High Court Judgment on Inspection of Personal Data

May 29th, 2009 by Anya Proops

The High Court has recently handed down an interesting judgment on the extent to which redacted personal data contained in documents disclosed in the course of litigation was vulnerable to inspection. The judgment also highlights some of the limits which may be placed on parties seeking inspection of databases containing personal data. In Webster & Ors v Ridgeway Foundation School Governors [2009] EWHC 1140 (QB), the claimants had brought claims against the governors of a school on the basis that they had suffered racially motivated assaults on school property. They alleged that the governors had caused or contributed to the injury by negligently failing to maintain proper disciplinary standards or otherwise taking proper care with respect to pupil security, particularly by allowing racial tensions to develop. During the course of standard disclosure, the governors disclosed a log of investigations into racist incidents, bullying and aggression in the school. Moreover, one of their witness statements disclosed the existence of a computerized system used to record pupil behaviour. The governors allowed inspection of the disclosed documents but redacted the names of purported victims of racism, bullying and aggression. The claimants sought disclosure of the redacted names and, further, of the computerized system. They argued that they needed to access this information in order to assess whether there were other pupils who might be able to provide useful evidence and that they had a right to inspect that information given that its existence had been disclosed by the governors.

Nicol J refused the claimants’ application for inspection of the redacted information and the computerized system. He held that that the mere fact that a document had been disclosed did not mean that there was an automatic right of inspection in respect of all of the information it contained, not least this was because some of the information in the disclosed document may not be relevant to the matters in issue. On the facts of the instant case, Nicol J found that inspection of the redacted names could and should be refused on the basis that: (a) it would amount to an interference with the privacy rights of the individual children named in the documents; and (b) that interference was not necessary in the instant case as the claimants did not need to know the identities of the purported victims in order to have a fair trial or for the fair disposal of the litigation (Science Research Council v Nasse [1980] AC 1028 HL applied). With respect to the computerized system, Nicol J accepted that mention of a document in a witness statement could be equated with inclusion of a document in a disclosure list and, hence, prima facie it would give rise to an obligation to permit inspection. However, he also held that that general proposition was subject to the qualifications contained in CPR 31.3, which included the right to object to disclosure on grounds of proportionality. Nicol J went on to find that permitting inspection of the computerized database would be disproportionate, particularly because: (a) the governors would have to redact the entire database to ensure that any private information relating to individual pupils and, further, any irrelevant information was not disclosed, which was a very substantial task and (b) undertaking this task was disproportionate having regard to any possible benefit for the claimants and the issues in the case. 


May 27th, 2009 by Anya Proops

The creation of electronic summary patient records which can readily be accessed by medical teams on the NHS broadband computer system, known as the Spine, is one which has met with approval in many quarters. This is unsurprising given the potential health benefits resulting from clinicians being able to access such records. However, this approval has been tempered by concerns that the NHS, in common with other large-scale public authorities, may not be able to maintain appropriate levels of security with respect to this manifestly sensitive personal data. Yesterday the Guardian reported that, following talks between the ICO and Connecting for Health (CfH), the agency responsible for implementing the records scheme, CfH has now yielded to calls for NHS patients be given the right to have their summary care records deleted from the system (although deletion would not occur if the records had already been used, in which case they would be archived for medic-legal reasons). The right to have records deleted will be additional to the right already granted to patients to opt out of the scheme before a record is created for them. CfH’s decision to permit patients to have their record deleted represents a move away from earlier proposals that, where objections were made, the record would simply be ‘masked’ within the system. Notably, the news over changes to the care records scheme comes only days after it was revealed that records revealing personal data relating to tens of thousands of MOD personnel, which were lost last year, had contained not merely financial information but also highly sensitive vetting information. The revelations have been controversial because, whilst the loss was announced last year, neither Parliament nor the ICO were informed that the lost data included sensitive vetting data.


May 27th, 2009 by Anya Proops

The Information Tribunal will this week begin hearing an important appeal against a decision of the Information Commissioner that certain abortion statistics relating to ground (e) abortions (abortions in cases of disability) were disclosable under section 1 FOIA. The appeal concerns in particular the interesting and difficult question of whether and to what extent ostensibly anonymous, statistical information can nonetheless constitute ‘personal data’ for the purposes of the personal data exemption provided for under section 40 FOIA. Before the Commissioner, the DH argued that, whilst the information in the abortion statistics does not per se identify any particular individual, because the statistics themselves relate to a relatively small number of cases, it would still be possible to identify particular patients and/or doctors who have carried out the abortions, particularly if the statistics were married either with other information held by the DH or already in the public domain. The Commissioner was not persuaded by that argument. He held that the statistical information was so far removed from the information on the Abortion Notification forms from which the information was derived that it no longer retained the attributes of personal data. The proposition that proximity to identifying information should be the barometer of whether particular anonymous information constitutes ‘personal data’ is likely to be hotly contested before the Tribunal. Watch this space for further news! Tim Pitt-Payne will be appearing on behalf of the Commissioner.

Privacy and the Police – Important Court of Appeal Judgment

May 22nd, 2009 by Anya Proops

By a two to one majority, the Court of Appeal decided yesterday, in Wood v Commissioner for Police of the Metropolis [2009] EWCA Civ 414, that the Metropolitan Police had acted unlawfully when it retained photographs which it had taken of an anti-arms trade campaigner as he was leaving the AGM of Reed Elsevier Plc (“REP”). This is an important judgment on the scope of the Article 8(1) right to privacy and on the scope of the justification defence available under Article 8(2).

The factsREP is the parent company of a company which organises trade fairs for the arms industry, Spearhead Exhibitions Limited. As a result of its association with Spearhead, REP’s offices have been subject to demonstrations, some involving criminal damage. In April 2005, Mr Wood attended REP’s AGM at the Millenium hotel in London in his capacity as shareholder. At the time, Mr Wood was a media co-ordinator for Campaign Against the Arms Trade (“CAAT”). It was not in dispute that Mr Wood was of good character, had no criminal convictions and had never been arrested. Moreover, his behaviour at the AGM had been entirely unobjectionable. However, as he was leaving the hotel, Mr Wood was overtly photographed by a photographer acting on behalf of the police. He was then questioned by police but declined to confirm his identity or answer their questions. The police claimed that, upon leaving the AGM, Mr Wood had been joined by a former member of CAAT with a history of unlawful activity against organisations involved in the arms industry. That assertion was disputed by Mr Wood. The police also claimed that it had taken the photographs in order to be able to identify offenders if offences were or had been committed at the AGM or if they were subsequently committed at the arms fair.

The High Court judgment - The High Court dismissed Mr Wood’s judicial review claim that the police’s actions had breached his Article 8 right to privacy. It did so on the basis that the police’s actions had not interfered with Mr Wood’s Article 8(1) right to private life (Wood v Commissioner of the Police for the Metropolis [2008] EWHC 1105 (Admin)).

The Court of Appeal judgment - The Court of appeal disagreed with the High Court’s conclusion that there was no interference with Mr Wood’s Article 8(1) right to privacy. It held that the mere taking of photographs in a public place was not itself capable of engaging Article 8. However, having regard to the particular circumstances of the case, Mr Wood’s Article 8 right to privacy had been interfered with. In particular, this was so because the photographs had been taken by an organ of the State, the police action was unexplained at the time it happened and, further, it carried with it the implication that the images would be kept and used in the future. On the question of whether the police was able to establish that interference was justified, and hence lawful under Article 8(2), the Court of Appeal unanimously agreed that the taking and retention of photographs of Mr Wood pursued legitimate aims, namely the prevention of disorder or crime and in the interests of public safety or the protection of the rights and freedoms of others. However, they disagreed on the question of whether the measures used by the police to pursue those legitimate aims were proportionate in all the circumstances. The majority (Lord Collins and Dyson LJ) held that, whereas retaining the photographs for a few days after the meeting was permissible, once it had become clear that Mr Wood had not committed any offence at the meeting, it was unreasonable and, hence, disproportionate for the photographs to be retained pending the trade fair. This was because there was no reasonable basis in the circumstances for fearing that Mr Wood might commit an offence at the trade fair. It is apparent from Lord Collins’ judgment that he was particularly concerned as to the potential ‘chilling effect’ which similar police actions would have on future potentially peaceful campaigners (see paragraph 92). Laws LJ dissented on the question of whether the interference was proportionate. He held that the interference was not disproportionate particularly because: ‘The taking of the pictures was in no sense aggressively done. The retention of the pictures was carefully and tightly controlled. The appellant’s image was not placed on any searchable database, far less a nationwide database indefinitely retained. But for the commencement of these proceedings the images of the appellant would have been destroyed after the DSEi exhibition’ (paragraph 58). The judges did however agree that the instant case was wholly distinguishable from Marper (ECtHR decides retention policy in respect of police DNA database gave rise to unjustified interferences with right to privacy – see my earlier post on the Home Office response to Marper and also Tim Pitt Payne’s NLJ article on the judgment itself).

It is important to note that the result of the Court of Appeal’s judgment is that the taking of the photographs did not per se constitute a unlawful interference with Mr Wood’s right to privacy. Rather what was unlawful was the excessive retention of the photographs beyond a time when there was any reasonable basis for supposing that Mr Wood may engage in criminal conduct at the arms fair. On the question of whether this judgment sets a precedent on the question of whether the police can generally take photographs of ostensibly law-abiding citizens, it is worth noting Lord Collins’ concluding comments: ‘it is plain that the last word has yet to be said on the implications for civil liberties on the taking and retention of images in the modern surveillance society. This is not the case for the exploration of the wider, and very serious, human rights issues which arise when the State obtains and retains the images of persons who have committed no offence and are not suspected of having committed any offence’ (paragraph 100).




CCTV In the Dock

May 18th, 2009 by Anya Proops
A Home Office funded review on the effectiveness of CCTV cameras in the fight against crime has found that it has only a ‘modest impact on crime’. The review, undertaken by the Campbell Collaboration found that the use of CCTV was not effective in cutting vehicle crime in car parks, especially when used alongside improved lighting and the introduction of security guards. The review’s conclusions are likely to prompt further debate not only on the cost effectiveness of using CCTV as a weapon to cut crime (CCTV is now the single most heavily funded crime prevention measure operating outside the criminal justice system) but also on whether the pervasive use of CCTV within our society can be justified, particularly given its potential to interfere with the right to privacy.  Notably, The Home Office cited the review in the context of its response to the House of Lords Comittee on the Constitution Inquiry into ‘Surveillance: Citizens and the State’ (and see my earlier post on the Committee’s report). In its response, the Home Office stated that: In reviewing existing policies and processes, the Government will seek to ensure that due consideration is given to the following key principles: Are robust safeguards in place to protect the information and indiviudal liberties? Are our plans and actions proportionate to the damage and the threat they are seeking to prevent? Are we being as transparent as possible? Are citizens being given the right amount of choice?The Home Office’s response should be read in conjunction with the Information Commissioner’s response to the Committee’s report which was published in 15 April 2009.


Who blacklists the blacklisters?

May 11th, 2009 by Timothy Pitt-Payne QC

In March this year the Information Commissioner took enforcement action against the Consulting Association, which had been operating a secret blacklist of employees in the construction industry, including details of trade union activity.  Today the Department for Business, Enterprise and Regulatory Reform has announced that new regulations will be introduced to outlaw the use of blacklists in this way.  There is a power to regulate under section 3 of the Employment Relations Act 1999, but so far it has never been used.  A consultation exercise is promised for early summer.  Draft regulations were previously prepared in 2003, and there was full consultation; so this time round the consultation will be shorter than the normal 12 week period.

It is very interesting to see such a direct link between action by the ICO, and new regulations.  The Government line had previously been that there was no evidence that regulations were needed.  The ICO has now provided them with their missing evidence.

Blacklists have a long history.  The Economic League attracted controversy in the 1980s (and was eventually disbanded in 1994); apparently it had a list of 22,000 political subversives, including one Gordon Brown MP.

Employment vetting is much in the news at present and is clearly attracting great interest.  We are currently considering an exciting project in this area:  watch this space!

DNA Database – The Age of Innocence

May 7th, 2009 by Anya Proops

The Government has today proposed new rules for the retention of DNA profiles and fingerprints on the police national DNA database.  The proposals, which are made in the context of a public consultation process (‘Keeping the Right People on the DNA Database’), come in the wake of the Marper judgment (4 December 2008). In Marper, the ECtHR held that a blanket policy under which fingerprints, cellular samples  and DNA profiles were indefinitely retained by the police constituted a disproportionate and, hence, unlawful interference with Article 8 rights to privacy. The new proposed rules aim to circumvent the problems posed by having a blanket indefinite retention policy by varying the length of time that data can be retained depending in the innocence of the suspect and the severity of the crime in respect of which they were arrested. Thus, the DNA profiles and fingerprints of individuals who are arrested but not convicted in respect of minor offences will be destroyed after a period of six years; individuals who are arrested but not convicted for more serious violent and sexual offences and terrorism-related offences will have to wait twelve years for their DNA profiles and fingerprints to be destroyed; individuals who are convicted of an imprisonable offence will have their DNA profiles and fingerprints retained indefinitely. The proposals have received a rebarbative response from civil liberties campaigners, many of whom had expected the Government to destroy some 850,000 DNA profiles, fingerprints and samples in response to the Marper judgment. Of course, the question has to be posed whether it can ever be a proportionate interference with privacy rights to retain data in respect of individuals whose guilt was never established in respect of the offence for which they were arrested and who must, in the circumstances, be deemed innocent. The Government’s answer to this question appears to be that the interference is justified because: (a) criminology research suggests that, over time, the retained data can be used to convict those ostensibly innocent individuals of subsequent crimes; and (b) accordingly, retention of the data will constitute a vital weapon in the fight against crime. The presumption underlying this answer appears to be that, in a statistically significant number of cases, individuals who appear to be innocent in respect of one crime are in fact destined to go on to commit crimes in the future, such that it is legitimate for their data to be retained for a relatively substantial period of time (either six or twelve years). Whilst the more nuanced approach to the retention of DNA profiles may be relatively well placed to survive a legal challenge in the domestic courts (see further the House of Lords judgment in Marper [2004] UKHL 39, [2004] 1 WLR 2196), it remains to be seen whether the ECtHR would regard that approach as falling within the four corners of the justification defence under Article 8(2).

ID Card Trials Struggle on Take Off

May 5th, 2009 by Anya Proops

Recent media reports suggest that the British Airline Pilots’ Association (Balpa), which represents more than 80% of commercial airline pilots, is considering a legal challenge to Home Office plans to use critical airside workers as the first compulsory guinea pigs in trials of the national identity card scheme. MPs are shortly to be asked to approve powers which could be used to compel pilots and other individuals who work airside to register for the national ID card scheme as part of their pre-employment checks. Balpa, which has been objecting to the proposed trial arrangements since late 2008,  has raised concerns about the compulsory nature of the current proposed arrangements. It has also asserted that ID cards will have absolutely no value so far as security is concerned. Meanwhile, speculation that the Government may look to axe the ID card scheme in the wake of the economic downturn has been dampened by an announcement in early April 2009 that the Government had recently signed two ten year contracts worth £650 million to get the scheme under way.

GCHQ Denies Snooping Project

May 5th, 2009 by Anya Proops

GCHQ, one of the three UK intelligence agencies, has issued a public statement in which it has specifically denied that it is developing technology which would enable it to access all internet traffic in the UK. The statement, which was made in response to weekend media reports on GCHQ’s Mastering the Internet Programme (MTI),  is unusual in that the agency does not usually comment on media stories.  The statement is plainly designed to reassure the public than the State is not secretly sanctioning the development of highly intrusive surveillance strategies. Its release follows in the wake of an announcement made by the Home Secretary on 27 April 2009 that the government had shelved plans to create a superdatabase that would centrally store all communications data in Britain (see the earlier post on the Super Database).

Police DNA Database Cut Down to Size

May 4th, 2009 by Anya Proops

The Home Secretary, Jacqui Smith, will this week unveil plans to remove from the police national database DNA information relating to up to one million innocent people. The proposals come in the wake of the ECtHR’s judgment in Marper in December 2008 that the practice of retaining the DNA profiles of innocent people on the database constituted an unjustified interference with the Article 8 right to privacy. Privacy campaigners have welcomed this development but continue to lobby for further limitations on the database, including removing the DNA profiles for minor offenders. See further Tim Pitt-Payne’s article on the Marper judgment in the New Law Journal.