We here at Panopticon like to adopt an occasionally light-hearted look at information law developments. Not a ‘sideways look’ you will note, because we aren’t running a smug Radio 4 panel show, but a more gentle touch of humour as a coping mechanism with what can on occasion be a dry topic. So it is with considerable pleasure that we can say that the Upper Tribunal – or at least that part of it that is formed by Judge Wikeley – has followed suit.
In Information Commissioner v Colenso-Dunne  UKUT 471 (AAC), the UT was considering an appeal by the ICO concerning an order of the FTT that it disclose names of journalists that the ICO had seized during a raid on the home of Steve Whittamore in 2003. The raid was known as Operation Motorman, and it is generally supposed that Mr Whittamore, a private investigator, had a list of journalist who used his morally and legally dubious services.
Within the first two paragraphs of his judgment on appeal, Judge Wikeley manages to get in some latin (quis custodiet ipsos custodies?), a Boris Johnson reference and a hat-tip to “some of the more outlandish conspiracy theories that abound on the internet” concerning the ICO, the latter of which in particular suggests that his previous experience of section 14 FOIA cases has left something of an aftertaste… There is also a reference at  to a “Grand Tour” with one Mr R Hopkins of the phone-hacking saga, which sounds rather like one of those dubious looking budget cruise holidays advertised on inserts in newspaper magazines which fall out when least expected.
However, more importantly, the ICO argued that the list of names should not released because they were sensitive personal data (because they were information as to the alleged commission of a criminal offence, which was the Commissioner’s evidence to the Leveson Inquiry) and that the ICO had no lawful authority to disclose the names under section 59 of the DPA. Mr Colenso-Dunne argued that the names showed only “a cavalier attitude owards the privacy of those individuals who were the subjects of the inquiries to Mr Whittamore” rather than criminal conduct (not a stance naturally adopted by all Hacked Off members), and that the public interest in disclosure was overwhelming.
The sensitive personal data point was the critical one, because the parties agreed that no Schedule 3 condition applied, and it had to be protected much more carefully. The UT rejected an Orwellian submission that some sensitive personal data were more equal than others because s.2(g) didn’t appear in the Directive, because the commission of criminal offences was selected by Parliament and is just as much part of a life-story as any other category. However, the application of it was fact-specific. The FTT was entitled to find that even if the investigator committed criminal offences, the list of names did not show an instruction to do so or Nelsonian blindness to that effect. Nor was the UT persuaded that release of the list in context would mean that the public would assume the journalists had committed a criminal offence; data controllers are not required to conduct a search of the public domain to see whether anything else could be combined with the data to transform its sensitivity; it has to be apparent from its immediate context: at . The FTT was entitled to find that the data was not sensitive.
As to the balancing exercise under condition 6(1) of Schedule 2, the UT held that the FTT had considered that any reputational damage to journalists was justified in that they would be subject to legitimate criticism for their use of Mr Whittamore. Perhaps worryingly, one only gets the reputational rights one deserves: at  (although it is not quite clear in whose eyes these just deserts are to be judged: quis custodiet ipos custards?). The fact that Leveson declined to name the journalists was not determinative, and nor was the fact that the FTT had not followed the precise taxonomy set out in Goldsmith (on which see here and which, for reasons unfathomable, still appears not to have become known as the ‘Knight Principles’). Essentially, the UT was wholly unpersuaded that the FTT’s balancing exercise that the public interest in disclosure and furthering the debate over the ICO’s own role had erred in any way, noting that not all of the 305 names were ordered to be disclosed following the careful analytical exercise undertaken by the FTT.
Judge Wikeley noted that the ICO had been correct to drop an argument that a higher standard of public interest was required to meet the section 59 DPA test, and thus avoid the application of s.44 FOIA. No truck was had with a steps discretion argument – very much in vogue at the moment, although not yet in Vogue – not least because it had not been raised below. Subject to any appeal, the names ordered to be disclosed by the FTT will now have to be disclosed by the ICO. The fall-out from Leveson is not over yet.
Robin Hopkins appeared for the ICO in his capacity as lead tour guide.