PDP Conferences is hosting its 10th annual Freedom of Information Conference in London on 15 and 16 May, with 11KBW hosting the wine and canapés reception.
The conference will be chaired by Robin Hopkins.
The Deputy Information Commissioner, Graham Smith, is the keynote speaker, with Timothy Pitt-Payne QC also among the speakers on day 1 of the conference.
On day 2, 11KBW’s Ben Hooper will host one of the workshops.
The full programme can be found here.
FOIA provides an exemption (s. 42) expressly for legal professional privilege; as is well known, there is ‘strong inherent weight’ in maintaining that exemption. What about the EIRs? LPP is not expressly mentioned, but regulation 12(5)(b) EIR applies to information the disclosure of which would adversely affect “the course of justice, the ability of a person to receive a fair trial or the ability of a public authority to conduct an inquiry of a criminal or disciplinary nature”. Does information attracting LPP automatically come within that exception? Many practitioners operate on the assumption that the answer is ‘yes’. The Upper Tribunal has on a previous occasion, however, left that question open: DCLG v IC and Robinson [2012] UKUT 103 (AAC); [2012] 2 Info LR 43.
That question has recently been revisited. In GW v IC, Local Government Ombudsman and Sandwell MBC [2014] UKUT 0130 (AAC), the Upper Tribunal answered ‘no’: just because LPP applies, it does not automatically follow that regulation 12(5)(b) EIR is engaged. Further analysis is needed – and the onus is on the public authority to make out its case on adverse effects on the course of justice etc.
The requester has complained to the Council about what was being emitted from the chimneys of two of his neighbours who were using wood-burning stoves. The Council obtained written legal advice from counsel. It told the requester it could not progress his complaint as he wished. He complained to the Ombudsman. The Council shared its legal advice with the Ombudsman, expressly on a confidential basis. The requester sought that advice from the Ombudsman. His request was refused. The IC’s decision went against him. So too did that of the First-Tier Tribunal.
The Upper Tribunal, however, found that the FTT went wrong in attributing too much weight to the prejudicial effects which it thought likely to arise “simply through the weakening of this important doctrine” [of LPP].
UT Judge Turnbull considered the wording of regulation 12(5)(b) EIR and said this: “In my judgment that requires attention to be focused on all the circumstances of the particular case, and there is no room for an absolute rule that disclosure of legally privileged information will necessarily adversely affect the course of justice”.
The crux, in his judgment was this: “What particularly matters for present purposes is in my judgment that the rationale for the doctrine and its absolute nature is established as being the need for the client to be able to obtain legal advice on a full and frank basis”.
In the present case, disclosure would be unlikely to prejudice that underlying principle – the Council’s ability to obtain free and frank advice would not be impeded. “What might be damaged would be not the course of justice but the ability of the LGO to conduct future investigations on a fully informed basis” – but that was a different point to the one at the heart of the FTT’s reasoning. The FTT had thus gone wrong in its public interest analysis.
Interestingly, one factor in the UT’s reasoning appears to have been that it was not taken to “any particular part or feature of the Advice which the Council would be unhappy about disclosing, or pointed to any specific concern which it has about Mr W or the public in general seeing it. Nor has it been suggested, for example, that the Advice needs to be qualified because of some inaccuracy or incompleteness in the instructions to counsel. The weight to be accorded to the adverse effect on the course of justice in this case is in my judgment very substantially less than it would have been if the LGO had been able to rely on the weakening of the doctrine of LPP which compulsory disclosure of legal advice will almost always involve”. This offers useful indications of what, in this UT’s view, might suffice to engage regulation 12(5)(b) EIR in respect of information which attracts LPP.
The public authorities also sought to rely on regulation 12(5)(d) EIR (confidentiality of proceedings). By regulation 12(9), however, that exception cannot be relied upon “to the extent that the environmental information to be disclosed relates to information on emissions”. Did that disapplication provision bite here? No, said the UT: “In substance the Advice did not “relate to” information as to the particular nature and extent of those emissions, but rather it related to the meaning and effect of the legislation”. In this case, regulation 12(5)(d) EIR was engaged.
Turning to the public interest balance, a preliminary point addressed by the UT concerned timing: matters post-dating the statutory time for compliance with a request can only properly be taken into account to the extent that they shed light on matters as they stood up to that time, or if they are relevant to the IC’s ‘steps discretion’ under s. 50(4) FOIA. They are not otherwise relevant to the public interest balance.
What might count in favour of the disclosure of privileged information? “In my judgment, therefore, when considering this issue it is relevant to consider not only whether the Council (and/or the LGO) made statements which were positively wrong, but whether they made statements which were liable to mislead or confuse the reader, and so have generated a confusing picture as to the effect of and reasoning behind the Advice”.
In this case, while there was no intention to mislead, “the combined effect of the information which the LGO and the Council had given up to this point was liable to create substantial confusion, in the mind of any reasonable reader, as to what the Advice did say”.
As to the public interest in maintaining the exception, the main factor was “the effect which disclosure would have on the ability of the LGO to obtain legally privileged information from local authorities on the footing that it should remain confidential” – especially given that the Ombudsman cannot compel local authorities to share such information with it. There would thus be a chilling effect on such information-sharing.
In contrast, the unfairness to the Council of having its legal advice shared with the requester was a relatively weak factor.
Overall, however, the balance very firmly favoured the maintenance of the exception. In this case therefore, the likely damage to the LGO’s work prevailed where LPP had not.
Robin Hopkins @hopkinsrobin
Panopticon has previously reported on the novel and important data protection case Steinmetz and Others v Global Witness [2014] EWHC 1186 (Ch). The High Court (Henderson J) has now given a judgment on a procedural point which will set the shape for this litigation.
The broad background to the case has been set out in Jason Coppel QC’s previous post – see here. In a nutshell, Global Witness is an NGO which reports and campaigns on natural resource related corruption around the world. Global Witness is one of a number of organisations which has recently reported on allegations that a particular company, BSG Resources Ltd (“BSGR”), secured a major mining concession in Guinea through corrupt means. Global Witness is now facing claims brought under the Data Protection Act 1998 by a number of individuals who are all in some way connected with BSGR. The claims include a subject access claim brought under s. 7; a claim under s. 10 requiring Global Witness to cease processing data in connection with the claimants and BSGR; a claim for rectification under s. 14 and a claim for compensation under s. 13.
For its part, Global Witness relies on the ‘journalism’ exemption under s. 32 of the DPA, which applies to “processing… undertaken with a view to the publication by any person of any journalistic, literary or artistic material”. Global Witness says it is exempt from the provisions of the DPA on which the claimants rely.
An unusual feature of the s. 32 exemption is that it provides, at subsections (4) and (5), for a mandatory stay mechanism which is designed in essence to enable the ICO to assume an important adjudicative role in the proceedings (my emphasis):
(4) Where at any time (“the relevant time”) in any proceedings against a data controller under section 7(9), 10(4), 12(8) or 14 or by virtue of section 13 the data controller claims, or it appears to the court, that any personal data to which the proceedings relate are being processed—
(a) only for the special purposes, and
(b) with a view to the publication by any person of any journalistic, literary or artistic material which, at the time twenty-four hours immediately before the relevant time, had not previously been published by the data controller, the court shall stay the proceedings until either of the conditions in subsection (5) is met.
(5) Those conditions are—
(a) that a determination of the Commissioner under section 45 with respect to the data in question takes effect, or
(b) in a case where the proceedings were stayed on the making of a claim, that the claim is withdrawn.
So: if the conditions in s. 32(4) are met, then the court must stay proceedings until either the claim is withdrawn or the ICO has issued a determination under section 45. S. 45 effectively requires the ICO to adjudicate upon the application of the journalism/’special purposes’ exemption to the facts of the particular case. Any determination made under s. 45 can be appealed to the Tribunal: see s. 48(4), which confers a right of appeal on the data controller.
Global Witness has invoked s. 32(4) in its defence and has since applied to the Court for a stay under that provision. The claimants disagree that a stay should be granted. They say Global Witness’ reliance on section 32 is misconceived and have made a cross-application to have the s. 32 defence struck out and for summary judgment in the alternative.
The question for Henderson J was whether those rival applications should be heard together (the claimant’s case), or whether Global Witness’ application for a stay should be determined first (Global Witness’ case). Henderson J has agreed with Global Witness on this point. In reaching the view that the stay application should be heard first, it appears that Henderson J had in mind arguments to the effect that requiring the two applications to be heard together would itself risk pre-empting Global Witness’ stay application and may also result in a more cumbersome and costly process (see in particular paragraphs 16-24). Henderson J went on to make the following observation as to the effect of s. 32(4): :
“Subject to argument about the precise nature of a claim sufficient to trigger section 32, Parliament has, in my view, pretty clearly taken the line that issues of this kind should be determined in the first instance by the Commissioner, and any proceedings brought in court should be stayed until that has been done” (paragraph 21).
The stay application will now be heard at the end of June. The matter will then either go off to the ICO or, if the stay application fails, the claimants’ summary judgment/strike-out applications will be considered. The stay application will therefore determine the immediate trajectory of this particular litigation. Whilst the Court declined to order indemnity costs against the claimants, it did award Global Witness close to 100% of its costs.
Anya Proops acts for Global Witness.
Robin Hopkins @hopkinsrobin
In the Digital Rights Ireland case, the Grand Chamber of the CJEU has this week declared invalid the 2006 Directive which provides for the mass retention – and disclosure to policing and security authorities – of individuals’ online traffic data. It found this regime to be a disproportionate interference with privacy rights. Depending on your perspective, this is a major step forward for digital privacy, or a major step backwards in countering terrorism and serious crime. It probably introduces even more uncertainty in terms of the wider project of data protection reform at the EU level. Here is my synopsis of this week’s Grand Chamber judgment.
Digital privacy vs national security: a brief history
There is an overlapping mesh of rights under European law which aims to protect citizens’ rights with respect to their personal data – an increasingly important strand of the broader right to privacy. The Data Protection Directive (95/46/EC) was passed in 1995, when the internet was in its infancy. It provides that personal data must be processed (obtained, held, used, disclosed) fairly and lawfully, securely, for legitimate purposes and so on.
Then, as the web began to mature into a fundamental aspect of everyday life, a supplementary Directive was passed in 2002 (2002/58/EC) on privacy and electronic communications. It is about privacy, confidentiality and the free movement of electronic personal data in particular.
In the first decade of the 21st century, however, security objectives became increasingly urgent. Following the London bomings of 2005 in particular, the monitoring of would-be criminals’ web activity was felt to be vital to effective counter-terrorism and law enforcement. The digital confidentiality agenda needed to make space for a measure of state surveillance.
This is how Directive 2006/24 came to be. In a nutshell, it provides for traffic and location data (rather than content-related information) about individuals’ online activity to be retained by communications providers and made available to policing and security bodies. This data was to be held for a minimum of six months and a maximum of 24 months.
That Directive – like all others – is however subject to the EU’s Charter of Fundamental Rights. Article 7 of that Charter enshrines the right to respect for one’s private and family life, home and communications. Article 8 is about the right to the protection and fair processing of one’s personal data.
Privacy and Digital Rights Ireland prevail
Digital Rights Ireland took the view that the 2006 Directive was not compatible with those fundamental rights. It asked the Irish Courts to refer this to the CJEU. Similar references were made during different litigation before the Austrian Courts.
The CJEU gave its answer this week. In Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources and Others (C‑293/12) joined with Kärntner Landesregierung and Others (C‑594/12), the Grand Chamber held the 2006 Directive to be invalid on the grounds of its incompatibility with fundamental privacy rights.
The Grand Chamber accepted that, while privacy rights were interfered with, this was in pursuit of compelling social objectives (the combatting of terrorism and serious crime). The question was one of proportionality. Given that fundamental rights were being interfered with, the Courts would allow the European legislature little lee-way: anxious scrutiny would be applied.
Here, in no particular order, are some of the reasons why the 2006 Directive failed its anxious scrutiny test (quotations are all from the Grand Chamber’s judgment). Unsurprisingly, this reads rather like a privacy impact assessment which data controllers are habitually called upon to conduct.
The seriousness of the privacy impact
First, consider the nature of the data which, under Articles 3 and 5 the 2006 Directive, must be retained and made available. “Those data make it possible, in particular, to know the identity of the person with whom a subscriber or registered user has communicated and by what means, and to identify the time of the communication as well as the place from which that communication took place. They also make it possible to know the frequency of the communications of the subscriber or registered user with certain persons during a given period.”
This makes for a serious incursion into privacy: “Those data, taken as a whole, may allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, the activities carried out, the social relationships of those persons and the social environments frequented by them.”
Second, consider the volume of data gathered and the number of people affected. Given the ubiquity of internet communications, the 206 Directive “entails an interference with the fundamental rights of practically the entire European population”.
Admittedly, the 2006 regime does not undermine “the essence” of data protection rights (because it is confined to traffic data – the contents of communications are not retained), and is still subject to data security rules (see the seventh data protection principle under the UK’s DPA 1998).
Nonetheless, this is a serious interference with privacy rights. It has objective and subjective impact: “it is wide-ranging, and it must be considered to be particularly serious… the fact that data are retained and subsequently used without the subscriber or registered user being informed is likely to generate in the minds of the persons concerned the feeling that their private lives are the subject of constant surveillance.”
Such a law, said the Grand Chamber, can only be proportionate if it includes clear and precise laws governing the scope of the measures and providing minimum safeguards for individual rights. The 2006 Directive fell short of those tests.
Inadequate rules, boundaries and safeguards
The regime has no boundaries, in terms of affected individuals: it “applies even to persons for whom there is no evidence capable of suggesting that their conduct might have a link, even an indirect or remote one, with serious crime”.
It also makes no exception for “persons whose communications are subject, according to rules of national law, to the obligation of professional secrecy”.
There are no sufficiently specific limits on the circumstances in which this can be accessed by security bodies, on the purposes to which that data can be put by those bodies, or the persons with whom those particular bodies may share the data.
There are no adequate procedural safeguards: no court or administrative authority is required to sign off the transfers.
There are also no objective criteria for justifying the retention period of 6-24 months.
The Grand Chamber’s conclusion
In summary, the Grand Chamber found that “in the first place, Article 7 of Directive 2006/24 does not lay down rules which are specific and adapted to (i) the vast quantity of data whose retention is required by that directive, (ii) the sensitive nature of that data and (iii) the risk of unlawful access to that data, rules which would serve, in particular, to govern the protection and security of the data in question in a clear and strict manner in order to ensure their full integrity and confidentiality. Furthermore, a specific obligation on Member States to establish such rules has also not been laid down…”
There was also an international transfer aspect to its concern: “in the second place, it should be added that that directive does not require the data in question to be retained within the European Union…”
This last point is of course highly relevant to another of the stand-offs between digital privacy and national security which looms in UK litigation, namely the post-Snowden litigation against security bodies.
Robin Hopkins @hopkinsrobin
Panopticon devotees will have noted that important DPA litigation is afoot between a group of businessmen (Beny Steinmetz and others) and the NGO Global Witness. The Economist has recently reported on the latest developments in the case: see here.
I particularly like the article’s subtitle: “Libel laws have become laxer. Try invoking data protection instead”. This is an observation I (and others) have made in the past: see here for example. The point appears to be gathering momentum.
Robin Hopkins @hopkinsrobin
Okay, the following points are mainly about procedure, but they are nonetheless quite important for those involved in FOIA litigation before the Tribunals. These points come from a pair of recent Upper Tribunal decisions, both arising out of requests from the same requester.
One is IC v Bell [2014] UKUT 0106 (AAC): Bell UT s58. Question: suppose the First-Tier Tribunal thinks the ICO got it wrong in its decision notice. Can it remit the matter to the ICO for him to think again and issue another decision notice on the same complaint? Answer: no, it can’t; it must dispose of the appeal itself. There are some exceptions, but that is the general view with which parties should approach Tribunal litigation.
That Bell decision also comments on the importance, in relevant circumstances, of the Tribunal ensuring that it gets the input of the public authority and not just of the ICO, as there will be cases where only the public authority can really provide the answers to questions that arise at the Tribunal stage.
That same Bell decision also explores this point, for those with an interest in FOIA and statutory construction (surely there are some of you?): under s. 58 of FOIA, unless the Tribunal is going to dismiss an appeal, it must “allow the appeal or substitute such other notice as could have been served by the Commissioner” (my emphasis). That is curious. Quite often, Tribunals do both of those things at the same time. What to make of this? Judge Jacobs explains in the Bell decision.
There was also a second Bell appeal on the same day: Bell UT s14. Same Bell, different public authority and separate case: IC and MOD v Bell (GIA/1384/2013). This was about s. 14 of FOIA (vexatious requests). The public authority had provided lots of detail about the background to the series of requests to make good its case under s. 14. But there was a paper hearing rather than an oral one and the Tribunal appears to have overlooked some of that detail and it found that s. 14 had been improperly applied.
Judge Jacobs overturned that decision. One reason was this: when a binding and decisive new judgment (here, Dransfield) appears between the date of a hearing and the date of the Tribunal’s final deliberations, justice requires that the parties be given an opportunity to make submissions on the application of that judgment.
Another was that the Tribunal had failed properly to engage with the documentary evidence before it. “That is why the papers were provided: to be read. A tribunal is not entitled to rely on the parties to point to the passages that it should read and to look at nothing else” (my emphasis). This underlined point is obviously of general application to Tribunal litigation.
Robin Hopkins @hopkinsrobin
At 11KBW’s Information Law conference this past Tuesday, I talked a bit about the progress of the draft EU Data Protection Regulation. I omitted to mention last week’s development (my reason: I was on holiday in Venice, where data protection seemed less pressing). In a plenary session on 12 March, the European Parliament voted overwhelmingly in support of the Commission’s current draft of the Regulation. This is all explain in this Memo from the European Commission. Here are some key points.
One is the apparently “irreversible” progress towards getting the Regulation onto the EU statute books. “The position of the Parliament is now set in stone and will not change even if the composition of the Parliament changes following the European elections in May. As a reminder, the remaining stage is for the European Council to agree to the proposal. Its ministers are meeting again in early June. So far, they have been broadly supportive.
Another point is about business size and data protection risk: SMEs will not need to notify (so where will the ICO get its funding?), they won’t need to have data protection officers or carry out privacy impact assessments as a default rule. “We want to make sure that obligations are not imposed except where they are necessary to protect personal data: the baker on the corner will not be subject to the same rules as a (multinational) data processing specialist.”
A third point has great consequences for international transfers: “Non-European companies, when offering services to European consumers, will have to apply the same rules and adhere to the same levels of protection of personal data. The reasoning is simple: if companies outside Europe want to take advantage of the European market with more than 500 million potential customers, then they have to play by the European rules”.
Fourth, the “right to be forgotten” is still very much on the agenda. “If an individual no longer wants his or her personal data to be processed or stored by a data controller, and if there is no legitimate reason for keeping it, the data should be removed from their system” (subject to freedom of expression). This “citizen in the driving seat” principle, like the consistency aim (the same rules applied the same away across the whole EU) and the “one-stop shop” regulatory model has been part of the reform package from the outset.
A final point is that the Parliament wants regulators to be able to impose big fines: “It has proposed strengthening the Commission’s proposal by making sure that fines can go up to 5% of the annual worldwide turnover of a company (up from 2% in the Commission’s proposal)”. Monetary penalties will not be mandatory, but they will potentially be huge.
On this last point about money: as under the current law, a regulatory fine is one thing and the individual’s right to be compensated another. At out seminar on Tuesday, we discussed whether there would soon be a sweeping away (see for example the Vidal-Hall v Google litigation) of the long-established Johnson v MDU principle that in order to be compensated for distress under section 13 of the DPA, you need first to prove that you suffered financial loss. That may well be so for the DPA, in which case the short- and medium-term consequences for data protection litigation in the UK will be huge.
But it is important to be clear about the longer term: this is going to happen anyway, regardless of any case-law development in UK jurisprudence. Article 77 of the current draft of the Regulation begins like this “Any person who has suffered damage, including non-pecuniary damage, as a result of an unlawful processing operation or of an action incompatible with this Regulation shall have the right to claim compensation from the controller or the processor for the damage suffered”.
If we are indeed irreversibly on track towards a new Regulation, then data protection litigation – notably, though not only about compensating data subjects – is guaranteed to be revolutionised.
Robin Hopkins @hopkinsrobin
The ‘veto’ (ministerial certificate) provision under s. 53 of FOIA (imported also into the EIRs) has been much discussed – on this blog and elsewhere – of late. Here is another excellent resource on the subject which is worth drawing to the attention of readers who want to understand this issue in more detail. Earlier this week, the House of Commons library published this note by Oonagh Gay and Ed Potton on the veto, its use to date, and comparative jurisdictions (Australia, New Zealand, Ireland).
Robin Hopkins @hopkinsrobin
Some FOIA ‘mantras’ frustrate requesters, such as judging matters as at the time of the request/refusal, regardless of subsequent events. Others tend to frustrate public authorities, such as ‘motive blindness’. A recent Tribunal discusses and illustrates both principles – in the context of the distress (including a danger to mental health) likely to arise from disclosure.
The background is that a certain pupil referral unit (PRU) in County Durham was the subject of complaints; 13 of its 60 staff had been suspended. An independent investigation team reported in November 2012. Later in that same month, the Council received a FOIA request for a copy of the investigators’ report. At that time, disciplinary proceedings were pending against each of the suspended members of staff. Those proceedings were to be conducted on a confidetial basis.
The Council refused the request, relying on section 31 (prejudice to conduct of function for purpose of ascertaining any improper conduct), section 40 (personal data) and 38 (health and safety). The ICO agreed, and so has the Tribunal, dismissing the requester’s appeal in Hepple v IC and Durham County Council (EA/2013/0168).
The Tribunal confirmed that, notwithstanding the appellant’s practical arguments to the contrary, it had to judge matters as they stood at the time of the Council’s refusal of the request (paras 4-7).
Section 31 was engaged: “We are satisfied, having read the Report in full, that disclosure in full would have given rise to a perception of unfairness and pre-judgement that would have prejudiced the disciplinary proceedings. Those deciding the complaint might have avoided being prejudiced but the perception of a disinterested third party would have been that the staff member’s right to a fair hearing had been undermined, particularly if publication had attracted media comment” (para 14). The public interest favoured maintaining the exemption.
Reliance on section 40(2) was upheld: the unwarranted interference to the data subjects prevailed over public interest arguments. The comparative balance may have shifted slightly since the date of the refusal, but that was not the relevant time for the purposes of the appeal.
Reliance on section 38 was also upheld. This exemption for health and safety (here, danger to mental health) seldom surfaces in FOIA caselaw. Here it was upheld, largely because the requester himself had sent certain text messages (for which he was later apologetic) to some of the individuals involved. The Tribunal “drew the clear impression that the texts had been transmitted with the purpose of menacing those whose addresses the Appellant had acquired” (para 37).
Those text messages were sent after the refusal of the request, but the Tribunal was satisfied that they evidenced a state of mind likely to have existed at the relevant time. As to ‘motive blindness’, the Tribunal said that “assessing an information request on this “motive blind” basis ought not to prevent us from considering the potential risk to safety posed by the requester him/herself”.
‘Motive blindness’ may be something of a mantra in FOIA cases, but – as with vexatious request cases – it is a principle which should be applied with appropriate nuance.
Robin Hopkins @hopkinsrobin
The ability to impose charges for the provision of property search information is an important financial issue for many local authorities. Historically it had been thought by many that the imposition of such charges was governed by the Local Authorities (England) (Charges for Property Searches) Regulations 2008 (“CPSR”), which allow local authorities to recover all the costs of making such information available (including staff costs, overhead costs and the costs of maintaining relevant information systems). However, in recent years there has been an increasing awareness of the fact that requests for property search information to a large extent amount to requests for access to environmental information, such that they call for an application of the charging regime provided for in r. 8 of the Environmental Information Regulations 2004. The CPSR itself specifically provides that it does not apply to the provision of any information which is governed by other statutory charging regimes. Accordingly, it would seem that the CPSR is inapplicable in respect of requests for property search information insofar as those requests are made under the EIR.
Regulation 8 EIR allow reasonable charges to be imposed for making environmental information available, save that no charge may be imposed for permitting access to public registers or examining the requested information in situ. The question of when a public authority can impose charges and also what will constitute a reasonable charge has now been considered by the tribunal in a number of different cases, all of which concerned requests for property search information (see e.g. Kirklees Council v IC & Pali Ltd [2011] UKUT 104 (AAC) and also East Riding of Yorkshire v IC).
Earlier this year, in Leeds City Council v IC & APPS Claimants (EA/2012/0020-21); [2013] 1 Info LR 406, the First-Tier Tribunal was asked to decide whether, when making environmental information available other than by means of inspection or through public registers, the local authority was entitled under r. 8 to charge only for disbursements (the Commissioner’s case) or whether other costs, such as the cost of staff time spent searching for the requested information and overhead costs, could be factored into the charge (the Council’s case). Having carefully considered not only r. 8 but the provisions on charging in the Directive on Public Access to Environmental Information (“the Directive”), the FTT concluded that public authorities could only charge in respect of disbursement costs. It also held that Leeds had erred in determining the charge by reference to the CPSR. Leeds initially sought and was granted permission to appeal against the decision. However, the appeal was not pursued. Notably, the Commissioner argued before the FTT in the Leeds case that the question of what would constitute a lawful charge could not satisfactorily be resolved without a reference to the Court of Justice of the European Union. That argument was not supported by Leeds or the APPS claimants. The FTT decided that it could resolve the appeal without a reference and so none was made.
These issues have now resurfaced before the First-Tier Tribunal in East Sussex County Council v IC & Property Search Company & the Local Government Association (EA/2013/0037), another property search case. In this case, the applicant requested answers to questions in the standard property search form issued by the Law Society, the CON29R form. The Council imposed a fixed charge for providing this information, the fixed charge having been calculated on the basis of the approach provided for in the CPSR (i.e. was a charge which was intended to produce a cost neutral result for the Council). The charge itself factored in not only disbursement costs, but also staff time, a portion of the Council’s overhead costs, office costs and a portion of the costs of maintaining the information systems from which the relevant information is derived.
In light of an analysis of preparatory legislative materials for the Directive, the Commissioner conceded that costs beyond mere disbursement costs could in principle be factored into the charge. In particular, he argued that staff time spent searching for the information could be included. However, he disputed that other costs (e.g. overheads, office costs and the costs of maintaining the relevant information systems) could lawfully be included. However, the Commissioner’s position before the FTT was that, notwithstanding his concession, there remained substantial uncertainty as to what constituted a permissible charge under the Directive and a reference to the CJEU was still warranted. The other parties to the appeal ultimately agreed that this was an appropriate course.
The FTT has now decided that there should be a reference for a preliminary ruling. The questions being referred are:
(1) What is the meaning to be attributed to Art 5(2) of Directive 2003/4/EC and in particular can a charge of a reasonable amount for supplying a particular type of environmental information include:
(a) part of the cost of maintaining a database used by the public authority to answer requests for information of that type;
(b) overhead costs attributable to staff time properly taken into account in fixing the charge?
(2) Is it consistent with Arts 5(2) and 6 of the Directive for a Member State to provide in its regulations that a public authority may charge an amount for supplying environmental information which does “… not exceed an amount which the public authority is satisfied is a reasonable amount” if the decision of the public authority as to what is a “reasonable amount” is subject to administrative and judicial review as provided under English law?”
Hopefully the CJEU will in due course agree to give a preliminary ruling. In the meantime, local authorities and those engaged in the property search industry will have to wait with baited breath.
Anya Proops acts for the Information Commissioner.
Robin Hopkins @hopkinsrobin
