Victory for Spamalot – Niebel in the Upper Tribunal

June 19th, 2014 by Anya Proops

The spamming industry is a decidedly irritating but sadly almost unavoidable feature of our networked world. There is no question but that spamming (i.e. the sending of unsolicited direct marketing electronic communications) constitutes an unlawful invasion of our privacy (see further regs 22-23 of the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) (PECR), implemented under EU Directive 2002/21/EC). The question is what can be done to stop it, particularly given that individual citizens will typically not want to waste their time litigating over the odd spam email or text?

Well one way to address this problem would be to have an effective penalties regime in place, one that effectively kicked the spammers where it hurts by subjecting them to substantial financial penalties. No surprise then that, in 2009, the EU Directive which prohibits spamming was amended so as to require Member States to ensure that they had in place penalties regimes which were ‘effective proportionate and dissuasive’ (see Article 15a of the Directive). This provision in turn led to amendments to PECR which resulted in the monetary penalty regime provided for under s. 55A of the Data Protection Act 1998 being effectively incorporated into PECR. Readers of this blog will be aware of recent litigation over the application of s. 55A in the context of cases involving breaches of the DPA (see further the current leading case on this issue Central London Community Healthcare NHS Trust v Information Commissioner [2014] 1 Info LR 51, which you can read about here). But is the DPA monetary penalty regime really fit for purpose when it comes to dealing with spamming activities which are prohibited by PECR? If the recent decision by the Upper Tribunal in the case of Information Commissioner v Niebel is anything to go by, the answer to that question must be a resounding no.

The background to the Niebel case is as follows. Mr Niebel had sent out unsolicited text messages on an industrial scale. The texts sought out potential claimants in respect of misselling of PPI loans. The Information Commissioner, who had received hundreds of complaints about the texts, went on to issue Mr Niebel with a monetary penalty of £300,000. So far so unsurprising you might say. However, Mr Niebel has since managed to persuade the First-Tier Tribunal (FTT) to quash the penalty in its entirety (see its decision here) and now the Upper Tribunal (UT) has decided that the penalty should be left firmly quashed (see the UT’s decision here).

So how has Mr Niebel been able to avoid any penalty despite the patently unlawful nature of his activities? To answer that question one first has to understand the ostensibly high threshold which must be cleared if the power to impose a penalty is to be engaged. In short, the legislation only permits a penalty to be issued if there is ‘a serious contravention’ of the legislation (s. 55A(1)(a) and that contravention was ‘of a kind likely to cause substantial damage or substantial distress’ (s. 55A(1)(b) – there is also a knowledge requirement (s. 55A(1)(c)) however that requirement will typically be made out in the case of unlawful spammers). But can it really be said that the sending of relatively anodyne spam text message is ‘of a kind likely to cause recipients substantial damage or substantial distress’? Both the FTT and the UT have now firmly answered this question in the negative.

In the course of its decision, the UT considered the following arguments advanced by the Commissioner.

-        First, when deciding whether the contravention was ‘of a kind’ likely to cause substantial damage or substantial distress, it was possible to take into account not only the scale of the particular texts in issue but also the scale of Mr Niebel’s overall spamming operation. This was an important argument in the context of the appeal because, whilst there was no doubt that over time Mr Niebel had sent out hundreds of thousands of unsolicited communications, the Commissioner had identified ‘the contravention’ as relating only to 286 text messages in respect of which he had received complaints. (He had accepted that some 125 other complaints could not be taken into account as they related to communications sent prior to the coming into force of the penalties regime). The issue was therefore whether the wider context could be taken into account when deciding whether the contravention was ‘of a kind’ likely to cause substantial damage or substantial distress.

-        Second, the word ‘substantial’ in this context must be construed as meaning merely that the damage or distress was more than trivial. This is because the penalties regime was plainly intended to bite on unlawful spammers who caused low level damage or mere irritation, and such individuals would not be caught by the legislation if the word ‘substantial’ was construed as carrying any greater weight.

-        Third, the FTT had otherwise erred when it concluded that the 286 texts in issue were not of a kind likely to cause substantial damage or substantial distress.

On the first argument, the UT accepted that the scale of the contravention could be taken into account when deciding whether it was of a kind likely to cause substantial damage or substantial distress. However, it rejected the argument that Mr Niebel’s wider spamming activities were relevant to the analysis. The UT concluded that activities these did not form part of the ‘contravention’ relied upon by the Commissioner and were not therefore relevant to the analysis when it came to deciding whether s. 55A was engaged (para. 38).

On the second argument, the UT accepted Mr Niebel’s argument that it was not appropriate to try and deconstruct the meaning of the word ‘substantial’ and that the FTT had not erred when it had concluded simply that the question whether the substantial element was made out was ‘ultimately a question of fact and degree’ (paras. 42-51).

On the third argument, the UT held that the FTT’s decision that the 286 texts in issue were not of a kind to cause substantial damage was ‘simply unassailable’. The FTT had been entitled to conclude that the mere fact that recipients might have felt obliged to send ‘STOP’ messages to Mr Niebel did not amount to ‘substantial damage’ (para. 54). On the question of substantial distress, the FTT had been right to conclude that not all injury to feelings would amount to ‘distress’ and that irritation or frustration was not the same as distress. It concluded that there was nothing in the recent judgments in Halliday v Creation Consumer Finance or Vidal-Hall v Google which required a different result. Moreover, the UT was not prepared to accept that the FTT had failed to take into account evidence before it arguably suggesting that individual complainants were in fact substantially distressed by the messages. In the UT’s view the FTT had plainly been mindful of this evidence when it reached its conclusions (paras. 67-73).

Perhaps the most telling line in the judgment is to be found in paragraph 65 where the UT, having noted that the Commissioner had probably done all he could to draw Mr Niebel into the cross-hairs of the legislation, went on to conclude that the most profitable course would be for ‘the statutory test to be revisited with a view to making it better fit the objectives of the 2002 Directive (as amended). So, for example, a statutory test that was formulated in terms of e.g. annoyance, inconvenience and/or irritation, rather than “substantial damage or substantial distress”, might well have resulted in a different outcome. What cannot be doubted is that, absent a successful appeal against the UT’s decision, this legislation will need to be revisited so as to avoid a situation where the spammers end up laughing all the way to the bank whilst the penalties regime descends into obsolescence.

However, I should add that the picture is not altogether rosy for the spammers of this world. According to recent media reports, John Lewis has recently had to pay out damages to Roddy Mansfield, Sky News producer, after it sent him an unsolicited marketing email (see the Sky News report of the matter here – the report does not confirm the quantum of the damages). This rather raises the question of whether, in the face of an apparently deficient monetary penalty regime, the best cure for the disease of unlawful spamming might be to mount a group action.

The Niebel case was another 11KBW affair with Robin Hopkins acting for Mr Niebel and James Cornwell acting for the ICO.

Anya Proops

Fairness under the DPA: public interests can outweigh those of the data subject

June 18th, 2014 by Robin Hopkins

Suppose a departing employee was the subject of serious allegations which you never had the chance properly to investigate or determine. Should you mention these (unproven) allegations to a future employer? Difficult questions arise, in both ethical and legal terms. One aspect of the legal difficulty arises under data protection law: would it be fair to share that personal information with the prospective employer?

The difficulty is enhanced because fairness – so pivotal to data protection analysis – has had little or no legal treatment.

This week’s judgment of Mr Justice Cranston in AB v A Chief Constable [2014] EWHC 1965 (QB) is in that sense a rare thing – a judicial analysis of fairness.

AB was a senior police officer – specifically, a chief superintendent. He was given a final written warning in 2009 following a disciplinary investigation. Later, he was subject to further investigation for allegedly seeking to influence the police force’s appointment process in favour of an acquaintance of AB; this raised a number of serious questions, including about potential dishonesty, lack of integrity, and so on.

AB was on sick leave (including for reasons related to psychological health) for much of the period when that second investigation was unfolding. He was unhappy with how the Force was treating him. He got an alternative job offer from a regulator. He then resigned from the Force before the hearing concerning his alleged disciplinary offences. His resignation was accepted. The Force provided him with a standard reference, but the Chief Constable then took the view that – given the particular, unusual circumstances – he should provide the prospective employer with a second reference, explaining the allegations about AB.

The second reference was to say inter alia that:

“[AB’s] resignation letter pre-dated by some 13 days a gross misconduct hearing at which he was due to appear to face allegations of (i) lack of honesty and integrity (ii) discreditable conduct and (iii) abuse of authority in relation to a recruitment issue. It is right to record that he strenuously denied those allegations. In the light of his resignation the misconduct hearing has been stayed as it is not in the public interest to incur the cost of a hearing when the officer concerned has already resigned, albeit his final date of service post-dating the hearing.”

AB objected to the giving of the second reference and issued a section 10 notice under the Data Protection Act 1998. The lawfulness of the Force’s proposed second reference arose for consideration by Cranston J.

The first issue was this: was the Chief Constable legally obliged to provide a second reference explaining those concerns?

Cranston J held that, in terms of the common/private law duty of care (on the Hedley Byrne line of authority), the answer was no. As a matter of public law, however – and specifically by reference to the Police Conduct Regulations – the answer was yes: “the Chief Constable was obliged by his duty to act with honesty and integrity not to give a standard reference for the recipient because that was misleading. Something more was demanded. In this case the Chief Constable was prima facie under a duty to supply the Regulatory Body at the least with the information about disciplinary matters in the second reference.”

Note the qualifier ‘prima facie’: the upshot was that the duty was displaced if the provision of the second reference would breach the DPA. This raised a number of issues for the Court.

First, no information about AB’s health could be imparted: this was sensitive personal data, and the Chief Constable did not assert that a Schedule 3 DPA condition was met (as required under the First Data Protection Principle).

What about the information as to the disciplinary allegations AB faced? This was not sensitive personal data. Therefore, under the First Data Protection Principle, it could be disclosed if to do so would be (a) fair, (b) lawful, and (c) in accordance with a Schedule 2 condition.

The last two were unproblematic: given the prima facie public law duty to make the second reference here, it would lawful to do so and condition 3 from Schedule 2 would be met.

This left ‘fairness’, which Cranston J discussed in the following terms:

“There is no definition of fairness in the 1998 Act. The Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995, to which the 1998 Act gives effect, contains a reference to protecting privacy rights, as recognised in article 8 of the European Convention on Human Rights and in general principles of EU law: recital 10. However, I cannot accept Mr Lock QC’s submission that the duty of fairness under the Directive and the 1998 Act is a duty to be fair primarily to the data subject. The rights to private and family life in Article 8 are subject to the countervailing public interests set out in Article 8(2). So it is here: assessing fairness involves a balancing of the interests of the data subject in non-disclosure against the public interest in disclosure.”

In conducting this balance between the interests of AB and those of others (including the public interests), Cranston J ultimately – on the particular facts – concluded that it would have been unfair to provide the second reference. There were strong fairness arguments in favour of disclosure – a see paragraph 78 (my emphasis):

“… The focus must be on fairness in the immediate decision to disclose the data [as opposed to a wider-ranging inquiry into the data subject’s conduct in the build-up to disclosure]. In this case the factors making it fair to disclose the information were the public interest in full and frank references, especially the duty of the police service properly to inform other police forces and other regulatory bodies of the person they are seeking to employ. To disclose the information in the second reference would patently have been fair to the Regulatory Body, so it could make a rounded assessment of the claimant, especially given his non-disclosure during the application process.”

However, the balance tipped in AB’s favour. This was partly because the Force’s policy – as well as the undertaken specifically given to AB – was to provide only a standard reference. But (see paragraph 79):

“… what in my view is determinative, and tips the balance of fairness in this case in favour of the claimant, is that he changed his position by resigning from the Force and requesting it to discontinue the disciplinary proceedings, before knowing that the Chief Constable intended to send the second reference. That second reference threatened the job which he had accepted with the Regulatory Body. It is unrealistic to think that the claimant could have taken steps to reverse his resignation in the few weeks before it would take effect. Deputy Chief Constable CD for one had indicated that he would not allow it. The reality was that the claimant was in an invidious position, where in reliance on what the Force through GH had said and done, he was deprived of the opportunity to reinstate the disciplinary proceedings and to fight the allegations against him. This substantive unfairness for the claimant was coupled with the procedural unfairness in the decision to send the second reference without giving him the opportunity to make representations against that course of action. Asking him to comment on its terms after the final decision to send the second reference was too little, too late.”

Therefore, because of unfairness in breach of the DPA and because of AB’s legitimate expectations, the second reference was not lawful.

While Cranston J rightly emphasised the highly fact-specific nature of his overall conclusion, aspects of his discussion of fairness will potentially be of wider application.

So too will his reminder (by way of quoting ICO guidance) that, when it comes to section 10 notices, “Although this [section 10] may give the impression that an individual can simply demand than an organisation stops processing personal data about them, or stops processing it in a particular way, the right is often overstated. In practice, it is much more limited”. Again, in other words, a balancing of interests and an assessment of the justification for the processing is required.

With the ‘right to be forgotten’ very much in vogue, that is a useful point to keep in mind.

Robin Hopkins @hopkinsrobin

Open justice and freedom of information – Browning in the Court of Appeal

June 18th, 2014 by Anya Proops

The issue of just how open our justice system should be is an issue which is or should be of fundamental concern to all practising lawyers. If, as Jeremy Bentham once stated ‘publicity is the very soul of justice’ (cited by Lord Shaw in the leading case of Scott v Scott [1913] AC 477), then an open justice system is the corporeal expression of that soul. However, we now live in times where open justice is increasingly under threat. Indeed, as last week’s headlines reminded us all, matters have now got to a stage where some judges at least have been prepared to allow, not merely the deployment of a limited closed procedure to deal with certain aspects of a case, but a completely secret trial. It no doubt came as a relief to many that the Court of Appeal was not prepared to sanction such a comprehensive departure from the open justice principle: Guardian News v AB CD. However, the mere fact that the judiciary was prepared to contemplate such a procedure shows how far we have come since the days of Scott v Scott.

Today the open justice principle is back before the Court of Appeal as it hears the case of Browning v IC & DBIS (the Court comprises Maurice Kay LJ (Vice President of the Court of Appeal, Civil Division), Patten LJ and McCombe LJ). This time the core issue for the Court of Appeal to determine is the extent to which secrecy in judicial proceedings is a necessary evil in the context of appeals concerning the application of the FOIA regime (see Robin Hopkins’ post about the Upper Tribunal decision being appealed here).

Of course, the starting point in such a case must be that the information which is itself the subject of the appeal (i.e. the disputed information) should be withheld from the applicant and the wider public pending the outcome of the appellate process. Were it otherwise, an applicant would be able to access information which the legislation had designated as exempt simply by mounting an appeal. Plainly this cannot be the right result and it is not the result which Mr Browning is seeking in his case. Rather the issue which arises in Browning is the extent to which other sensitive evidence and submissions, which the public authority wishes to advance in support of its case on appeal, can equally be shrouded in secrecy.

This is a major issue both for applicants, the media and the wider public. This is so for two reasons.

-        First, if an applicant is unable to gain access to key evidence relied upon by the public authority in support of its case on appeal, then inevitably they will be substantially handicapped in advancing their case on appeal. In effect, they are conducting the litigation blindfolded and with one arm tied behind their back. Even if they are given the gist of the evidence in question, typically the devil is in the detail, with the result that the applicant is unable to fathom the substance of the case being put against them. Faced with that scenario, the applicant can only hope that the tribunal, possibly with the assistance of the Commissioner, will itself have the imagination, legal acuity and strength of resolve to subject the public authority’s closed evidence and submissions to proper testing during the closed session.

-        Second, the adoption of closed procedures substantially prevents any rigorous public scrutiny of the ways in which the judiciary is discharging its functions in the context of FOIA appeals. If open justice is, as Lord Shaw put it in Scott v Scott ‘the keenest spur to [judicial] exertion and the surest of all guards against improbity’ then the adoption of closed procedures is the surest way to strip the public of what has been described as its constitutional right to put the judges on trial and ensure that they are discharging their functions in a just manner.

That the latter concern is of real practical importance has been illustrated not least in a recent case in which I acted on behalf of an applicant: Brown v Attorney General, which you can read about here. In Brown, which concerned a request to access a so-called judicial practice direction concerning the sealing of Royal wills, the Upper Tribunal refused Mr Brown permission to appeal against the First-Tier Tribunal’s decision. It was clear that, in refusing permission, the Upper Tribunal had relied heavily on closed material to which Mr Brown had not been privy, although its open written reasons did not indicate how consideration of the closed material warranted this result. However, when the issue of the legality of the Upper Tribunal’s decision came before the High Court by way of a judicial review claim brought by Mr Brown, the Court, which had not been provided with the closed material, readily granted permission for Mr Brown’s claim to proceed. Thereafter the Attorney-General conceded the claim with the result that the appeal against the First-Tier Tribunal’s decision is now due to be substantively heard by the Upper Tribunal. The lesson one draws from this case is that it cannot be presumed that tribunals which reach decisions based on their analysis of closed materials consistently get the approach right.

Of course, it might be said that the appellate process is itself sufficient to address this problem, as it was in the case of Brown. However, there are three difficulties with this argument. First, it presumes, rather unrealistically, that applicants will themselves always have the courage and resources to take their cases to the higher courts. Second, it fails to address the significant point that very often, as a result of their exclusion from the closed process, applicants will have little clue whether or not an appeal would have legs, which very often will deter an applicant from even contemplating an appeal and will in any event substantially inhibit the formulation of potentially relevant grounds of appeal. Third, it ignores the constitutional right of the wider public to scrutinise the judicial process. Significantly, members of the general public, including members of the media, will themselves have no right to appeal in a case in which they were not a party.

So there we have the problem. What is the solution? Well Mr Browning’s case is simple: (a) the tribunal should ensure at a minimum that it rigorously tests assertions by the public authority that particular evidence or particular submissions need to be dealt with on a closed basis (this should now in any event be happening on a routine basis in the tribunal) and (b) in cases where some evidence or submissions have to be dealt with as part of the closed process, the tribunal should allow the applicant’s legal representative to see any closed material and take part in any closed hearing, on condition that he or she does not disclose any part of the closed material to the applicant or any third party. (Interestingly, and by way of contrast, in the Guardian v ABCD case, in the course of the first instance hearing of the application for the trial to be conducted in secret, the court permitted counsel for the media to see relevant closed materials and participate in the closed part of the hearing).

In view of the conclusions reached by the Upper Tribunal, one can anticipate that that the ICO and DBIS, who both resist the appeal will argue: (a) that a core difficulty with an approach which permits the applicant’s representative to access the closed materials/closed session is that it lacks the procedural safeguards available, for example where ‘special advocates’ are used – see further the Upper Tribunal’s decision where reference is made for example to the risk that the applicant’s representative will inadvertently leak closed material to the applicant and, further, (b) that the inquisitorial manner in which the tribunal approaches the exercise of its functions substantially diminishes the pressure to involve the applicant’s representative in the closed part of the hearing.

It remains to be seen what the Court of Appeal will make of these arguments. However, no one can doubt the importance of this case, not only in terms of establishing the applicable procedural rules for the information tribunal, but also in terms of the wider constitutional vitality of the open justice principle.

11KBW’s Ben Hooper is acting for the ICO.

Anya Proops

Section 13 DPA in the High Court: nominal damage plus four-figure distress award

June 13th, 2014 by Robin Hopkins

Given the paucity of case law, it is notoriously difficult to estimate likely awards of compensation under section 13 of the Data Protection Act 1998 for breaches of that Act. It is also very difficult to assess any trends in compensation awards over time.

AB v MoJ [2014] EWHC 1847 (QB) is the Courts’ (Mr Justice Jeremy Baker) latest consideration of compensation under the DPA. The factual background involves protracted correspondence involving numerous subject access requests. Ultimately, it was held that the Defendant failed to provide certain documents to which the Claimant was entitled under section 7 of the DPA within the time frames set out under that section.

Personal data?

There was a dispute as to whether one particular document contained the Claimant’s ‘personal data’. Baker J noted the arguments from Common Services Agency, and he is not the first to observe (at his paragraph 50) that it is sometimes not a ‘straightforward issue’ to determine whether or not information comes within the statutory definition of personal data. Ultimately, he considered that the disputed document did not come within that definition: it “is in wholly neutral terms, and is indeed merely a conduit for the provision of information contained in the letters which it enclosed which certainly did contain the claimant’s personal data”.

Nonetheless, the DPA had been breached in virtue of the delays in the provision of other information to which the Claimant was entitled under section 7. What compensation should he be awarded?

Damage under section 13(1) DPA

Baker J was satisfied, having considered In Halliday v Creation Consumer Finance Limited [2013] EWCA Civ 333, [2013] 2 Info LR 85 (where the same point was conceded), that nominal damage sufficed as ‘damage’ for section 13(1) purposes: “In this regard the word “damage” in this sub-section is not qualified in any way, such that to my mind provided that there has, as in this case, been some relevant loss, then an individual who has also suffered relevant distress is entitled to an award of compensation in respect of it”.

Here the Court was satisfied that nominal damages should be awarded. The Claimant had spent a lot of time pursuing his requests, albeit that much of that time also involved pursuing requests on clients’ behalves, and albeit that no actual loss had been quantified:

“Essentially the claimant is a professional man who, it is apparent from his witness statement, has expended a considerable amount of time and expense in the pursuit of the disclosure of his and others’ data from various Government Departments and other public bodies, including the disclosed and withheld material from the defendant. Having said that, the claimant has not sought to quantify his time and expense, nor has he allocated it between the various requests on his own and others’ behalves. In these circumstances, although I am satisfied that he has suffered damage in accordance with s.13(1) of the DPA 1998, I consider that this is a case in which an award of nominal damages is appropriate under this head, which will be in the conventional sum of £1.00.”

Distress under section 13(2) DPA

That finding opened the door to an award for distress. The Court found that distress had been suffered, although it was difficult to disentangle his distress attributable to the breaches of the DPA from his distress as to the other surrounding circumstances: “doing the best I am able to on the evidence before me I consider that any award of compensation for distress caused as a result of the relevant delays in this case, should be in the sum of £2,250.00”.

Until this week, Halliday was the Courts’ last reported (on Panopticon at any rate) award of compensation under section 13 DPA. That was 14 months ago. In AB, the Court awarded precisely triple that sum for distress.

For a further (and quicker-off-the-mark) discussion of AB, see this post on Jon Baines’ blog, Information Rights and Wrongs.

Robin Hopkins @hopkinsrobin

Privacy, electronic communications and monetary penalties: new Upper Tribunal decision

June 12th, 2014 by Robin Hopkins

Panopticon reported late last year that the First-Tier Tribunal overturned the first monetary penalty notice issued by the Information Commissioner for breaches of the Privacy and Electronic Communications Regulations 2003. This was the decision in Niebel v IC (EA/2012/0260).

The Information Commissioner appealed against that decision. The Upper Tribunal gave its decision on the appeal yesterday: see here IC v Niebel GIA 177 2014. It dismissed the Commissioner’s appeal and upheld the First-Tier Tribunal’s cancellation of the £300,000 penalty imposed for the sending of marketing text messages.

I appeared in this case, as did James Cornwell (also of the Panopticon fold), so I will not be offering an analysis of the case just now. With any luck, one of my colleagues will be cajoled into doing so before too long.

It is worth pointing out simply that this is the first binding decision on the meaning of the various limbs of s. 55A of the DPA 1998, which contains the preconditions for the issuing of a monetary penalty notice.

Robin Hopkins @hopkinsrobin

Section 14 in the Court of Appeal

June 10th, 2014 by Christopher Knight

Just when you thought it was safe to go back in the water. Just when you had got your head round the decisions of Judge Wikeley in Information Commissioner v Devon CC & Dransfield 2012] UKUT 440 (AAC); [2013] 1 Info LR 360 and Craven v Information Commissioner & DECC [2012] UKUT 442 (AAC); [2013] 1 Info LR 335, and the Information Commissioner has issued spangly new guidance on section 14, and the FTT has been merrily applying the new tests to a host of appeals. Just when all that had become de rigeur and everyone was settling back down…

The Court of Appeal, in the form of Briggs LJ at an oral renewal hearing, has granted Mr Dransfield and Ms Craven permission to appeal against the judgments of Judge Wikeley on the issues of the proper interpretation of section 14(1) FOIA and regulation 12(4)(b) EIR (respectively), and the application to their requests for information. Briggs LJ also granted both appellants the necessary extension of time for their appeals. He refused their applications to admit fresh evidence.

No appeal date has been set – the Order granting permission was only sent on 9 June. But the various members of 11KBW involved below (Tom Cross for the ICO, Rachel Kamm for Devon CC, James Cornwell for DECC) will enable Panopticon to ensure that it continues to cause readers to gaze in horror at their screens with the latest updates. Our work here is only just beginning…

Christopher Knight

Cyril Smith and the FTT

June 9th, 2014 by Christopher Knight

Although not a decision of any particular legal significance, it is perhaps worth mentioning the judgment last week of the First-tier Tribunal in Corke v Information Commissioner & Crown Prosecution Service (EA/2014/0012), if only because it is one of those relatively rare occasions on which the work of the FTT itself (as opposed to the information it results in) has been the subject of news coverage, ranging from the Daily Mail to the BBC.

The request was for disclosure of information relating to the now fairly notorious decisions made over time not to prosecute Sir Cyril Smith (a Liberal MP who died in 2010) for offences against children. The disputed material consists of two Minutes prepared by a CPS lawyer in 1998 and 1999. The first reviewed case papers considered in1970 and looked at the weight of the evidence, reflected on the changing approach to the investigation and prosecution of such crimes between 1970 and 1998 and considers bars to a prosecution being launched in 1998. The second considered two more allegations. The material contains the names of individuals concerned in the case in particular the youths who made allegations against Sir Cyril.

The CPS withheld information within the scope of the request, citing section 30(1)(c) (information held for the purpose of criminal proceedings), section 42(1) (legal professional privilege), and section 40(2) (third party personal data). The ICO issued a DN which held that the public interest was finely balanced, but upheld the refusal to disclose. Amongst other things, the ICO noted that the CPS had provided some public explanation of its past decisions and made clear that the same approach would be unlikely to be taken now.

The FTT disagreed with the DN and found that the public interest favoured disclosure of almost all of the requested information (with some redactions). It held that the safe space of the CPS would be unlikely to be harmed given the unique nature of the particular case involved, and the professionalism (and professional obligations) of CPS lawyers. It considered that the documents were in themselves significant historical documents which cast light on changes in the law as it has responded to the evolution of understanding of these crimes and changing social attitudes to them, as well as casting light on Sir Cyril himself. The unusual nature of the case also meant that the public interest in disclosing material covered by section 42 also favoured disclosure. Not surprisingly, the death of Sir Cyril Smith was also mentioned. The FTT redacted material which went beyond the names of the complainants, which might conceivably be used to identify them.

Christopher Knight

Data Protection and Child Protection

June 6th, 2014 by Christopher Knight

One of the difficulties users and practitioners have with the Data Protection Act 1998 is that there is so little case law on any of the provisions, it can be very hard to know how a court will react to the complicated structure and often unusual factual scenarios which can throw up potential claims. There are two reasons why there is so little case law. First, most damages claims under the DPA go to the County Court, where unless you were in the case it is hard to know that it happened or get hold of a judgment. Secondly, most damages claims are for small sums, which is it is more cost-effective to settle than fight.

Neither of those problems applied in MXA v Hounslow LBC, West Berkshire Council, Taunton Dean BC & Wokingham BC (QBD, 4 June 2014, not yet reported), in which M had filed claims in the High Court against a series of local authorities alleging that they held inaccurate and damaging information about him (presumably under sections 10 and 14 DPA, although the limited report available does not make clear). The local authorities applied to strike out the claims, and M failed to attend the hearing. M also alleged a breach of Article 8 ECHR in the data handling.

The facts as summarised are regrettably common. Harrow received information alleging that the step-daughter of M, E, was being physically and sexually abused by M. M complained about records of allegations of sexual misbehaviour towards a child in 2007 set out in a police report, which he denied. Harrow passed the information to Wokingham when E moved into that area. Wokingham recorded and reviewed the material and passed it on to West Berkshire when E moved again. Further allegations received by West Berkshire were sufficiently serious to require an investigation. M had signed forms consenting to the sharing and collection of information. Care proceedings were later initiated.

Perhaps not surprisingly, Bean J granted the application to strike out. He held that the local authorities were conducting child protection functions under their statutory duties (see, for example, the Children Act 1989).  In relation to the fifth data protection principle that personal data should not be held for longer than necessary, Harrow had received a recent complaint and had been provided with police records of convictions and other allegations. The duty of the local authorities, as the baton passed to each of them, was to keep those records for as long as necessary to ensure E’s welfare. The welfare investigation was at an early stage and the local authorities would clearly be acting in breach of their duty if they shredded the information. M could not argue that the information was so historic and uncorroborated that it ought to have been wiped and not disseminated. It had not been disseminated to the public, but passed only to local authorities where the family had lived.

Data controllers recorded a variety of information including allegations and mere suspicions due to the nature of the investigation. The suggestion that the information should not have been recorded unless the data controller was satisfied of its truth to a civil standard was unsustainable, as to which Bean J cited Johnson v Medical Defence Union [2007] EWCA Civ 262; [2011] 1 Info LR 110. Any claim based on the fourth data protection principle that information should be accurate and up to date was met by para 7 of Part II of Schedule 1 as the purpose for which the data was obtained was child protection. Reasonable steps had been taken to ensure its accuracy and the record indicated those matters which M had said were inaccurate. M had twice signed forms consenting to the retrieval of medical and criminal records.

Moreover, M’s section 10 claim to prevent processing likely to cause damage or distress was excluded by section 10(2) and para 3 of Schedule 2, as the processing was necessary to enable the local authorities to comply with their statutory obligations. They were doing no more than performing a proper statutory function.

Bean J also struck out claims of negligence, held that Articles 3 and 6 ECHR were irrelevant, and that there was an interference with M’s Article 8 rights but that it was plainly proportionate in order to protect E.

All of which goes to show that the DPA does not stop public authorities carrying out their important duties, even where underlying facts or allegations are disputed, and that on the occasions where the DPA makes it to court the judges can be trusted to understand both the context in which the authority must operate and that the DPA is intended to recognise that context. Perhaps DPA users have nothing to fear but fear itself after all.

11KBW’s Timothy Pitt-Payne QC acted for West Berkshire Council.

Christopher Knight

Google Spain – article in The Lawyer by Anya Proops

May 24th, 2014 by Rachel Kamm

Ahklaq Choudhury posted this week about the Google Spain judgment. For more 11KBW commentary on the topic, see the article in The Lawyer by Anya Proops: “Privacy but at what price?“. Anya’s article concludes:

Of course, it may well be that these issues will be resolved in the context of the new Data Protection Regulation which is still being debated in Europe. However, in the meantime, the judgment in Google Spain means we may well find ourselves exposed to a degree of data impoverishment which augurs ill for the development of our information society.”

Rachel Kamm, 11KBW

The Common Law and the Spirit of Kennedy

May 20th, 2014 by Christopher Knight

Following the Supreme Court’s lengthy, slightly unexpected, and difficult to grasp judgment in Kennedy v Charity Commission [2014] UKSC 20 (on which I have been quiet because of my involvement, but see Tom Cross’s blogpost here) there has been room for quite a large amount of debate as to how far it goes. Was the majority only suggesting access to the Charity Commission’s information under the common law principle of open justice applied because of the particular statutory regime and/or the nature of the statutory inquiry involved? Or was the principle rather more wide-ranging?

An answer has perhaps begun to emerge, as there was some discussion of this in the judgment of Green J in R (Privacy International) v HMRC [2014] EWHC 1475 (Admin). The judgment is, again, a long one, but the case was a judicial review of a decision of the HMRC that they had no power or duty to disclose information about their export control functions and in particular any investigations into the export by United Kingdom companies of software used for covert surveillance of political activists by repressive foreign regimes. Green J held that section 18 of the Commissioners for Customs and Revenue Act 2005 did provide such a power, and the HMRC had construed it too narrowly, when the power existed but was fact and context-dependent: see too R (Ingenious Media Holdings Plc) v HMRC [2013] EWHC 3258 (Admin), [2014] S.T.C. 673.

The judgment in Kennedy came out shortly after the oral hearing in Privacy International and it obviously sparked something of a debate. Green J accepted that the type of legal process involved was different to that in Kennedy, but he was of the view that Kennedy was authority for a more general proposition, or at least approach: at [62]:

I do not consider that the judgments in Kennedy lack all relevance. The Supreme Court was at pains to point out that the common law treated openness as very important and, with all the ecessary provisos and caveats, that message can in some measure carry through into section 18(2) CRCA 2005. In Kennedy Lord Mance, who gave the leading judgment for the majority, introduced his judgment with the following message which goes well beyond the narrow confines of the Charity Commission:

“1. Information is the key to sound decision-making, to accountability and development; it underpins democracy and assists in combatting poverty, oppression, corruption, prejudice and inefficiency. Administrators, judges, arbitrators, and persons conducting inquiries and investigations depend upon it; likewise the press, NGOs and individuals concerned to report on issues of public interest. Unwillingness to disclose information may arise through habits of secrecy or reasons of self-protection. But information can be genuinely private, confidential or sensitive, and these interests merit respect in their own right and, in the case of those who depend on information to fulfil their functions, because this may not otherwise be forthcoming. These competing considerations, and the balance between them, lie behind the issues on this appeal”.

The claimant conceded in the light of the Supreme Court decision that Article 10 ECHR did not give it a right of access to information, but argued that Article 10 did prevent one state body from stopping another state body imparting information which it wished to impart. Green J felt it unnecessary to decide the point because it added nothing to the common law: at [176], [179].

For various reasons on the facts of the case, and the particular context of HMRC’s approach to section 18, the decision was quashed. But it is a useful indication of how the courts have begun to think about the impact of Kennedy and other information access provisions.

Christopher Knight