Digital identity, privacy and the rule of law

In the twenty-first century the most valuable of all fundamental rights is, in my view, the right to privacy. In a recent tete-a-tete (courtesy of The Times) the Information Commissioner John Edwards and I exchanged ideas in a public disagreement about the effectiveness of the role of the Information Commissioner's Office (ICO), in particular in the context of regulating public bodies and digital IDs.

I believe the ICO has regressed into a regulator which rarely, if ever, issues a penalty that is effective, proportionate and dissuasive. In the vast majority of cases, the ICO takes little to no meaningful action against data breaches caused by public bodies. 

It is now rare for a public body to be fined for losing your personal data, however much injury, harm or upset that breach may cause you. Instead they are most likely to just receive a written reprimand with no threat of further action. In his response to my challenge, Mr Edwards suggested that the ICO was helping to deliver better results by implementing positive changes across government which prevent mistakes before they lead to fines. I think the evidence for this claim is dubious and debatable at best – a debate which will have to wait for another day.

The foundation of all fundamental rights is a belief in the rule of law. In this context, where data protection (and other) laws are broken vis-à-vis your digital ID, the rule of law means that you believe digital IDs can be safely administered by the government and you need to be sure that the law will be upheld and that wrongdoers will be punished should the laws be broken. Here is the problem: however clearly articulated and well-drafted those laws are, they are meaningless if they are breached without fear of enforcement, without remedy or redress to victims. The first fly in the digital ID ointment is the ineffectiveness of the ICO.

The Legal Perspective

Some in favour of digital IDs will rightly point out that the right to privacy is not unfettered. It exists in a regime where nation states are permitted to interfere with that right only where necessary in a democratic society. The government’s primary aim for the digital ID card is to prevent illegal immigration, particularly via small boats crossing the English channel. I suggest that the government has failed to make the case that digital IDs are necessary to achieve the stated aim. Other options are available, but they are not politically expedient. The British public will need to make up their mind about the effectiveness of any digital ID scheme to prevent this activity. Perhaps the most authoritative moral argument I have encountered is, quite simply, that those who are willing to break the law (for whatever reason) to cross the channel in small boats and arrive in the UK having risked life and limb are not likely to be perturbed by a further administrative restriction in the form of a digital ID. And therein lies the second fly in the ointment: the digital ID is not necessary in law nor effective in tackling the government’s objective.