DATA PROTECTION IN EUROPE – JUDGMENT IN BAVARIAN BEER

July 2nd, 2010 by Anya Proops

On 29 June 2010, the European Court of Justice handed down an important judgment on how provisions within EU law which permit access to documents held by EU institutions are to be applied where the documents contain third party personal data – European Commission & United Kingdom v Bavarian Lager (Case C-28/08 P). The case involved an application for disclosure of a document held by the European Commission which recorded discussions on the application of certain beer import restrictions within the UK. A number of individuals were identified by name in the document. The application for disclosure was made by Bavarian Lager under EU Regulation 1049/2001 (the Access Regulation). The Access Regulation is designed to facilitate public access to documents held by EU institutions with a view to increasing their transparency and accountability. Importantly, like FOIA, the Access Regulation is, on its face, motive-blind (i.e. it does not require the applicant to establish a legitimate reason for accessing the information). The Commission provided the requested document, save that it redacted the names of certain individuals identified in the document. The key issue which arose in the case was whether, in deciding whether to release the names of the individuals in question, the Commission had been entitled to take into account whether Bavarian Lager had established that it had legitimate interests in receiving this particular data.

The Court of First Instance (now ‘the General Court’) held that: (a) particularly having regard to the motive blind nature of the Access Regulation, the Commission had erred in taking into account Bavarian Lager’s interests in receiving the information and (b) the names should be disclosed. On appeal by the Commission, the ECJ overturned the CFI’s judgment. In summary, the ECJ reached the following conclusions on the appeal:

(1)   the CFI had erred because it had failed to have due regard to the way in which the Access Regulation effectively deferred to provisions contained in other EU legislation, particular Regulation 45/2001 which is specifically concerned with protecting individuals with regard to the processing of their personal data by EU institutions (“the DP Regulation”);

 

(2)   the DP Regulation itself required consideration of the question of whether the applicant had a legitimate interest in receiving the particular personal data;

 

(3)   accordingly, the Commission had not erred when it decided that Bavarian Lager had not established a legitimate interest in receiving the personal data contained in the documents;

 

(4)   the data had been lawfully withheld by the Commission.

11KBW’s Jason Coppel appeared on behalf of the United Kingdom.

Tags: ,
Posted in Uncategorized | Comments Off on DATA PROTECTION IN EUROPE – JUDGMENT IN BAVARIAN BEER

WATCH THIS SPACE

June 30th, 2010 by Timothy Pitt-Payne QC

The Coalition’s Programme for Government contains a great deal that is of interest to information lawyers: see here.  But when and how will any of this be given legislative effect?

The Queen’s Speech was delivered on 25th May 2010. The website of the Prime Minister’s office gives a list of the proposed Bills , with further information about each one. Three of the proposed Bills have potential implications for information law.

(i) The Public Bodies (Reform) Bill will enhance the transparency and accountability of quangos: though it is not clear as yet whether enhanced information access rights will play a role in this.

(ii) The Decentralisation and Localism Bill will (among other matters) require public bodies to publish online the job titles of every member of staff and the salaries and expenses of senior officials.

(iii) The Freedom (Great Repeal) Bill is intended to cover a wide range of subjects, to be announced in due course: it may include an extension to the scope of FOIA, and also various provisions in relation privacy (e.g. relating to CCTV cameras, and the DNA database).

Of these Bills, it is the third that is likely to be much the most significant. 

Tags: , , , , , ,
Posted in Uncategorized | Comments Off on WATCH THIS SPACE

PRIVACY ACROSS THE POND

June 25th, 2010 by Anya Proops

On Thursday, the US Supreme Court unanimously held that a Police Chief did not violate a police officer’s 4th amendment rights by reading personal text messages which the officer had send via a pager provided to him by his employer – see the judgment here. The 4th amendment guarantees a person’s privacy, dignity, and security against arbitrary and invasive governmental acts. The text messages were sent on a pager provided by the officer’s employer, they included a number of sexually explicit messages. The texts were reviewed as part of a process of examining whether officers were using the pagers excessively for personal use. In a judgment which rejected a broad right of privacy for workers, the Supreme Court recognised that interferences with privacy may be justified where there is a reasonable suspicion that rules are being breached by the employee. Notably, the Supreme Court recognised that, in an age of fast-evolving technology, the law of privacy should develop flexibly rather than through the introduction of broad, rigid rules.

Tags: ,
Posted in Uncategorized | Comments Off on PRIVACY ACROSS THE POND

PATIENT INFORMATION – MADE FOR SHARING?

June 17th, 2010 by Timothy Pitt-Payne QC

Sharing patient information in the NHS has proved highly controversial.  We posted about this subject here a while back.  Now there’s a new report from UCL researchers, suggesting that two key recent NHS IT programmes for handling patient information have so far delivered only modest benefits.   A short summary appears here, with links to the executive summary and the full report.  A research paper based on the findings has been published in the BMJ.

The three year UCL project looked at the Summary Care Record (SCR) and at Healthspace, both introduced as part of the NHS National Programme for IT. 

The SCR is an electronic summary of key health data, taken from GP records and other sources, and available to a range of NHS staff.   According to the UCL report, very few people had chosen to opt out; less than 1% of those who had been sent the relevant information.  But SCRs were not yet widely used; even where available, they were only accessed in 21% of clinical encounters.  So far there was little evidence that SCRs improved patient safety or reduced consultation length or hospital admissions.

HealthSpace is a tool that allows patients to update their own health information, plan healthcare appointments, and contact their GP via a secure internet connection.  So far, take up has been very low.  According to the UCL study only one person in 200 who was invited to open a basic account did so, and only one in 1000 opened an advanced account.

The report’s lead author, Professor Greenhalgh, is quoted as saying:  “This reseach shows that the significant benefits anticipated for these programmes have, by and large, yet to be realised – and that they may be acheived only at high cost and enormous effort … It serves to demonstrate the wider dilemma of national databases:  that scaling things up doesn’t necessarily make them more efficient or effective.”  

Tags: , , ,
Posted in Uncategorized | Comments Off on PATIENT INFORMATION – MADE FOR SHARING?

PRIVACY IN THE DOCK

June 10th, 2010 by Anya Proops

It is a fundamental rule of our justice system that it should be administered in public (Attorney General v Leveller Magazine Ltd [1979] AC 440). In the criminal justice system this rule generally operates so as to require individuals who are charged with an offence to give their home address in open court. But what is the position if the accused claim that confirming their address in open court will expose them and their family to attack? Are they entitled to demand that their address be given in camera? This is an issue which was recently posed in the case of R(Harper) & Anor v Aldershot Magistrates Court & Anor [2010] EWHC 1319 Admin. In this case, two senior police officers who had been charged with the offence of misconduct in public office sought to judicially review a ruling of the Magistrates Court that they must each confirm their address in open court. The officers, who had been suspended from duty, claimed that the ruling was unlawful because there was a real and genuine fear of reprisal and the safety of the officers and their family was at risk. The Court rejected the claim on the basis that any fears which the officers may have had were unreasonable, particularly because publication of their address would not in fact enhance any risk that they faced (notably, the addresses could simply have been accessed through the electoral roll). In reaching the conclusion that the ruling was lawful, the Court took into account not least Lord Diplock’s judgment in Belfast Telegraph Newspaper Limited’s Application [1997] NI QBD 309. In that case, Lord Diplock held that information may be withheld in criminal proceedings on the basis that this was necessary to serve the public interest in the administration of justice but that it could not be withheld simply in the interest of protecting ‘the private welfare of those caught up in that administration’ (at page 314F). The Court in Harper noted that there might be circumstances in which the individual’s well-being may overlap with the administration of justice such that the information can be withheld in the public interest. However, these were not the facts of the instant case. Notably, there is no analysis in the judgment of the application of Article 8 ECHR. Nor further is there any explicit consideration of the rights of the families of the accused. Query what role these considerations would have played if the facts of Harper had been less clear-cut.

Tags: , ,
Posted in Uncategorized | Comments Off on PRIVACY IN THE DOCK

FROM BIG BROTHER SOCIETY TO BRAVE NEW WORLD?

May 12th, 2010 by Timothy Pitt-Payne QC

The Conservative/Lib Dem coalition agreements are available here.  Under the heading “Civil Liberties” there are a number of points that should interest readers of this blog.  These include:

* the scrapping of the ID cards scheme, the National Identity Register, the next generation of biometric passports and the Contact Point database;

* outlawing the fingerprinting of children at school without parental permission;

*  extending FOIA to provide greater transparency;

* adopting the Scottish model for the DNA database;

*  further regulation of CCTV; and

* ending the storage of internet and email records without good reason.

Taken together these suggest that information law issues will continue to be centre stage in political terms.

Tags: , , ,
Posted in Uncategorized | Comments Off on FROM BIG BROTHER SOCIETY TO BRAVE NEW WORLD?

GOOGLE IN EUROPE – PRIVACY CONTROVERSIES CONTINUE

May 2nd, 2010 by Anya Proops

In March 2010, we posted on a New York Times article which explored how Google’s quest to increase access to information via the internet appeared to be clashing with European privacy laws. The article followed in the wake of the prosecution in Italy of Google executives for violating Italian privacy laws after Google allowed a user to post a video showing an autistic boy being bullied. More recently, further controversies over Google’s record on privacy rights have emerged. First, privacy regulators from a number of different countries, including our own Information Commissioner, Christopher Graham, wrote a joint letter to Google’s chief executive and challenging him to improve protections for users, thereby highlighting concerns that Google is not doing enough to protect the privacy of users – see further this article in the Guardian dated 20 April 2010. Second, last week reports emerged that German regulators had renewed their criticism of Google’s Streetview when it emerged that Google was using the Streetview system to archive information about the location of household wireless networks – see this article in the New York Times dated 29 April 2010. What these developments suggest is that the clash between European social values and the expansion of Google’s techno-commercial empire is likely to continue for some time to come.

Tags: , ,
Posted in Uncategorized | Comments Off on GOOGLE IN EUROPE – PRIVACY CONTROVERSIES CONTINUE

PRIVACY BY DESIGN – NEW OPINION FROM THE EUROPEAN DATA PROTECTION SUPERVISOR

March 24th, 2010 by Anya Proops

The European Data Protection Supervisor last week adopted a new opinion examining the question of how effectively to safeguard data protection and privacy rights in the fast-moving world of information technology. The central thrust of the opinion is that new information technologies themselves need to be developed in a way which protects personal data and privacy, rather than simply being subject to possibly ineffective control policies once they have been developed. This so called ‘privacy by design’ approach to developing new technologies is intended to build public trust in the information society.

Tags: , ,
Posted in Uncategorized | Comments Off on PRIVACY BY DESIGN – NEW OPINION FROM THE EUROPEAN DATA PROTECTION SUPERVISOR

DISCLOSING INFORMATION FOR CHILD PROTECTION PURPOSES – NEW ADMINISTRATIVE COURT JUDGMENT

March 19th, 2010 by Anya Proops

The question of whether and to what extent local authorities can or should share information about individuals thought to pose a risk to children is often a very difficult one to answer in practice. Failure to disclose the information may expose the authority to claims that it has not acted in accordance with its duties to safeguard children’s interests. On the other hand, sharing the information may expose the authority to claims that it has acted in excess of its powers and has otherwise breached the individual’s right to privacy under Article 8 ECHR. In the recent case of H & L v X City Council and Y City Council [2010] EWHC 466 (Admin), the Administrative Court considered this question in a case involving the disclosure of information by a local authority about a severely disabled man (H) who been convicted of indecent assault on a child. In this case, the council had made a variety of disclosures to organisations with which H was involved. It had also adopted a policy of considering on a case by case basis whether it should make disclosure of information relating to H to organisations with which he became involved in the future. In addition, the local authority had a policy of disclosing information to H’s personal care assistants, purportedly to protect any children those carers may bring into contact with H.

In a judgment which recognised the very strong imperative in favour of protecting children’s interests, Judge Langan QC held that the policies of disclosure to organisations with which H was involved constituted a proportionate interference with H’s Article 8 right to privacy and was otherwise lawful. In reaching this conclusion, the judge took into account the fact that the disclosures were fairly guarded in nature; were not made in lurid terms and did not go beyond what was required for the purpose of making a measured communication. The judge similarly held that the policy of notifying other organisations with which H came into contact in future on a case-by-case basis was a reasonable, proportionate and otherwise lawful policy. However, the judge took issue with the authority’s policy of notifying H’s care assistants. He held that this was a disproportionate measure, particularly in view of the facts that: two of the three long-term carers had no children; there was a ‘no children at work’ provision in the relevant employment contracts and, further, the terms of the disclosures would raise suspicions in the minds of the carers which was more grave than H’s past conduct justified. In reaching his conclusions on the various policies adopted by the council, the judge plainly had in mind the recent important Supreme Court judgment in R(L) v Commissioner of Police of the Metropolis [2009] 3 WLR 1056, where the Supreme Court held that it was no longer right to assume that priority must be given to the need to protect the vulnerable over the right to respect for the private life of the individual. What this case perfectly illustrates is the highly fact-sensitive approach which needs to be adopted in any case where the local authority is contemplating sharing information for child protection purposes. Tim Pitt-Payne appeared on behalf of the local authority

Tags: , ,
Posted in Uncategorized | Comments Off on DISCLOSING INFORMATION FOR CHILD PROTECTION PURPOSES – NEW ADMINISTRATIVE COURT JUDGMENT

Protecting the Anonymity of Parties – EAT Supplements Its Own Rules of Procedure

March 9th, 2010 by Anya Proops

On 5 March 2010, the Employment Appeal Tribunal (President Underhill presiding) gave a judgment on the question of whether it had powers to protect the anonymity of a party in a case involving allegations of sexual offences – A v B (UKEAT/0206/09/SM). The background to the judgment was that a claimant had been granted permanent anonymity by the Employment Tribunal under the Employment Tribunals (Constitution and Rules of Procedure) Regulations 2004 Sch.1 para.49. The anonymity order had been made in circumstances where the claimant, who was claiming unfair dismissal, had been dismissed in response to a disclosure by police that he had been involved in paedophile activity in Cambodia and was believed to represent a risk to children. The Claimant had in fact been acquitted in the Cambodian courts and there was no reason to believe he faced prosecution in the UK. On appeal against the tribunal’s judgment to the EAT, the question arose as to whether the EAT had power to maintain the anonymisation when dealing with the appeal. This was a difficult question to resolve because, on their face, the EAT Rules 1993 read together with the Employment Tribunals Act 1996 did not provide for such a power. In a judgment which reflects the overriding importance of human rights considerations, the EAT held that it did have such a power. In reaching this conclusion, the EAT took into account: (a) that the loss of the claimant’s anonymity would involve a serious breach of his convention rights, particularly the Article 8 right to privacy; (b) that, on the facts of the case, the need to protect the claimant’s privacy under Article 8 outweighed the imperative towards freedom of expression embodied in Article 10 of the Convention; and (c) that, in the circumstances, s. 6 of the Human Rights Act 1998 required the EAT to interpret its powers so as to include a power to protect the claimant’s anonymity.

In the course of its judgment, the EAT considered the very recent judgment of the Supreme Court in HM Treasury v Ahmed [2010] UKSC 1; [2010] 2 WLR 325. In that case, the Supreme Court held that the old common law rule that a party forfeited his right to privacy if he chose to bring proceedings (subject to certain limited statutory exceptions) required modification in the light of the Convention. It concluded that, in a case where full publication of the proceedings would have an impact on the Article 8 rights of a party, the court will have to conduct a balancing exercise between that right and the right to freedom of expression under Article 10 (see per Lord Roger, para. 43). This is precisely the balance which the EAT sought to strike in the Av B case.

Tags: , , ,
Posted in Uncategorized | Comments Off on Protecting the Anonymity of Parties – EAT Supplements Its Own Rules of Procedure

« Older Entries
Newer Entries »