Part I of a Scottish Review investigation
We no longer need to imagine a futuristic world in which everyone has a number known only to the authorities; a world in which the most intimate details of our lives are able to be shared without our permission or even knowledge; a world in which we are electronically tracked from the womb to the grave. We no longer need to imagine such a world because, in Scotland, we are already living in it.
The database state is not unique to us, but it is being pursued here with unabated zeal. Within weeks of coming to power, the coalition government scrapped Contact Point, a notorious data-sharing scheme in England and Wales, in response to concerns about its intrusion into private lives. There is no sign of a similar initiative north of the border, where the full extent of the database state, with its profound implications for civil liberties, is only now emerging.
Two months ago, SR revealed how GIRFEC (‘Getting It Right for Every Child’), an apparently innocuous Scottish data-sharing project with the ostensible aim of alerting the authorities to children at risk, is being universally applied regardless of circumstance. We gave examples of GIRFEC’s invasion of privacy, including such sinister absurdities as the recording of the names of family pets. We did, however, claim, because we believed it to be true, that the electronic sharing of information, which starts pre-birth, stops at the age of 18. We wondered in passing what happens to all that data. There was no official response.
It now seems unlikely that the files on our children are being destroyed. It is much more likely that they are being fed into an adult database, or series of linked databases, which will continue to be available for sharing by government agencies, the health service, local authorities, the police, even some voluntary organisations. The eventual aim is nothing less than the universal profiling of the people of Scotland. This colossal undertaking has begun – certainly in the Western Isles, Ayrshire, Tayside and Grampian, and perhaps more widely than SR has been able to establish.
Following our initial revelations, sources close to GIRFEC – that is to say, involved in its implementation – contacted SR to express misgivings about the project and its very much wider context. For obvious reasons these sources cannot be named. But they have helped us to piece together the full story of Scotland’s ‘citizens’ database’, as it is known to insiders.
Each person will have a ‘Unique Person Identifier, a number which can be used as a common reference number across information systems to identity an individual’.
The technical bible of the citizens’ database – the blueprint – is an obscure document called the ‘Scottish Social Care Data Standards Manual’ first published five years ago, when Labour was still in power on both sides of the border, by the data standards and e-care division of the Scottish Executive. Being obscure and rather obviously a product of New Labour ideology does not, however, make it any less disturbing. Unless its generally overlooked progress is halted by political action of the kind we have seen in England and Wales, the citizens’ database will grow to cover the whole of the country and every citizen.
The manual states at the outset:
Under Joint Future initiatives, public sector agencies such as social care, health, housing and education are being encouraged to deliver care and services on a joined-up basis, supported by high-quality, shareable information about people, their care needs and the services they require…Using these data standards will maximise the commonality of recorded data thereby increasing its shareability and potential usefulness.
The bureaucratic jargon is, as always, execrable, but the intentions are plain enough: anyone who accesses a vital public service runs the risk of having personal information requested, recorded and shared by ‘local public sector agency partnerships throughout Scotland’. The material shared will include, as well as ‘generic core information’ such supplementary intelligence as ‘processes, events and status episodes’. We can only speculate what these amount to.
Each person will have a ‘Unique Person Identifier, a number which can be used as a common reference number across information systems to identity an individual’. This number, unlike our National Insurance number, will not be known to the subject: only to the agencies which are party to the citizens’ database and sharing the information electronically.
A ‘positive recording approach’ is recommended. (In other words: no field on a person’s computerised profile should be left blank). The Scottish government wishes to promote ‘an information culture where people are free to withhold potentially sensitive personal data, but there is an expectation that positive answers to other data will normally be provided’.
The Scottish government not only expects us, as patients or clients, to provide this information, but also proposes to make it available for sharing electronically among a variety of approved ‘practitioners’.
Let’s, then, take a closer look at the information which we will be ‘expected’ to provide or, in a few cases, be ‘free to withhold’.
Religion (Apparently ‘Atheist’ is a religious group – it is included in a long list between ‘Associate Synod’ and ‘Baha’i’)
Country of birth
Sex at birth
‘Lives Alone’ – in this way identifying anyone who does so
‘Associated Person’ – details of ‘people who have a significant involvement, or relationship with, the person’ – next-of-kin, emergency contact, accountant and lawyer are given as examples.
‘Social, economic and physical situation’ – noting the type of accommodation in which the person lives, including penal establishments, and classifying ‘squatters’ and ‘rough sleepers’ separately; employment status; composition of household etc.
We should be clear: it cannot be repeated often enough: the Scottish government not only expects us, as patients or clients, to provide this information, but also proposes to make it available for sharing electronically among a variety of approved ‘practitioners’.
‘Organisations are sometimes tempted to avoid monitoring on the grounds of sexual orientation for the reasons that it is too sensitive or seen to be a private matter.’
We have left until last the most bizarre question of all: sexual orientation. The answer may fall into one of eight categories:
The inclusion of this question is defended on the grounds that it ‘might ensure that minority groups are not disadvantaged or marginalised in their access to core services’. It could be argued that the citizens’ database is so deeply intrusive that the reverse may turn out to be true.
Significantly, the architects of the database betray an uncharacteristic nervousness when they address this issue. The manual emphasises the need to assure the client of ‘strictest confidentiality’: an assurance without integrity since the information given in ‘strictest confidentiality’ may then be electronically shared without the client knowing the first thing about it.
It continues: ‘Organisations are sometimes tempted to avoid monitoring on the grounds of sexual orientation for the reasons that it is too sensitive or seen to be a private matter.’
A short deconstruction of that remarkable statement is called for. First, which organisations does the Scottish government have in mind here? Who asks the question, or is tempted not to ask it, and in what circumstances is it asked, or not asked? Second, the use of the word ‘monitoring’ should be noted as an acknowledgement of what is really going on. Third, the phrase ‘seen to be a private matter’ suggests that sexual orientation is not necessarily a private matter. If it is not necessarily a private matter, but only ‘seen to be’ one, is there anything we are entitled to call private?
Or is what we are embarking on in Scotland in effect the death of privacy?
Tomorrow: part II of Open Secrets
This article has been reproduced with the kind permission of Kenneth Roy.
Read Kenneth Roy in the Scottish Review.