Public access to local authority information: transparency with teeth

November 20th, 2014 by Robin Hopkins

The Freedom of Information Act and Environmental Information Regulations are the dominant statutory regimes for public transparency, but they are of course not the only ones. A good example is the regime under the Local Government Act 1972 (as amended), particularly sections 100A-K. Those provisions govern public access to local authority meetings, as well as the public availability of minutes, reports, background documents and so on for such meetings, subject to provisions for exempt information (Schedule 12A).

A recent judgment of the Admin Court (Cranston J) in a planning matter, Joicey v Northumberland County Council [2014] EWHC 3657 (Admin) illustrates the importance of compliance with that regime for public access to information.

The claimant challenged the local authority’s grant of planning permission for a wind turbine. One of his grounds was its failure to make available the noise assessment report which had been considered in the granting of permission, contrary to the provisions of the 1972 Act referred to above, and also in breach of the council’s Statement of Community Involvement.

The Council had argued that the report, being on its files, was duly available. Cranston J disagreed: “it was not open to inspection by members of the public since the files were in such a state that the duty officer on 1 November fetched what must have been a Brackenside file, but not one with the report. If the Council cannot organize its files in a way which means the duty officer is able to produce a particular report within a reasonably practicable time the report is not available” (paragraph 44). This is a compelling warning to public authorities to make sure relevant information is properly (rather than technically or hypothetically) available where required.

Here is an important passage from Cranston J’s judgment about the practical and democratic value of transparency (paragraph 47):

“… Right to know provisions relevant to the taking of a decision such as those in the 1972 Act and the Council’s Statement of Community Involvement require timely publication. Information must be published by the public authority in good time for members of the public to be able to digest it and make intelligent representations: cf. R v North and East Devon Health Authority Ex p. Coughlan [2001] Q.B. 213, [108]; R (on the application of Moseley) (in substitution of Stirling Deceased) v Haringey LBC [2014] UKSC 56, [25]. The very purpose of a legal obligation conferring a right to know is to put members of the public in a position where they can make sensible contributions to democratic decision-making. In practice whether the publication of the information is timely will turn on factors such as its character (easily digested/technical), the audience (sophisticated/ ordinary members of the public) and its bearing on the decision (tangential/ central)”.

Here, the dense and technical report had not been made available with sufficient time for it to be digested acted upon.

Cranston J was also clear that, had the information been made properly available, it could have made a real difference. Officers could have been prompted to rethink certain points, and decision-makers could well have been swayed: the decision was made by “a committee of politicians where the vote was not whipped. It is a very bold person who will hazard that in such circumstances a particular result is inevitable”.

Relief was therefore appropriate: “the claimant will be entitled to relief unless the decision-maker can demonstrate that the decision it took would inevitably have been the same had it complied with its statutory obligation to disclose information in a timely fashion” (paragraph 51).

The Council’s decision was therefore quashed on the transparency ground (among others). See paragraph 59:

“Here the claimant had standing to challenge a decision of his local Council. By denying him timely access to information to which he was entitled it limited his full participation in democratic decision-making. The fact that he might not be immediately affected by the proposal where he lives is not a sufficient reason to deny him the remedy he seeks. This was a serious breach by the Council of its statutory obligations. An additional factor bearing on the exercise of discretion in this case is the Council’s own behaviour in the back-dating of the website to when the WSP noise assessment was available to it. Although it did not have any consequences in the circumstances of this case, it had the potential to mislead members of the public about their right to know and to use the information disclosed. In all there is no reason to deny the claimant his remedy.”

The case is a powerful illustration of the practical value of transparency and public participation, and of how failure to comply with laws aimed at those ends can really bite.

Robin Hopkins @hopkinsrobin

Disclosure to GMC

November 19th, 2014 by jamesgoudie

The disclosure of material to the General Medical Council (“the GMC”) by other agencies, including the Police, has an important role to play in the exercise of the GMC’s public interest functions as they relate to a Doctor’s fitness to practice.  Section 35A of the Medical Act 1983 grants a specific power to the GMC to require the disclosure of information which appears relevant to the discharge of these functions.

The leading case in relation to the duties of the Police, when a request for disclosure is received from a regulatory body, such as the GMC, remains the decision of the Court of Appeal in Woolgar v Chief Constable of Sussex Police [2000] 1 WLR 25.

The issue in R (Nakash v Metropolitan Police Service (“MPS”) and GMC [2014] EWHC 3810 (Admin), in which Judgment was given by Cox J on 17 November 2014, was whether, as the Claimant Doctor contended, the Administrative Court should prohibit the disclosure by the MPS of material requested by the GMC, on the basis that it was unlawfully obtained by the police, in breach of the Claimant’s ECHR Article 8 rights; that it included material of a highly personal and confidential nature; and that the material had no relevance to the issue of the Claimant’s fitness to practise as a medical practitioner.

Cox J concluded that the decision by the MPS to disclose the material requested by the GMC was in error. They had failed to carry out the “careful balancing exercise of competing interests” required by Article 8.  Relevance of the material is obviously an important factor.  So too, however, is the personal and confidential nature of the material requested.

At paragraph 46, Cox J said:-

 “… Since the primary decision as to disclosure will be made in these cases by the police, it is important that before the decision to disclose is made, there is a rational assessment of the relevant competing interests and that consideration is given, in each case, to the extent of the interference, and whether the disclosure sought is in accordance with the law and is a proportionate response to a legitimate aim …”

The MPS’s decision having been found to have been flawed, Cox J proceeded to carry out the balancing exercise herself, and found that disclosure by the MPS to the GMC was justified, under Article 8(2), notwithstanding the circumstances in which the MPS had obtained the material and the interference with the Doctor’s Article 8(1) rights.

James Goudie QC

Video recordings

November 18th, 2014 by jamesgoudie

The classification requirements imposed by the Video Recording Acts are lawful, the Court of Appeal (Criminal Division) has ruled, on 14 November 2014, in R v Dryzmer and Play Media Distribution Ltd.  The prohibition on supplying video recordings which have not been classified by the British Board of Film Classification is not rendered unlawful either by ECHR Article 10, on freedom of expression, or by TFEU Articles 34-36 on non-interference with trade. The reason is the same in both cases.  Qualitative restrictions on grounds of public health and morals are justified.

This was an application of the ECJ decision in Case 244/06, Dynamic Medien Vertriebs GmbH v Avides Media AG.  In that case the ECJ observed as follows.  The protection of the rights of the child is recognised by various international instruments which the Member States have cooperated on or acceded to, such as the International Covenant on Civil and Political Rights, which was adopted by the General Assembly of the United Nations on 19 December 1966 and entered into force on 23 March 1976, and the Convention on the Rights of the Child, which was adopted by the General Assembly of the United Nations on 20 November 1989 and entered into force on 2 September 1990. Those international instruments are among those concerning the protection of human rights of which it takes account in applying the general principles of Community law.  Under Article 17 of the Convention on the Rights of the Child, the States Parties recognise the important function performed by the mass media and are required to ensure that the child has access to information and material from a diversity of national and international sources, especially those aimed at the promotion of his or her social, spiritual and moral well-being and physical and mental health. Article 17(e) provides that those States are to encourage the development of appropriate guidelines for the protection of the child from information and material injurious to his or her well-being. The protection of the child is also enshrined in instruments drawn up within the framework of the European Union, such as the Charter of Fundamental Rights, Article 24(1) of which provides that children have the right to such protection and care as is necessary for their well-being. Furthermore, the Member States’ right to take the measures necessary for reasons relating to the protection of young persons is recognised by a number of Community-law instruments. Although the protection of the child is a legitimate interest which, in principle, justifies a restriction on a fundamental freedom guaranteed by the EC Treaty, such as the free movement of goods, such restrictions may be justified only if they are suitable for securing the attainment of the objective pursued and do not go beyond what is necessary in order to attain it.  However, it is not indispensable that restrictive measures laid down by the authorities of a Member State to protect the rights of the child correspond to a conception shared by all Member States as regards the level of protection and the detailed rules relating to it.  As that conception may vary from one Member State to another on the basis of, inter alia, moral or cultural views, Member States must be recognised as having a definite margin of discretion.  Prohibiting the sale and transfer by mail order of image storage media which have not been examined and classified by the competent authority for the purpose of protecting young persons and which do not bear a label from that authority indicating the age from which they may be viewed constitutes a measure suitable for protecting children against information and materials injurious to their well-being.

 James Goudie QC

Kennedy goes to Strasbourg (maybe)

November 18th, 2014 by Anya Proops

Hot of the press – Readers of this blog will be aware of the wonderful saga involving Mr Kennedy and his tireless quest to gain access to information held by the Charity Commission. I have been told today that, having lost his appeal before the Supreme Court (see the relevant Panopticon post here), Mr Kennedy is now seeking to bring the case before the European Court of Human Rights. An application has been lodged and Mr Kennedy is now awaiting a decision on admissibility. All of which means that we may yet see the Strasbourg Court having its say on the vexed question of whether s. 32 FOIA, as currently framed, is compatible with the Art 10 right to receive information. For further updates, watch this space.

Anya Proops

Good Things Come to Those Who (Have Inherent) Weight

October 29th, 2014 by Christopher Knight

Philosophically, everything must have an inherent weight. Otherwise it would have no weight at all. But FOIA is not concerned with philosophy; it is much more concerned with who is in charge of the sheep dip, and indeed the levels of public funding for the sheep being dipped. (No points for spotting that reference, Bruce.) As a result, there are often debates in the FOIA case law about whether a particular qualified exemption contains an inherent weight, i.e. is the fact that the exemption is engaged at all sufficient to place some weight in the public interest balance against disclosure? The answer varies according to the particular exemption.

In Cabinet Office v Information Commissioner [2014] UKUT 461 (AAC), the Cabinet Office appealed against a decision of the FTT that the number of times the Reducing Regulation Committee has met should be disclosed. This apparently supremely uninteresting piece of information was withheld in reliance on section 35(1)(b) FOIA, which provides a qualified exemption for information relating to Ministerial communications. The Cabinet Office argued that the FTT had erred in not ascribing an inherent weight to section 35(1)(b), and also that it had misunderstood aspects of the evidence on prejudice presented to it.

The appeal in fact succeeded on the second ground, because Judge Turnbull took the view that the FTT had misunderstood an aspect of the evidence being given to it  – even though it had got it right in other places – and was not sufficiently sure that that would make no difference, so that the case was remitted. That aspect is very fact-specific and unlikely to be of much wider interest, except possibly to avid watchers of the Reducing Regulation Committee.

The Cabinet Office did not succeed on its first ground. Under the existing state of the jurisprudence, section 35(1)(c) (advice of Law Officers) has some inherent weight (HM Treasury v Information Commissioner [2009] EWHC 1811; [2010] QB 563) but that section 35(1)(a) (formulation of Government policy) does not (OGC v Information Commissioner [2008] EWHC 774 (Admin)). Section 42 (legal professional privilege) also has some inherent weight: DBERR v O’Brien [2009] EWHC 164 (QB). Judge Turnbull concluded at [47]-[70] that there was no inherent weight in the section 35(1)(b) exemption. He reasoned that there were a variety of policy justifications underpinning the various limbs of section 35, and they did not all overlap. The fact that the information has merely to “relate to” Ministerial communications means that the exemption could be engaged without bringing into play to any significant extent any of the public policy considerations underlying the exemption. It was not obvious how the information in issue would undermine the convention of collective Cabinet responsibility, or have an effect of the future behaviour of Ministers. The section 35(1)(c) exemption was narrower in that it was more likely that the information would engage the central policy justification for the exemption, but that where it did not there may be situations where even the exemption in s.35(1)(c) can be engaged without any necessary assumption of some inherent weight (see at [61]). Section 42 was different because it did not include the words “relate to” and any disclosure would undermine the single policy justification of protecting privileged access to legal advice.

Judge Turnbull’s analysis at [67] was to set out a test which is more nuanced and contextual than simply an assertion of inherent weight:

I think that some confusion and apparent contradiction has been introduced into the case law by formulating the question as being whether the exemption in a particular subsection of section 35(1) carries inherent weight. In my judgment it is preferable (i) to consider to what extent the public interest factors potentially underlying the relevant exemption are in play in the particular case and then (ii) to consider what weight attaches to those factors, on the particular facts.”

As a result, the FTT had not erred in law. (In fact, the Cabinet Office had not made the argument before the FTT that there should be an inherent weight in section 35(1)(b). That was evidently the correct position to have taken.) It is difficult to argue with the reasoning of Judge Turnbull, and the judgment is a helpful clarification of the law under sections 35(1)(a) and (b), although it perhaps makes the situation slightly less clear in relation to (c), given the reinterpretation of HM Treasury to allow for less/no inherent weight in more tangential cases. The only surprise is that Lord Steyn’s much cited adage from R (Daly) v Secretary of State for the Home Department [2001] 2 AC 532 at [28] that “in the law, context is everything” did not get another outing.

Robin Hopkins appeared for the ICO.

Christopher Knight

The Government wants to get your PECR up

October 26th, 2014 by Christopher Knight

You – yes, you! – are entitled to FREE compensation! Our records – what records? Magic records! – show that you were missold PPI and can now claim thousands of pounds!

If you haven’t ever had a text message or a phone call along these lines, then you are either managing to live as a hermit or you are extraordinarily lucky. Most of us face spam texts and nuisance cold-calls as a daily fact of life. They are a regular source of irritation and annoyance. They are also blatantly illegal, particularly if you have signed up to the Telephone Preference Service. See: regs 22-23 of the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) (“PECR”), implemented under EU Directive 2002/21/EC.

Unfortunately, the nature of such communications means that it will not be very often that they are a source of “substantial damage or substantial distress”. Yet, that is the test which must be met in order for the Information Commisisoner to impose a monetary penalty notice (“MPN”): section 55A(1) of the Data Protection Act 1998 (implemented as the enforcement regime for PECR as well in a fit of slightly lazy ‘joined-up’ thinking).

As readers of this blog will know, the Upper Tribunal’s interpretation of the MPN regime as applied to PECR in Information Commissioner v Niebel [2014] UKUT 255 (AAC) has had the effect that it will be almost impossible for the ICO to establish substantial damage or distress in spam text message cases (see Anya Proops’ detailed comment here). It is certainly the case that the door remains more ajar in relation to nuisance calls – which by their nature are much more likely to cause genuine distress to some individuals – and the ICO is dealing with a couple of MPN appeals to establish how ajar, but Niebel casts a baleful shadow.

But, to the east, a new dawn may be rising. If the ICO’s war against the orc-like forces of spam is reminscient of the Battle of Helms Deep (and I think we can all agree that it is), then the Secretary of State for Culture, Media and Sport, Sajid Javid, is Gandalf, appearing with the remains of the Rohirrim on the morning of fifth day to turn the tide. For the DCMS has just launched a consultation exercise on amending PECR with a view to altering the test from “substantial damage or distress” to causing “annoyance, inconvenience or anxiety”. On its face, that change will be much more easily met and give PECR some teeth, as well as better implementing the Directive, which did not require anything so high as the section 55A test. The consultation paper can be found here, and the period for responding closes on December 7th. So once you have had fun allocating characters to the players in this area (Is Ed Vaizey Peregrine Took? Is Christopher Graham, the ICO, Aragorn? Is our own Robin Hopkins, counsel for Mr ‘Spamalot’ Niebel, Grima Wormtongue?), do respond to the consultation.

Update

Few areas of the law have such informed and coherent bloggers as information and data protection law, and not surprisingly, the PECR consultation has been grist to the commentariat mill. But at least one leading blogger, Jon Baines, has made the point that the Government’s (and the ICO’s) preferred option from the consultation is actually to remove the threshold entirely. He is right (and however formidable I may be – thanks Jon – I should have made that point). That is what the consultation paper says under option 3 (removing any harm threshold at all). Although it is also fair to say that it is slightly surprising that that is the preferred option, as the rest of the consultation paper appears to be drafted around the utility of adopting the “annoyance, inconvenience or anxiety” threshold. Not only is that what the Government says on the consultation page of its website, but paragraphs 16-20 of the paper (under the heading ‘The Proposal’) talk expressing in terms of the ‘annoyance’ threshold (and cross-refer to that being the test used by Ofcom). At paragraphs 44-45 of the paper the ICO appears to have provided evidence on the different actions it could have taken under an ‘annoyance’ test. Nowhere until the options are presented is it suggested that the talk of “lowering the threshold” might mean removing the threshold altogether. Which might just be an oversight. Or it might indicate that consulting on a preferred no harm option is one of those kite-flying efforts Sir Stephen Sedley warned of in the LRB. Either way, the reader is left less than clear as to what DCMS or the ICO really want.

(Apologies for the lack of LOTR references in this update. To make up for it, do enjoy this video of Ian McKellen explaining to schoolkids why they should revise for their exams. You’re welcome.)

Christopher Knight

Unforgettable that’s what you are – Google Spain revisited

October 13th, 2014 by Anya Proops

The debates over whether the CJEU’s judgment in Google Spain represents an unjustified attack on free speech rights have raged for months now. Interestingly, it seems that some judges at the local level at least are proving somewhat resistant to this highly privacy-centred judgment. Thus, according to online reports, in recent weeks a Dutch preliminary court has apparently held that a man convicted of a serious offence dating back over some years could not rely on Google Spain to have the links to websites referring to the offence excised. According to reports about the judgment (which seems only to be available in Dutch), the court held that information revealing that someone has committed an offence has relevance notwithstanding its vintage and, as such, should not be de-indexed by Google (see here). Outside of Europe, a judge sitting in the Israeli magistrate’s court has apparently refused to countenance a claim against Google based on the so-called right to be forgotten. According to a report in the Israel Hayom online newspaper, the judge held that imposing an obligation on Google to de-index results, even if they were defamatory, would entail converting Google unjustifiably into a ‘super-censor’ (see the report here). It will be interesting to see how the English courts, with their strong tradition of upholding free speech rights, will in due course seek to navigate their way through the challenging jurisprudential landscape set by the CJEU in Google Spain.

Anya Proops

Local Government Transparency Code – Updated

October 7th, 2014 by Christopher Knight

Back in May 2014 the Secretary of State for Communities and Local Government issued the Local Government Transparency Code, and I briefly blogged about that here.

Now, an updated version of the Code dated October 2014 has been issued. Unaccountably, its publication appears to have been overshadowed by Kevin Pietersen’s autobiography, but it might perhaps be unfair to engage in a game of parallels, identifying for example who the “Big Cheese” would be at DCLG. The October 2014 Code is materially the same as its May predecessor (but fully replaces it) and it may assist if my earlier comments are set out again here (with amendments and updated cross-references).

The Code is issued in exercise of the Secretary of State’s powers under section 2 of the Local Government, Planning and Land Act 1980 to issue a Code of Recommended Practice as to the publication of information by local authorities about the discharge of their functions and other matters which he considers to be related.

The Code sets out in some detail in Part 2 the type of information held by local authorities which must be published (some of it annually). This is designed to replicate the requirements prescribed in the Local Government (Transparency) (Descriptions of Information) (England) Order 2014. Part 3 sets out the information which, in the view of the Secretary of State, ought to be published. A helpful Annex A provides the details in tabular form.

Paragraph 17 of the Code provides that: “Where information would otherwise fall within one of the exemptions from disclosure under the Freedom of Information Act 2000, the Environmental Information Regulations 2004, the Infrastructure for Spatial Information in the European Community Regulations 2009 or falls within Schedule 12A to the Local Government Act 1972 then it is in the discretion of the local authority whether or not to rely on that exemption or publish the data.” There is therefore no attempt to override the FOIA exemptions. But where a qualified exemption applies, the appearance of the requested information in one of the categories set out in the Code will have a role (possibly a significant role) in establishing the public interest in support of disclosure. Of course, where the Secretary of State as required – in Part 2 – information to be published, it should be published by the local authority. Any reliance on a qualified exemption will be doomed to fail. Information falling within the scope of Part 3 is also likely to face an uphill struggle to be withheld under FOIA/EIR, but it will be context dependent.

The main substantive difference between the May and October Codes is that the new one has added three datasets to the list of information which must be published: namely information about how the authority delivers waste services, use the parking revenue it collects and tackles fraud.

 

One development between May and October is that the DCLG have obviously been faced with a barrage of questions from concerned Councils. In an attempt to assist, DCLG has also published an accompanying FAQ Guide to the Code, which may help those attempting to practically apply the new Code with what the DCLG was trying to do in particular circumstances.

Christopher Knight

Assessing the FOIA veto power

September 17th, 2014 by Robin Hopkins

For those of you still following the Prince of Wales correspondence veto saga, and who have access to law journals in print or online, you may be interested to read the casenote published in the latest issue of the Law Quarterly Review discussing the Court of Appeal judgment. The casenote is by 11KBW and Panopticon stalwart Chris Knight. The full reference is CJS Knight, ‘The Veto in the Court of Appeal’ (2014) 130 LQR 552.

Loss of personal data: £20k award upheld on appeal

September 16th, 2014 by Robin Hopkins

If you breach your legal duties as regards personal data in your control, what might you expect to pay by way of compensation to the affected individual? The received wisdom has tended to be something along these lines. First, has the individual suffered any financial loss? If not, they are not entitled to a penny under s. 13 DPA. Second, even if they get across that hurdle, how much should they get for distress? Generally, not very much – reported awards have tended to be very low (in the low thousands at most).

All of that is very comforting for data controllers who run into difficulties.

That picture is, however, increasingly questionable. “Damage” (the precondition for any award, under s. 13 DPA) could mean something other than “financial loss” – other sorts of damage (even a nominal sort of damage) can, it seems, serve as the trigger. Also, provided the evidence is sufficiently persuasive, it seems that awards – whether under the DPA or at common law (negligence) – could actually be substantial.

These trends are evident in the judgment of the Court of Appeal of Northern Ireland in CR19 v Chief Constable of the Police Service of Northern Ireland [2014] NICA 54.

The appellant, referred to as CR19, was a police officer with the Royal Ulster Constabulary. Due to his exposure to some serious terrorist incidents, he developed Post-Traumatic Stress Disorder (PTSD); he also developed a habit of excessive alcohol consumption. He left the Constabulary in 2001. In 2002, there was a burglary at Castlereagh Police, apparently carried out on behalf of a terrorist organisation. Data and records on officers including CR19 were stolen.

The Constabulary admitted both negligence and a breach of the seventh data protection principle (failure to take appropriate technical and organisational measures). The issue at trial was the amount of compensation to which CR19 was entitled.

Note the losses for which CR19 sought compensation: he claimed that, as a result of the stress which that data loss incident caused him, his PTSD and alcohol problems worsened, he lost out on an employment opportunity and that his house had been devalued as a result of threats to the property and the package of security measures that had been implemented for protection.

The trial judge heard evidence from a number of parties, including medical experts on both sides. He found some aspects of CR19’s evidence unsatisfactory. Overall, however, he awarded CR19 £20,000 (plus interest) for the Constabulary’s negligence. He did not expressly deal with any award under s. 13 of the DPA.

CR19 appealed, saying the award was too low. His appeal was largely dismissed: the trial judge had been entitled to reach his conclusions on the evidence before him.

Further, the s. 13 DPA claim added nothing to the quantum. The Court of Appeal considered the cases of Halliday (a £750 award) and AB (£2,250) (both reported on Panopticon) and concluded as follows (para. 24):

“In this case we have earlier recorded that three eminent psychiatrists gave professional evidence as to the distress sustained by CR19 as a consequence of the break-in. While accepting that the breach and its consequences in this case are of a different order to the matters considered in Halliday or AB, we conclude that the damages for distress arising from the breach of the Data Protection Act must be considered to be subsumed into the judge’s award which, while rejected as too low by the appellant, was by no means an insignificant award. The assessment took account of the distress engendered by the breach of data protection. We cannot conceive of any additional evidence that might be relevant to any additional damages for distress in respect of breach of section 4. Accordingly, we affirm the award of compensation made by the learned trial judge. However, in view of Arden LJ’s reasoning in Halliday, we conclude that the appellant must in addition be entitled to nominal damages of £1.00 to reflect the fact that there was an admitted breach of section 4 of the Data Protection Act.”

Whilst it is not strictly correct to read the CR19 judgment as affirming a DPA award for £20,000 (that award was for negligence), the judgment is nonetheless interesting from a DPA perspective in a number of respects, including these:

(i) While it was conceded in Halliday that nominal damage suffices as “damage” for s. 13(1) purposes, that conclusion looks like it is being applied more widely.

(ii) One problem in Halliday (and to an extent also in AB) was the lack of cogent evidence supporting the alleged damage. The CR19 case illustrates how evidence, including expert medical evidence, can be deployed to effect in data breach cases (whether based on negligence or on the DPA).

(iii) Unlawful acts with respect to individuals’ personal information can, it seems, lead one way or another to a substantial award. The DPA may aim to offer relatively modest awards (so said the Court of Appeal in Halliday), but serious misuse or loss of personal data can nonetheless be very damaging, and the law will recognise and compensate for this where appropriate.

Robin Hopkins @hopkinsrobin