![Sample our Communication Studies journals, sign in here to start your access, 2013 & 2014 volumes FREE to you for 14 days]({"type":"image" , "src" : "/sda/5927/TOC-Subject-Sample-2021-Information-Science2.jpg"})
Abstract
This paper is primarily concerned with development of data protection legislation in the United Kingdom from the late 1960s through to the enactment of the 1984 Data Protection Act. Following a series of private members' bills calling for varying degrees of privacy legislation, the UK government commissioned two significant reports in the 1970s. The first, the Younger Report on Privacy (1972), established 10 principles for the handling of personal data that were to influence data protection statutes in Europe. The Lindop Report on Data Protection (1978) examined public- and private-sector computer systems, recommending a flexible legislative environment – with a set of broad principles guiding a data protection authority in its development of codes of practice aimed at various sectors of the economy. The far-reaching nature of those recommendations can now be appreciated in the work of the modern Information Commissioner's Office, 25 years after the publication of the Lindop Report. However, the momentum created by the two studies faded during the period 1979–82. Labour and Conservative governments respectively consulted further and objected to additional bureaucracy involved in creating a data protection authority. During this period of entropy, unpublished memoranda and correspondence demonstrated how former members of the Lindop Committee maintained the pressure on government, ensuring that their work was not forgotten. Eventually, overseas legislation and the need for the UK to maintain its position at the ‘crossroads of the information highway’ ensured that the UK, albeit grudgingly, enacted a Data Protection Act in 1984. By that time, the UK had lost the lead in defining data protection law and policy established by the Reports of Younger and Lindop. In highlighting findings from the Committees and efforts by dedicated individuals in lobbying successive governments in the late 1970s and early 1980s, the authors demonstrate the importance of preserving historical memory.
Acknowledgements
The authors wish to acknowledge the contribution of the following individuals: Sir Norman Lindop for his help in the preparation of this paper, and in particular his willingness to provide the authors with reports and correspondence between the DPC and government during the 1979–82 period; Professor Colin Mellors for responding promptly and with courtesy to the authors' request for endnotes to one of his articles; the three referees for their feedback on earlier drafts of this article.
Notes
1 The Younger Committee undertook a survey of public attitudes to privacy. For an example of public perceptions to computers, refer to: Home Office Citation(1972).
2 Lord Mancroft's Bill (14 February 1961).
3 The Access to Personal Files Act 1987 and the Access to Medical Reports Act 1988, by allowing access to files within specific contexts, did regulate the processing and use of certain manual data. The former Act was repealed by the Data Protection Act 1998.
4 The Younger Committee was formally appointed by Callaghan on 13 May 1970. Following the change of government after the June 1970 general election, the Committee continued its work under the Conservative Home Secretary, Reginald Maudling. Its terms of reference remained unchanged.
5 The first national data protection law was Sweden's Data Act of 1973. Prior to that, the West German Land of Hesse passed the first data protection law anywhere in 1970.
6 Bennett (Citation1992, pp. 7–10). Bennett sought to find explanations for such policy ‘divergence’ by analysing domestic characteristics of the countries he studied. These explanations were: the repertoire of policy instruments within the state; the preferences of dominant social groups; the role of the political parties in electoral competition; the position and power of bureaucracy; and economic constraints. The countries studied were: the US, Germany, the UK and Sweden.
7 The Labour Home Secretary Roy Jenkins announced the government's intention to appoint the Data Protection Committee in December 1975. It was originally to be chaired by Kenneth Younger, chairman of the Privacy Committee. However, his sudden death in May 1976 resulted in the appointment of Sir Norman Lindop, Director of Hatfield Polytechnic, in his place.
8 Interview with Sir Norman Lindop, Hertford, 6 September 2001.
9 Ibid.
10 Ibid.
11 Ibid.
12 Following the enactment of the EU Data Protection Directive 1995, codes of practice have increasingly become viewed as a pragmatic means of underpinning national data protection laws. Moreover, in counties with a cultural antipathy to overarching government legislation, such as the United States, such codes are viewed as a practical alternative.
13 Question from Mr Forman to Dr Summerskill, House of Commons. Hansard, Written Answers, 8 March 1979, cols 752–762.
14 National Computer Users Forum – Minutes of a meeting held on 26 February 1979.
15 Correspondence from Paul Sieghart to Sir Norman Lindop, 27 May 1980.
16 Correspondence from Paul Sieghart to Charles Read, 15 September 1980.
17 Correspondence from Timothy Raison MP to the Hon. Celia Goodhart, 5 February 1981.
18 Correspondence from Sir Norman Lindop to the Hon. Celia Goodhart, 24 February 1981.
19 In November 1979, John Butcher MP had suggested to the Home Office that he should introduce a Private Member's Bill based on the Lindop recommendations which the government could help along without affecting its own programme. His suggestion was not taken up.
20 Interview with Sir Norman Lindop, Hertford, 27 August 2003.
21 The two papers were: Data Protection Committee members. Memorandum submitted to the Home Office on data protection legislation for the UK, July 1981 [unpublished]; Data Protection Committee members. Comments on the White Paper on data protection, June 1982 [unpublished].
22 Correspondence from Home Office to Sir Norman Lindop. Received 9 February 1982.
23 Examples of case law developed during this period by the US Supreme Court include: Katz v. US (1967), allowing a right to privacy from government surveillance into an area where a person had a ‘reasonable expectation of privacy’ and also matters relating to marriage, procreation, child-rearing and education. The Court had earlier recognized in NAACP v. Alabama (1958) that political groups had the right to prevent disclosure of their members' names to government agencies. The idea was that people had the right to live their lives as they desired. The study with the widest remit was the Privacy Protection Study Commission (PPSC) (1975–77) established as a consequence of the Congressional debates surrounding the Privacy Bill. It recommended establishing a Federal Privacy Board to: monitor and evaluate relevant statutes and regulations; research and investigate areas of privacy concern; issue binding rules for federal agencies in their implementation of the Privacy Act 1974; and advise the President, Congress, government agencies and states regarding privacy implications of future regulations. The other two studies which recommended the establishment of a data protection authority were: White House Domestic Council Committee on the Right of Privacy (1974–77) and Congressional Commission on Federal Paperwork (1975–77).
24 Examples include: Telephone Privacy Act 1991, 105 Stat. 2394 (1991) and Consumer Reporting Reform Act 1992, H.R. 3596, 102nd Cong., 2nd Sess. (1992).
25 In this context, sensitive data were outlined in clause 2 (3) of the 1982 Bill as personal data relating to: ‘(a) the racial origin of the data subject; his political opinions or religious or other beliefs; his physical or mental health or his sexual life; or his criminal convictions.’ This remained the case in the final 1984 Act. Indeed, the Secretary of State's powers to create additional safeguards for the above category of data were not used. It was only with the enactment of the Data Protection Act 1998 that additional protection was given to such data, expanded to include trade union membership.
26 Particularly significant was the Tribunal's judgement against the credit reference industry's use of third-party information. Previous industry practice had resulted in people being denied credit because of the bad debts of others who happened to live at the same address in the past. Judgements were delivered in two cases: CCN Systems Ltd v The Data Protection Registrar (1991); CCN Credit Systems Ltd v The Data Protection Registrar (1991).
27 This lack of public concern for data protection is mentioned by Timothy Raison in an interview: ‘I've represented my constituency for twelve years, and I've never had a single constituent come to me with any problem or question about data protection. It just doesn't feature in the ordinary person's imagination’ (Riley Citation1982).
28 The supervisory authority, now known as the Information Commissioner's Office, is responsible for regulating both data protection and freedom of information. It employs approximately 200 staff, and has established regional offices in Wales, Scotland and Northern Ireland.