Part 1: Regulation of biometric data
Chapter 1: Destruction, retention and use of fingerprints etc.
21.The Programme for Government (section 3: civil liberties) states that the Government “will adopt the protections of the Scottish model for the DNA database”.
22.The existing framework for the taking, retention and destruction of fingerprints, footwear impressions, DNA samples and the profiles derived from such samples is set out in Part 5 of Police and Criminal Evidence Act 1984 (“PACE”). The amendments to PACE made by the Criminal Justice and Public Order Act 1994 (“the 1994 Act”) enabled DNA samples to be taken from anyone charged with, reported for summons, cautioned or convicted of a recordable offence; and allowed profiles obtained from such samples to be retained and speculatively searched against other profiles obtained from victims or scenes of crime. A recordable offence is defined in section 118 of PACE. In practice, all offences which are punishable with imprisonment are recordable offences, as are around 60 other non-imprisonable offences that are specified in regulations made under section 27 of PACE. If the person was acquitted, samples and profiles were required to be destroyed. The passage of the 1994 Act led to the creation, in April 1995, of the National DNA Database in England and Wales.
23.The Criminal Justice and Police Act 2001 further amended PACE so as to remove the obligation to destroy a DNA sample or profile when a suspect was not prosecuted for or was acquitted of the offence with which he or she was charged. The power to take and retain DNA samples and profiles was further widened by the Criminal Justice Act 2003 (“the 2003 Act”) which enabled a DNA sample to be taken from any person arrested for a recordable offence and detained in a police station, whether or not they are subsequently charged. Any such sample, and the profile derived from it, could be retained indefinitely.
24.In December 2008, in the case of S and Marper v United Kingdom [2008] ECHR 1581(2) the European Court of Human Rights (“ECtHR”) ruled that the provisions in PACE (and the equivalent legislation in Northern Ireland), permitting the ‘blanket and indiscriminate’ retention of DNA from unconvicted individuals violated Article 8 (right to privacy) of the European Convention on Human Rights (“ECHR”). In response to this judgment, the then Government brought forward provisions in what are now sections 14 to 23 of the Crime and Security Act 2010 (“the 2010 Act”) which, amongst other things, allowed for the retention of fingerprints and DNA profiles of persons arrested for, but not convicted of, any recordable offence for six years. Sections 14 to 18, 20 and 21 of the 2010 Act established a separate approach to the retention of DNA profiles and fingerprints by the police for national security purposes and made provisions for the extended retention of DNA and fingerprints on national security grounds. These provisions of the 2010 Act have not been brought into force and Part 1 of Schedule 10 to this Act repeals them.
25.The equivalent legislation in Scotland is contained in sections 18 to 20 of the Criminal Procedure (Scotland) Act 1995 (as amended). A table comparing the retention rules in respect of fingerprints and DNA samples and profiles as they are now, as they would have been under the provisions of the 2010 Act, as they currently operate in Scotland and as they would be under the provisions of this Act is at Annex B.
Chapter 2 of Part 1: Protection of biometric information of children in schools etc.
26.The Programme for Government (section 3: civil liberties) states that the Government “will outlaw the finger-printing of children at school without parental permission”.
27.A number of schools in England and Wales currently use automated fingerprint recognition systems for a variety of purposes including controlling access to school buildings, monitoring attendance, recording the borrowing of library books and cashless catering. Iris, face and palm vein recognition systems are also in use or have been trialled. The processing of biometric information is subject to the provisions of the Data Protection Act 1998 (“DPA”), but whilst the DPA requires the data subject to be notified about the processing of his or her personal data and in most cases, to consent to such processing, there is no requirement, in the case of a person aged under 18 years, for consent also to be obtained from the data subject’s parents. In August 2008 the Information Commissioner issued a statement on the use of biometric technologies in schools(3). Guidance has also been issued, in July 2007, by the British Educational Communications and Technology Agency(4).
