The wheels on the GIRFEC data mining bus are still going round and round all day long
It is no surprise to those of us who have done our research and listened to countless victims’ experiences of data theft past and present that the Children and Young People (Information Sharing) (Scotland) Bill – the Scottish Government’s latest attempt at enabling legislation (a tried and tested tactic of dictators) – is on another collision course with Article 8 of the ECHR.
Those of us who have studied modern European history also know how and why human rights came to be codified after World War 2, which is probably why the government’s “best place to grow up” messaging sounds like a particularly lame line from the Sound of Music.
Even before its examination by the education and skills committee, let alone scrutiny by a full complement of MSPs (which didn’t go well last time), the lawyers are crying foul on the new bill. Allan Norman, who got it completely right last time, has not minced his words, and now the Faculty of Advocates (who also got it right last time) has warned it is a recipe for confusion.
Service providers will have to do a series of proportionality calculations (we hope they all have A-grade passes in Higher Maths and Statistics) and document them before deciding whether or not they can lawfully process the personal data of children and any third parties – a convoluted exercise to reach a foregone conclusion (clue: they need to ask permission unless a child is at risk of significant harm).
Anyone for a game of GIRFEC Cluedo? Guaranteed to upset Happy Families.
Then, of course, there is the problem that none of this ‘absolute clarity’ actually appears in the bill itself; nor does the all-important child protection threshold (clue: it’s not ‘wellbeing’), below which consent is required unless the data processing is ‘necessary’ (clue: promoting/safeguarding ‘wellbeing’ fails that test) and ‘in accordance with the law’ (clue: ECHR and the Data Protection Directive, soon to become GDPR).
Instead, a woolly Code of Practice has been produced that seeks to blur the boundaries between risk of significant harm (where information sharing is mandatory and uncontentious) and risk of not meeting state-dictated wellbeing outcomes (which requires informed consent).
Rather than wasting more taxpayers’ money on a failed vanity project, why not just concede that current reserved legislation, along with the Supreme Court’s binding interpretation of it, takes precedence? Is there something we are not being told? Has all our data already been sold off to the highest bidder somewhere in America?
The subject access request mountain is going to be epic (as the young people say), and front-line practitoners will need more than the Faculty’s suggested helpline to support them in ‘getting it right’ – especially if it is manned by the likes of Alan Small, erstwhile head of informaton sharing with the Scottish government’s GIRFEC team and former chair of Fife’s child protection committee, whose track record in protecting children is a disturbing D-minus.
Child protection is a deadly serious business where delays can cost lives and crucial evidence, as Police Scotland has previously warned. So let’s just abandon the idea of a phone chat with Alan the friendly mechanic for advice on the tyre pressure of a dodgy SHANARRI wheel in a desperate bid to to keep an unroadworthy wellbeing wagon on the road of allegedly good intentions.
Mr Swinnney may care to reflect on Prof. Sue White’s caustic observations of a similar policy in England that failed to prevent the Baby P tragedy (clue: highly trained social workers save lives, not databases and box-ticking amateurs):
“The system keeps limping along – its feet bearing the self-inflicted gunshot wounds of trigger-happy policymakers. […] The danger comes from those who believe strongly in their own wisdom and that they alone can drive social work down the royal road. They promised us a safe 4×4 in which to navigate a primrose path, but we’ve ended up down a muddy track in a Reliant Robin. Let’s get out and walk.”
In Scotland’s case, we might say:
“The wheels may be falling off the wellbeing wagon, but they’re still going round and round all day long on the GIRFEC data mining bus, while the emergency child protection vehicle has broken down on the hard shoulder with flat tyres and no juice in the battery.”
So welcome to hell, health visitors, teachers and every other ‘partner’ who has been conscripted into brave new Scotland’s army of state snoopers. To borrow a line from the prescient Allan Norman, they’ll be
“damned if they share information when they shouldn’t, and damned if they don’t when they should”.
And talking of modern history…
When the UK Supreme Court struck down key sections of the 2014 Act last July, the ruling delivered a devastating blow to the government’s GIRFEC project. for which the gathering and sharing of the personal data of every child and associated adult in Scotland had been an essential prerequisite. It was always all about the data.
Ministers had been given fair warning by lawyers and lay people alike that they were straying into totalitarian territory, but they carried on regardless along their ideological road to (getting it) righteousness. So why did MSPs fail to adequately scrutinise the defective legislation? And why was the right advice from human rights and data protection experts so casually dismissed in the rush to force the fatally flawed bill through Holyrood?
The role of the Scottish Parliament Information Centre (SPICe) is to produce briefings to support MSPs in their conduct of parliamentary business, and it is generally believed that ‘the SPICe is right’ when covering issues raised by new legislation.
Quoting the privacy impact assessment that accompanied the bill, a SPICe briefing in 2013 noted:
“Information sharing requirements […] should not solely be in response to a crisis or serious occurrence but should be constant throughout the development and progression to adulthood for every child.”
It also correctly identified that the Bill
“makes specific provision that information can be shared even where this breaches a duty of confidentiality.”
It further referred to ‘guidance’ from the Assistant Scottish information commissioner (ICO), which legitimised interference with citizens’ Article 8 rights on the basis of ‘wellbeing’ concerns, effectively lowering the legal threshold for intervention in families’ private lives without consent.
That ‘guidance’ has an interesting back story as it was in fact jointly agreed and produced with the government’s ‘GIRFEC team’, leaving the ICO vulnerable to claims of breaching Article 21 of the EU Data Protection Directive which demands ‘complete independence’ on the part of member states’ regulators.
Worse still, the unscrutinised advice was then circulated to all community planning partnerships in April 2013, along with government assurances that there was no legal barrier under current law to processing the personal data of children, family members and associated adults without their knowledge or consent on the basis of any perceived risk to ‘wellbeing’ – a nebulous concept lacking statutory definition and open to practitioners’ subjective interpretation.
But worst of all, the GIRFEC schemers failed to notice an important English judgment issued a few weeks earlier which maintained the threshold for non-consensual data processing as ‘risk of significant harm’ and awarded damages against the London Borough of Haringey to parents whose rights had been breached.
Since both the Data Protection Act and Human Rights Act apply across the UK and are reserved to Westminster, this was a major oversight, compounded by a failure to address the error when it was later pointed out by Allan Norman, the lawyer who acted for the Haringey parents. Some would argue that it amounted to gross negligence, which would eventually cost the taxpayer £500,000 in legal fees alone.
MSPs are busy people (I know, I used to work for two of them – SNP and Green, by way of disclosure) and it can be difficult for them to keep up with the sheer volume of paperwork that crosses their desks, so they rely on briefings such as those circulated by SPICe. Regrettably, they also tend to afford disproportionate credibility to the views of state agencies and third sector bodies who have the resources (mostly derived from public funds) to obtain unfair hobby-horse lobbying advantage.
Grass-roots groups and individuals who are affected by proposed legislation therefore tend to be marginalised by those with vested interests and slick lines in self-serving policy-based evidence. Big salaries, expense accounts, smart premises, influencers’ dinners (believe me, there are lots of them), high profile conferences and fact-finding missions all have to be paid for, mostly by taxpayers, so opportunities offered by new legislation need to be fully exploited.
The Children and Young People Bill offered a tempting blank cheque to children’s charities and technology providers who could expect to gain financially from providing the required solutions to stop citizens falling (or jumping) off the state-run wellbeing wagon. It has previously been remarked that they were “bought and sold for GIRFEC gold”, while small charities and grass-roots group were left to pick up the pieces of lives already blighted by prematurely-primed snoopers.
A weak committee system and the lack of a second chamber at Holyrood created the conditions for the 2014 Act to pass with barely a whimper of dissent, but blind prejudice and partyism played a large part in the failure. Parliamentary ‘debates’ resembled playground scuffles as insults were traded across the chamber. One MSP was even shouted down as a “scaremonger” for reading verbatim from the legislation already passed by the parliament. It was an embarrassing sight to behold from the public gallery.
The vitriol and smears aimed at opponents of the named person scheme have undoubtedly damaged the reputation of the parliament and its elected members, many of whom apparently believe that human rights should apply only to those they approve of. These are the people who work for us, all of us, but who treat some of us as Untermenschen unworthy of representation. To their shame, many MSPs have failed to act on behalf of constituents whose rights have been, and are still being, infringed as a direct result of their own rank incompetence as legislators.
This is no minor matter and some would say it amounts to a national scandal. Had not the legislation been successfully challenged by concerned charities and private citizens at their own expense, the Scottish government might have actually got away with revoking the human rights of every family in Scotland. Just let that sink in.
Privacy is enshrined in human rights legislation for very good reason (surely we don’t need to mention the war again?) and it is no coincidence that Supreme Court judges cited Pierce v Society of Sisters in their unanimous ruling, which contained, in paragraph 73, this damning indictment of the unfettered state snooping powers contained within the 2014 Act:
“Different upbringings produce different people. The first thing that a totalitarian regime tries to do is to get at the children, to distance them from the subversive, varied influences of their families, and indoctrinate them in their rulers’ view of the world. Within limits, families must be left to bring up their children in their own way.”
The deputy first minister should have felt grateful that his government was at least afforded the benefit of the doubt about its intentions, which had never been contested, but his ‘legitimate and benign’ mask soon started slipping. It was unthinkable for him to admit he was wrong, so he insisted a mere ‘tweak’ would fix the self-inflicted legislative shambles.
Surely he could not have been serious? In order to satisfy the terms of the judgment, he was always going to be faced with the stark choice of either abandoning the central data-sharing elements of his pet project or introducing remedial legislation that may, or may not, pass muster with parliamentarians, parents and the courts.
The government was meanwhile stuck with an enormous credibility problem in that an unlawful information-sharing regime of the totalitarian flavour had been operating across Scotland since the issue of that non-compliant ‘guidance’ back in 2013. There was only one thing for it: outright denial. And that is exactly what we got when ‘honest John’ Swinney said that the ruling did not affect current arrangements and refused to concede that GIRFEC had long since descended into a dangerous game of Grand Theft Data.
But never fear, SPICe soon re-entered stage (getting it) right to apply a security patch to the major back-door hack of our personal data that had already happened (with full ministerial approval, according to published minutes) but now needed to be ‘disappeared’. A new briefing issued to MSPs last August became a handy hijacked vehicle for repeating the deputy first minister’s assurances that the judgment did not apply to current policy and practice, simply because the statutory provisions had not yet come into force. Nice try, but the minutes do not lie.
Although the spin did not go unchallenged by interested observers, SPICe declined to amend its output to provide absolute clarity in the face of what was a misleading ministerial statement – easily refuted by referring to guidance on the government’s own website, which had already been adopted by councils, the NHS, police and third sector organisations.
Fake facts continued to be peddled in the ‘shared new language’ of Scotspeak that losing was the new winning, even after the ‘losing’ winners were awarded their full legal costs. One BBC interviewee was so disturbed by the rhetoric of Highland Council’s cheerleader-in-chief that she formally challenged his assertion that information sharing was fully consent based when his council’s own guidance clearly stated otherwise. Predictably, she was faced with the same brick wall of denial that scores of complainants had hit head-on before her.
Although the offending information-sharing guidance was finally withdrawn last September, parents already possessed incontrovertible evidence of their children’s and their own rights being seriously breached over several years and believe they deserve justice as victims of an illegally-implemented policy.
Such a damaging debacle surely also merits a full public inquiry, but who could possibly be qualified to conduct it, given the spread of the data sharing disease that has dealt a near-fatal blow to the human rights of children and families across Scotland?
I’m free!