There is just about still time in 2016 for the Upper Tribunal to weigh in on a couple of FOIA appeals concerning the UK’s military activity in Kosovo and Serbia in 1999. These give rise to a number of issues, exemptions and passing judicial comment which warrant notice and, in some cases, a degree of head-scratching. Continue reading →

It is coming up to the end of the year, and what better gift could Panopticon provide for its litigious readers than a reminder of the principles applicable to the appellate tribunals and courts? I know, almost impossible to imagine anything more fun isn’t it? Think of this as the equivalent to that new set of socks you got given: boring but practically important when you wake up half cut one morning with the cat having stolen half your footwear. You never know when you might need a helpful collation of principles to ward off the Upper Tribunal from that hard won wool you pulled over the eyes of the First-tier Tribunal. Continue reading →

Data subjects will very often wish to challenge the compliance of public authorities with the Data Protection Act 1998. How should they do it? If it were a private body which was the data controller, the only route would be way of Part 7 or Part 8 claim under the DPA – a claim under section 7(9) if it concerns a subject access request. But could the same complaint against a public authority data controller be brought by way of judicial review under Part 54? Continue reading →

The Campaign for Freedom of Information have very helpfully drawn attention to an unexpected Government announcement which arises out of the Independent Commission for FOI report (a summary here). Readers will recall that the Government had proposed introducing fees for FOI appeals, but that ended up getting parked because of the Commission review. The Ministry of Justice has now, in a Response to the Justice Committee’s Second Report, seen fit to brandish a more threatening sabre:

Continue reading →

The medical profession is only too used to the occasional outbreak of SARS. It is perhaps a little less used to an influx of SARs, as made under section 7 of the Data Protection Act 1998. In the case of the General Medical Council, requests for personal data will involve very sensitive data and just as sensitive issues of balance and extraction of the data of different parties. So it was in Dr DB v General Medical Council [2016] EWHC 2331 (QB).

Continue reading →

Some of you will be aware that Companies House is proposing to reduce the amount of time its records are retained from twenty years to six, citing various drivers including data protection concerns. This has caused a certain amount of consternation and pooh-pooing in the press, for understandable journalistic reasons. But on 8 September 2016, AG Bot handed down an Opinion in Case C-398/15, Camera di Commercio, Industria, Artigianato e Agricoltura di Lecce v Mnni in which he appears to have given a certain grist to the Companies House mill by concluding that the data protection principle of retention of personal data for no longer than necessary must take precedence over and, therefore, preclude the system of disclosure through the registers provided for by Directive 68/151. That regime, under Italian law, appears to have allowed for unrestricted permanent access to the register. The AG appears to have endorsed a principle that disclosure should be managed on a case-by-case basis by the data controller; a view which if applied in the UK would pose colossal resource implications for an already stretched Companies House. Unfortunately, AG Bot’s Opinion is not currently available in English, so the nuances escape this parochial reader, but the eventual ruling of the CJEU will certainly be worth watching out for.

Christopher Knight