The question of whether the convention on collective cabinet responsibility operates, in effect, as a trump card in the FOIA context has been considered in a number of tribunal cases (see further for example the Lamb case concerning a request for disclosure of the Iraq war cabinet minutes and the Cabinet Office case concerning cabinet discussions over the Westland takeover (“the Westland case”)). Last week, in Cabinet Office v IC, the First-Tier Tribunal handed down a decision in which it reconfirmed the principle that the convention, whilst undoubtedly an important consideration in the FOIA context, does not create any absolute bar against disclosure.

The facts of the Cabinet office case were as follows. In 1988, Rowntree Mackintosh, the well-known UK confectionary group, was acquired by Nestlé. The takeover was hugely controversial at the time. The decision to approve the takeover and not to refer it to the Monopolies Commission was taken by Lord Young, then Secretary of State for Trade and Industry. In 2008, a request was made by a Mr Aitcheson (A) for disclosure of all documents held by the Cabinet Office (CO) relating to the takeover dated between April and August 2008. That request was largely refused by the CO on an application of ss. 35(1)(a) and (1)(b) (respectively the government policy exemption and the ministerial communications exemption). In September 2010, the tribunal handed down its decision in the Westland case. In that case, the tribunal decided that the convention on collective cabinet responsibility did not operate so as to prevent disclosure of the minutes of the meeting of the cabinet in 1986, in which Michael Heseltine resigned due to his disagreement with colleagues over whether the government should intervene in the investment by an American company in the British helicopter manufacturer Westland plc. That decision was not vetoed by the Government (cf. the Lamb decision which was vetoed by the government). In light of the decision in the Westland case, A resubmitted his request to the CO for disclosure of information relating to the Rowntree takeover. The request was again refused. On this occasion the CO took the position that there were five documents which were exempt from disclosure under ss. 35(1)(a) and (b). It also refused to confirm or deny whether it held information revealing cabinet discussions of the takeover on an application of s. 35(3)).

The Commissioner concluded that, whilst the five documents fell within the ambit of the exemptions provided for under s. 35, the public interest balance fell in favour of disclosure. He also concluded that, whilst the CO had been entitled to conclude that s. 35(3) was engaged, the public interest balance weighed in favour of the CO being compelled to confirm or deny whether it held information revealing cabinet discussions of the takeover. The CO appealed against the Commissioner’s decision. It did so particularly on the basis that the decision failed to give due weight to the very strong public interest in upholding the convention on collective cabinet responsibility.

The CO’s appeal was unsuccessful. The Tribunal (chaired by Judge Angel) agreed with the Commissioner that both under s. 35(1) and under s. 35(3)  the public interest balance weighed in favour of disclosure. In reaching this conclusion, the Tribunal relied in particular on the following considerations:

–       the age of the information – the decision in question was now more than 20 years old

–       the move to a ’20 year rule’ – at the time of the request, the government had already made a policy decision to amend existing legislation so as to reduce the 30 year rule for historical records to be transferred to the National Archive to 20 years and the age of the requested information should be considered in that context

–       key characters had left the political stage – Lord Young was no longer in government at the time of the request and whilst he continued act as an adviser to the government he did so in relation to policy issues which were unrelated to takeover issues; he was not even performing that advisory role by the time of the internal review

–       ‘chilling effect’ unlikely – the CO’s arguments that disclosure would have a chilling effect on Cabinet discussions could not be accepted. This was particularly given the age of the information in issue. (The Tribunal was no doubt influenced on this issue by the fact that the disclosure in the Westland case had not apparently had any notably chilling effect on subsequent cabinet discussions)

–       diminished need for a ‘safe space’ – the CO’s  arguments that it needed to preserve a ‘safe space’ for cabinet discussions were in any event weakened by the fact that the regime governing takeovers had fundamentally changed by the time of the request. Thus, there was no live policy debate within government which required protection

–       strong public interests in disclosure – there were particularly strong public interests in favour of disclosure. Relevant here was not only the particularly controversial nature of the Rowntree takeover but also the fact that Lord Young had been exercising a ‘quasi-judicial’ role in respect of the takeover. Given his quasi-judicial role, there was a particularly strong public interest in revealing information which showed whether or not his decision had been compromised by improper political or other pressure.

It remains to be seen whether the government will now exercise its powers of veto to prevent the information being disclosed. 11KBW’s James Cornwell acted for the CO. Robin Hopkins acted for the Commissioner.

Anya Proops

Cloud computing is becoming an ever more pervasive feature of the technological world. Whether one is dabbling in social networking or purchasing goods online, the truth is that we all, to a greater or lesser extent, now have our heads in the virtual clouds. However, the use of cloud computing inevitably raises important information law issues, particularly in terms of the impact on privacy rights and also under the Data Protection Act 1998. So far as the DPA is concerned, issues which fall to be considered include:

• who actually controls the data which is being processed via the cloud (i.e. who is liable under the DPA if things go wrong in data protection terms)

 

• what steps a data controller may be required to take to safeguard against misuses of personal data within the cloud

 

• the security implications of processing personal data through cloud computing and, in particular, whether the processing of data via the cloud is compliant with the seventh data protection principle

 

• the legality of using clouds which operate transnationally and, hence, which may bring into play the application of the eighth data protection principle on cross-border data transfers

Importantly, the Information Commissioner has today issued guidance which is designed to help organisations navigate their way through the potentially complex DPA issues which may arise in the context of cloud computing. You can find the guidance here.

Particular points to note about the guidance include the following:

• the Commissioner has (unsurprisingly) confirmed that the DPA applies to any processing of personal data which takes place in the cloud

 

• the guidance suggests that, when it comes to determining who is the ‘data controller’ in respect of data which is processed via the cloud, one should generally look to the purchaser of the particular cloud services (i.e. the cloud service customer). This is because it is typically the cloud customer who will determine the purposes for which and the manner in which the data is being processed (see further the definition of ‘data controller’ in s. 1(1) DPA). However, that is not to say that there will not be cases where the cloud provider itself has sufficient control over the data such that it can properly be designated as a ‘data controller’ under the Act

 

• if two or more data controllers within a ‘community cloud’ intend to share data they should take time to clarify their roles and decide who is the controller in respect of which data

 

• a data controller cannot simply assume that, because a cloud provider has a set of standard terms and conditions, those terms and conditions afford sufficient safeguards to guarantee compliance with the DPA. The data controller must itself take steps to ensure that the safeguards deployed by the particular cloud provider are fit for purpose, having regard not least to the sort of data in issue and how it is to be processed. This may well entail the data controller looking for cloud providers which can tailor their services to accommodate the data controller’s specific requirements

 

• data controllers should ensure that they are only putting data into the cloud which actually needs to be there. Thus, data controllers should effectively ensure that they are sieving their data before putting it on the cloud and should create clear records of the sort of data they intend to move to the cloud

 

• insofar as the particular cloud service results in the collection of meta-data about the data subject (e.g. information revealing transaction histories), data controllers should be aware that this may also constitute personal data to which the data protection principles apply

 

• cloud customers should adopt strategies to limit the chances that the use of cloud computing will breach the data protection principles, such strategies should include:

 

• conducting risk assessments

 

• ensuring that appropriate written contracts are in place with the cloud provider

 

• reviewing the quality and depth of the security arrangements offered by the cloud provider

 

• ensuring that adequate security measures are applied to the data (e.g. via encryption, use of password access etc)

 

• ensuring that the cloud provider has in place a suitable retention and deletion policy and querying what happens to any data on the cloud in the event that the cloud customer withdraws from the cloud

 

• ensuring that the cloud provider’s own access to the data is suitably controlled and limited

 

• taking measures to ensure that the cloud provider is not itself in a position to start adapting the purposes for which the data is being processed without the cloud customer’s authorisation

 

• exploring with the cloud provider the extent to which the data may be transferred abroad (e.g. because the cloud straddles a variety of different jurisdictions) and, further, the quality of any data protection regime applicable in any foreign jurisdiction to which the data may be transferred

 

• having policies in place which ensure that data subjects are properly informed about how their data is being processed

 

•  monitoring data compliance once the cloud services have been obtained

All organisations which use or provide cloud services should, as a matter of urgency, familiarise themselves with this policy or else risk developing a stormy relationship with the Commissioner in future.

Anya Proops

A number of interesting news stories engaging information law principles have been hitting the headlines over the last couple of days. First, the Communities Secretary, Eric Pickles, has issued a report condemning the excessive use of surveillance powers by public authorities under RIPA, including local authorities and others (you can read about the report in this Guardian article). Second, the Guardian has reported on information obtained from the Metropolitan Police under FOIA which apparently reveals that around 14m Metropolitan Police intelligence reports and 38m intelligence reports from other forces are being made available to all of Britain’s police agencies on the Police National Database. The reports evidently contain information about not only about convicted offenders but also about individuals who have never been charged or convicted of any crime (see the article here and see further on this issue my post in June of this year on the retention of police custody photos). Third, there has today been discussion in the media of the Legal Services Ombudsman’s decision to publish online the names of solicitors and barristers where either ‘a pattern of complaints’ has emerged in respect of a particular lawyer or where publication is otherwise ‘in the public interest’ (see further today’s Radio 4 ‘You and Yours’ programme where the LSO spelled out his policy on this issue – you can find the programme here; go to the 21st minute of the programme).

Whilst ostensibly disparate in nature, all of these stories raise a common information law question, namely whether the measures which have been adopted by these various public authorities accord with the rights of individuals under the Data Protection Act 1998 (DPA) and Article 8 ECHR. Answering this question entails consideration of a number of different issues including not least whether the particular measure serves a legitimate aim and also importantly whether it constitutes a proportionate means of achieving a legitimate aim (in the case of public authority surveillance further important questions will also arise under RIPA).What all of these stories confirm is a point which will not be news to information lawyers, namely that information law issues have an increasing resonance in debates over the ways in which public authorities operate.

Anya Proops

In June of this year, I posted about a couple of cases in which Norwich Pharmacal orders (NPOs) had been made against Facebook (see my posts here and here). However, these are by no means the only notable recent examples of NPOs being considered by the court. Other examples, which certainly merit a mention on Panopticon include not least: Rugby Football Union v Viagogo Ltd [2011] EWCA Civ 1585 (NPO requiring disclosure of personal data did not breach the DPA or the DP Directive); Golden Eye v Telefonica [2011] EWHC 723 (Ch) (also concerned with the protection of the rights of data subjects) and R(Omar & Ors) v Secretary of State for Foreign and Commonwealth Affairs [2012] EWHC 1737 (Admin) (use of NPO for the purposes of foreign proceedings).

The Norwich Pharmacal Principles

Before examining these cases, it is worth citing from the speech of Lord Reid in Norwich Pharmacal v Customs and Excise Commissioners [1974] AC 133 where Lord Reid characterised the essential nature and purpose of an NPO as follows:

“If through no fault of his own a person gets mixed up in the tortious acts of others so as to facilitate their wrongdoing he may incur no personal liability but he comes under a duty to assist the person who has been wronged by giving him full information and disclosing the identity of the wrongdoers. I do not think that it matters whether he became so mixed up by voluntary action on his part or because it was his duty to do what he did. It may be that if this causes him expense the person seeking the information ought to reimburse him. But justice requires that he should co-operate in righting the wrong if he unwittingly facilitated its perpetration.” (p. 175)

Typically, there are five issues which fall to be considered whenever the court is invited to make an NPO (see further by way of example the Viagogo case).

(1)  Had arguable wrongs been committed against the claimant?

(2)  Was the defendant mixed up in those wrongs in the sense that it had facilitated them, albeit it innocently?

(3)  Was the claimant intending to seek redress for those wrongs?

(4)  Was the disclosure of information via an NPO necessary so as to enable the claimant to pursue that redress?

(5)  Should the court exercise its discretion so as to grant relief?

On the latter point, it is worth noting that the court’s discretion to grant an NPO is equitable in nature. It will exercise that discretion by reference to all the relevant circumstances so as to achieve a result which is just in substance. However, as can be seen from the Viagogo and Golden Eye judgments discussed below, in exercising its discretion the court will also have to take into account any relevant statutory obligations, including for example obligations imposed under the DPA and the Human Rights Act.

It is also worth noting the recent re-statement of the Norwich Pharmacal jurisdiction in President of the State of Equatorial Guinea v RBS International [2006] UKPC 7 where the Privy Council said this about the test of ‘necessity’:

“It is true that in some cases the word “necessary” has been used, echoing or employing the language of order 24, rule 13 of the Rules of the Supreme Court. But, as Templeman LJ observed in British Steel Corporation v Granada Television Limited [1981] AC 1096, 1132, “The remedy of discovery is intended in the final analysis to enable justice to be done”. Norwich Pharmacal relief exists to assist those who have been wronged but do not know by whom. If they have straightforward and available means of finding out, it will not be reasonable to achieve that end by overriding a duty of confidentiality such as that owed by banker to customer. If, on the other hand, they have no straightforward or available, or any, means of finding out, Norwich Pharmacal relief is in principle available if the other conditions of obtaining relief are met. Whether it is said that it must be just and convenient in the interests of justice to grant relief, or that relief should only be granted if it is necessary in the interests of justice to grant it, makes little or no difference of substance”

Viagogo – NPOs and the DPA

In Viagogo, the Rugby Football Union (RFU) sought an NPO against Viagogo (V) on the basis that V had innocently allowed its website to be used by third party individuals so as to advertise the sale of tickets for rugby matches at unduly inflated prices. In essence, the RBU sought to rely on Norwich Pharmacal principles so as to obtain disclosure from V of information identifying the third party individuals who, the RBU claimed, had acted in breach of contract and otherwise tortiously by selling the tickets at inflated prices. The judge at first instance granted the NPO sought by the RBU. V appealed against the order on the basis that it could not be reconciled with the provisions of the DPA or the DP Directive.

V accepted that the DPA and the Directive contained provisions which created exemptions in respect of the disclosure of personal data which was required by order of the court or which was necessary for the purposes of exercising or defending legal rights (see further s. 35 DPA). In light of these exemptions, V also accepted that the Norwich Pharmacal  jurisdiction was not per se incompatible with the DPA and the Directive. However, V argued that, in light of relevant European Court judgments including Satakunnen and Schecke v Land Hessen, disclosure of personal data should only be ordered by the court if this was ‘strictly necessary’ and ‘proportionate’ to the aim sought. V went on to argue that the application made by the RBU did not meet these requirements.

The Court of Appeal rejected V’s appeal. It held that the RFU had made out its case as to arguable wrongdoing by the third party. It also held that Viagogo had effectively been mixed up in that wrongdoing as its website had facilitated the advertising and sales of the tickets. On the question of whether the RFU intended to seek redress, the court rejected arguments to the effect that there was insufficient evidence of such an intention. On this point, the court noted that whilst any damages against the third parties may not be substantial, the RFU was still in a position to seek to protect its position by obtaining injunctive relief. The court also accepted that the order was necessary as the RFU had no other means of identifying the alleged wrongdoers. On the question of whether the court should apply a further test of ‘proportionality’, in order to comply with the DPA and the Directive, Longmore LJ said this:

’28. Once it is established that there is arguable wrongdoing by unidentified individuals and that there is no realistic way of discovering the arguable wrong doers other than a Norwich Pharmacal order, it will generally be proportionate to make such an order revealing the identity of those arguable wrongdoers. There can be no reasonable expectation of privacy in respect of data which reveal such arguable wrongs and Viagogo’s own conditions of business point out to their customers that there may be circumstances in which their personal data will be passed on to others. Mr Mill submitted that the acceptance of such conditions constituted a waiver by Viagogo’s customers of confidentiality in their personal data. I doubt if that is right but the fact that Viagogo’s conditions of business contemplate that personal data of their customers may be revealed is not wholly irrelevant to proportionality.

 29. I would prefer to say that the requirement that Viagogo disclose a limited amount of personal data in this case is proportionate because there is no other way in which arguable wrongdoing can be exposed. In this case, as in many other Norwich Pharmacal cases, necessity and proportionality may go hand in hand. The terms of the order must, of course, be proportionate but Viagogo have never suggested that some more limited form of order would be appropriate. The only personal data ordered to be revealed are the names and addresses of the arguable wrongdoers. That seems to me to be both proportionate and just.’

The court went on to find that, in all the circumstances, the judge was plainly entitled to exercise his discretion in favour of making the order.

Golden Eye v Telefonica

In Golden Eye, copyright owners brought a claim for Norwich Pharmacal relief against an internet service provider in circumstances where the copyright owners suspected that internet consumers had been engaged in peer-to-peer file sharing of their material in breach of copyright. In essence, the claimants sought to obtain information identifying the internet consumers so that they could write to the claimants and seek redress from them in respect of the alleged wrongful file-sharing.  Like Viagogo, the case raised questions about whether the order sought could be reconciled with the rights of the internet consumers in their capacity as data subjects. In the course of his judgment, Arnold J alluded to the Court of Appeal’s judgment in Viagogo and also to its earlier judgment in Totalise plc v Motley Fool Ltd [2001] EWCA Civ 1897 (which was not referred to in Viagogo) where Aldous LJ held as follows:

24. It is not necessary to construe section 35 or paragraphs 5 and 6 of Schedule 2, but it is manifest from paragraph 6 of Schedule 2 [of the Data Protection Act 1998] that no order is to be made

for disclosure of a data subject’s identity, whether under the Norwich Pharmacal doctrine or otherwise, unless the court has first considered whether the disclosure is warranted having regard to the rights and freedoms or the legitimate interests of the data subject. By virtue of section 10 of the Contempt of Court Act 1981, if applicable, the court must also be satisfied that disclosure is necessary in the interests of justice.  

25. In a case such as the present, and particularly since the coming into force on 2 October 2000 of the Human Rights Act 1998, the court must be careful not to make an order which unjustifiably invades the right of an individual to respect for his private life, especially when that individual is in the nature of things not before the court: see the Human Rights Act 1998, section 6, and the European Convention for the Protection of Human Rights and Fundamental Freedoms, articles 10 and (arguably at least) 6(1). There is nothing in article 10 which supports Mr Moloney’s contention that it protects the named but not the anonymous, and there are many situations in which – again contrary to Mr Moloney’s contention – the protection of a person’s identity from  disclosure may be legitimate.

 26. It is difficult to see how the court can carry out this task if what it is refereeing is a contest between two parties, neither of whom is the person most concerned, the data subject; one of whom is the data subject’s prospective antagonist; and the other of whom knows the data subject’s identity, has undertaken to keep it confidential so far as the law permits, and would like to get out of the cross-fire as rapidly and as cheaply as possible. However, the website operator can, where appropriate, tell the user what is going on and to offer to pass on in writing to the claimant and the court any worthwhile reason the user wants to put forward for not having his or her identity disclosed. Further, the court could require that to be done before making an order. Doing so will enable the court to do what is required of it with slightly more confidence that it is respecting the law laid down in more than one statute by Parliament and doing no injustice to a third party, in particular not violating his convention rights.”

 The court went on to consider whether the relief which was being sought in the present case was ‘proportionate’ having regard to the rights of the data subjects (see para. 116 et seq). On this point, the court noted that when determining the issue of proportionality, the court had to strike a fair balance between the property rights of the copyright owners (as afforded under Article 17(2) of the Charter of Fundamental Rights of the European Union and Article 1 of Protocol 1 ECHR) and the rights of the data subjects (as afforded under Article 8 of the Charter and Article 8 ECHR). Ultimately, the court held that the balance tipped in favour of ordering that the defendant disclose the identity of the internet consumers. Notably, and in contrast with the approach suggested in Totalise, the court was of the view that it would not have been practicable to have required the defendant to notify the consumers of the NP proceedings, not least given the number of consumers in issue (para. 140).

See further Julian Wilson’s pre-Golden Eye 2010 post on the use of NPOs by copyright owners in respect of file-to-file sharing.

Omar – Using NPOs for Foreign Proceedings

The case of Omar raised particularly complex issues. This was because the claimants were seeking an NPO to assist them in the context of foreign proceedings. The foreign element of the claim meant that the court was required to address not only the usual five issues applicable in the context of applications for NPOs but also a range of other issues, including how the court’s powers should be exercised so as to avoid infringing the principle of the comity of nations.

The background to the Omar case was that the claimants were facing charges of terrorism and murder before the Ugandan criminal courts in connection with their alleged involvement in the FIFA world cup bombing in Kampala in 2010. In response to the criminal proceedings, the claimants had gone on to petition the Ugandan Constitutional Court (UCC) on the basis that the criminal proceedings were unlawful and an abuse of process because they had come about in circumstances where the claimants had been illegally rendered from Kenya to Uganda, where they had been subject to torture and ill-treatment. Whilst the petition before the UCC was still pending, the claimants brought proceedings in the English Administrative Court against the Foreign Office. In essence, the claimants sought to rely on Norwich Pharmacal principles to obtain an order requiring the Foreign Office to disclose evidence and information which the claimants asserted was relevant to their petition to the UCC. The order was being sought on the basis that: (a) the UK Intelligence Services had been mixed up in the alleged unlawful rendition of the claimants and (b) it was necessary for the claimants to obtain any evidence held by the Foreign Office in connection with these matters for
the purposes of the proceedings before the UCC.

The High Court (presided over by the President of the Queen’s Bench Division) rejected the claimant’s application for an NPO. In summary, it found that the application was without merit for a number of different reasons, as summarised below.

(1) The question of how the court should address applications for the disclosure of evidence relating to foreign proceedings involving criminal allegations should be answered by reference to the provisions of the applicable statutory scheme, namely the Crime (International Co-Operation) Act 2003. Pursuant to the statutory scheme, the court would only order the disclosure of evidence where this had been requested by the Ugandan prosecutor or the Ugandan court. No such request had been made in the present case. Thus, the application for an NPO must be refused on the basis that it amounted to an impermissible attempt to circumvent the statutory scheme (paras. 31-72).

(2) The court would in any event have refused to grant an NPO in view of the fact that no application for disclosure had been made in the Ugandan courts. The principle of comity of nations would preclude the English court from making an order for disclosure which would have the effect of trespassing on foreign judicial proceedings, save where those foreign proceedings were patently inadequate or there was some other compelling reason for making of the order. Those considerations did not arise in the present case (paras. 73-80).

(3) In any event, an NPO could only be ordered where the claimants had established that the order was ‘necessary’ in all the circumstances (see further the discussion in Omar of the test of ‘necessity’ as considered in R(Binyam Mohamed) v Secretary of State for Foreign and Commonwealth Affairs [2008] EWHC 2048 (Admin) (“Binyam Mohammed No.1“) and the President of the State of Equatorial Guinea v Royal Bank of Scotland International (Privy Council, 2006)). In the present case, the claimants had failed to establish that an NPO was necessary because they had not sought to apply for disclosure in Uganda in relation to their arrests (paras. 81-90).

(4) Furthermore, whilst it was accepted by the Foreign Office that the claimants had made out a sufficient case of alleged wrongdoing in respect of their removal from Kenya to Uganda, an NPO could only be contemplated by the court if the Foreign Office had not merely been ‘mixed up’ in the wrongdoing but had, by its actions, positively ‘facilitated’ it. The court’s conclusions on whether the UK Intelligence Services had facilitated the alleged wrongful rendition of the claimants was set out in a closed annex to the judgment (paras. 91-102).

(5) If, contrary to the court’s earlier findings, the discretion to order an NPO had been engaged, the court would in any event have exercised its discretion so as to refuse relief. There were important factors which favoured the granting of relief in this case, including the fact that the claimants were facing the death penalty in Uganda. However, these factors were insufficient to justify the making of an NPO, particularly in view of evidence from the Foreign Office to the effect that the making of the order would be seen as a deliberate attempt by the UK to derail the Government of Uganda in its attempts to bring terrorists to justice and, further, ‘a grave betrayal of the of the UK’s promise to stand with Uganda in its fight against terrorism’. In reaching these conclusions, the court took into account in particular the analysis of how the discretion to order an NPO in respect of foreign proceedings should be exercised which was set out in Binyam Mohamed No. 1.

On the separate question of whether the Foreign Office had conducted reasonable and proportionate searches to discover whether it held evidence relating to the claim of ill-treatment, the court held that, on the evidence, the Foreign Office had discharged its duties in this regard (paras. 108-111).

One other notable feature of the judgment is what it says about how disclosure relevant to the application for an NPO should be dealt with by the court. In summary, the court concluded that the claimants were not entitled to disclosure under CPR 31 and that, more generally, a defendant would not be ordered to effect disclosure in a manner which revealed to the claimants the very information which was being sought through the proceedings. Similarly, the court held that, if and insofar as it needed to reference in its judgment information or evidence which had properly been withheld from the claimants, those references could and should be made in a closed annex which would not be disclosed to the claimants or the public at large (paras. 22-29). In this respect, the court’s approach to handling applications for NPOs closely resembles the approach which the information tribunal takes to the handling of closed evidence in the context of appeals under FOIA.

This judgment is important for a number of reasons. First, it highlights the court’s strong predisposition to avoid deploying its NPO powers in a way that might be regarded as exhibiting a colonialist attitude to foreign judicial proceedings. Second, it demonstrates the generally very high hurdles which will have to be cleared by a claimant who is seeking an NPO for use in foreign proceedings involving allegations of criminal wrongdoing. 11KBW’s Karen Steyn acted for the Secretary of State.

Anya Proops

Yesterday the Government issued a second veto preventing the disclosure of minutes which recorded Cabinet discussions in 2003 on the Attorney General’s advice concerning military action against Iraq. The first veto which was issued in respect of this information was issued by Jack Straw MP in 2009 (see my post on the veto here). The second veto relates to a more recent request for disclosure of the same minutes, namely a request in March 2011. This more recent request was refused by the Government on an application of s. 35 FOIA (exemption in respect of policy formulation). The Commissioner accepted that s. 35 was engaged in respect of the minutes but found that the public interest balance weighed in favour of disclosure, particularly in view of the extremely strong public interests in creating transparency and accountability around the Labour Government’s decision to go to war in Iraq and the passage of time and changed circumstances since the Cabinet discussions took place (you can find his decision notice no. FS50417514 here). The Attorney General, as the person responsible for the advice which was being discussed in cabinet, assumed responsibility for issuing the veto certificate under s. 53. It appears that he consulted his colleagues in the Cabinet, the Commissioner and the Leader of the Opposition prior to issuing the veto.

In his Statement of Reasons for issuing the veto (which you can find here), the Attorney General notes that there were extremely strong public interests in the disclosure of the minutes. However, his position is that the need to protect a ‘safe space’ for Cabinet discussions relating to such highly sensitive matters was just as acute in 2011 as it had been when the first request for disclosure was made in December 2006. This was so, in his view, notwithstanding that the Cabinet discussions were, as at 2011, nearly a decade old; that there had since been a change of Government and, further, that UK forces were no longer engaged in combat in Iraq. The Attorney General’s view was that, irrespective of their age and the changed circumstances, disclosure of the minutes would have had a seriosuly chilling effect on Cabinet discussions in future. This was particularly because ‘the issue of Iraq was still live’ and most of the individuals involved in the discussions ‘are still Members of Parliament or otherwise active in public life’. The Attorney General also stated that, in assessing the public interest in disclosure, he had taken into account: ‘the very substantial amount of information which the public already has about the decision to use armed force in Iraq. That decision has arguably been subject to greater scrutiny than any other decision of the previous administration…’. He went on to refer in this context to the Hutton Inquiry, the Butler report and the more recent Chilcott Inquiry, which has still yet to issue its report. It is also clear that principle of upholding the convention of collective cabinet responsibility also weighed heavily in the Attorney General’s assessment of the public interest in maintaining the exemption.

Notably, the Attorney General was at pains to make clear that he had issued the veto because this was an ‘exceptional’ case and, as such, fell within the four corners of the Government’s existing policy in issuing vetoes. As I indicated in my earlier post on the Justice Committee’s report on FOIA (which you can find here), there is now a live question as to whether the Government’s policy will in any event be watered down so that it can also apply in non-exceptional cases.

Anya Proops

As Tim Pitt-Payne QC commented in his post on the report earlier today, the Committee’s report has not landed a bombshell in the middle of the FOIA landscape. To a very large extent, the report endorses the current structure and content of the legislation, something which the Commissioner clearly welcomes (see his recently published statement here). However, whilst the Committee has largely resisted calls for FOIA to be amended, it has commented fairly extensively on how the Act should be applied in practice. This commentary is doubtless going to influence the evolution of FOIA case-law for the foreseeable future.

Perhaps most notable in this context is the Committee’s commentary on the application of the ‘safe space’ exemptions afforded under ss. 35 and 36 FOIA. As regular readers of Panopticon will know, the question of whether the qualified exemptions provided for under ss. 35 and 36 are fit for purpose in terms of creating the necessary safe, confidential space within which sensitive government policies can be openly and frankly debated has been a political hot potato for some time. The former Prime Minister, Tony Blair, the current Prime Minister, David Cameron, and those who have operated at the highest level of the Civil Service, including the former Cabinet Secretary, Gus O’Donnell, have all voiced concerns to the effect that the application of FOIA is having a ‘chilling effect’ on the operation of government. The nub of the argument here is that ss. 35 and 36 do not allow for a clearly delineated and consistently protected ‘safe space’ for high level policy discussions, including cabinet discussions. It has been suggested that this undermines the operation of government in three ways. First, it leads to participants in policy discussions not expressing themselves openly and frankly. Second, it leads to participants avoiding recording their discussions (e.g. communicating by telephone rather than by email). Third, it deters third party stakeholders from contributing to policy discussions. These concerns have led to questions being posed as to whether FOIA should be amended so as to create an absolute class-based exemption in respect of information relating to high level policy discussions.

In his evidence to the Committee, the Commissioner resisted calls for FOIA to be amended so as to create such an exemption. His position has consistently been that FOIA already amply accommodates the need to create a safe space for policy discussions and that, as currently formulated, the Act allows for a proper balance to be struck between the need to create a safe space for policy discussions and the need to create a meaningful level of transparency and accountability around such discussions. The Commissioner has also specifically challenged the notion that FOIA has, in practice, had any chilling effect on the way in which government functions.

The following is a summary of the Committee’s conclusions on the ‘safe space’ issue:

• on the available evidence, it was difficult to say whether FOIA, as currently formulated and applied, was having a chilling effect on the operation of government. A central difficulty here was that, if civil servants and others were erring on the side of not recording their discussions, there would be no paper trail evidencing this behaviour (paras. 154, 190 and 200).

 

• Whilst there were numerous decisions by the Commissioner and the Tribunal which recognised the need for a safe space, the fact that there was a risk in individual cases that policy information may be disclosed could be sufficient to create ‘unwelcome behavioural changes’ on the part of policy-makers (para. 166).

 

• However, the power to issue a ministerial veto created under s. 53 FOIA was an important backstop which could be used to protect highly sensitive policy information. Thus, ‘the veto is an appropriate mechanism, where necessary, to protect policy development at the highest levels’ (para. 179). Moreover, ‘if the most senior officials in Government are concerned about the effect of the Act on the ability to provide frank advice they should state explicitly that the Act already provides a safe space, and that the Government is prepared to use the ministerial veto to protect that space if necessary’ (para. 198).

 

• It would not be appropriate to amend FOIA so as to include an absolute class-based exemption in respect of high level policy discussions. This is particularly because the creation of such an exemption would cut across the principle of open government in a way that could not be justified, not least in view of the lack of any reliable evidence as to chilling effect (para. 200).

 

• However, everyone involved in using or determining the ‘safe space’ should be reminded that ‘the Act was intended to protect high-level policy discussions’. Moreover, ‘the realities of Government mean that the ministerial veto will have to be used from time to time to protect that space’ (para. 201).

 

With respect to the latter point, the Committee highlighted a potential difficulty with the current published policy on the use of the veto. That policy suggests that the veto would only be used in ‘exceptional’ circumstances. However, the Committee’s view was that: ‘if the veto is to be used to maintain protection for cabinet discussions or other high-level policy discussions rather than to deal with genuinely exceptional circumstances then it would be better for the Statement of Policy on the use of the ministerial veto to be revised to provide clarity for all concerned’ (para. 179).

It is hard to read the report as containing anything other than an open invitation to the Government to deploy its powers of veto more regularly than has hitherto been the case, particularly in respect of information relating to high level policy discussions. However, if the Government does move in this direction it will potentially engender a number of new problems. First, regular deployment of the veto will doubtless raise questions about whether the Government is effectively using its powers of veto to create an absolute exemption ‘by the back-door’. Second, unless the veto is used at an early stage of the process, it will create a situation in which significant time and costs will have been wasted on appeals to the tribunal; an unattractive scenario in the current age of austerity. Third, regular use of the veto potentially risks fomenting distrust on the part of the public that the Government is using the veto not so as to protect the integrity of government decision-making but rather so as to insulate the Government against justified criticisms of its policies. Of course, regular use of the veto may itself set further litigation hares running as it will no doubt encourage those in favour of open government to challenge use of the veto by means of judicial review. It follows that the litigation focus relating to FOIA requests concerning high level policy discussions may ultimately shift away from tribunal litigation towards litigation conducted in the administrative court.

Further panopticon posts on other aspects of the report will be published over the coming days.

Anya Proops