Interfering with the fundamental rights of practically the entire European population

April 10th, 2014 by Robin Hopkins

In the Digital Rights Ireland case, the Grand Chamber of the CJEU has this week declared invalid the 2006 Directive which provides for the mass retention – and disclosure to policing and security authorities – of individuals’ online traffic data. It found this regime to be a disproportionate interference with privacy rights. Depending on your perspective, this is a major step forward for digital privacy, or a major step backwards in countering terrorism and serious crime. It probably introduces even more uncertainty in terms of the wider project of data protection reform at the EU level. Here is my synopsis of this week’s Grand Chamber judgment.

Digital privacy vs national security: a brief history

There is an overlapping mesh of rights under European law which aims to protect citizens’ rights with respect to their personal data – an increasingly important strand of the broader right to privacy. The Data Protection Directive (95/46/EC) was passed in 1995, when the internet was in its infancy. It provides that personal data must be processed (obtained, held, used, disclosed) fairly and lawfully, securely, for legitimate purposes and so on.

Then, as the web began to mature into a fundamental aspect of everyday life, a supplementary Directive was passed in 2002 (2002/58/EC) on privacy and electronic communications. It is about privacy, confidentiality and the free movement of electronic personal data in particular.

In the first decade of the 21st century, however, security objectives became increasingly urgent. Following the London bomings of 2005 in particular, the monitoring of would-be criminals’ web activity was felt to be vital to effective counter-terrorism and law enforcement. The digital confidentiality agenda needed to make space for a measure of state surveillance.

This is how Directive 2006/24 came to be. In a nutshell, it provides for traffic and location data (rather than content-related information) about individuals’ online activity to be retained by communications providers and made available to policing and security bodies. This data was to be held for a minimum of six months and a maximum of 24 months.

That Directive – like all others – is however subject to the EU’s Charter of Fundamental Rights. Article 7 of that Charter enshrines the right to respect for one’s private and family life, home and communications. Article 8 is about the right to the protection and fair processing of one’s personal data.

Privacy and Digital Rights Ireland prevail

Digital Rights Ireland took the view that the 2006 Directive was not compatible with those fundamental rights. It asked the Irish Courts to refer this to the CJEU. Similar references were made during different litigation before the Austrian Courts.

The CJEU gave its answer this week. In Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources and Others (C‑293/12) joined with Kärntner Landesregierung and Others (C‑594/12), the Grand Chamber held the 2006 Directive to be invalid on the grounds of its incompatibility with fundamental privacy rights.

The Grand Chamber accepted that, while privacy rights were interfered with, this was in pursuit of compelling social objectives (the combatting of terrorism and serious crime). The question was one of proportionality. Given that fundamental rights were being interfered with, the Courts would allow the European legislature little lee-way: anxious scrutiny would be applied.

Here, in no particular order, are some of the reasons why the 2006 Directive failed its anxious scrutiny test (quotations are all from the Grand Chamber’s judgment). Unsurprisingly, this reads rather like a privacy impact assessment which data controllers are habitually called upon to conduct.

The seriousness of the privacy impact

First, consider the nature of the data which, under Articles 3 and 5 the 2006 Directive, must be retained and made available. “Those data make it possible, in particular, to know the identity of the person with whom a subscriber or registered user has communicated and by what means, and to identify the time of the communication as well as the place from which that communication took place. They also make it possible to know the frequency of the communications of the subscriber or registered user with certain persons during a given period.”

This makes for a serious incursion into privacy: “Those data, taken as a whole, may allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, the activities carried out, the social relationships of those persons and the social environments frequented by them.”

Second, consider the volume of data gathered and the number of people affected. Given the ubiquity of internet communications, the 206 Directive “entails an interference with the fundamental rights of practically the entire European population”.

Admittedly, the 2006 regime does not undermine “the essence” of data protection rights (because it is confined to traffic data – the contents of communications are not retained), and is still subject to data security rules (see the seventh data protection principle under the UK’s DPA 1998).

Nonetheless, this is a serious interference with privacy rights. It has objective and subjective impact: “it is wide-ranging, and it must be considered to be particularly serious… the fact that data are retained and subsequently used without the subscriber or registered user being informed is likely to generate in the minds of the persons concerned the feeling that their private lives are the subject of constant surveillance.”

Such a law, said the Grand Chamber, can only be proportionate if it includes clear and precise laws governing the scope of the measures and providing minimum safeguards for individual rights. The 2006 Directive fell short of those tests.

Inadequate rules, boundaries and safeguards

The regime has no boundaries, in terms of affected individuals: it “applies even to persons for whom there is no evidence capable of suggesting that their conduct might have a link, even an indirect or remote one, with serious crime”.

It also makes no exception for “persons whose communications are subject, according to rules of national law, to the obligation of professional secrecy”.

There are no sufficiently specific limits on the circumstances in which this can be accessed by security bodies, on the purposes to which that data can be put by those bodies, or the persons with whom those particular bodies may share the data.

There are no adequate procedural safeguards: no court or administrative authority is required to sign off the transfers.

There are also no objective criteria for justifying the retention period of 6-24 months.

The Grand Chamber’s conclusion

In summary, the Grand Chamber found that “in the first place, Article 7 of Directive 2006/24 does not lay down rules which are specific and adapted to (i) the vast quantity of data whose retention is required by that directive, (ii) the sensitive nature of that data and (iii) the risk of unlawful access to that data, rules which would serve, in particular, to govern the protection and security of the data in question in a clear and strict manner in order to ensure their full integrity and confidentiality. Furthermore, a specific obligation on Member States to establish such rules has also not been laid down…”

There was also an international transfer aspect to its concern: “in the second place, it should be added that that directive does not require the data in question to be retained within the European Union…”

This last point is of course highly relevant to another of the stand-offs between digital privacy and national security which looms in UK litigation, namely the post-Snowden litigation against security bodies.

Robin Hopkins @hopkinsrobin

Steinmetz and Others v Global Witness: latest developments

April 2nd, 2014 by Robin Hopkins

Panopticon devotees will have noted that important DPA litigation is afoot between a group of businessmen (Beny Steinmetz and others) and the NGO Global Witness. The Economist has recently reported on the latest developments in the case: see here.

I particularly like the article’s subtitle: “Libel laws have become laxer. Try invoking data protection instead”. This is an observation I (and others) have made in the past: see here for example. The point appears to be gathering momentum.

Robin Hopkins @hopkinsrobin

ICO cannot have a second go

March 25th, 2014 by Robin Hopkins

Okay, the following points are mainly about procedure, but they are nonetheless quite important for those involved in FOIA litigation before the Tribunals. These points come from a pair of recent Upper Tribunal decisions, both arising out of requests from the same requester.

One is IC v Bell [2014] UKUT 0106 (AAC): Bell UT s58. Question: suppose the First-Tier Tribunal thinks the ICO got it wrong in its decision notice. Can it remit the matter to the ICO for him to think again and issue another decision notice on the same complaint? Answer: no, it can’t; it must dispose of the appeal itself. There are some exceptions, but that is the general view with which parties should approach Tribunal litigation.

That Bell decision also comments on the importance, in relevant circumstances, of the Tribunal ensuring that it gets the input of the public authority and not just of the ICO, as there will be cases where only the public authority can really provide the answers to questions that arise at the Tribunal stage.

That same Bell decision also explores this point, for those with an interest in FOIA and statutory construction (surely there are some of you?): under s. 58 of FOIA, unless the Tribunal is going to dismiss an appeal, it must “allow the appeal or substitute such other notice as could have been served by the Commissioner” (my emphasis). That is curious. Quite often, Tribunals do both of those things at the same time. What to make of this? Judge Jacobs explains in the Bell decision.

There was also a second Bell appeal on the same day: Bell UT s14. Same Bell, different public authority and separate case: IC and MOD v Bell (GIA/1384/2013). This was about s. 14 of FOIA (vexatious requests). The public authority had provided lots of detail about the background to the series of requests to make good its case under s. 14. But there was a paper hearing rather than an oral one and the Tribunal appears to have overlooked some of that detail and it found that s. 14 had been improperly applied.

Judge Jacobs overturned that decision. One reason was this: when a binding and decisive new judgment (here, Dransfield) appears between the date of a hearing and the date of the Tribunal’s final deliberations, justice requires that the parties be given an opportunity to make submissions on the application of that judgment.

Another was that the Tribunal had failed properly to engage with the documentary evidence before it. “That is why the papers were provided: to be read. A tribunal is not entitled to rely on the parties to point to the passages that it should read and to look at nothing else” (my emphasis). This underlined point is obviously of general application to Tribunal litigation.

Robin Hopkins @hopkinsrobin

Data protection and compensation: the “irreversible march” towards revolutionary change

March 21st, 2014 by Robin Hopkins

At 11KBW’s Information Law conference this past Tuesday, I talked a bit about the progress of the draft EU Data Protection Regulation. I omitted to mention last week’s development (my reason: I was on holiday in Venice, where data protection seemed less pressing). In a plenary session on 12 March, the European Parliament voted overwhelmingly in support of the Commission’s current draft of the Regulation. This is all explain in this Memo from the European Commission. Here are some key points.

One is the apparently “irreversible” progress towards getting the Regulation onto the EU statute books. “The position of the Parliament is now set in stone and will not change even if the composition of the Parliament changes following the European elections in May. As a reminder, the remaining stage is for the European Council to agree to the proposal. Its ministers are meeting again in early June. So far, they have been broadly supportive.

Another point is about business size and data protection risk: SMEs will not need to notify (so where will the ICO get its funding?), they won’t need to have data protection officers or carry out privacy impact assessments as a default rule. “We want to make sure that obligations are not imposed except where they are necessary to protect personal data: the baker on the corner will not be subject to the same rules as a (multinational) data processing specialist.”

A third point has great consequences for international transfers: “Non-European companies, when offering services to European consumers, will have to apply the same rules and adhere to the same levels of protection of personal data. The reasoning is simple: if companies outside Europe want to take advantage of the European market with more than 500 million potential customers, then they have to play by the European rules”.

Fourth, the “right to be forgotten” is still very much on the agenda. “If an individual no longer wants his or her personal data to be processed or stored by a data controller, and if there is no legitimate reason for keeping it, the data should be removed from their system” (subject to freedom of expression). This “citizen in the driving seat” principle, like the consistency aim (the same rules applied the same away across the whole EU) and the “one-stop shop” regulatory model has been part of the reform package from the outset.

A final point is that the Parliament wants regulators to be able to impose big fines: “It has proposed strengthening the Commission’s proposal by making sure that fines can go up to 5% of the annual worldwide turnover of a company (up from 2% in the Commission’s proposal)”. Monetary penalties will not be mandatory, but they will potentially be huge.

On this last point about money: as under the current law, a regulatory fine is one thing and the individual’s right to be compensated another. At out seminar on Tuesday, we discussed whether there would soon be a sweeping away (see for example the Vidal-Hall v Google litigation) of the long-established Johnson v MDU principle that in order to be compensated for distress under section 13 of the DPA, you need first to prove that you suffered financial loss. That may well be so for the DPA, in which case the short- and medium-term consequences for data protection litigation in the UK will be huge.

But it is important to be clear about the longer term: this is going to happen anyway, regardless of any case-law development in UK jurisprudence. Article 77 of the current draft of the Regulation begins like this “Any person who has suffered damage, including non-pecuniary damage, as a result of an unlawful processing operation or of an action incompatible with this Regulation shall have the right to claim compensation from the controller or the processor for the damage suffered”.

If we are indeed irreversibly on track towards a new Regulation, then data protection litigation – notably, though not only about compensating data subjects – is guaranteed to be revolutionised.

Robin Hopkins @hopkinsrobin

A history and overview of the FOIA/EIR veto

March 21st, 2014 by Robin Hopkins

The ‘veto’ (ministerial certificate) provision under s. 53 of FOIA (imported also into the EIRs) has been much discussed – on this blog and elsewhere – of late. Here is another excellent resource on the subject which is worth drawing to the attention of readers who want to understand this issue in more detail. Earlier this week, the House of Commons library published this note by Oonagh Gay and Ed Potton on the veto, its use to date, and comparative jurisdictions (Australia, New Zealand, Ireland).

Robin Hopkins @hopkinsrobin

FOIA disclosures: ‘motive blindness’ and risks to mental health

February 26th, 2014 by Robin Hopkins

Some FOIA ‘mantras’ frustrate requesters, such as judging matters as at the time of the request/refusal, regardless of subsequent events. Others tend to frustrate public authorities, such as ‘motive blindness’. A recent Tribunal discusses and illustrates both principles – in the context of the distress (including a danger to mental health) likely to arise from disclosure.

The background is that a certain pupil referral unit (PRU) in County Durham was the subject of complaints; 13 of its 60 staff had been suspended. An independent investigation team reported in November 2012. Later in that same month, the Council received a FOIA request for a copy of the investigators’ report. At that time, disciplinary proceedings were pending against each of the suspended members of staff. Those proceedings were to be conducted on a confidetial basis.

The Council refused the request, relying on section 31 (prejudice to conduct of function for purpose of ascertaining any improper conduct), section 40 (personal data) and 38 (health and safety). The ICO agreed, and so has the Tribunal, dismissing the requester’s appeal in Hepple v IC and Durham County Council (EA/2013/0168).

The Tribunal confirmed that, notwithstanding the appellant’s practical arguments to the contrary, it had to judge matters as they stood at the time of the Council’s refusal of the request (paras 4-7).

Section 31 was engaged: “We are satisfied, having read the Report in full, that disclosure in full would have given rise to a perception of unfairness and pre-judgement that would have prejudiced the disciplinary proceedings. Those deciding the complaint might have avoided being prejudiced but the perception of a disinterested third party would have been that the staff member’s right to a fair hearing had been undermined, particularly if publication had attracted media comment” (para 14). The public interest favoured maintaining the exemption.

Reliance on section 40(2) was upheld: the unwarranted interference to the data subjects prevailed over public interest arguments. The comparative balance may have shifted slightly since the date of the refusal, but that was not the relevant time for the purposes of the appeal.

Reliance on section 38 was also upheld. This exemption for health and safety (here, danger to mental health) seldom surfaces in FOIA caselaw. Here it was upheld, largely because the requester himself had sent certain text messages (for which he was later apologetic) to some of the individuals involved. The Tribunal “drew the clear impression that the texts had been transmitted with the purpose of menacing those whose addresses the Appellant had acquired” (para 37).

Those text messages were sent after the refusal of the request, but the Tribunal was satisfied that they evidenced a state of mind likely to have existed at the relevant time. As to ‘motive blindness’, the Tribunal said that “assessing an information request on this “motive blind” basis ought not to prevent us from considering the potential risk to safety posed by the requester him/herself”.

‘Motive blindness’ may be something of a mantra in FOIA cases, but – as with vexatious request cases – it is a principle which should be applied with appropriate nuance.

Robin Hopkins @hopkinsrobin

Property searches under the EIRs: Tribunal refers questions to the CJEU

February 13th, 2014 by Robin Hopkins

The ability to impose charges for the provision of property search information is an important financial issue for many local authorities. Historically it had been thought by many that the imposition of such charges was governed by the Local Authorities (England) (Charges for Property Searches) Regulations 2008 (“CPSR”), which allow local authorities to recover all the costs of making such information available (including staff costs, overhead costs and the costs of maintaining relevant information systems). However, in recent years there has been an increasing awareness of the fact that requests for property search information to a large extent amount to requests for access to environmental information, such that they call for an application of the charging regime provided for in r. 8 of the Environmental Information Regulations 2004. The CPSR itself specifically provides that it does not apply to the provision of any information which is governed by other statutory charging regimes. Accordingly, it would seem that the CPSR is inapplicable in respect of requests for property search information insofar as those requests are made under the EIR.

Regulation 8 EIR allow reasonable charges to be imposed for making environmental information available, save that no charge may be imposed for permitting access to public registers or examining the requested information in situ. The question of when a public authority can impose charges and also what will constitute a reasonable charge has now been considered by the tribunal in a number of different cases, all of which concerned requests for property search information (see e.g. Kirklees Council v IC & Pali Ltd [2011] UKUT 104 (AAC) and also East Riding of Yorkshire v IC).

Earlier this year, in Leeds City Council v IC & APPS Claimants (EA/2012/0020-21); [2013] 1 Info LR 406, the First-Tier Tribunal was asked to decide whether, when making environmental information available other than by means of inspection or through public registers, the local authority was entitled under r. 8 to charge only for disbursements (the Commissioner’s case) or whether other costs, such as the cost of staff time spent searching for the requested information and overhead costs, could be factored into the charge (the Council’s case). Having carefully considered not only r. 8 but the provisions on charging in the Directive on Public Access to Environmental Information (“the Directive”), the FTT concluded that public authorities could only charge in respect of disbursement costs. It also held that Leeds had erred in determining the charge by reference to the CPSR. Leeds initially sought and was granted permission to appeal against the decision. However, the appeal was not pursued. Notably, the Commissioner argued before the FTT in the Leeds case that the question of what would constitute a lawful charge could not satisfactorily be resolved without a reference to the Court of Justice of the European Union. That argument was not supported by Leeds or the APPS claimants. The FTT decided that it could resolve the appeal without a reference and so none was made.

These issues have now resurfaced before the First-Tier Tribunal in East Sussex County Council v IC & Property Search Company & the Local Government Association (EA/2013/0037), another property search case. In this case, the applicant requested answers to questions in the standard property search form issued by the Law Society, the CON29R form. The Council imposed a fixed charge for providing this information, the fixed charge having been calculated on the basis of the approach provided for in the CPSR (i.e. was a charge which was intended to produce a cost neutral result for the Council). The charge itself factored in not only disbursement costs, but also staff time, a portion of the Council’s overhead costs, office costs and a portion of the costs of maintaining the information systems from which the relevant information is derived.

In light of an analysis of preparatory legislative materials for the Directive, the Commissioner conceded that costs beyond mere disbursement costs could in principle be factored into the charge. In particular, he argued that staff time spent searching for the information could be included. However, he disputed that other costs (e.g. overheads, office costs and the costs of maintaining the relevant information systems) could lawfully be included. However, the Commissioner’s position before the FTT was that, notwithstanding his concession, there remained substantial uncertainty as to what constituted a permissible charge under the Directive and a reference to the CJEU was still warranted. The other parties to the appeal ultimately agreed that this was an appropriate course.

The FTT has now decided that there should be a reference for a preliminary ruling. The questions being referred are:

(1) What is the meaning to be attributed to Art 5(2) of Directive 2003/4/EC and in particular can a charge of a reasonable amount for supplying a particular type of environmental information include:

(a) part of the cost of maintaining a database used by the public authority to answer requests for information of that type;

(b) overhead costs attributable to staff time properly taken into account in fixing the charge?

(2) Is it consistent with Arts 5(2) and 6 of the Directive for a Member State to provide in its regulations that a public authority may charge an amount for supplying environmental information which does “… not exceed an amount which the public authority is satisfied is a reasonable amount” if the decision of the public authority as to what is a “reasonable amount” is subject to administrative and judicial review as provided under English law?”

Hopefully the CJEU will in due course agree to give a preliminary ruling. In the meantime, local authorities and those engaged in the property search industry will have to wait with baited breath.

Anya Proops acts for the Information Commissioner.

Robin Hopkins @hopkinsrobin

High Court to consider Data Protection Act bid to halt reporting of corruption allegations

February 10th, 2014 by Jason Coppel QC

Can the Data Protection Act 1998 (“DPA”) be used to prevent a respected NGO from reporting allegations of corruption by a multi-billion dollar international mining conglomerate?  That is the stark question posed by Steinmetz and others v Global Witness Limited, a recently issued High Court DPA Claim. 

Depending on which side of the litigation you are on, the Claim is an orthodox, if novel, attempt to stop the reporting of unfounded and damaging allegations of corruption brought by individuals whose names have been mentioned in accounts of those allegations.  Or an abusive attempt to prevent legitimate, public interest reporting, which threatens to censor the investigative and reporting activities of a vast swathe of NGOs.  

The Claim has been brought against the NGO Global Witness by four individuals reportedly associated with BSG Resources Limited (“BSGR”), a mining conglomerate whose interests include 50% of the Simandou iron ore reserve in Guinea.  Global Witness is a Nobel-prize nominated organisation which investigates and reports on natural-resource related conflict and corruption around the world.  Since November 2012, it has reported allegations that BSGR’s share in the Simandou reserve, one of the largest and most valuable in the world, was obtained by corruption.  These corruption allegations are currently being investigated by the Government of Guinea and by a US Federal Grand Jury.

The four Claimants are individuals who claim links with BSGR, and have been named by Global Witness in its reporting on the Guinea corruption allegations.  They include Beny Steinmetz, reported by the international media to be the founder of BSGR.  The four have made subject access requests under s. 7 DPA to obtain any personal data about them which is being held by Global Witness, have complained to the Information Commissioner (“ICO”) about non-compliance with their requests, and have now issued proceedings making various DPA claims against Global Witness, seeking declarations, disclosure, deletion of personal data and damages. http://www.bsgresources.com/bsgr-guinea/bsgr-guinea-analysis-reports/claim-filed-against-global-witness/

If successful, the Claim would prevent Global Witness from continuing to investigate and to report on the corruption allegations in connection with BSGR, and indeed from investigating and reporting on any similar allegations in the future.  The relief sought from the Court includes, in particular: 

-          An order under s. 7(9) DPA that Global Witness discloses all of the personal data held about the Claimants.  Mr Steinmetz maintains that any data relating to BSGR is necessarily his personal data, and similar but less expansive claims are maintained by the other Claimants. 

-          An order under s. 10 DPA that Global Witness ceases to process any of the Claimants’ personal data (which would mean, on the Claimants’ case, that it could not report any allegations about BSGR).  This relief is founded, in part, upon an allegation that the data was obtained from a person or persons who were not authorised to provide it and so invites the Court to investigate Global Witness’s sources. 

-          An order pursuant to s. 14 DPA that Global Witness rectifies, blocks, erases or destroys data held which the Court is satisfied is inaccurate.  This claim seeks to use the DPA in effect to mimic a claim for libel, inviting the Court to make findings on the truth of the corruption allegations reported by Global Witness.  

-          Damages for distress etc. caused to the Claimants.

For its part, Global Witness maintains that the Claim has been brought for collateral and illegitimate purposes and is an unwarranted attack on its freedom of expression.

Section 32 DPA exempts from each of the provisions relied upon by the Claimants data which are processed “only for”  “journalistic purposes”.   So a similar claim could not be maintained against an organisation like a newspaper which was engaged only in journalistic activities.  But the Claimants will presumably contend that because Global Witness is not a journalistic organisation but also engages in, for example, campaigning activities, s. 32 does not apply to their personal data which it holds.  If that is correct, the reporting activities not just of Global Witness but of a whole range of NGOs who campaign as well as engage in what they regard as public interest reporting could be subject to similar attack in reliance upon the DPA. Global Witness argues that it is not correct, and will rely upon the s. 3 Human Rights Act 1998 duty to interpret s. 32 DPA in a manner which is compatible with its freedom of expression.  So the Claim raises the stark issue of how the balance is to be struck under the DPA between the privacy rights of the Claimants and the freedom of expression of Global Witness.  Global Witness intends to apply to stay the proceedings pursuant to s. 32(4) DPA in a little-known  procedure which would require the ICO to decide on the application of s. 32 to the disputed data.  Other defences pursued by Global Witness also rely upon its right to freedom of expression under Article 10 ECHR.

Section 32 DPA is a relatively unexplored provision so far as UK courts and tribunals are concerned.  But it was subject to the detailed consideration by the Leveson Inquiry, which has in turn resulted in the ICO taking a close interest in its application.  The ICO is proposing to issue guidance to media organisations on their reliance upon s. 32:

http://ico.org.uk/news/latest_news/2014/~/media/documents/library/Data_Protection/Research_and_reports/data-protection-and-journalism-a-guide-for-the-media-draft.pdf The outcome of the Global Witness litigation will no doubt have a significant influence on the position ultimately adopted by the ICO.

Even if the Claim is ultimately unsuccessful, the prospect of expensive High Court litigation against individuals with deep pockets could have a chilling effect on the activities of NGOs like Global Witness.  It remains to be seen how the Courts and the ICO will react to what Global Witness argues to be an abuse of the DPA in order to attack legitimate, public interest investigation and reporting which would be protected from such attack if carried out by a traditional news organisation.

Anya Proops of 11KBW represents Global Witness, instructed by Mark Stephens of HowardKennedyFsi

Jason Coppel QC

Use of disclosed documents

February 7th, 2014 by jamesgoudie

The important general principle is of course that a party to whom a document has been disclosed in litigation may use that document only for the purpose of the proceedings in which it is disclosed.  There are, nonetheless, three significant exceptions to that principle, set out in CPR r31.22(1).  They are (a) where the document has been read to or by the Court, or referred to, at a hearing which has been held in public; (b) where the Court gives permission; or (c) where the party who disclosed the document and the party to whom the document belongs agree.   However, r31.22(2) provides that the Court may make an Order restricting or prohibiting the use of a document which has been disclosed, even where the document has been read to or by the Court, or referred to, at a hearing which has been held in public.  An application for such an Order was considered by the High Court in Smith & Nephew PLC v Convatec Technologies Inc [2014] EWHC 146 (Pat).  Birss J granted a Permanent Order prohibiting the use after trial of certain documents which had been disclosed during patent infringement proceedings.  The documents covered by the Order included those which made reference to commercial strategy or to manufacturing processes.  The nature and details of the claimants’ secret processes had to be explored in the proceedings.  Justice could not be done without it.  A number of those documents played a crucial role in Court, but the outcome could be understood without them.  The documents covered by the Order did not, however, include documents which related to the claimants’ dealings with regulatory authorities, which went to a springboard injunction question.  Although the claimants had built up very substantial experience and know-how in dealing with regulatory authorities, disclosure of those documents would not reveal that know-how or damage the claimants at all.

An Order restricting use of disclosed documents referred to in Court is consistent with it being “highly desirable” (para 11) to avoid trials in private or partly in private, as was recently reiterated by Lord Neuberger in Bank Mellat v H. M. Treasury [2013] UKSC 38 at para 2.

11KBW Information Law Conference, 18th March 2014

February 6th, 2014 by Panopticon Blog

11KBW is very pleased to announce that its annual Information Law Conference will be held on 18th March 2014 at the Royal College of Surgeons of England. The conference will cover a range of topical issues including surveillance law in the post-Snowden world, the relationship between information rights and the Article 10 right to freedom of expression and the controversial role played by the FOIA veto.  The conference will also include case-law updates on FOIA, the EIR and the DPA. This year we are delighted to welcome Upper Tribunal Judge Nicholas Wikeley as our keynote speaker.

The full programme can be accessed here.

CPD

The conference will be accredited 4.5 hours CPD - SRA/BSB

Cost

£99 + VAT (20%) = £118.80 to attend half day plus lunch

£150 + VAT (20%) = £180.00 to attend full day

How to Book

To book your place on this conference please email RSVP@11kbw.com with the delegate name, firm, email address and any purchase order details you may require. You will be then sent a confirmation email of your place and invoiced. We do not have the facilities to accept payments by credit or debit cards.