Month: November 2009

Banned Aid

Posted on | by Timothy Pitt-Payne QC

In March this year the Information Commissioner took enforcement action against the Consulting Association, which had been operating a secret blacklist of employees in the construction industry, including details of trade union activity. We posted about this story here, earlier this year.

Today, the Guardian has extensive coverage of what has happened since.

The Department for Business, Enterprise and Regulatory Reform has now consulted on draft regulations under section 3 of the Employment Relations Act 1999. The consultation ended on 18th August 2009. The proposed regulations are intended to outlaw the compilation, dissemination and use of blacklists of trade unionists. They would make it unlawful to refuse employment, or to dismiss employees or subject them to a detriment, for reasons related to a prohibited blacklist. Individuals who suffer loss through blacklisting would be able to bring claims either in the Employment Tribunal or in the civil courts, depending on the nature of their complaint.

The trade union UCATT commissioned a report from the Institute of Employment Rights about the proposed regulations. The report, by Professor Keith Ewing, was published on 15th September 2009: it is entitled “Ruined Lives”, and deals specifically with blacklisting in the construction industry. It includes sample material from Consulting Association files.  The report gives a fascinating history of the practice of blacklisting, going back to the late 19th century. It suggests a number of changes to the draft Regulations, including: that keeping or using a blacklist, or supplying information to it, should be a criminal offence; and that there should be a right to compensation for the fact of being included on a blacklist, even if the inclusion does not lead to any loss.

A further point to note about the draft Regulations is that they deal specifically with the blacklisting of trade unionists (as does section 3 of the 1999 Act). So they would not assist individuals who had been blacklisted for other reasons; e.g. because of their political beliefs and affiliations, or because they have a history of raising concerns about health and safety issues.

A number of individuals have brought employment tribunal claims arising out of alleged blacklisting. The claims have been consolidated and there will be a case management discussion in Manchester ET on 24th November 2009. This blog gives further information.

Meanwhile the Information Commissioner’s Office (ICO) has taken control of the Consulting Association database. Individuals who think that they may have been blacklisted can contact the ICO; for more information, see this page of the ICO’s website.

Using Special Advocates in Civil Litigation

Posted on | by Anya Proops KC

Yesterday, the High Court handed down a controversial judgment on the use of ‘the closed material procedure’ (CMP) in civil litigation: Al-Rawi & Ors v The Security Service & Ors (judge – Silber J). The background to the judgment is that a number of individuals who had been detained at Guantanamo Bay had brought claims for damages against the defendants on the basis that they had caused or contributed to the claimants’ unlawful detention and ill-treatment by foreign governments. A preliminary issue then arose in these cases as to whether the defendants could put evidence before the court using the CMP. The CMP, in effect, allows defendants to put documents in evidence before the court whilst at the same time withholding them from the claimants. The only way in which the claimants have any say on the closed material is through the use of special advocates appointed to act on their behalf. However, the role of special advocates is heavily circumscribed, not least because they cannot convey to their clients the content of the closed material.

 

The CMP has formerly been used in the context of deportation appeals heard by the Special Immigration Appeals Commission (SIAC). However, the CMP has not previously been a feature of civil litigation. Instead, in the context of civil litigation, if the government was concerned that the disclosure of particular information would be contrary to the public interest, the best it could hope for was to rely on the public interest immunity (PII) procedure. The crucial difference between the PII procedure and the CMP is that the former procedure operates so as to ensure that the PII material is not put before the court at all, whereas the latter procedure allows the government to put the closed material before the judge whilst at the same time not disclosing that material to the other side. Thus, there is an inherent asymmetry present in the CMP which is not present in the PII procedure.

 

In a controversial judgment, Silber J decided as a preliminary issue that use of the CMP was permissible in a civil claim for damages, albeit only in exceptional cases. In reaching this conclusion, Silber J rejected arguments that the High Court had no jurisdiction to permit the use of the CMP; that use of the CMP was inconsistent with the requirements of the CPR and that it was otherwise at odds with the established PII procedure. It is highly likely that this judgment will go on appeal. 11KBW’s Karen Steyn acted on behalf of the defendants.

Home Office publishes response to its consultation on communications data

Posted on | by Robin Hopkins

The Home Office has published a summary of responses to its April 2009 consultation paper on ‘communications data’, i.e. information about a communication that does not include the content of the communication itself. At present, such data is owned by communications service providers and accessed by certain public authorities under disparate statutory powers for the purposes of combating, for example, fraud, terrorism and other serious crime. The government is considering an overhaul so as to bring all communication types (such as web chat) and all relevant service providers (some of whose contractual positions place them beyond the current statutory arrangements) within the system.

 

The attendant tension between individual liberty and public protection is reflected in the 221 responses to this consultation.

 

A substantial minority of respondents objected in principle to any ‘surveillance’ of communications. A majority (albeit a fairly narrow one) agreed that communications data served an important public purpose and that the government should therefore act to maintain the capability of public authorities to make use of this type of information.

 

As to what form this action should take, only one element of the government’s proposed approach was widely welcomed, namely its rejection of a central database for holding all data of this type. Reservations were otherwise expressed about technological feasibility, data security and the proportionality of public authorities’ use of communications data.

 

Nonetheless, such reservations were not deemed forceful or widespread enough to deter the government from its proposed course. A number of respondents’ suggestions have been rejected, including the specifying of categories of data which should not be retained, and the requirement for a magistrate’s authorisation before communications data can be accessed.

The government is also satisfied that the DPA 1998 and RIPA 2000 provide sufficient safeguards against abuse of such data. A legislative review is, however, proposed, to see if a single means of authorised access (through RIPA 2000) would be practicable. Fresh or consolidating legislation appears likely.

Civil penalty notices: consultation

Posted on | by Ben Hooper

When the new monetary penalties regime under sections 55A-E of the DPA comes fully into force, the Information Commissioner will have power to impose a civil penalty on a data controller for a serious contravention of any of the data protection principles if – in essence – the contravention is (1) deliberate or reckless and (2) of a kind likely to cause substantial damage or distress.

 

The Ministry of Justice is currently consulting on what the maximum penalty under section 55A should be. £500,000 is proposed. Whilst this is clearly not an insubstantial sum, it needs to be compared with the fact that many other regulators have power to impose a penalty of up to 10% of an organisation’s turnover. If the data controller at issue has a turnover that is significantly above £5m, and – for example – a serious contravention has caused damage or distress to a very large number of people, the maximum penalty of £500,000 may begin to look a little on the small side. Indeed, the Commissioner may not even be able to go that far: the ICO’s draft guidance on the monetary penalty powers indicates at paragraph 7.4 that swift payment of the penalty will lead to a 20% reduction. So a data controller that decides not to contest the penalty may end up only paying a maximum of £400,000.

 

One final point. The penalties are to be paid into the consolidated fund (section 55A(8)). Thus, where the data controller is a central government body, the imposition of any size of penalty will have a slightly unreal quality to it, as the sum involved will simply return to the financial pot from which the body in question drew its funding in the first place.

 

NEW TECHNIQUES FOR APPLYING RIPA – OUTCOME OF HOME OFFICE CONSULTATION

Posted on | by Anya Proops KC

The Regulation of Investigatory Powers Act 2000 (RIPA) has attracted a considerable amount of negative publicity over the past couple of years. In no small part, this has been due to public outcry in response media reports of local authorities using their powers under RIPA to engage in activities such as monitoring the use of domestic wheelie bins, recording dog-fouling incidents on camera and carrying out surveillance on families suspected of trying to cheat the school catchment system (see further the discussion of the case of Paton v Poole Borough Council below). Concerns have been expressed by members of the public as well as privacy campaigners that such actions on the part of local authorities constitute abuses of their powers both because the surveillance powers of the state should not be used for trivial purposes and because there has been a failure on the part of the authority to achieve a proper balance between the rights of the state to identify civil and criminal wrongdoing and the individual’s right to have his or her privacy respected. Those concerns resulted in the Home Office commencing a consultation in April 2009 on proposals to introduce new RIPA techniques which would purportedly help ensure that RIPA would only be used when it was necessary and proportionate. Last week, the Home Office published a summary of the responses to those proposals along with an announcement. In the announcement, the view expressed by the Minister for State Security, Counter-Terrorism and Policing, David Hanson, was that the responses to the consultation had been broadly positive. He said that, subject to certain minor amendments, he would now take steps to introduce the proposals as secondary legislation. The announcement suggests that the new legislation will aim to:

  • clarify the test of necessity and proportionality so techniques will not be used for trivial purposes such as investigating dog fouling or people putting bins out a day early
  • raise the rank of the authorising officer for RIPA techniques in local authorities to senior executive at a minimum of ‘Director’ level
  • give elected councillors a role in overseeing the way local authorities use covert
    investigatory techniques
  • require constituents’ communications with MPs on constituency business to be
    treated as confidential information, and therefore subject to authorisation by a
    higher rank of officer
  • treat covert surveillance of legal consultations as ‘intrusive’ rather than ‘directed’
    surveillance, meaning that it can only be carried out by a very limited number of
    public authorities, primarily the police and intelligence agencies, and only with
    independent approval
  • clarify how provisions currently in the Policing and Crime Bill will reduce
    bureaucracy relating to RIPA in police collaborative units comprising two or
    more forces

It also appears that, following a proposal by the Local Government Association, local authorities will need to appoint a single official to be responsible for ensuring that all authorising officers are of an appropriate standard. Notably, the Home Office rejected suggestions that a more radical approach should be adopted, namely removing local authorities from the scope of RIPA altogether.

Coincidentally, the Investigatory Powers Tribunal, chaired by its President, Mummery LJ, was itself hearing a complaint last week brought under s. 65 RIPA that a particular local authority had unlawfully exercised its surveillance powers under RIPA. In Paton v Poole Borough Council, which was heard on 5 and 6 November, the IPT was called upon to decide whether the Poole BC had acted unlawfully under RIPA when it conducted directed surveillance of Ms Paton and her family. The surveillance had been conducted in circumstances where the council suspected that Ms Poole may have been dishonestly trying to abuse the school catchment system by giving a false address when applying for a place for her child at a local school. It was accepted by the council before the IPT that, in fact, its suspicions about Ms Paton had proved to be unfounded. However, the council nonetheless sought to maintain the position before the IPT that the surveillance constituted a necessary, proportionate and, hence, lawful exercise of its powers under RIPA. In advancing this case, it was argued on behalf of the council that there existed no simple means of uncovering fraudulent abuses of the school catchment system that did not involve any invasion of privacy rights. The council was represented by 11KBW’s Ben Hooper.

WHEN WILL THEY EVER LEARN?

Posted on | by Timothy Pitt-Payne QC

We call them “data protection duck outs”.  The New Zealanders call them “BOTPAs” (standing for “Because of the Privacy Act”).  Organisations do something silly, and then blame it on data protection legislation.

There’s a nice recent example. A parcel was addressed to a 9 day old baby.  Initially the Royal Mail wouldn’t deliver it to her grandfather, apparently because the Data Protection Act required the baby to sign for it personally.  Not surprisingly, the ICO has confirmed that the Act does not require anything of the kind.