27 April 2016 – A Scottish National Party MP has questioned whether firearm and shotgun certificate holders knew their personal information was used for mass surveillance purposes by the security services.
Speaking in a Parliamentary debate over the controversial Investigatory Powers Bill, which would legalise dragnet mass surveillance carried out by the security services and GCHQ, SNP MP Joanna Cherry referred to the incident when GCHQ personnel put the details of FAC and SGC holders onto a database along with terrorists, as reported on UK Shooting News earlier this year.
“[The Home Office] also gave examples of the purposes for which the datasets might be used, such as protecting major events, preventing terrorist access to firearms, identifying foreign fighters and targeting what were described as potential agents,” said Cherry. “The impact assessment for bulk personal datasets explains that they are analysed to identify subjects of interest.”
“I fully accept that it is rational that intelligence agencies have access to firearms licences, but that could be done by a consented procedure, whereby anybody who applies for a firearms licence has to consent to that information being available to the security services,” she continued.
The now-obsolete Firearms Form 101 (PDF), on which the vast majority of current FAC holders would have applied for their certificates, simply said this to say about data protection: “Data Protection Act 1984: Personal data supplied may be held or verified by computer.”
In contrast, the current form, Firearms Form 201, has a hefty waiver which applicants have no option but to sign:
I understand that all information submitted will be handled in accordance with the Data Protection Act 1998 and the Freedom of Information Act 2000 and connected legislation. I understand and give consent for information contained within my application form or obtained in the course of deciding the application to be shared with: my GP, other government departments, regulatory bodies or enforcement agencies in the course of either deciding the application or in pursuance of maintaining public safety or the peace.
On the face of it, Cherry’s suggestion has already been answered by the coercive blanket disclaimer.
In the wider context here, however, the difference in the two disclaimers suggests that certificate holders who have not filled in one of the new 200-series forms (for a grant or FAC variation) may, in fact, not have given the necessary consent required by law for the processing of their personal data by police, intelligence agencies, Uncle Tom Cobley and all.
The original disclaimer merely said information may be “held” – “processing” is a subtly different concept as far as data protection law is concerned.
The Freedom of Information Act part of the modern disclaimer also raises an interesting question: are certificate holders’ details, or certain parts of their details, FOI-able? Can you put in a request to view exactly what guns are on your local section 5 dealer’s ticket, for example? UKSN would have thought not, but perhaps, given the nature of the disclaimer, that is a possibility after all.
UKSN will be asking some further questions around this issue.