Section 40 FOIA provides for a number of exemptions in respect of ‘personal data’. The exemption which is most frequently prayed in aid by public authorities is the one provided for under s. 40(2), read together with s. 40(3)(a)(i). In essence, under these provisions, information will be absolutely exempt from disclosure under FOIA if: (a) it amounts to personal data, as defined in s. 1 of the Data Protection Act 1998 (“DPA”) and (b) its disclosure would contravene one or more of the data protection principles provided for under schedule 1 to the DPA. In practice, it can be very difficult to apply this exemption, particularly where the information in issue may comprise personal data relating to a number of different individuals. It was precisely this issue which the Tribunal had to tackle in the recent case of Bryce v IC & Cambridgeshire Constabulary (EA/2009/0083). In Bryce, a request had been made by Ms Bryce for disclosure of a police investigation report. The report addressed concerns which had been raised by Ms Bryce and others about the way in which the Cambridgeshire Constabulary had investigated the death of Ms Bryce’s sister, who had been killed by her husband. The Tribunal held that the report contained a multiplicity of different types of personal data including: Ms Bryce’s personal data; the husband’s personal data; personal data relating to the husband’s family; the personal data of witnesses; personal data relating to the deceased’s family; and personal data relating to officers who had conducted the investigation. Apart from Ms Bryce’s own personal data, which was exempt from disclosure under s. 40(1) FOIA, the Tribunal approached the question of how the s. 40(2) exemption applied to the remaining data by conducting a discrete analytical exercise in respect of each type of data. It is clear from the Tribunal’s analysis that it was of the view that very different considerations applied, for example, in respect of officers’ data as compared with the data relating to the husband’s family. The key implication of this judgment is that a public authority will expose itself to challenge under FOIA if it simply adopts a blanket ‘one size fits all’ approach to information comprising diffuse types of personal data. The judgment is also notable in that it applies the approach to the concept of ‘personal data’ which was approved in Durant v Financial Services Authority, rather than the arguably more liberal approach embodied in the Commissioner’s guidance: ‘Determining What is Personal Data’.
The scope of the Freedom of Information (Scotland) Act is the focus of a Scottish Government consultation that began on 28 July 2010. The consultation seeks views on whether the existing legislation should be widened to cover a greater range of bodies who deliver public services in Scotland. Organisations under consideration are contractors who build and/or maintain schools, hospitals and roads; private prison operators; leisure, sport and cultural trusts set up by local authorities; Glasgow Housing Association and the Association of Chief Police Officers in Scotland. The consultation process will run for 14 weeks, until 2 November 2010. The organisations to be consulted are: trusts and bodies established by local authorities with responsibility for providing leisure, sport and cultural services, which deliver services of a major benefit, and receive significant public money; private; prison operators, which provide services normally provided centrally by Government; Glasgow Housing Association; the Association of the Chief Police Officers in Scotland, which oversees and coordinates the direction and development of the Scottish police services, and which receives significant public funding; and private contractors who build and/or maintain schools and hospitals, and those who operate and maintain trunk roads across Scotland, which are key areas of public service which are often delivered under private contract.
The Court of Appeal has recently handed down an important judgment on the application of the law of confidence in matrimonial proceedings: Tchenguiz & Ors v Imerman  EWCA Civ 908. The background to the case was that an application for ancillary relief had been made by Mrs Tchenguiz Imerman (TI) against her husband, Mr Imerman. Fearing that Mr Imerman may seek to conceal the nature and extent of his assets in the context of the ancillary relief proceedings, one of TI’s brothers, possibly with the help of others, accessed a computer server in an office which Mr Imerman shared with TI’s brothers and then copied information and documents which Mr Imerman had placed on that server relating to his assets. In order to prevent TI relying on the information and the documents in the ancillary relief proceedings, Mr Imerman sought to restrain the defendants from communicating the information and documents which they had obtained to any third party (including TI and her lawyers). He also sought delivery up of all copies of the documents. Eady J granted the orders sought by Mr Imerman. The defendants appealed to the Court of Appeal. The central issue for the Court of Appeal was essentially whether TI should be allowed to use the information and documents in the context of the ancillary relief proceedings, despite the fact that they appeared to have been obtained by the defendants in breach of confidence and, hence, unlawfully. The case was rendered particularly complex as a result of what is commonly known in matrimonial proceedings as the ‘Hildebrande rules’. Historically, these rules have been applied by the courts in matrimonial ancillary relief proceedings so as generally to allow individuals to rely on evidence as to their spouses’ assets notwithstanding that that evidence has been unlawfully obtained.
In summary, the Court of Appeal held as follows:
· the information/documents had been unlawfully obtained by the defendants as they had been obtained in breach of confidence (and, further, in breach of Mr Imerman’s right to privacy);
· it may be that the obtaining of the information/documents had also amounted to: (a) criminal conduct on an application of s. 17 of the Computer Misuse Act 1990; (b) unlawful processing of Mr Imerman’s personal data under s. 4(4) Data Protection Act 1998 (DPA); and, further, (c) a criminal act under s. 55 DPA; although having found that the information/documents were obtained unlawfully in breach of confidence, the Court did not need to reach a concluded view on these issues;
· the question for the Court was whether it should effectively condone the illegal self-help methods adopts by the defendants simply because it was feared that Mr Imerman may behave unlawfully and conceal that which should be disclosed in the ancillary relief proceedings. The answer to that question was: ‘No’ (see para. 107). As the Court suggested: ‘The tort of trespass to chattels has been known to our law since the Middle Ages and the law of confidence for at least 200 years, yet no hint of any defences of the kind now being suggested is to be found anywhere in the books’ (para. 117). Thus, the Hildebrande rules could not be justified on any grounds;
· if there were concerns that an individual may seek dishonestly to conceal assets in the context of ancillary relief proceedings, the correct course would be for the spouse to seek to protect her/his position through lawful means, for example by applying to the court for an anton pillar order.
The judgment is important not least because it highlights the essentially inalienable nature of the common law rights to confidentiality and privacy. There is no doubt that the judgment will be controversial, not least because of concerns that it fails to recognise the significant power imbalance which often obtains between spouses in matrimonial proceedings.
The Investigatory Powers Tribunal today issued its decision in the first substantive public case on the use of surveillance powers under the Regulation of Investigatory Powers Act 2000.
Poole Borough Council suspected that Jenny Paton and her family may have lied about living in the catchment area of a sought-after primary school in Dorset. It therefore monitored their activity for around 3 weeks in 2008. This included covertly monitoring the movements of family members and their car, as well as examining the contents of their rubbish.
The IPT found that:
(1) investigating a potentially fraudulent school application was not a proper purpose in the sense required by RIPA;
(2) in these circumstances, the Council’s actions were in any event disproportionate, in that they were not necessary to achieve that aim, and
(3) the Council’s actions had breached the family’s rights under Article 8 of the ECHR.
Poole Borough Council has accepted the ruling and apologised to Ms Paton and her family.