The Protection of Freedoms Act (PoFA), which lays out new laws on DNA retention and the use of individuals' data in a variety of contexts, including in relation to biometrics in schools, CCTV and Automatic Number Plate Recognition (ANPR), received Royal Assent on 2012-05-01. Out-Law.com sums up the announcement:
[...] The Home Office said that "commencement orders" would be issued from July to enact some of the measures in the PoF Act.
The PoF Act also sets out new laws governing the retention and destruction of DNA and fingerprint profiles of suspected and convicted criminals. Last year the UK's Supreme Court ruled that police guidelines that allowed DNA samples taken during criminal investigations to be retained indefinitely were unlawful because it violated individuals' rights to privacy as guaranteed by human rights laws.
DNA and fingerprint samples can be retained "indefinitely" under the PoF Act in select circumstances, including where arrested suspects have been guilty of a serious crime previously. If those arrested suspects have no such previous conviction, their data must be destroyed after a three year period. Police can ask a district judge to issue an order enabling them to retain the information for a further two years, although this request can be appealed against.
The PoF Act requires that DNA or fingerprint samples must be destroyed if "it appears to the responsible chief officer of police that" it has been gathered unlawfully or from a third-party person in connection with a suspected criminal's arrest where the arrest was unlawful or based on mistaken identity.
However, DNA or fingerprint profile details can be retained beyond the expiry of retention periods for national security purposes unless a Biometrics Commissioner decides that it is "not necessary" for those purposes that the information is retained. The Human Rights Joint Committee had criticised this clause in its scrutiny of the draft PoF proposals.
The Committee had said the clause would "create a broad 'catch all' discretion for the police to authorise the retention of material indefinitely for reasons of national security." There had, at that point, been no "justification" why the power was "necessary and proportionate", it had said. [...]
At the beginning of the year, there was an estimated 5,882,724 total number of individuals whose DNA profile was retained on the National DNA Database (NDNAD). Already by 2010-03-31, there was an estimated total of 1,083, 207 innocent individuals whose DNA profile was on the NDNAD. Analysis of the English and Welsh approach so far, of indefinite retention of the DNA samples and profiles of all those arrested, has shown time and time again that retaining the DNA profiles of as many individuals as possible, many innocent, is ineffective and does not increase crime detection rate.
The PoFA's section on DNA retention is modelled on the Scottish approach. Once the law comes into force, from July according to Out-Law, six month-old DNA samples retained will be destroyed and most three year-old derived DNA profiles (and fingerprints and palm prints) of those not convicted or convicted of a single minor offence will be deleted as well.
This is clearly a welcome step by many whose personal data is on the National DNA Database. There are plenty of reasons, including stigma, discrimination, visa or job refusal, loss of personal data and higher risk of being falsely linked to crime, to want to be off the National DNA Database, especially for innocents and those convicted for some trivial matter.
It is a success for all the privacy activists and victims who campaigned to restore the presumption of innocence and the rehabilitation of offenders having been convicted of a minor crime. GeneWatch UK –as an indefatigable organisation at the forefront of the campaign to change the law to make the National DNA Database much smaller and more carefully controlled, and to safeguard privacy and rights without compromising the use of DNA in fighting crime– deserves much credit in this success.
Celebration will happen when the DNA sections come into force and DNA samples are destroyed and DNA profiles, fingerprints and palm prints are deleted. As no deadline has been issued for the enactment of all the DNA sections of the PoFA, if you are an innocent person with a record on the DNA database you may want to contact your MP without further delay. Help is offered at Reclaim Your DNA.
Two step backwards
The PoFA has limits, such as the national security exemption criticised by the Human Rights Joint Committee and highlighted in the excerpt from Out-Law.com above, and even removes some of the benefits of the earlier process. In the system that had been in place until now, very few individuals succeeded in getting off the NDNAD, but those that did manage to go through the exceptional case process had not only their DNA sample destroyed and their DNA profile, fingerprints and palm prints deleted, but also their associated Police National Computer (PNC) record deleted. There's no such requirement in the PoFA. And nothing is said either of photographs retained by the police. The retention of photographs has not been reviewed by judges in the court cases about DNA retention so it is likely that once PoFA is enacted, a test case on this specific issue will come to court.
Vigilance is required to ensure that ameliorations made to the rules for DNA retention by the police are not lost by worse data sharing initiatives elsewhere. At the end of 2011, the government unveiled plans to change the NHS Constitution to allow patients' records and other NHS data to be automatically shared with science companies. Dr Helen Wallace, Director of GeneWatch UK, warned about some of the potential risks: 'Every adult and baby with a blood or tissue sample stored in the NHS could end up with details of their genetic make-up stored in a cloud-based DNA database built by stealth within the NHS.'