2016 – Page 8 – Panopticon

Won’t Someone Think of the Children?

Posted on 6th May 2016 | by Christopher Knight

There has long been considerable public concern over the restraint techniques used in young offender institutions and secure training centres. In Willow v Information Commissioner & Ministry of Justice [2016] UKUT 157 (AAC), the Upper Tribunal had to consider the public interest balance as it applied to section 31(1)(f) FOIA, i.e. information prejudicial to the maintenance of security and good order in prisons or other institutions in which people are detained. The request had been for the physical restraint training manual, and the FTT had upheld the application of the exemption.

Much of the judgment is concerned with a reasons challenge of fairly limited wider interest, although Judge Markus stressed that the balancing exercise involves weighing the risk of actual harm and the real chance of benefits, taking account of consequences which are realistic possibilities, and that where the ‘likely to prejudice’ limb was being run concrete evidence was likely to be in short supply. So far, so orthodox, and the reasons/lack of evidence challenge was really a re-run of arguments which failed in the FTT.

More unusual was the centrality to the arguments of the UN Convention on the Rights of the Child. Everyone accepted that the interests of children were part of the balance, but the Respondents (not unfairly) pointed out, that was what the whole case was about, and those interests did not all point one way. However, the argument for the requestor went beyond that, suggesting that article 3(1) of the Convention required particularly close focus on those interests and that FOIA should be construed so far as possible in accordance with that provision.

Judge Markus was having none of this. The Convention is an unincorporated treaty, and she carefully analysed the case law to explain that the authorities did not require unambiguous legislation to be construed consistently with an unincorporated provision, particularly where no ECHR right was engaged (which can be sidewind route to using the Convention). She firmly held that FOIA was not ambiguous, there was no ECHR issue and FOIA could not be incorporating or reflecting article 3(1) in any way. In short, everyone had been thinking of the children, and they were not required to think about them with any greater force.

Christopher Knight

Regulation 2016/679 – the GDPR by any other name

Posted on 4th May 2016 | by Christopher Knight

If you thought the GDPR had a disappointing ring of informality to it, you will be delighted to hear that the final translated text of the GDPR has now been published in the Official Journal. As a result, it has a number: Regulation 2016/679. But it is not just a number; it is also a free man, having a lengthy name (“Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC”). The OJ English text in html can be found here, and the pdf here. Article 99(2) provides that it shall apply from 25 May 2018.

Altogether now: ‘Remember my name: Regulation 2016/679! I’m going to live forever!* I’m going to learn how to fly!**”

*Or at least until the next burst of data protection enthusiasm.

**Although better details on learning to fly may be found in the new Passenger Name Record Directive, or Directive 2016/681. The Criminal Law Enforcement Data Protection Directive, or Directive 2016/680, has also now been published.

Regulation 2016/679 doesn’t sound very catchy, but we’ll all know it off by heart soon enough.

Christopher Knight

FOI in Scotland — changes afoot

Posted on 20th April 2016 | by James Goudie KC

James Goudie QC explains the new designations made under the Freedom of Information (Scotland) Act 2002 (Designation of Persons as Scottish Public Authorities) Order 2016. Read the article click here

James Goudie QC

Can privacy survive publicity? – Judgment in PJS

Posted on 18th April 2016 | by Anya Proops KC

It has long been clear that, so far as the common law is concerned, there is no neat dividing line between information which is private and that which is public. Thus, depending on the circumstances, information relating to an individual’s private life which has entered the public domain may yet engage privacy rights (see further e.g. McKennitt v Ash [2005] EWHC 303 (QB) and Green Corns v Claverley [2005] 958 (QB) and Rocknroll v News Group [2013] EWHC 24 (Ch)). However, what is the position where, notwithstanding that an injunction restrains the publication of the information domestically, the information is being extensively published and shared online elsewhere around the world?

This is the difficult issue which the English Court of Appeal was required to address in the high profile case of PJS v News Group Newspapers [2016] EWCA Civ 393. In PJS, the English Court of Appeal had granted the claimant an interim injunction restraining publication of information concerning his engagement in a particular sexual encounter, the notorious ‘celebrity threesome’. There had been no legal challenge to the granting of the injunction. However, after the injunction was granted, the story was published overseas and promptly spread like wildfire on the internet. This led to an application by NGN to discharge the injunction, on the basis that, because PJS’s identity was now so widely known, it was in effect not worth the paper it was written on. Continue reading →

Welcome to the future of European Data Protection

Posted on 14th April 2016 | by Robin Hopkins

We have crossed the Rubicon. Several years of tortuous haggling, drafting and editing have culminated in the new General Data Protection Regulation, which will become the bedrock for EU data protection law. In the last couple of hours, the European Parliament has voted on and approved the final agreed text of the GDPR. The GDPR is expected to come into force around mid-2018. You can read the final text here, and (courtesy of @PrivacyMatters), you can find a photo here of the GDPR’s champion, Jan Albrecht, smiling at the outcome, in his trademark jaunty stiped shirt and jacket.

In the meantime, the immediate future of EU-US personal data transfers is much less certain. Chris Knight has previously explained the ‘Privacy Shield’, a kind of emergency sticking plaster measure introduced in the wake of the Schrems litigation, which killed off the Safe Harbor arrangements for transatlantic transfers. The Article 29 Working Party – perhaps the EU’s most authoritative voice on data protection matters – has this week endorsed aspects of Privacy Shield as an improvement on Safe Harbor. Crucially, however, the A29 WP is far from convinced that Privacy Shield is up the answer. It has ‘strong concerns’, which you can read about here. No Rubicons crossed on this issue just yet.

Robin Hopkins @hopkinsrobin

Vicarious liability for rogue employee’s data leak

Posted on 12th April 2016 | by Robin Hopkins

Suppose confidential, private and sensitive information is sold, leaked or otherwise wrongly disclosed by a rogue employee: is the employer vicariously liable? This question is a troubling one for many an employer and data controller. A new judgment on a claim for misuse of private information sheds some light on this question – and will not be comforting for employers and data controllers. The case is Axon v Ministry of Defence [2016] EWHC 787 (QB).

The Claimant was the commanding officer of a Royal Navy frigate when, in December 2004, he was summoned to London and relieved of his command following an investigation into his alleged bullying of officers on his ship. In that same month, the Sun published articles about the incident (‘Mutiny Skipper Sacked’ and so on). Continue reading →

WordPress + Bootstrap

Year: 2016