62 and IPT/01/77, January 23, 2003.
e.g., Patrick Fitzgerald & Mark
Leopold, Stranger on the Line, Bodley Head
 Malone v. United Kingdom (A/95): (1991) 13 EHRR 448.
 Halford v. United Kingdom (Application No 20605/92), 24 EHRR 523, June 25, 1997.
 The Privacy
and Electronic Communications (EC Directive) Regulations 2003, SI 2003 No. 2426,
September 18, 2003, available at
<http://www.hmso.gov.uk/si/si2003/20032426.htm>; The Privacy and
Electronic Communications (EC Directive) (Amendment) Regulations 2004, available
See also "Spam": Report of an Inquiry
by the All Party Internet Group, October 2003, available at
 "UK Spammers off the Legal Hook for Another Year," Silicon.com, April 16, 2004. British Information Commissioner Richard Thomas discussed the difficulties of enforcing European anti-spam directive rules at an April 2004 global privacy symposium sponsored by White & Case. He noted the absence of an international system to track down violators, and the UK's "very weak enforcement process," which gives the Information Commission no injunctive powers. He also complained about the Information Commission's lack of resources. See John Herzfeld, "U.K. Anti-Spam Enforcement Hindered by National Boundaries, Official Says," Privacy & Security Law Report, Vol. 3, No. 18, May 3, 2004, at 531.
 “UK companies 'flouting spam laws',” Silicon.com, January 8, 2007.
 “Court victory hailed as spam stopper,” The Guardian, December 28, 2005.
 “OFT gains powers to seize spammers' PCs,” ZDNet, February 28, 2007.
 Anti-terrorism, Crime and Security Act 2001, available at <http://www.hmso.gov.uk/acts/acts2001/20010024.htm>.
 The Retention of Communications Data (Code of Practice) Order 2003, SI 2003 No. 3175, December 4, 2003; Retention of Communications Data Under Part 11: Anti-Terrorism, Crime & Security Act 2001 - Voluntary Code of Practice, available at <http://www.legislation.hmso.gov.uk/si/si2003/draft/5b.pdf>.
 Opinion of
Ben Emmerson QC and Helen Mountfield, Matrix Chambers, July 2002, available at
 Home Office, Counter-Terrorism Powers: Reconciling Security and Liberty in an Open Society: A Discussion Paper, February 2004; See C. Walker & Y. Akdeniz, "Anti-Terrorism laws and Data Retention: War Is Over?" 54(2) Northern Ireland Legal Quarterly 159-182 (2003), available at <http://www.cyber-rights.org/documents/data_retention_article.pdf>.
 NCIS Submission on Communications Data Retention Law, August 2000, available at <http://www.statewatch.org/news/dec00/02ncis.htm>.
 “Terror search powers “over-used”,” BBC News, June 7, 2007.
 See Clive Walker, “Clamping Down on Terrorism in the United Kingdom,” Jnl of Intl Crim Justice 4 (2006).
 Home Office, Arrests for Notifiable Offences and the Operation of Certain Police Powers under PACE 21/05 England and Wales, 2004/05, December 16, 2005; See also Anti-terrorist Stop and Searches Target Muslim Communities, but Few Arrests, Statewatch Bulletin, Vol. 13 No. 6, November-December 2004-05-09.
 Annual Report of the Chief Surveillance Commissioner for 2003-04.
 "Nowhere to Hide as Britain Tops CCTV League, "Sunday Times, April 18, 2004.
Role for Traffic Cameras," The Observer, February 9, 2003.
 See <http://www.pito.org.uk/what_we_do/identification/anpr.htm>.
 Peck v. the
United Kingdom (application No. 44647/98), January 2003, available at <http://www.echr.coe.int/Eng/Press/2003/jan/Peckjudeng.htm>.
 "Speed Camera at Accident Black Spot Is Blown up," Daily Telegraph, February 8, 2003; See also <http://www.speedcam.co.uk/gatso2.htm>; <http://www.safespeed.org.uk/main.html>.
 Home Office Research, Development and Statistics Directorate, "Home Office Research Study 292 Assessing the impact of CCTV," February 2005, available at <http://www.homeoffice.gov.uk/rds/pdfs05/hors292.pdf>.
 NACRO, "To CCTV or not to CCTV," June 28 2002, available at <http://www.nacro.org.uk/templates/publications/briefingItem.cfm/2002062800-csps.htm>.
Cards Act 2006.
 Willcock v. Muckle, June 26, 1951; See Privacy International UK ID Card Page for more details.
 Heated Debate on ID Cards in the UK,” EDRI-gram newsletter, June 29, 2005, number 3.13, available at <http://www.edri.org/edrigram/number3.13/>.
 See The Identity Project: as assessment of the UK Identity Cards Bill and its implications, London School of Economics, June 2005. <http://identityproject.lse.ac.uk/>.
Telegraph poll, December 12th, 2006
 Millions to rebel over ID cards, The Times, April 8, 2007.
 Open Rights Group, May 2007 Election Report, July 2007 <http://www.openrightsgroup.org/e-voting-main/>.
 Freedom of
Information Act 2000, available at <http://www.cfoi.org.uk/foiact2000.html>.
For detailed information on the Act,
see the Campaign for Freedom of
Information's website <http://www.cfoi.org.uk>.
 Ministry of Justice, Freedom of Information Act 2000: 2nd Annual Report on the Operation of the FOI Act in Central Government 2006, June 2007.
 Signed May
14, 1981; ratified August 26, 1987; entered into force December 1, 1987.
 Signed November 4, 1950; ratified March 8, 1951; entered into force September 3, 1953.
 Signed November 23, 2001.
 The Data Protection (Bailiwick of Guernsey) Law, 2001, available at <http://www.dpcommission.gov.gg/2001%20Law/2001%20Law.htm>.
 Article 29 Data Protection Working Party, Opinion 5/2003 on the level of protection of personal data in Guernsey (10595/03/EN), June 13, 2003, available at <http://www.europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2003/wp79_en.pdf>.
See Office of the Data Protection
 Homepage <http://www.dataprotection.gov.je/>.