Leviathan

February 23rd, 2015 by Robin Hopkins

Hot off the press: the Upper Tribunal has given its judgment in Fish Legal.

Applying the principles from the CJEU’s judgment of December 2013, it has held that the respondent water companies are public authorities for the purposes of the Environmental Information Regulations 2004, by virtue of their “special powers”.

The issues and facts are complex, and the judgment is lengthy. It also makes reference to Lewis Carroll, who now somehow appears in two consecutive Panopticon posts.

The judgment is contained in these two documents: FISH LEGAL UT DECISON PART 1 and FISH LEGAL UT DECISON PART 2.

Analysis  of the judgment will follow on Panopticon shortly (thus the barrister dreamed, while the bellowing seemed to grow every moment more clear).

Robin Hopkins

Down the Rabbit Hole – Late Reliance under FOIA

February 15th, 2015 by Christopher Knight

Says the White Rabbit in Alice in Wonderland, “Oh my furry whiskers, I’m late, I’m late, I’m late!” Although the application of FOIA may sometimes feel like Wonderland, the feeling it induces is normally more akin to turning up unexpectedly at the Mad Hatter’s Tea Party (although attributing FTT judicial figures to the characters of the Mad Hatter and the Dormouse is beyond me). But one thing that has, since Birkett v DEFRA [2011] EWCA Civ 1606, not generally proved very controversial is the question of late reliance on exemptions; the White Rabbit need have little fear. Birkett made clear that late (usually after the DN and in the course of litigation before the FTT) reliance on substantive exemptions is permissible, subject to case management powers, under the EIR. The unappealed equivalent decision under FOIA, Information Commissioner v Home Office [2011] UKUT 17 (AAC), has generally been assumed to be correct.

However, there is a generous ‘but’ involved, about which lawyers are second only to Sir Mixlot in their appreciation. Can one rely late upon an exemption in Part I of FOIA? There has been a conflict of FTT and Upper Tribunal authority on the point. Independent Police Complaints Commission v Information Commissioner [2012] 1 Info LR 427 had held that there could be late reliance on section 12. The Upper Tribunal in All Party Parliamentary Group on Extraordinary Rendition v Information Commissioner & Ministry of Defence [2011] UKUT 153 (AAC); [2011] 2 Info LR 75 expressed the clear, if obiter, view that section 12 was not in the same position as substantive FOIA Part II exemptions because it had a different purpose; section 12 is not about the nature of the information but the effect on the public authority of having to deal with the request. The scheme of FOIA was likely to be distorted, the Upper Tribunal held, if the authority could suddenly rely on section 12 after already having carried out the search and engaged with the requestor: at [45]-[47]. The APPGER approach was accepted by the FTT in Sittampalam v Information Commissioner & BBC [2011] 2 Info LR 195. There was at least a school of thought that the APPGER logic ought also to apply to section 14 (which, as was explained in Dransfield, is not properly an exemption at all: at [10]-[11]). Then, in Department for Education v Information Commissioner & McInerney (EA/2013/0270), Judge Warren firmly concluded that section 14 (and by implication section 12) could be relied upon late. I suggested at the time that the conflict of authority on the point might require appellate resolution, and Ms McInerney appealed on that basis (in partial reliance, it appears, on my blogpost: see at [22] of the UT judgment).

 The appeal in McInerney v Information Commissioner and the Department for Education [2015] UKUT 0047 (AAC) has now been determined by Judge Jacobs (who heard the Birkett and Home Office cases). It has definitively resolved that a public authority may rely on sections 12 or 14 for the first time before the FTT, subject to the case management powers of the FTT. Although the judgment of the Upper Tribunal is fairly lengthy, the key part of the analysis is fairly brief. Judge Jacobs considered the principles derived from Birkett overtook the reasoning in APPGER, that the discussion of principle in his Home Office decision applied equally to the Part I exemptions, that section 17(1) did not prevent late reliance, that there was nothing in section 12 to require a different answer, and that late reliance may be forced on a public authority for good reasons (such as the instant appeal): at [33]-[41]. The Upper Tribunal did not consider it necessary to review the various FTT decisions. If section 12 is relied upon before the FTT for the first time, it will be the FTT which has to review the reasonableness of the estimate: at [40]. The Upper Tribunal considered that the answer on section 14 followed naturally from the answer on section 12.

 The position now at least has the benefit of consistency. Requestors will doubtless continue to be extremely frustrated by public authorities who appear to change their position at the last moment (usually when lawyers have become involved), and the FTT does not appear to have been often exercising its powers to restrict late reliance, or to punish incorrect late reliance in costs. However, if an exemption is relied upon correctly, reaching the correct answer is important. Whiskers may soothed, pocket watches stowed away, and lateness need rarely be an issue.

 Also of some practical interest will be the discussion of Judge Jacobs on the interaction of sections 14 and 16. It might be thought difficult to see how the section 16 duty could really apply to a vexatious request (“we advise you to submit a request which is not vexatious” perhaps?). Judge Jacobs accepted at [55] that a request should not have to be dissected to see if it can be severed, because that would undermine the purpose of section 14, but that section 16 cannot be ignored. The circumstances might allow a public authority to extract one part to create a non-vexatious request: at [56]. This is a little hard to understand; it might be thought the better analysis would be that properly construed, that one part was not a vexatious request, and it is not clear whether section 16 adds much. He added that it is not for the FTT to apply section 16 to assist a requestor – only the public authority is obliged to do so: at [57]-[58].

 Andrew Sharland appeared for the DfE and Robin Hopkins appeared for the ICO.

 Christopher Knight

 

Keynote speaker announced for 11KBW Information Law Conference 2015

February 9th, 2015 by Panopticon Blog

We are delighted to be joined by Maurice Frankel, Director of the Campaign for Freedom of Information, who will giving the keynote address at this year’s conference on “FOIA: is this what we expected – and is it good enough for the future?”

The 11KBW Information Law Conference is being held on 19th March 2015. As well as providing an over-view of the key developments in the field of information law, the conference will cover a range of topical issues including: whether the law governing State surveillance is fit for purpose, the relationship between data protection and the media and whether, at 10 years old, FOIA should be seen a boon to or a burden on society.

Date: 19th March 2015
Venue: Royal College of Surgeons, 35 – 43 Lincoln Inn Fields, London WC2A 3PE
Cost: £99 + VAT (20%) = £118.80 to attend half day plus lunch £150 + VAT (20%) = £180.00 to attend full day. We are offering a EARLY BIRD DISCOUNT – 10% off if you book before 27th February 2015 on both half and full day places.

For more information on the conference agenda and details on how to book please click here

Local Offers

February 6th, 2015 by jamesgoudie

Section 30 in Part 3 of the Children and Families Act 2014 defines and prescribes the content of a “Local Offer”.  A local authority in England must publish information about the education and training, social care and health provision, for children and young people who have special educational needs or a disability, that it expects to be available in its area (or in some circumstances outside), whether or not it will be making that provision itself.  Schedule 2 to the Special Educational Needs and Disability Regulations 2014, SI 2014/1530, specify what information must be included in the Local Offer.  Mostyn J has considered these provisions in R (L & P) v Warwickshire County Council (2015) EWHC 203 (Admin).  He observed, at para 48, that Schedule 2 provides for a “very extensive range of information” to be published in the Local Offer, and referred to the “vast number” of people and bodies each local authority must consult before publishing its Local Offer and to the “huge range of information that must be referenced”.

Having referred to the statutory guidance, Mostyn J stated:

“51.       Although the prescriptions are extremely extensive it is important to understand that the requirement is no more than to publish information about what services are expected to be available.  Section 30 of the 2014 Act incorporates a publication obligation, no more, no less.”

At para 54, he said:

“…it must be very clearly understood what the purpose of the consultation is. It is about what appears in the Local Offer, which is a compendium of information. I remind myself of the words of section 30. The local authority has a duty to publish information about certain provision it expects to be available.”

At para 57, Mostyn J reiterated that the statutory consultation is about what the Local Offer should say about services to be provided, not about what services should be provided.  He dismissed the challenge to the fairness of the consultation.  He emphasized (para 59) that the Local Offer by its nature will always be subject to continuous updating; and, at para 77, approved the following submissions on behalf of the County Council:

(i) The development and publication of the Local Offer is, as the legislative framework envisages and the implementation guidance makes clear, intended to be an iterative process, subject to consultation and to be done in accordance with the new spirit of “co-production”. To update the website with further information on the Local Offer and to continue to do so as the Offer is refined and further developed is entirely lawful.

(ii) It is obviously not arguably unlawful for information to be published on the Council’s website by way of a link through to a partner’s website, for example with respect to the information on healthcare provision and SEN provision in schools.

James Goudie QC

The Algebra of FOIA

February 6th, 2015 by Christopher Knight

It is no matter of Euclidian geometry to say that where x + y = z, and z = 13, being told what y equals one need not be Pythagoras to establish the value of x. But what happens when z is in the public domain, x is absolutely exempt information under FOIA (because it is caught by section 23(1)) and the public interest otherwise favours the disclosure of y, which is not the subject of an exemption? Inevitably, the effect of disclosure is that the absolutely exempt information is also revealed. The Interim Decision of the Upper Tribunal in Home Office v ICO & Cobain [2014] UKUT 306 (AAC) was that the Tribunal had to consider whether it was appropriate to utilise the section 50(4) FOIA power so as not to direct disclosure. The issue may be formulaic, but the answer is not.

The application of section 50(4) has only previously received analysis in ICO v HMRC & Gaskell [2011] UKUT 296 (AAC), in which Judge Wikeley held (at [24]) that section 50(4) could be used so as not to require disclosure of information where it would be “unlawful, impossible or wholly impractical”. On the facts of Gaskell, section 50(4) was appropriate because since the request had been made the law had made disclosure of the information unlawful.

The Upper Tribunal has now exercised that decision itself in Home Office v ICO & Cobain [2015] UKUT 27 (AAC), in which Judge Wikeley held that the appropriate exercise of the section 50(4) discretion requires no steps to be taken (i.e. y need not be disclosed, even though section 1 FOIA entitles Mr Cobain to see it). The Upper Tribunal stressed that the application of section 50(4) should be rare, given the need to construe FOIA liberally, and use of it must be lawful in a public law sense. Judge Wikeley broadly endorsed the ICO’s ten listed factors as of potential relevance (although they will vary on the facts of each case): at [18]. He saw it as particularly important that the absolute exemption which would be undermined in this case was section 23(1), expressly drawn widely by Parliament and by contrast to section 24. Indeed, he accepted that section 23 “affords the widest protection”: at [29]. Judge Wikeley also considered the degree of public interest in the information, which he considered not to be especially high given the existing material in the public domain. He therefore agreed that section 50(4) should be applied so as not to require the Home Office to take steps to disclose the information.

It remains to be seen how often there really will be such issues in practice. The Cobain case appears to be the first of its type, although the Upper Tribunal recognised that it might occur under other class-based exemptions, such as sections 30, 35, 41 and 42. What may be more interesting is where different exemptions apply to x and y, one of which is absolutely exempt and one of which is subject to a qualified exemption. Is the algebraic problem a matter for the public interest balance in relation to y, or should it only be resolved at section 50(4)? Strictly speaking, one can see the analytical purity of considering the interest only in relation the specific information covered by y, but it is hard to imagine that the impact of disclosure in relation to x will not bleed across into the weighing. And if there has already been a public interest exercise, what room will there remain for it to be taken into account under section 50(4) – in such cases it would look a lot like double-counting. Perhaps we shall never know, and this may be what happens when the maths fox runs loose in the FOIA henhouse.

One brief procedural addition. The Upper Tribunal had, in ICO v Bell [2014] UKUT 106 (AAC), held that the Tribunal should usually explain that a Decision Notice was wrong in law and why, rather than substituting a new Decision Notice. Judge Wikeley was rather less convinced at the appropriateness or necessity of that conclusion (see at [40]-[42], and in particular the amusing and obvious implicit support given to the Tribunal’s castigation of Bell in Clucas v ICO (EA/2014/0006)) and happily availed himself of the crack left open by Judge Jacobs in Bell to substitute a new Decision Notice in this case. Given that it was a case using section 50(4), that seems a particularly sensible step. Doubtless a case will arise in which Bell can be reconsidered, and God bless all those who have to sail in her.

In the meantime, it is time for FOIA lawyers to get back to the calculators.

Christopher Knight

New Court of Appeal Judgment on handling of DNA materials by the police

February 6th, 2015 by Rupert Paines

The question of what uses can properly be made of DNA data held by the police is an acutely sensitive one. In X and Commissioner of the Police of the Metropolis and anor v Z (Children) and anor[2015] EWCA Civ 34, the Court of Appeal has held that, where such data is obtained by police in exercise of their search and seizure powers under Part II of PACE 1984, it may be retained and used only for the purposes of criminal law enforcement function. Thus, such data cannot be used, for example, in order to resolve issues of paternity in care proceedings before the family court.

The background to the appeal was that X had murdered his partner Y. In the context of care proceedings involving Y’s children, an issue had arisen as to whether X was in fact the biological father of the children. X, despite asserting that he was the children’s biological father, had refused to undergo DNA testing. In response to this refusal, the children’s guardian applied to the court for disclosure of certain DNA profiles held by the Metropolitan Police Service, particularly on the basis that those profiles could then be used to resolve the paternity issue. X objected to the disclosure. Importantly, the DNA profiles in issue had been derived from blood swabs taken by the police from the scene of the murder by the MPS under Part II PACE. It was common ground that the court could not order disclosure of those DNA profiles held by the police in exercise of their powers under Part V PACE (samples taken directly from persons). This was because there is a statutory prohibition contained in Part V of PACE which expressly prohibited the use of such materials other than for the purposes of criminal law enforcement. Munby P, who decided the case at first instance, concluded that the court had a discretion to order disclosure of the Part II DNA profiles and that the disclosure was justified, particularly in view of the Article 8 rights of the children. The MPS appealed, alongside the putative father. The Secretary of State appeared as intervenor.

The Court of Appeal allowed the appeal. It did so on the basis that the President’s approach could not be reconciled with the statutory scheme embodied in PACE, particularly when that scheme was read in a purposive manner and having regard to the Article 8 rights of those individuals whose DNA profiles were held by the police. In reaching this conclusion, the Court relied heavily on the judgment of the European Court of Human Rights in Marper, which itself highlighted the need for substantial controls around the handling of DNA data by the police.

Anya Proops and Sean Aughey acted for the MPS.

Rupert Paines

Googling Orgies – Thrashing out the Liability of Search Engines

January 30th, 2015 by Christopher Knight

Back in 2008, the late lamented News of the World published an article under the headline “F1 boss has sick Nazi orgy with 5 hookers”. It had obtained footage of an orgy involving Max Mosley and five ladies of dubious virtue, all of whom were undoubtedly (despite the News of the World having blocked out their faces) not Mrs Mosley. The breach of privacy proceedings before Eady J (Mosley v News Group Newspapers Ltd [2008] EWHC 687 (QB)) established that the ‘Nazi’ allegation was unfounded and unfair, that the footage was filmed by a camera secreted in “such clothing as [one of the prostitutes] was wearing” (at [5]), and also the more genteel fact that even S&M ‘prison-themed’ orgies stop for a tea break (at [4]), rather like a pleasant afternoon’s cricket, but with a rather different thwack of willow on leather.

Since that time, Mr Mosley’s desire to protect his privacy and allow the public to forget his penchant for themed tea breaks has led him to bring or fund ever more litigation, whilst simultaneously managing to remind as many people as possible of the original incident. His latest trip to the High Court concerns the inevitable fact of the internet age that the photographs and footage obtained and published by the News of the World remain readily available for those in possession of a keyboard and a strong enough constitution. They may not be on a scale of popularity as last year’s iCloud hacks, but they can be found.

Alighting upon the ruling of the CJEU in Google Spain that a search engine is a data controller for the purposes of the Data Protection Directive (95/46/EC) (on which see the analysis here), Mr Mosley claimed that Google was obliged, under section 10 of the Data Protection Act 1998, to prevent processing of his personal data where he served a notice requesting it to do so, in particular by not blocking access to the images and footage which constitute his personal data. He also alleged misuse of private information. Google denied both claims and sought to strike them out. The misuse of private information claim being (or soon to be) withdrawn, Mitting J declined to strike out the DPA claim: Mosley v Google Inc [2015] EWHC 59 (QB). He has, however, stayed the claim for damages under section 13 pending the Court of Appeal’s decision in Vidal-Hall v Google (on which see the analysis here).

Google ran a cunning defence to what, post-Google Spain, might be said to be a strong claim on the part of a data subject. It relied on Directive 2000/31/EC, the E-Commerce Directive. Article 13 protects internet service providers from liability for the cached storage of information, providing they do not modify the information. Mitting J was content to find that by storing the images as thumbnails, Google was not thereby modifying the information in any relevant sense: at [41]. Article 15 of the E-Commerce Directive also prohibits the imposition of a general obligation on internet service providers to monitor the information they transmit or store.

The problem for Mitting J was how to resolve the interaction between the E-Commerce Directive and the Data Protection Directive; the latter of which gives a data subject rights which apparently extend to cached information held by internet service providers which the former of which apparently absolves them of legal responsibility for. It was pointed out that recital (14) and article 1.5(b) of the E-Commerce Directive appeared to make that instrument subject to the Data Protection Directive. It was also noted that Google’s argument did not sit very comfortably with the judgment (or at least the effect of the judgment) of the CJEU in Google Spain.

Mitting J indicated that there were only two possible answers: either the Data Protection Directive formed a comprehensive code, or the two must be read in harmony and given full effect to: at [45]. His “provisional preference is for the second one”: at [46]. Unfortunately, the judgment does not then go on to consider why that is so, or more importantly, how both Directives can be read in harmony and given full effect to. Of course, on a strike out application provisional views are inevitable, but it leaves rather a lot of legal work for the trial judge, and one might think that it would be difficult to resolve the interaction without a reference to the CJEU. What, for example, is the point of absolving Google of liability for cached information if that does not apply to any personal data claims, which will be a good way of re-framing libel/privacy claims to get around Article 13?

The Court also doubted that Google’s technology really meant that it would have to engage in active monitoring, contrary to Article 15, because they may be able to do so without “disproportionate effort or expense”: at [54]. That too was something for the trial judge to consider.

So, while the judgment of Mitting J is an interesting interlude in the ongoing Mosley litigation saga, the final word certainly awaits a full trial (and/or any appeal by Google), and possibly a reference. All the judgment decides is that Mr Mosley’s claim is not so hopeless it should not go to trial. Headlines reading ‘Google Takes a Beating (with a break for tea)’ would be premature. But the indications given by Mitting J are not favourable to Google, and it may well be that the footage of Mr Mosley will not be long for the internet.

Christopher Knight

Information Law Conference 2015

January 23rd, 2015 by Panopticon Blog

Join us at 11KBW’s Annual Information Law Conference on 19th March 2015.  As well as providing an over-view of the key developments in the field of information law, the conference will cover a range of topical issues including: whether the law governing State surveillance is fit for purpose, the relationship between data protection and the media and whether, at 10 years old, FOIA should be seen a boon to or a burden on society. Keynote speaker to be confirmed.

Click here to download the Information Conference Programme.

Venue and Booking information

Venue The Royal College of Surgeons of England, 35 – 43 Lincoln Inn Fields, London WC2A 3PE

Cost £99 + VAT (20%) = £118.80 to attend half day plus lunch; £150 + VAT (20%) = £180.00 to attend full day

EARLY BIRD DISCOUNT – 10% off if you book before 27th February 2015 on both half and full day places.

To Book To book your place on this conference please email RSVP@11kbw.com stating if you would to attend full or half day, the delegate name, firm, email address and any purchase order details you may require. You will be then sent a confirmation email of your place and invoiced. We do not have the facilities to accept payments by credit or debit cards.

CPD accredited with SRA and BSB: 4.5 hours

Data protection: three developments to watch

January 15th, 2015 by Robin Hopkins

Panopticon likes data protection, and it likes to keep its eye on things. Here are three key developments in the evolution of data protection law which, in Panopticon’s eyes, are particularly worth watching.

The right to be forgotten: battle lines drawn

First, the major data protection development of 2014 was the CJEU’s ‘right to be forgotten’ judgment in the Google Spain case. Late last year, we received detailed guidance from the EU’s authoritative Article 29 Working Party on how that judgment should be implemented: see here.

In the view of many commentators, the Google Spain judgment was imbalanced. It gave privacy rights (in their data protection guise) undue dominance over other rights, such as rights to freedom of expression. It was clear, however, that not all requests to be ‘forgotten’ would be complied with (as envisaged by the IC, Chris Graham, in an interview last summer) and that complaints would ensue.

Step up Max Moseley. The BBC reported yesterday that he has commenced High Court litigation against Google. He wants certain infamous photographs from his past to be made entirely unavailable through Google. Google says it will remove specified URLs, but won’t act so as to ensure that those photographs are entirely unobtainable through Google. According to the BBC article, this is principally because Mr Moseley no longer has a reasonable expectation of privacy with respect to those photographs.

The case has the potential to be a very interesting test of the boundaries of privacy rights under the DPA in a post-Google Spain world.

Damages under the DPA

Second, staying with Google, the Court of Appeal will continue its consideration of the appeal in Vidal-Hall and Others v Google Inc [2014] EWHC 13 (QB) in February. The case is about objections against personal data gathered through Apple’s Safari browser. Among the important issues raised by this case is whether, in order to be awarded compensation for a DPA breach, one has to establish financial loss (as has commonly been assumed). If the answer is no, this could potentially lead to a surge in DPA litigation.

The General Data Protection Regulation: where are we?

I did a blog post last January with this title. A year on, the answer still seems to be that we are some way off agreement on what the new data protection law will be.

The latest text of the draft Regulation is available here – with thanks to Chris Pounder at Amberhawk. As Chris notes in this blog post, the remaining disagreements about the final text are legion.

Also, Jan Philipp Albrecht, the vice-chairman of the Parliament’s civil liberties committee, has reportedly suggested that the process of reaching agreement may even drag on into 2016.

Perhaps I will do another blog post in January 2016 asking the same ‘where are we?’ question.

Robin Hopkins @hopkinsrobin

How to apply the DPA

January 15th, 2015 by Robin Hopkins

Section 40 of FOIA is where the Freedom of Information Act (mantra: disclose, please) intersects with the Data Protection Act 1998 (mantra: be careful how you process/disclose, please).

When it comes to requests for the disclosure of personal data under FOIA, the DPA condition most commonly relied upon to justify showing the world the personal data of a living individual is condition 6(1) from Schedule 2:

The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.

That condition has multiple elements. What do they mean, and how do they mesh together? In Goldsmith International Business School v IC and Home Office (GIA/1643/2014), the Upper Tribunal (Judge Wikeley) has given its view. See here Goldsmiths. This comes in the form of its endorsement of the following 8 propositions (submitted by the ICO, represented by 11KBW’s Chris Knight).

Proposition 1: Condition 6(1) of Schedule 2 to the DPA requires three questions to be asked:

(i) Is the data controller or the third party or parties to whom the data are disclosed pursuing a legitimate interest or interests?

(ii) Is the processing involved necessary for the purposes of those interests?

(iii) Is the processing unwarranted in this case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject?

Proposition 2: The test of “necessity” under stage (ii) must be met before the balancing test under stage (iii) is applied.

Proposition 3: “Necessity” carries its ordinary English meaning, being more than desirable but less than indispensable or absolute necessity.

Proposition 4: Accordingly the test is one of “reasonable necessity”, reflecting the European jurisprudence on proportionality, although this may not add much to the ordinary English meaning of the term.

Proposition 5: The test of reasonable necessity itself involves the consideration of alternative measures, and so “a measure would not be necessary if the legitimate aim could be achieved by something less”; accordingly, the measure must be the “least restrictive” means of achieving the legitimate aim in question.

Proposition 6: Where no Article 8 privacy rights are in issue, the question posed under Proposition 1 can be resolved at the necessity stage, i.e. at stage (ii) of the three-part test.

Proposition 7: Where Article 8 privacy rights are in issue, the question posed under Proposition 1 can only be resolved after considering the excessive interference question posted by stage (iii).

The UT also added this proposition 8, confirming that the oft-cited cases on condition 6(1) were consistent with each other (proposition 8: The Supreme Court in South Lanarkshire did not purport to suggest a test which is any different to that adopted by the Information Tribunal in Corporate Officer).

Those who are called upon to apply condition 6(1) will no doubt take helpful practical guidance from that checklist of propositions.

Robin Hopkins @hopkinsrobin