People who take the government to the European Court of Human Rights for mishandling personal data should not have to risk paying the state’s costs if they lose, a landmark survey of government IT programmes said this week.

Database State, published by the Joseph Rowntree Reform Trust, claims that a quarter of state databases face challenges for being ‘almost certainly illegal under human rights or data ­protection law’.

In December last year, the European court ruled that a national database of DNA samples from innocent people contravened human rights. The National DNA Database is one of 10 systems given a red rating for privacy impact in the survey. Others include the National Identity Register being set up to support ID cards and the ContactPoint children’s index.

All red-rated systems should be ‘scrapped or substantially redesigned’, the study’s authors say.

Of the 46 systems covered in the report, only six receive a green light. These include the National Fingerprint Database and council tax databases.

The Ministry of Justice's National Offender Management Service receives an amber rating because of risks arising from consolidating 43 data centres into three, the survey says. Amber-rated databases have ‘significant problems, and may be unlawful’.

The report warns that the government ‘is starting to rely on systems that will have to be changed drastically once a litigant takes a case to Europe. The sooner the government changes its approach, the less the inevitable changes will cost.'

One deterrent to individual litigants is the threat of a ‘ruinous bill of costs’ if they lose, which the report contrasts with the default rule in the US.

It recommends that litigants who bring cases founded on the ECHR be shielded from costs orders.

The Ministry of Justice, which is responsible for setting the government’s data-sharing policies, dismissed the report, which it said ‘presents no substantive evidence on which it bases its assessments of "privacy impact".’