Serious blow to DWP plan to get access to monitor bank accounts as data regulator voices concerns
Serious concerns have been raised about plans by the Department for Work and Pension investigators to force banks to ‘snoop’ into the accounts of benefits claimants. In a blow to the scheme, Information Commissioner John Edwards has written about his concerns.
The plans are part of the Data Protection and Digital Information Bill and would allow the DWP access to the accounts of benefits claimants to see how much money they have got and what they are spending it on. The government justifies it on the grounds that for the financial year ending 2023 3.6% (£8.3 billion) of total benefit expenditure was overpaid due to fraud and error.
Now the head of the official data regulator has said he is concerned the government has not shown that the anti-fraud measure is “proportionate” and that there may not be enough protection against “arbitrary interference” in people’s rights.
John Edwards, the commissioner, says the Data Protection and Digital Information Bill is not “sufficiently tightly drafted” in a letter to The Times. He wrote that the powers “raise questions as to society’s appetite for potentially intrusive measures” and warns that safeguards are needed.
Mr Edwards wrote: “Proposed powers to allow the government to inspect people’s bank accounts to reduce benefit fraud raise questions as to society’s appetite for potentially intrusive measures to reduce a problem that costs the country billions of pounds.
“As is so often the case, the answer lies in proportionality. The law must be sufficiently clear to give people an adequate indication of the conditions and circumstances in which the authorities can use such measures. And there must be safeguards to protect people.
“Key to assessing proportionality are questions such as ‘Will the proposed intervention work?, Will it produce high numbers of false positives? and“Are there more or equally effective mechanisms available that do not involve the same level of intrusion?”
“As the data regulator, my office continues to work with the Department for Work and Pensions on this, in particular on whether the proposal is sufficiently tightly drafted. Ultimately it is for parliament to satisfy itself that this measure is necessary and proportionate, based on the answers given to the questions above. It is the role of the Information Commissioner’s Office to scrutinise and test the assumptions underlying policy proposals such as this and to highlight to legislators any areas where they are required to assess the cases for and against.”
The bill, which updates Britain’s post-Brexit approach to data rights, includes a power to give certain bodies, such as banks, an “information notice”, which would force them to identify people with accounts in receipt of benefits that match certain criteria — for example, if they have been used overseas for an extended period.
The DWP has accused people of a ‘great deal of scaremongering’ over the new measures and Secretary of State for Work and Pensions, Mel Stride, has said when questioned: “There has been a great deal of scaremongering about what exactly these powers are about. I can make it categorically clear from the Dispatch Box that these powers are there to make sure that, in instances where there is a clear signal of fraud or error, my department is able to take action. In the absence of that, it will not.”
Assuming the bill goes through the new checks are expected to begin in 2025 and build up to a full-scale crackdown in 2030 when all 15 of the UK’s top financial institutions are on board.
Banking staff will primarily be asked to check for accounts where people have too much in savings to be entitled to benefits. For Universal Credit, this capital limit is £16,000. As an exception, those being transferred to Universal Credit from tax credits are allowed to have more than that for the first 12 months, after which the normal rules apply and, if the amount hasn’t gone down, their claim would be closed.
More than 100,000 people have signed petitions opposing the measures. On the largest of those, which has 72,000 signatures, campaigners assert that the new powers are unjustified because levels of fraud are not substantial when compared with the overall welfare bill. However, the commissioner has warned that the measure allows “significant intrusion”.
“While I agree that the measure is a legitimate aim for government … I have not yet seen sufficient evidence that the measure is proportionate,” Edwards wrote in a recent response to amendments to the bill.
The government says that improving access to information where fraud and error is flagged could help to save the taxpayer £1.9 billion over ten years. He is calling on the government to limit the scope of the power to “only obtaining information that would permit the identification of accounts and individuals that warrant further investigation”. He says it is unclear which organisations are covered by the power and that restrictions on how data gathered are “not clear enough”.
UK Finance, the banking industry’s trade body, has said that the measures should be focused more narrowly. “The changes will need to be worked through in a consultation process and ensure they align with the work the financial services industry is already undertaking
Serious concerns have been raised over plans to force banks to hand over information about people’s accounts to tackle fraud,” it has said.
The Department for Work and Pensions insists that the changes are not a “surveillance power”, that no personal information will be shared with third parties and that a full impact assessment has been published. It insists that the system will be effective and secure.
A government spokesman said: “These changes will not allow DWP direct access to bank accounts, but will require third parties to share data signalling fraud with us so it can be considered further. It will also help to identify people who have made a genuine mistake with their claim, preventing them from potential debts.”