Sunday, 20 July 2014

The other side of communications data

Now that the dust has settled for the moment on DRIPA (the Data Retention and Investigatory Powers Act 2014) we should perhaps not forget that, even though many will regard it as worth paying, a tangible price attaches to the authorities’ use of communications data for the investigation and prosecution of crime.

This is a human, not a money price.  Mistakes are made with communications data and can have (in the words of the Interception Commissioner’s Report for 2008) catastrophic consequences for members of the public.


Calculated as a percentage of requests for communications data, the proportion of errors is arithmetically small – in the region of .2%, or 1 in 500.  But when the police arrive at an innocent front door to execute a warrant, that is not an arithmetical event. Since 2008 that, or something equally serious such as the arrest of an innocent person or a wrong accusation, has happened eleven times.

The errors are set out in the Interception Commissioner’s Annual Reports.  These are the statistics since formal oversight of communications data requests began in 2005, covering requests by all public authorities.


Year
Total communications data requests
Errors
Arrests, accusations, warrants executed
2005-6 (15 months)
439,054
3,972
-
2006 (9 months)
253,557
1,088
-
2007
519,260
1,182
- (from Oct 2007 only privacy-intrusive errors are included in statistics)
2008
504,073
595
2009
525,130
661
-
2010
552,550
640
(The Report separates 640 overall errors and a further 1061 arising from two technical faults in an intelligence agency's systems, treated in the Report as one error.)
2011
494,078
895
2012
570,135
979
2013
514,608
970

The first reported catastrophic incident was in 2008.  That was the result of confusion over interpretation of international time zone information relating to an IP address. The then Interception Commissioner Sir Paul Kennedy reported it thus:

“In this particular example the police took swift action when information from a reliable source suggested that a number of very young children were at immediate risk of falling into the hands of a paedophile ring. Subscriber information relating to an Internet Protocol (IP) Address was obtained in order to locate an address for the children but unfortunately it would appear this was not correct. The police entered the address and arrested a person who was completely innocent and further enquiries are continuing. This was a very unfortunate error and the whole process of obtaining data relating to IP addresses has been re-examined.”
No incidents of this nature were reported for 2009 and 2010, but in 2011 two occurred.  Sir Paul Kennedy again:

“Unfortunately in two separate cases where a CSP disclosed the incorrect data, the mistakes were not realised and action was taken by the police forces on the data received. Regrettably, these errors had very significant consequences for two members of the public who were wrongly detained / accused of crimes as a result of the errors. I cannot say more about these two instances at this time as investigations are ongoing. … I am pleased to say that this CSP has since put in place some very sensible measures which will hopefully prevent recurrence of similar errors in future. Fortunately errors with such severe consequences are rare.”
The next year, 2012, saw a rise in the number of errors that had severe consequences.

“Regretfully in six separate cases this year, the mistake was not realised and action was taken by the police forces / law enforcement agencies on the data received. In four of the cases the mistake was made by the public authority (either the applicant or SPoC acquiring data on either the incorrect communications address or time period) and in the remaining two the mistake was made by the CSP (disclosing data on the incorrect communications address). All of these cases were requests for internet data (Internet Protocol or node name resolutions). Regrettably, five of these errors had very significant consequences for six members of the public who were wrongly detained/accused of crimes as a result of the errors. The remaining one error also caused an intrusion into the privacy of an individual, as an address was mistakenly visited by police looking for a child who had threatened to commit self harm.”
2013 saw two such incidents, described in the first Report of the current Interception Commissioner Sir Anthony May:

“I have to report that 7 errors with very serious consequences have occurred this year. Regrettably these errors resulted in police action relating to wrongly identified individuals. In 5 of these cases the mistakes caused a delay in the police checking on young persons who were intimating suicide or on an address where it was believed that someone had been the victim of a serious crime. Fortunately the police were able to identify quickly in these instances that the persons visited were not connected with their investigation. In the remaining instances warrants were executed at the homes of innocent account holders and this is extremely regrettable. [The report does not state how many such homes or people were involved. We have assumed two.]
4.52 All but one of these errors occurred in relation to requests for Internet Protocol (IP) data to identify the account that was accessing the internet at a particular date and time. There were 3 specific causes for the errors: data applied for over the wrong date or time, the incorrect time zone conversion or a transposition error in the IP address.”
In all, since 2008 accountholders have mistakenly been the subject of arrests, accusations or search warrants on 11 occasions. This does not include the five 2013 cases in which people were visited by the police, since the Interception Commissioner’s Report does not state that anyone was wrongly accused.

A point of subsidiary interest is where the responsibility for errors may lie as between the CSPs producing communications data information and the requesting public authorities. The Interception Commissioner’s statistics split overall errors into those attributable to the CSP and those to the requesting authority. 

This graph is based on the figures in the Annual Reports.

 














The split for 2010 is as reported by the Interception Commissioner, based on an overall figure of 640 errors and excluding a further 1061 errors treated as one error. If those had been treated as individual errors the split for 2010 would have been 7% CSPs and 93% public authorities.

The 2013 Interception Commissioner's Report states that the overall figures for communications data requests in 2011, 2012 and 2013 exclude urgent oral applications, which in 2013 totalled 42,293. It does not comment on whether the same is true for previous years.

Saturday, 12 July 2014

Dissecting DRIP - the emergency Data Retention and Investigatory Powers Bill

[Update: DRIP became law on Thursday 17 July 2014. The Act is available here.]

Three months after the EU Court of Justice invalidated the EU Data Retention Directive, the UK government has burst into feverish action with emergency legislation to replace the 2009 Data Retention Regulations.  Those Regulations, made under the European Communities Act, are nominally still in place but highly vulnerable to judicial review following the demise of the Directive.

What does DRIP (the inevitable acronym with which the Data Retention and Investigatory Powers draft Bill has been saddled) do? With so much material appearing at such short notice, considered analysis is difficult.  Here are some first impressions.
DRIP, now with its accompanying provisional draft regulations which appeared on the Home Office website yesterday afternoon, has to square a circle.  Ideally it should make a plausible attempt to address the 15 or so fundamental rights grounds on which the ECJ held that the Data Retention Directive was invalid.  But at the same time DRIP has to deliver on Theresa May’s 10 July statement to the House of Commons that it maintains the status quo until 31 December 2016, when the sunset clause kicks in.

In reality DRIP cannot square the circle. Indeed the newly published Impact Assessment recognises that the legislation does not overcome all the ECJ stumbling blocks, claiming only to address the ECJ judgment “where possible” and “to the extent practicable”.  It also acknowledges the “Risk of being perceived as ignoring the ECJ judgment”.


[Update: The Home Office Human Rights Memorandum published by the Joint Committee on Human Rights on 16 July 2014 says in paragraph 33 (p. 8) that the Bill, together with existing domestic legislation, addresses "the majority of the criticisms of the Directive set out in the ECJ's judgment". The Committee has written to the Home Secretary asking her to provide the Committee with "a further detailed memorandum setting out in full the Government's analysis of precisely how UK law satisfies, or will satisfy, each of the requirements set out in paras 54 to 68 of the CJEU's judgment.]

We can frame two simple questions.
  1. Does DRIP merely maintain the status quo?
  2. If so, how far is maintaining the status quo permissible in the light of the ECJ decision?
First, however, we should recognise that DRIP does far more than replace the 2009 Data Retention Regulations.  It makes substantive changes to the interception warrants, interception capability and communications data access provisions of the Regulation of Investigatory Powers Act (RIPA).  The Home Secretary has justified these amendments on a different basis from the data retention legislation: an urgent need to clarify, in particular, the territorial scope of RIPA's interception and communications data acquisition provisions.
These are the non-data retention aspects of DRIP.
  • Clause 4 addresses the government’s concern that it should be able to apply RIPA to non-UK companies that provide communications services to the UK public.
  • Clause 5 broadens the RIPA definition of telecommunications services. The Explanatory Note says this is so that webmail providers are clearly caught.  The change will also have implications for data retention because of crossover into DRIP.
  • Clause 3 places a further restriction on the general purposes for which interception warrants and communications data acquisition notices can be issued.  This will bring RIPA into line with the existing codes of practice.
Whatever the merits of the non-data retention amendments (more on that below), it is debatable why any of them requires emergency legislation to be fast-tracked through Parliament at such breakneck speed.  They seem to be taking a piggy-back ride on the government’s urgent need for primary legislation in the wake of the ECJ’s data retention decision.

In relation to data retention, does DRIP merely maintain the status quo?
Putting Clauses 3 to 5 aside, let us focus on the claim that for data retention DRIP merely maintains the status quo.  This splits into three questions:
  • Are the same providers as before required to retain data?  
  • Are they required to retain the same data?
  • Are the retention periods the same?
Are the same providers as before required to retain data?
This is difficult to answer, as the government is shifting from one existing set of definitions to another and then amending them for good measure.  Conspiracy theorists will smell a rat. Even the more generous may chalk up another example of the obscurantist law-making for which this field is notorious.

The 2009 Data Retention Regulations were based on EU definitions of publicly available electronic communications services and networks in the EU communications Framework Directive, implemented in the UK by the Communications Act 2003.
DRIP, however, abandons those EU definitions and instead adopts the homegrown RIPA definitions of public telecommunications systems and service.  It then amends the latter, which has been in place for 14 years.

Why, if the intention is to continue the status quo, does DRIP not simply continue to use the definitions in the Communications Act 2003?  The Explanatory Note (para 53) says that this is to "ensure uniform definitions across access and retention regimes".  

It is anyone's guess at this stage whether these changes will cast a wider net than the existing 2009 Regulations.  That would require detailed comparison of the two sets of definitions and a truckload of hypotheticals.  What is quite clear, however, is that they broaden the RIPA definitions.
The existing RIPA definition of telecommunication service is framed in terms of a service consisting in the “provision of access to, and of facilities for making use of, a telecommunications system”: two discrete elements related to the telecommunications system. 
DRIP Clause 5 says that the RIPA definition is now to cover a service that “consists in or includes facilitating the creation, management or storage of communications transmitted, or that may be transmitted, by means of such a system.”

The Explanatory Note (para 71) says that this is in order to ensure that companies who provide internet-based services, such as webmail, are caught.  Although para 18 of the Explanatory Note says that the amendment is “for the purposes of communications data and interception requests”, it also applies to the new mandatory data retention regime under DRIP.  
On the face of it the amendment could apply not just to webmail, but to any remote storage service (bearing in mind that the meaning of “communication” under RIPA is effectively anything capable of being transmitted). The word “facilitating” is a red flag for broad interpretation.  There is obvious potential for this to cover a very broad spectrum of activities.  It is exactly the type of provision that deserves the fullest Parliamentary scrutiny. 

The Home Office is reported in the Sunday Times (13 July 2014, subscription) as saying, in relation to this amendment to RIPA: "The bill clarifies how the current definition should be interpreted, but this cannot change or extend the meaning of the definition in RIPA to capture new services." This is twaddle.  In effect the amendment says "A shall be taken to include B." To the extent that B covers anything not within A, new services are captured.  Even if different views might exist on whether B does in fact cover things not within A, to suggest that the amendment 'cannot' capture new services is nonsense.  
Are they required to retain the same data?
The Explanatory Notes stress that a DRIP notice (i.e. a notice by the Secretary of State to a public telecommunications operator) cannot require retention of data types additional to those specified in the existing legislation. This is achieved by defining 'relevant communications data' by reference to the Schedule to the 2009 Regulations, which sets out the specific types of communications data that a CP could be required to retain.

The definition also carries through the important qualification that such data is caught only so far as it is generated or processed in the UK by public telecommunications operators in the process of supplying the telecommunications services concerned.  In other words, a PTO  cannot be required to create data if it does not generate or process it in the course of supplying those services. 
Generally, this appears faithfully to replicate the 2009 Regulations.  However the adoption and amendment of the RIPA definitions of telecommunications services and systems (see above) could conceivably affect the scope of data falling within "relevant communications data".

Are the retention periods the same?
The existing 2009 Regulations mandate retention for 12 months. DRIP (subject to an apparent drafting defect) provides for a maximum retention period of 12 months, while enabling shorter periods to be specified for different purposes. 

The defect is that if no regulations were in place specifying a maximum retention period under S1(4)(b), then the Secretary of State could apparently issue a notice under S1(2)(c) requiring retention for longer than 12 months. It is hard to believe that the government intends this to be a possibility.  The provisional draft regulations do specify a maximum period of 12 months.
Is maintaining the status quo for data retention permissible after the ECJ judgment?
The extent to which the government will in the new legislation address the grounds on which the ECJ invalidated the Data Retention Directive was initially unclear, since much is to be implemented through secondary legislation requiring affirmative resolutions of the Commons and the Lords.  DRIP and the now published provisional draft regulations go some way to addressing the ECJ judgment, although it was always difficult to see how any form of general mandatory data retention could comply with some of the more fundamental issues identified in the ECJ judgment. 

There may be room for debate about whether the ECJ intended to lay down that every objection identified in the judgment is a self-standing issue that has to be overcome independently in national legislation; and if so how each one should be overcome.  It does have to be remembered that:
  • The ECJ was assessing the compatibility of EU legislation with the EU Charter of Fundamental Rights and Liberties.
  • The question of whether national legislation also has to comply with the EU Charter was not before the Court (although following the subsequent Pfleger decision of the ECJ it is very likely that national legislation does have to comply with the Charter, for reasons explained by Professor Steve Peers here).
  • National legislatures may have a certain degree of latitude (margin of appreciation) in how they comply with the Charter.
  • The ECJ judgment may in some respects have applied stricter standards under the Charter than the European Court of Human Rights in Strasbourg has done in respect of the Convention.  If so, that could open up the possibility that a Minister might certify DRIP compliance with the European Convention on Human Rights while not complying with all aspects of the ECJ judgment.
In any event the main Impact Assessment now makes tolerably clear that the government has not tried to comply with the full implications of the ECJ judgment. 

With all this in mind, it is instructive to list the ECJ's specific grounds for invalidating the Data Retention Directive and consider how DRIP does and does not address them. [Update: the government has now published a Note making its own comparison.]

Issue [paragraph number in ECJ judgment]
National legislation
Generality
          Applies to all means of electronic communication (use widespread and of growing importance in people’s everyday lives) [56]
          All subscribers and registered users [56]
          Interference with fundamental rights of practically the entire European population [56]
          All persons, all means of electronic communication without any differentiation, limitation or exception [57]
The ECJ's comments on generality referred specifically to the datatypes listed in Article 5 of the Directive.  Those were replicated in the Schedule to the 2009 Regulations.
 
No change in DRIP, which replicates the 2009 Schedule/Article 5 list.  
Suspicionless
          Applies even to persons for whom no evidence capable of suggesting a link, even indirect or remote, with serious crime [58]
          No relationship required between data retained and a threat to public security: not restricted to:
         data pertaining to:
-           particular time period
-           particular geographical zone
-           circle of particular persons likely to be involved in serious crime [59]
         persons whose data for other reasons could contribute to prevention, detection or prosecution of serious offences [59]
These objections all go to the very heart of a requirement on communication service providers to retain communications data of all users.  It is difficult to see how DRIP could address these (as a matter of retention, rather than access) without fundamentally altering the nature of the retention to something targeted at specific categories of communications relating to likely suspects and associates.

Not addressed.
Specific rights
      Applies to persons whose communications are subject to professional secrecy [58]
Again, it is difficult to see how this could be addressed (as a matter of retention) without moving to some kind of targeted scheme.

Not addressed [Update: Not addressed as a matter of retention. Intention is that Communications Data Code of Practice will be amended regarding access (See Comms Data Factsheet)].
Access and use
      No objective criterion to determine limits of access to data and subsequent use for prevention, detection or prosecution of sufficiently serious offences [60]
      Leaves serious crime definition to national law [60]
      No substantive and procedural conditions relating to access and subsequent use
         Left to member States to define procedures and conditions in accordance with necessity and proportionality [61]
         In particular no objective criteria re restriction of number of persons authorised to access and subsequently use to that strictly necessary [62]
Should be capable of being addressed in national legislation. 

The government is relying in part on the provisions of RIPA governing access to communications data to satisfy these requirements. 
RIPA is not the only legislation that can be used to require access to communications data.  The use of other powers is discouraged in the Communications Data Code of Practice, but not forbidden. The government addresses this under DRIP S1(6) by limiting access to mandatorily retained data to RIPA authorisations and notices, court orders or other judicial authorisation or warrant, or regulations under DRIP. (See 'Joining DRIP to RIPA', below)
Independent supervision
      Above all, access not dependent on prior review by court or independent administrative body following a reasoned request
         No obligation on MS to establish such limits [62]
Capable of being addressed in national legislation.

But this requirement for prior review by a court or independent body is contrary to the scheme of RIPA, whose communications data acquisition notices are not (save for local authorities) subject to any such requirement.  Nothing in DRIP or the provisional draft regulations addresses this objection. The government may perhaps seek to suggest that the ECJ has set a higher threshold than applies under the European Convention on Human Rights.
Retention period
      No distinction between categories of data on basis of:
         possible usefulness
         persons concerned [63]
      No objective criteria limited to strict necessity on which to base determination of retention period [64]
Capable of being addressed in national legislation.

The government's intention appears to be to leave this aspect to the terms of individual retention notices issued by the Secretary of State, who is required in general terms to act in a way that he considers to be necessary and proportionate.  DRIP itself and the provisional draft regulations do no more than set an overall maximum 12 months retention period.
Data protection issues
Various issues raised by the ECJ concerning matters such as data security and destruction of data are addressed in the provisional draft regulations, which also introduce oversight of these aspects by the Information Commissioner.

Joining DRIP to RIPA
The government is relying on the necessity, proportionality and safeguards provisions of RIPA that govern access to communications data in order to address some of the implications of the ECJ judgment. 

However, RIPA is not the only legislation that can be used to access retained communications data.  Other powers exist which do not enjoy RIPA's safeguards. The use of other non-specific powers is deprecated in the Communications Data Code of Practice (para 1.3), but not forbidden.
The draft Communications Data Bill proposed in 2012 would have prevented such powers being used to acquire communications data.  The draft Explanatory Note to Clause 24 stated:

"123. This clause introduces Schedule 2 to the Bill which contains repeals of certain general information powers so far as they enable public authorities to secure the disclosure by a telecommunications operator of communications data without the consent of the operator. Clause 24 therefore ensures that operators are not required by law to obtain and disclose communications data other than in cases where the relevant statutory framework expressly guarantees the substantive protections of Article 8 and Directive 2002/58/EC (Directive on privacy and electronic communications)."
The powers specifically earmarked for abolition were under the Trade Descriptions Act 1968, The Health and Safety at Work Act 1974, the Criminal Justice Act 1987, the Consumer Protections Act 1987, the Environmental Protection Act 1990, the Social Security Administration Act 1992, the Competition Act 1998, the Financial Services and Markets Act 2000 and the Enterprise Act 2002.

The argument that in assessing compliance with the ECJ judgment DRIP should be read together with RIPA’s safeguards is difficult to maintain if other powers exist that may not have similar safeguards.  DRIP therefore addresses this in S1(6) by limiting access to mandatorily retained data to RIPA authorisations and notices, court orders or other judicial authorisation or warrant, or regulations under DRIP.  Part 3 of the provisional draft regulations also applies this limitation to data retained voluntarily under S.102 ACSA 2001.
DRIP's RIPA provisions

The new provisions in DRIP include Clauses 4 and 5, outlined briefly above. According to the Explanatory Note, these measures are only intended to clarify the intent of the current legislation and therefore were subject to Parliamentary scrutiny when RIPA was enacted in 2000. 
RIPA extra-territoriality
Clause 4 attempts to address the government’s concern that it should be able to apply RIPA interception capability notices, interception warrants and communications data acquisition notices to non-UK companies that provide communications services to the UK public.

18 months ago this issue was addressed in some detail, as regards communications data notices, in the report of the Joint Committee on the draft Communications Data Bill (paras 230 to 243) published in December 2012.

The DRIP clarification has two distinct aspects. One is whether, as a matter of interpretation, the warrantry and communications data acquisition provisions of RIPA can apply to conduct outside the UK. The second is how a RIPA warrant or a notice can be served on an entity outside the UK and the entity made subject to the relevant duty under RIPA.  This is important since no-one is obliged to do anything under these RIPA provisions unless they are served with or given the appropriate warrant or notice.

As to the first aspect, none of the existing RIPA provisions contain any clear territorial limitation on the location of conduct that can be authorised or required under a warrant or communications data notice.  That contrasts with the criminal offence of unauthorised interception which is explicitly confined to conduct within the United Kingdom.
However location of conduct is only part of the issue.  A person located outside the UK may engage in conduct within the UK.  A person located within the UK may engage in conduct outside the UK; and a person located outside the UK may engage in conduct outside the UK.  How these different scenarios map onto the different aspects of RIPA is, and always has been, fearfully difficult to understand.
The Joint Committee said:
"The terms in which RIPA is drafted appear to impose no limits on the telecommunications operators which may be required to disclose communications data, as long as they operate in the United Kingdom i[t] does not matter where they may be based."
As to location of conduct, now DRIP states explicitly that a warrant, a capability maintenance notice and a communications data acquisition notice may each relate to conduct outside the UK.

DRIP then provides that the duties to comply with such warrants and notices apply whether or not the person is within the United Kingdom. In the case of interception warrants knowing failure to comply with the duty can give rise to criminal liability under RIPA S11(7).

DRIP then goes to great lengths to devise ways of serving warrants and notices within the UK on non-UK entities.  For communications data acquisition notices this can even include oral notification.  Whether this elaboration is simply a question of practicality or perhaps reflects a deeper concern that serving government warrants and notices outside the UK might be regarded as executive acts violating the territorial sovereignty of another State is a matter for speculation. 
As for data retention notices, DRIP provides that they can be given to an operator (or description of operators) by giving or publishing it in such manner as the Secretary of State considers appropriate for bringing it to the attention of the operator or description of operators to whom it relates.
Telecommunications services
As explained above, the amended definition of telecommunications services under DRIP Clause 5 applies both to data retention under DRIP and to RIPA. 

[Updated with minor amendments 21.40 12 July 2014, 10.50 13 July 2014; and 12.17 13 July 2014 to take account of Home Office statement on telecommunications services reported in The Sunday Times; 14:42 15 July 2014 regarding professional secrecy. Further updated 23:11 16 July 2014 to take account of Home Office Human Rights Memorandum; and 09:48 22 July 2014 to include the government's point by point Note on compliance with the ECJ judgment and a reference to the enacted legislation.]

Saturday, 24 May 2014

This tweet is a Section 127 offence

Section 127 of the Communications Act 2003 is a notorious blot on the statute book, epitomised by the ultimately unsuccessful prosecution of Paul Chambers (the Twitter Joke Trial) under the first limb of the section.  That concerns messages of a grossly offensive, indecent, obscene or menacing character sent by means of a public communications network.

The section is such a mess that the Director of Public Prosecutions had to devise a set of social media prosecution guidelines in attempt to avoid criminalising a substantial proportion of the population.

The less well known second limb of Section 127 is also extraordinarily broad.  It catches anyone who sends – again by means of a public communications network - a message that he knows to be false for the purpose of causing annoyance, inconvenience or needless anxiety to another.

The second limb was originally designed in the 1930s to catch a particularly unpleasant type of hoaxer who would send telegrams to people informing them that a relative was seriously ill (see Hansard).  Now, like the first limb, it can catch tweets.  (Tweets qualify because they are sent across public telecommunications networks.)

Putting aside the potential for the second limb to catch all sorts of harmless pranks, we can have some fun with it.

Consider the tweet that forms the title of this post: “This tweet is a Section 127 offence.” Could that tweet fall (however theoretically) within the second limb of Section 127?

The first requirement is that the message be false.  If the tweet is not an offence under Section 127, its message is false.  But if it is false, then Section 127 can bite.  But if that means the tweet is an offence, then the message is true and the tweet cannot be an offence. (For self-referential paradoxes, see here)  

Is the tweet sent for the purpose of annoying another?  Hardly (and indeed ‘another’ may suggest something targeted at a particular person). However a substantial section of the population detests logical puzzles and paradoxes and may conceivably be annoyed to discover that they have been lured into such a maddening game by following the link to this post in the tweet.

Finally, S.127 requires that the sender knows the message to be false. The tweet’s assertion that it is an offence under Section 127 is both preposterous and, by virtue of that falsity, potentially caught by S.127; and so (putting annoyance on one side) in turn possibly true.  I’ll leave to the philosophers whether I know to be false a message that I believe to be false, yet which endlessly loops through truth and falsity. 

Thursday, 22 May 2014

Everyman and the data inspector

Everyman is dreaming of a future.

Data Inspector: Good morning, citizen. We have reason to believe you have data in this house.

Everyman: Who told you that?

DI: Someone who knows.

Everyman: It would be a strange house that didn’t have data in it, wouldn’t it?

DI: All the same, we have to act on reports received.

Everyman: At dawn?

DI: You heard us. We require entry to inspect the data on these premises. We suspect it may be inaccurate, incomplete or irrelevant to the purposes for which it was collected or further processed.

Everyman: This is my private house. It’s my personal information.

DI: Your personal information? We’ve heard it names other people. That makes it their information.

Everyman: It’s still my private house.

DI: From which you run a little business on eBay.  No household exception for you.

Everyman: I don’t have to answer your questions.

DI: Ah, but you do.  How else can we perform our duty to the public?

Everyman: What about my privacy?

DI: Privacy begins at home. So that's where we start.

Everyman: By invading my privacy?

DI: We protect privacy, we don’t invade it.

Everyman: You seem to be about to invade my home.

DI: Sometimes you have to sacrifice privacy to preserve privacy.

Everyman: So what do you want to know?

DI: Who is the data controller in this house?

Everyman: How should I know that?

DI: You are required to know that. The data controller should have notified us.

Everyman: Well you’ve got me there, haven’t you?

DI: When did you last clean your data?

Everyman: Clean?

DI: Scrub it - remove excessive, irrelevant or out of date data. We like to see hygienic data practices, citizen.  Dirty data is a menace.

Everyman: Sounds like the last public health campaign.

DI: Exactly.  Unclean data spreads.  We could have a national data contamination crisis on our hands.  You know our motto: “Healthy data makes a healthy mind”.

Everyman: So you think I’ve got a secret store of mouldy old data hidden away here, do you? 

DI: I’m sure of it.  We have a duty to discharge and you’re starting to be obstructive.

Everyman: What else do you want?

DI: Do all your appliances conform to privacy design standards?

Everyman: And if they don’t?

DI: You’ll be put on our list.

Everyman: What list is that?

DI: The privacy offenders register. Everyone should know who can and can’t be trusted with their data.

Everyman: How long would I be on it?

DI: Permanently.

Everyman: No right to be forgotten, then?

DI: Not where privacy breaches are concerned, my friend. Far too serious.

Everyman: Well, thank you for your interest. Now please leave.

DI: Not that simple, citizen.  Sledgehammer, please.

Everyman: (wakes up).