Internet traffic data and debt collection: privacy implications

December 5th, 2012 by Robin Hopkins

Mr Probst was a subsriber to the internet service provider (ISP) Verizon. He failed to pay his bill. A company called ‘nexnet’, the assignee of Verizon’s debt, sought to collect the sums due. In doing so, it obtained and used his internet traffic data in accordance with its ‘data protection and confidentiality agreement’ with Verizon. Disinclined to pay up, Mr Probst argued that nexnet had processed his personal data unlawfully and that the relevant terms of its agreement with Verizon purporting to sanction that processing were void. The first-instance German court agreed with him, but the appellate court did not.

It referred a question to the CJEU concerning Directive 2002/58 (the privacy and electronic communications Directive), which seeks to “particularise and complement” the Data Protection Directive 95/46/EC.

Article 5(1) of the 2002 Directive provides confidentiality in respect of electronic communications and traffic data. Article 6(1) says that traffic data must be “erased or made anonymous when it is no longer needed for the purpose of the transmission of a communication”, unless one of the exceptions in that Article applies. The relevant provisions here were Articles 6(2) and (5). The first allows traffic data to be processed for subscriber billing purposes – but only within a specified time period. The second allows for processing of such data by an ISP’s authorised agent only for specified activities and only insofar as is necessary for those activities. The provisions are worded as follows:

(2) Traffic data necessary for the purposes of subscriber billing and interconnection payments may be processed. Such processing is permissible only up to the end of the period during which the bill may lawfully be challenged or payment pursued.

(5) Processing of traffic data, in accordance with paragraphs 1, 2, 3 and 4, must be restricted to persons acting under the authority of providers of the public communications networks and publicly available electronic communications services handling billing or traffic management, customer enquiries, fraud detection, marketing electronic communications services or providing a value added service, and must be restricted to what is necessary for the purposes of such activities.

In Probst v mr.nexnet GmbH (Case C‑119/12), the Third Chamber of the CJEU essentially had to decide whether, and in what circumstances, Articles 6(2) and (5) allow an ISP to pass traffic data to the assignee of its claims for payment such that the latter may process those data. Its starting point was that Articles 6(2) and (5) were exceptions to the general principle of confidentiality with respect to one’s internet traffic data. They therefore needed to be construed strictly.

As regards Article 6(2), Mr Probst had argued that nexnet was not in the business of ‘billing’, but in the business of debt collection. The referring court’s view was that, for data protection purposes, those activities were sufficiently closely connected to be treated indentically. The Third Chamber agreed. It found that, by authorising traffic data processing ‘up to the end of the period during which the bill may lawfully be challenged or payment pursued’, Article 6(2) relates not only to data processing at the time of billing but also to the processing necessary for securing payment thereof.

As to Article 6(5), the Court held “that a persons acts under the authority of another where the former acts on instructions and under the control of the latter”.

The next question was essentially: what does a data protection-compliant contract between an ISP and a third party (an agent, assignee or someone to whom an activity is outsourced) look like? Must the ISP actually be able to determine the use of the data by the third party, including on a case-by-case basis, throughout the duration of the data processing? Or is it sufficient that its contract with the third party contains general rules about the privacy of telecommunications and data protection and provides for data to be erased or returned on request?

The Court emphasised that outsourcing or assignment may not result in lower levels of protection for individuals’ personal data (paragraph 26). The contract must be sufficiently specific. It must, for example, provide for the immediate and irreversible erasure or return of data as soon as knowledge thereof is no longer necessary for the recovery of the claims concerned. The controller (here, the ISP) must be in a position to check and ensure compliance with the privacy and data protection measures agreed under the contract, and the contract must provide for the ISP to be able to request the return or erasure of the data.

The issue in the Probst case (how to balance privacy and legal rights to monies owed) has obvious parallels with measures to combat copyright infringement (how to balance privacy and legal rights to intellectual property). I have blogged on copyright and privacy issues here and here.

The Probst judgment is an important confirmation of general principles about privacy with respect to one’s internet data. The implications for all sorts of contracts involving such data are clear – cloud computing arrangements, for example (on which, see Panopticon’s post here).

It is increasingly important that those contracts provide for specific and enforceable safeguards against unlawful processing of personal data. The Data Protection Directive will change before too long, but these principles will not.

Robin Hopkins

Tags: , , ,
Posted in INFORMATION LAW | Comments Off on Internet traffic data and debt collection: privacy implications

Important developments in surveillance law: RIPA and CCTV

September 17th, 2012 by Robin Hopkins

Important changes to the Regulation of Investigatory Powers Act 2000 come into force from 1 November 2012, thanks to the Protection of Freedoms Act 2012 (Commencement No. 2) Order 2012, passed last week. This is an extremely important development for local authorities.

Local authorities are empowered under RIPA to use three surveillance techniques: directed surveillance, the deployment of a Covert Human Intelligence Source (CHIS) and accessing communications data. Early in its term, the Coalition government indicated that it would impose additional safeguards on local authorities’ use of such powers, responding in part to concerns aired by Big Brother Watch and others (see our post here and the recent ‘Grim RIPA’ report here). Chapter 2 of Part 2 of the Protection of Freedoms Act 2012 Act amended RIPA so as to require local authorities to obtain the approval of a magistrate for any authorisation for the use of a covert investigatory technique.

The procedure for obtaining judicial approval may be much like that involved in obtaining search warrants. It remains to be seen how magistrates scrutinise the reasoning and evidence supporting an authorisation so as to ensure that the conditions laid down by RIPA – in particular, necessity and proportionality – are satisfied. Ibrahim Hasan has discussed the changes in his Local Government Lawyer piece here.

Last week also saw a second important announcement on surveillance. The government has announced that it is busy with preparatory work on a new CCTV code of practice, with the aim of consulting on the draft code over the autumn and bringing the new one into force in April 2013. Authorities specified in s. 33(5) of the Protection of Freedoms Act 2012 have a duty to have regard to the code, and other system operators will be encouraged to adopt it on a voluntary basis.

The Home Office Minister, Jeremy Browne MP, told the House of Commons last week that the government is “committed to ensuring that any deployment in public places of surveillance cameras, including close circuit television (CCTV) and automatic number plate recognition (ANPR), is appropriate, proportionate, transparent and effective in meeting its stated purpose”.

Oversight of – and independent recommendations about – the new code will fall to Andrew Rennison, who will remain in post as both surveillance camera commissioner and forensic science regulator until February 2014.

If one adds the Local Authorities (Executive Arrangements) (Meetings and Access to Information) (England) Regulations 2012, also passed last week (see my post here), this is clearly a time of great flux in terms of the information law landscape for local authorities in particular.

Robin Hopkins

Tags: , , , , , ,
Posted in INFORMATION LAW | Comments Off on Important developments in surveillance law: RIPA and CCTV

Police Surveillance – New tribunal decision

June 20th, 2012 by Anya Proops

Earlier this month Robin Hopkins blogged on a recent admin court judgment applying Article 8 to the police’s act of retaining data on a protestor (see his post on the Catt case here). This week the Information Tribunal handed down a judgment concerning another aspect of police surveillance, namely the automatic number-plate recognition (ANPR) system, which is now in widespread use across Great Britain. In Mathieson v IC & Devon & Cornwall Constabulary (EA/2010/0174), Mr Mathieson, a Guardian journalist, requested disclosure from the Constabulary of the location of all the ANPR cameras within the area of the Devon & Cornwall Constabulary. The Constabulary refused disclosure on an application of ss. 24 (national security) and 31 (prevention of crime) FOIA. The Commissioner upheld the Constabulary’s refusal notice on the basis that the location information was exempt from disclosure under s. 31. Mr Mathieson appealed against the Commissioner’s decision.

At the hearing before the Tribunal, it was conceded on behalf of Mr Mathieson that, on all the evidence, both ss. 24 and 31 were engaged in respect of the location information. The key issue which the Tribunal was called upon to determine was whether the public interest balance nonetheless weighed in favour of disclosure. In summary, the Tribunal held that the use of the ANPR system by the Constabulary inevitably gave rise to serious civil liberty concerns. This was not least because the system indiscriminately recorded the number-plate of every single vehicle passing before the individual cameras, irrespective of whether the vehicles may be being used as part of a criminal enterprise or as a result of individuals innocently and lawfully going about their day to day business. However, it nonetheless went on to find that the public interest balance weighed firmly in favour of maintaining the exemptions. This was because, on all the available evidence, it was clear that revealing the location of the individual cameras within Devon and Cornwall would have enhanced the ability of criminals, including terrorists, effectively to bypass the ANPR system, thus helping them to evade detection and prosecution.

In the course of its decision, the Tribunal held that: ‘there is always likely to be a substantial public interest in maintaining the exemptions we are concerned with, in particular that provided by section 24 which relates to national security’ (§8). It also held that, whilst disclosure of the location information may only have tipped the balance slightly in favour of the criminals, not least because they may in any event have been able to identify the cameras through their own efforts, that was sufficient to result in a situation where the location information must be treated as exempt (§10).

Notably, a separate question was raised during the course of the appeal as to whether the information captured by the ANPR system amounted to ‘personal data’ in the hands of the Constabulary. Mr Mathieson and the Commissioner submitted that it did. The Constabulary disputed this conclusion. Ultimately, the Tribunal took the view that it did not need to resolve this dispute for the purposes of determining the appeal.

I am limited in what I can say about this case, having appeared on behalf of the Commissioner. However, it is clear from the judgment that there is an abiding issue as to the legality of the ANPR system and, in particular, whether it unjustifiably interferes with the right to privacy under Article 8 and/or with the data subject’s rights under the DPA. Whilst this is a nettle which the Tribunal itself considered it did not need to grasp in the circumstances of the Mathieson appeal, there can be little doubt but that it is a nettle which will be subject to judicial examination in the future.

Anya Proops

Tags: , , , ,
Posted in Uncategorized | Comments Off on Police Surveillance – New tribunal decision

Important new privacy judgment: police retention of protestor’s data not an Article 8 infringement

June 1st, 2012 by Robin Hopkins

The Admin Court (Gross LJ and Irwin J) has handed down judgment this week in Catt v Association of Chief Police Officers and Commissioner of Police of the Metropolis [2012] EWHC 1471 (Admin). It is an extremely important judgment on Article 8 ECHR in the context of personal information retained for policing purposes. It is also notable for its analysis of protest as an inherently public activity.

The background

ACPO launched a National Domestic Extremism Database containing information provided by police forces. The Metropolitan Police subsequently assumed responsibility for the database. The database contained information relating to the attendance by the claimant (an 87-year old protestor of good character) at various political protests made by a group called “Smash EDO”. Smash EDO opposes a US arms manufacturer with a factory in Brighton; its activities have often involved violent disorder and criminality (though apparently not by the claimant), necessitating a substantial police presence. Police officers overtly gathered information (including photographic and video material) at those protests. They then compiled reports on the protests, identifying a number of individuals including the claimant. The information at issue in this case comprised those sorts of reports – they were about incidents rather than the claimant per se, although the claimant was identified in the reports. The defendants retained that information pursuant to the statutory Code of Practice on the Management of Police Information, made under the Police Acts 1996 and 1997, and associated Guidance on the Management of Police Information.

The issues

The overarching issue was whether this infringed Mr Catt’s rights under Article 8 ECHR, the right to respect for private life.

It is important (if not entirely surprising) to note how the parties and the Court saw Article 8 and the Data Protection Act 1998 interacting (see paragraph 6(iv)). All agreed that the DPA was theoretically in play, but added nothing: if the Article 8 claim succeeded then the DPA claim was not needed; if Article 8 was engaged, but the interference was justified, then the DPA claim would automatically fail; if Article 8 was not engaged, the prospects of success under the DPA were negligibly remote.

The issues were therefore: (i) whether there was an interference with the claimant’s rights under Article 8(1), and (ii) if so, whether this interference was justified. The Court said no on both counts, by application of the authorities to three crucial findings.

Crucial findings

First, the Court accepted the need for such information to be retained by the police. Gross LJ said this at paragraph 19:

“… the use of intelligence is a fundamental policing tool.  Investigators need the ability to identify relationships within protest groups. Likewise, they need to be able to identify individuals associated with the use of particular tactics, together with those with a propensity to violence, disorderly behaviour and organised coordinated actions.  Although Mr. Catt has not been convicted of any offence, the evidence, which again I accept, is that his close association with violent members of Smash EDO and knowledge of this association is of intelligence value.  Such knowledge forms part of a “far wider picture of information”… needed by the police, inter alia, to investigate incidents of criminality and to assist the policing of future events.”

Secondly, “the essential nature of such activity [protesting] is that it is of a public nature. Indeed, its very object is to make others aware of his views and the causes to which he lends his support” (paragraph 36).

Thirdly, given the violent disorder which characterised Smash EDO’s activities, it was reasonable to expect the police to gather and retain such information. This was especially so as this information had been gathered by over rather than covert policing.

Issue 1: Article 8(1) neither engaged nor infringed

Given those findings, the Court concluded that the claimant’s rights under Article 8(1) were not engaged at all. The claimant’s reliance on R (Wood) v Commr of Police of the Metropolis [2009] EWCA Civ 414 did not assist: the facts were different, and it would be “unreal and unreasonable” to find an infringement of Article 8(1) in the present case.

Issue 2: interference would in any event be justified

The Court went on to conclude that even if there had been an interference with Article 8(1), this would be justified. The claimant had argued inter alia that he was not personally suspected of criminality and that there was no democratic oversight of the database system. The defendant argued inter alia that, given Smash EDO’s activities, the retention of this sort of information – police reports as opposed, for example, to photos or video material – was reasonably necessary and proportionate.

Gross LJ (with whom Irwin J agreed) had “no hesitation in concluding that any interference with Mr. Catt’s rights was amply justified under Art. 8.2”.

His reasons included the following (paragraph 64):

“Any interference with Mr. Catt’s Art. 8.1 rights was at the margins. The reports, the product of overt policing, did no more than record Mr. Catt’s public activities, the very object of which was to convey his views to as wide an audience as possible.  The reports were compiled and retained for intelligence purposes, in accordance with the Code and the Guidance, with a view to an appropriate police response to a campaign marred by serious, persistent criminality and posing a significant public order problem.”

Irwin J agreed that there was no expectation of privacy here, applying the approach in Campbell v MGN [2004] UKHL 22.

At paragraph 70 he added that it was not easy to see “… how it can affect the engagement of Art 8.1 that the material is recorded by police officers as opposed, say, to journalists; or collated and held within the National Extremism Database, as opposed to a local history archive in the town where the demonstrations have been held.  The latter distinction was advanced by Mr Owen (“the entries were not recorded on any database…”).  The issue is not whether the individual concerned likes or dislikes the thought of the data being held by this or that body: the issue is whether a reasonable expectation of privacy arises.  In my judgment, it does not arise in respect of any of the information in this case.”

Irwin J did, however, add this observation at paragraph 70, which might give rise to interesting arguments in future cases on such issues:

“Different questions might arise if material recorded in that context were collated with material which was private in its nature.  That does not arise in this case.”

What about ongoing retention of this information?

Gross LJ thought it sensible for the police to review its retention of this sort of information when the Smash EDO campaign concludes, but he agreed with Irwin J’s comments at paragraph that 73:

“… even when the Smash EDO campaign ends, it may yet be justifiable to retain some or all of this information.  The picture here is that there are connections between this group and parts of the animal rights movement, active before this group was formed.  It may be a legitimate function of intelligence to keep records of this group after it has ceased to be active, the better to understand the risks associated with after-coming groups with overlapping membership.  To my mind, there is no expectation that a review at a suitable point in the future will conclude otherwise.”

Robin Hopkins

Tags: , , , , , ,
Posted in INFORMATION LAW | Comments Off on Important new privacy judgment: police retention of protestor’s data not an Article 8 infringement

ARTICLE 8 CHALLENGE TO ENHANCED CRIMINAL RECORDS REGIME FAILS (AT FIRST INSTANCE)

February 10th, 2012 by Robin Hopkins

Yesterday, the High Court(Kenneth Parker J) gave judgment in R (T) v (1) Chief Constable of Greater Manchester Police, (2) Secretary of State for the Home Department (Secretary of State for Justice an interested party) [2012] EWHC 147 (Admin). The judgment is available here:  T_v_Greater_Manchester_Police.

In July 2002, the Claimant was 11 years old. He received a warning (a private procedure, under the Crime and Disorder Act 1998) from Greater Manchester Police for the theft of two bicycles. His subsequent conduct was apparently exemplary. By section 113B of the Police Act 1997, Enhanced Criminal Record Certificates (ECRCs) must contain all convictions, cautions and warnings. The Claimant, a 20-year old student applying for a sports studies course, obtained his ECRC in December 2010. It contained details of the bike theft warning.

He argued that the inflexible requirement under the 1997 Act for all convictions, cautions and warnings to be disclosed in ECRCs was incompatible with Article 8 of the ECHR.

With overt reluctance, Kenneth Parker J dismissed the claim. His decision was based on the analysis of R (L) v Commissioner of Police for the Metropolis [2009] UKSC 3 [2010] 1 AC 410, where the majority of the Supreme Court decided that the disclosure of “information” (under s. 115(6) of the 1997 Act) potentially breached Article 8. Such a breach would be justified only if (a) the information is relevant to the decision for which the ECRC is required, and (b) disclosure is proportionate, taking into account factors such as the gravity of the material, the reliability of the information on which it was based, the relevance of the material to the particular job application, the period since the relevant events and the impact on the applicant of including the material in the ECRC.

The disclosure of “information” was, however, a separate matter from the disclosure of convictions, cautions and warnings. It was clear from L that, insofar as it required the latter, the 1997 Act was not open to challenge under Article 8.

Kenneth Parker J had great sympathy with the Claimant’s analogy with R (F) v Justice Secretary [2010] UKSC 17; [2011] 1 AC 331, in which the subjecting of the claimants to indefinite reporting requirements under the Sexual Offences Act 2003 was found to violate their rights under Article 8. As in F, the provisions under challenge in the present case provided for no reviews, and no exceptions. This caused the learned judge great concern. He observed that:

“… a system that allows no exceptions imposes a very heavy cost in terms of effect on the fundamental rights protected by Article 8 ECHR.  I am not persuaded that the marginal benefit that a system which admits no exceptions brings to, admittedly important, competing interests is justified as a matter of proportionality when the serious detrimental effects of such a system, particularly on child offenders, are weighed in the balance.  A system that permitted exceptions would probably be more prone to error, but only marginally so if the criteria for review were themselves conservative and risk averse.  The consequential improvement to the protection of Article 8 rights on the other hand, would be likely to be substantial.”

Nonetheless, his hands were tied by L: the requirement to disclose convictions, cautions and warnings did not violate Article 8. It may be a “bright line rule”, and arguably a harsh one, but the law has condoned such rules in other circumstances (see for example R (Animal Defenders International) v Secretary of State for Culture, Media and Sport [2008] 1 AC).

The Claimant also sought to challenge the lawfulness of the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 – which removes, in certain circumstances, the protections concerning spent convictions. This claim failed for the same reasons. Kenneth Parker J added this notable observation:

“In these circumstances I do not believe that there is any real independent issue about the legality of the Order under Article 8 ECHR.  The conclusion must be the same.  However, I should perhaps add that the reverse argument does not necessarily apply.  In other words, even if it were disproportionate under Article 8 ECHR for the state to disclose, say, a warning long ago given to a child for a minor criminal matter, it would not automatically be an infringement if the state permitted a private employer to enquire about all criminal convictions, to insist on truthful answers and to take appropriate action in response to the answers given.”

The learned judge also observed that, if he had had to decide the issue of whether the state had a positive obligation in these circumstances, he would have found that it did not.

The claims were accordingly dismissed. However, given their general importance and Kenneth Parker J’s reluctant conclusions, he granted leave to appeal.

11KBW’s Jason Coppel appeared for the Secretaries of State.

Robin Hopkins

Tags: , , , , , ,
Posted in INFORMATION LAW | Comments Off on ARTICLE 8 CHALLENGE TO ENHANCED CRIMINAL RECORDS REGIME FAILS (AT FIRST INSTANCE)

PRIVATE EMAILS AND TEXTS SUBJECT TO FOIA

December 15th, 2011 by Robin Hopkins

Following the emergence earlier this year that Department for Education officials had, apparently routinely, used personal email accounts for the conducting of official business, the ICO has considered this issue. It has today issued guidance that many FOI officers and lawyers will find notable, to say the least.

The key points:

  • FOIA applies to official information held in private email accounts when held on behalf of the public authority. So too text messages. This much is obvious from the definition of ‘held’ in s. 3 of FOIA. The question is exactly what this means, and what to do about it.
  • There will be occasions on which, having searched its own systems, the public authority will be expected to ask employees (or contractors etc) to search their personal email accounts/text messages for information described in a FOIA request.
  • The ICO expects such occasions to be ‘rare’. I think this means that the ICO will not expect the public authority to do so simply because a requester asks it to; something more will be required.
  • What is that ‘something more’? The ICO recommends public authorities look out for ‘relevant factors’ which may trigger the duty to ask.
  • These factors include the nature, wording and subject matter of the request.
  • They also include “how the issues to which the request relates have been handled within the public authority”. This may be another way of asking: is the public authority aware that this sort of thing has been going on?
  • Another relevant factor is “by whom and to whom the information was sent and in what capacity, e.g. public servant or political party member”. This is often a blurred line, one imagines. Not sure how this could be scrutinised (other than hacking into private systems, which is not nice, not fashionable and not legal).
  • Public authorities should establish procedures for dealing with such situations.
  • They should keep records of any private email account/text message searches they have requested.
  • Public authorities should remind staff that, where a request for information to which the requester would be entitled has been made, it is a criminal offence to erase or conceal that information with the intention of preventing disclosure (see s. 77 of FOIA).
  • ‘Concealment’ would include denying that anything of an ‘official capacity’ nature is (or, at the time of the request, was) in one’s private email inbox or text message folder.
  • Public authorities should tell their employees not to use private channels for official business in the first place.

Panopticon understands from some of its friends in the media that requests aiming at exactly this sort of information were fired off this morning (or earlier this week, in anticipation of the new ICO line).

Meanwhile, a decision on the complaint against the Department for Education is in the pipeline.

Panopticon will be keeping its Benthamite eye on how these matters unfold.

Robin Hopkins

Tags: , , , ,
Posted in INFORMATION LAW | Comments Off on PRIVATE EMAILS AND TEXTS SUBJECT TO FOIA

Launch of Information Law Reports

July 19th, 2011 by Rachel Kamm

 The Information Law Reports launched on 14 July 2011, with the following announcement on 11KBW’s website:

Leading chambers 11KBW and legal publisher Justis Publishing are collaborating in a first for both organisations: the creation of a new series of law reports available both in bound volumes from next week and on the established Justis platform from this morning.

Information law is ever more important, seeking to balance the “right to know” and the “right to be left alone” in an age of massive databases and global information flows. We all want to protect our own privacy; but we also want to understand how public authorities make decisions and spend our money. This new series will help professionals grapple with these issues.

Timothy Pitt-Payne QC, a barrister at 11KBW and one of the editors of the new reports, said: “There is a growing case-law, generated by the specialist Information Rights Tribunal and the higher courts. Navigating this material and quickly identifying the most important recent developments is increasingly challenging. The Information Law Reports seek to meet this need, bringing together all the most important cases in a single source. 11KBW are delighted to be working with Justis on this much-needed project.

Masoud Gerami, Managing Director of Justis Publishing, said: “We have had a number of significant milestones in our 25-year history, mostly associated with innovation and developments which have changed legal information dissemination for the better. I am delighted that another milestone has been added to our list of achievements by producing the new series of Information Law Reports in association with 11KBW, the leaders in this increasingly important field. I believe that the complementary nature of the expertise from the partners in this project is the ideal requirement for any successful product or service, and we look forward to a continued relationship with 11KBW.”

He added: “This is also the first time that Justis Publishing has produced a product in hard copy, and we are very excited about the possibilities that the combination of hard copy and online versions will present.

For further information, please call +44 (0)20 7267 8989 or email press@justis.com.

Tags: , , , , , , , , , , ,
Posted in INFORMATION LAW | Comments Off on Launch of Information Law Reports

THE EUROPEAN COOKIE MONSTER

July 19th, 2011 by Rachel Kamm

Here’s an update to my post of 5 June about the ICO’s guidance on obtaining the consent of users before ‘cookies’ can be placed on machines. The European Data Protection Supervisor, Peter Hustinx, gave a public lecture on 7 July 2011 on the privacy implications of online behavioural advertising. This included discussion of ‘cookies’. He commented that browser providers have developed opt-out solutions, whereas the ideal is to have privacy-by-default unless individual preferences are set using a “privacy wizard”. The lecture also suggested that recent speeches made by the European Commission’s Vice President, Neelie Kroes, raise doubts about the Commission’s position on the e-Privacy Directive’s requirements; the Commission has expressed support for initiatives which Mr Hustinx considers are in fact non-compliant.

Tags: ,
Posted in Uncategorized | Comments Off on THE EUROPEAN COOKIE MONSTER

SOME REFLECTIONS ON SUPER-INJUNCTIONS AND PARALLEL UNIVERSES

May 23rd, 2011 by Robin Hopkins

The Committee on Super-injunctions, established in April 2010 in the wake of the Trafigura and Terry cases, was made up largely of judges and practising lawyers, but also included legal representatives from the Guardian and Trinity Mirror. Nonetheless, the media have not received its report, “Super-Injunctions, Anonymised Injunctions and Open Justice” warmly. The Independent has commented on the “absurdity” of the current situation, while the Daily Mail called the report “a chilling exercise in judicial activism, self-delusion and – most worrying – a constitutional attack on Parliamentary sovereignty and free speech”.

Tensions have escalated since the publication of the report on Friday, and reached a head today. Footballer “CTB” (as his injunction order refers to him) has obtained a disclosure order requiring Twitter (based in California) to divulge the names of the “persons unknown” (resident, of course, in jurisdictions unknown) who have referred to his identity in their tweets. Scotland’s Sunday Herald flouted the order of the High Court of England and Wales in publishing the player’s name. This has apparently prompted calls for the Attorney-General to take action against the journalist responsible, a course of action which in the view of SNP leader Alex Salmond would be unwise. Mr Salmond neatly articulated the jurisdictional (and devolutionary) difficulties of this issue, by arguing on this morning’s Today programme that anyone wishing an injunction to be effective in Scotland should apply to a court in Scotland. Fred Goodwin was “outed” in the Lords last week, and John Hemming MP has moments ago outed CTB himself.

And so it goes on. It has been announced in the past few minutes that a joint parliamentary committee will be established to consider privacy law reform. Against this backdrop, I set out a few (rapidly evolving) thoughts on four of the thorny issues raised by the report, the accompanying press conference given by Lords Neuberger and Judge and the general aftermath. On each of these four issues, my sense at the moment is that matters may develop in favour of openness rather than privacy – despite the failure this afternoon to overturn CTB’s injunction.

First though, a synopsis of the report’s thrust and limited terms of reference.

The report: procedure, not substance

As regards its subject matter, the committee distinguished between super-injunctions (where the order states that neither the named applicant’s private information nor the existence of the order can be published), anonymous injunctions (the order does not name the applicant or parties involved) and “so-called hyper-injunctions” (the order prohibits individuals from discussing matters with third parties).

It sees no legal barrier to any of these types of injunction taking effect. It thinks all such injunctions are very rare, but recommends that statistics be maintained on the granting of injunctions so that their prevalence can be monitored.

The report proposes a tidying up of the procedure for obtaining these injunctions. The committee gives a firm “no” to the use of specialist judges to hear these kinds of application. It says that Practice Guidance should be issued, which should include model orders and the process for expediting appeals against the granting of such orders.

Overall, however, the report is not about substantive law reform: that is a matter for parliament. In fact, it is now an urgent matter for parliament. In my view, some of the key issues to be considered are as follows.

Issue 1: media presence at injunction hearings

Parliament’s committee will, like the reporting committee, take Article 10 ECHR very seriously (for a very recent example of Article 10 affecting the interpretation of FOIA, see my post here). The report observes that “it will be a very rare case where advance notice of such an application to media organisations, which are likely to be affected by any order, can be justifiably withheld”. It proposes that the press be allowed to attend application hearings – bound of course by confidentiality agreements and non-disclosure orders. This would allow the media to be properly informed of the matters on which they may not report, and would also equip them to appeal against orders where they deem this appropriate.

This is doubtless a step in the right direction in terms of Article 10. As the committee recognises, however, there are real practical difficulties with the proposal. First, interim injunction hearings are often so rushed that there is no real prospect of a blanket invitation to the media. Secondly, how does one determine who the “media” are who are allowed to attend such hearings? As Lord Judge put it “we know who you [the media attending the release of the report] are, we’re familiar with you, but someone comes along and says, “I’m from the Argyll and Orkney Express” but how do we know? Do we really expect to have cards issued? Can you imagine the bureaucracy?”.

Part of the problem is this: either anyone with an interest in reporting the matter is allowed to attend, or only the “establishment” (this is my term, but seems the sentiment reflected in Lord Judge’s rhetorical question) is allowed, even though the aim is to make everyone subject to the order, establishment or not. The former option exponentially increases the risk of leaks and disclosures on Twitter. The latter option draws distinctions which are impracticable and problematic in terms of Article 10 and fairness in a broader sense. My view is that the former option will prevail, and that we will see a very broad net of media attendees at future super-injunction hearings. This in itself might serve as a deterrent to making such applications in the first place.

Issue 2: Twitter and other “modern technology”

There has been a flexing of judicial muscle as regards Twitter. Though he described “modern technology” as “totally out of control”, Lord Judge took hope from efforts to combat online child pornography. He said this:

“Are were really going to say that someone who has a true claim of privacy, perfect well made, which the media and newspapers can’t report, has to be at the mercy of someone using modern technology? At the moment that may seem to be the case but I am not giving up on the possibility that people who in effect peddle lies about others by using modern technology may one day be brought under control, maybe through damages – very substantial damages – maybe even through injunctions to prevent the peddling of lies”.

The language of “peddling lies” is curious. That is a concept belonging to libel law, rather than privacy. Those seeking super-injunctions tend not to say the underlying material consists of lies, but simply that it is private. The damage lies not in the falsity of the material, but in the fact that people talk about it.

This distinction is important in at least two respects. First, if an applicant wants to prevent people talking about the matter, but many people have already done so (for example, on Twitter), then his or her case for an ongoing injunction is weakened; it begins to look more a matter for damages than for injunctive relief.

Secondly, foreign jurisdictions may be even less cooperative about orders from England and Wales protecting private (but often true) material than they often are about similar orders concerning libel (see for example the United States’ Speech Act of 2010). Countries co-operate against copyright infringement and child pornography because they think it important to do so in a civilised society. They may be less inclined to think that about, say, Andrew Marr’s sex life. In other words, there is a good chance that legal action, whether for injunctive relief or damages, taken in England and Wales against foreign reporters may simply be impotent.

Contrast this likely impotence with measures for after illegal file-sharers through their internet service providers, proposed under the UK’s Digital Economy Act 2010 (on which, see my discussion here in advance of BT’s judicial review of that Act): unlike Twitter, ISPs often have a commercial footing in the UK which they are concerned to protect; international (including EU) legal protection is far more advanced than for copyright than for privacy; even under the Digital Economy Act’s proposal, infringing users are to be given a number of warnings before their details are handed over to those seeking damages, unlike the old Norwich Pharmacal model being utilised in the footballer’s action against Twitter.

Issue 3: granting and maintaining super-injunctions

The report emphasises that super-injunctions are not to be permanent, but should be granted only for very short periods of time. If anyone notices a super-injunction being granted with no return date, they should complain about it, as was done in the Zac Goldsmith/Jemima Kahn case. So far so good: allowing the media to be present for application hearings would help on this front, as would minimising the time between the interim injunction and the return date.

As regards the grounds on which a super-injunction should be granted, the report’s mood music suggests that some may have been granted too readily. It stresses that “in seeking to minimise derogations from the principle of open justice, the committee envisaged that super-injunctions will only be granted in very limited circumstances”. Other than to emphasise exceptionality and Article 10, there is probably little to be said (either by the committee or by parliament) in terms of guidance to judges on granting such injunctions – this is, and will remain, largely a case-by-case business.

The thorny issue of the moment, however, is this: if a matter has been very widely disclosed on Twitter and other websites, is it fair to maintain an injunction the effect of which is to prevent the establishment media from reporting it? If, as I suggested above, the damage comes from people knowing about what you have done, hasn’t the horse bolted in such circumstances? If people wish to reject your job application or shun you at parties, they will probably do so regardless of how they learnt about your indiscretions. Part of what seemed to concern David Cameron in his ITV interview this morning is this prejudicial effect on the establishment as compared with “newer” media, which commentators have described over the weekend as existing in “parallel universes”.

Lords Neuberger and Judge both suggested on Friday that, to the extent that there are differential effects on newspapers as compared to Twitter, that difference is justified. To a degree, they are correct: rightly or wrongly, we tend to expect more noble and sophisticated ethics from mature brands of journalism than we do from little-known blogs, and applicants no doubt suffer incremental damage from the public seeing matters reported in print headlines or on major news websites which they would otherwise have had to seek out on Twitter. There must come a point, however, where the media’s interests (including under Article 10) outweigh this combination of incremental harm and ethical expectation. That too is probably a matter for case-by-case determination, but it is something parliament’s joint committee will surely wish to consider. It may well side with the media over the privacy-seeking individual if forced to give guidance on a hypothetical case.

Issue 4: parliamentary privilege and contempt of court

The constitutional stakes are highest in this strand of the current debate.

The committee was very clear that no super-injunction or any other court order could conceivably restrict or prohibit parliamentary debate or proceedings. It also recognised that, in defamation proceedings, the reproduction of extracts from Hansard attracts attaches to, while honest, fair and accurate reporting of parliamentary proceedings attracts qualified privilege. It is unclear, however, whether the same would apply in contempt proceedings. In fact, “the law relating to Contempt of Court when it comes to reporting what is said in Parliament is astonishingly unclear”, as Lord Neuberger put it. The extent to which parliamentary privilege attaches to conversations between an MP and his or her constituents (some of whom may of course be journalists) is also unclear.

Lord Judge, however, explicitly disapproved of members of either house using parliamentary privilege to circumvent super-injunctions:

“But you do need to think, do you not, whether it’s a good idea for our lawmakers, to be in effect to be flouting a court order just because they disagree with the order or for that matter because they disagree with the law of privacy which parliament has created”.

John Hemming MP clearly takes a different view.

Again, there is much of interest in Lord Judge’s remark, such as the reference to parliament having created the law of privacy, and the implicit distinction between parliament flouting a court order and an individual member doing so. It would be very surprising, however, if parliament’s joint committee were to propose a constrained version of parliamentary privilege. If that committee is robust in defence of the houses’ privileges, the door may be opened to future “outings”, such as that of Fred Goodwin or CTB. Mindful of this, the reporting committee proposed a softer form of control than the restriction of parliamentary privilege. It suggested that:

“House authorities should consider the feasibility of a streamlined system for answering sub judice queries from the Speakers’ offices. Such a communication system will require the creation of a secure database containing details of super-injunctions and anonymised injunctions held by Her Majesty’s Courts and Tribunals Service, which could be easily searchable following any query from the House authorities”.

Parliament’s committee may well endorse this as the approach best suited to preserving a balance of respect (as opposed to contempt) between parliament, the courts, the media and individuals fearful of their privacy being overridden on political platforms.

On this issue, as with so much of the UK’s constitution, the answer may turn out to be a tense but workable network of understandings, rather than hard law. Perhaps this would calm matters only temporarily. But it might also provide breathing room for the public to evolve our expectations about privacy and freedom in both establishment and “modern technology” media, without bringing the latter under any undue “control”.

Robin Hopkins

Tags: , , , , , ,
Posted in Uncategorized | Comments Off on SOME REFLECTIONS ON SUPER-INJUNCTIONS AND PARALLEL UNIVERSES

TRIBUNAL ORDERS DISCLOSURE OF POLICING CAMERA LOCATIONS

April 16th, 2011 by Robin Hopkins

Those interested in information law in the context of policing will wish to note the very recent Tribunal decision in Mathieson v IC and Devon and Cornwall Constabulary (EA/2010/0174).

Automated Number Plate Recognition (ANPR) cameras are strategic policing tools used by a number of forces.  Mr Mathieson asked Devon and Cornwall Constabulary to provide him with the locations of its ANPR cameras. It refused, relying on the prejudice-based qualified exemptions at s. 31(1)(a) (prevention or detection of crime) and s. 31(1)(b) (apprehension or prosecution of offenders). The Commissioner considered that the public interest arguments – though finely balanced – favoured the maintenance of these exemptions.

The Tribunal agreed that these exemptions were engaged, but disagreed on the public interest, and ordered disclosure.  It considered that the Commissioner had overlooked a number of relevant factors.

First, this is a privacy issue: ANPR cameras capture vast amounts of personal data; there is therefore substantial public interest in scrutiny of their use (further illustrated by parliamentary questions on the subject). Secondly, location data alone would not undermine policing – information on factors such as policing tactics, data and analytical capabilities were equally necessary.

Furthermore, the Constabulary had put forward weak arguments: the Tribunal was unimpressed by its attempt to rely on reports by other police forces on their use of ANPR cameras, and by its focus on issues such as the potential for vandalism – which is not sufficiently connected to the interests protected by ss. 31(1)(a) and (b).

Tags: , , ,
Posted in INFORMATION LAW | Comments Off on TRIBUNAL ORDERS DISCLOSURE OF POLICING CAMERA LOCATIONS

« Older Entries
Newer Entries »