LPP

Legal professional privilege (“LPP”) as an exemption from disclosure under Section 42 of the Freedom of Information Act 2000 (“FoIA”) and Regulation 12 of the Environmental Information Regulations 2004 arose again in West v Information Commissioner, EA/2010/0120.  Bexley Council had transferred a major part of its Council housing stock to a Housing Association.  Mr West is a member of a leaseholders’ group that objected to having to pay service charges for the cost of the maintenance of roads and footpaths within the housing estates.  They said that remained the responsibility of the Council.  They sought to challenge the lawfulness of the stock transfer agreement.  The Council took advice from Counsel.  Mr West sought a copy of Counsel’s Opinion.  The Council refused to provide it, relying on LPP.  The Information Commissioner upheld the Council’s refusal.  The Tribunal dismissed Mr West’s appeal.  Not only might “legal advice privilege” apply.  So too might “litigation privilege”.  Mr West had threatened to bring a case before the Leasehold Valuation Tribunal and/or judicial review proceedings.  The real issue was the Public Interest Test.  The Tribunal duly identified the public interest factors in maintaining the exception, referring to DBERR v O’Brien [2009] EWHC 164, and the public interest factors in disclosure.  Weighing up and balancing the competing public interests, and bearing in mind the presumption in favour of disclosure, the Tribunal (Judge Shanks presiding) agreed with the Commissioner that the public interest in maintaining the LLP exception outweighed the public interest in disclosure.

James Goudie QC

Digital Agenda: EU Commission refers UK to ECJ over privacy and personal data protection

October 4th 2010 by James Goudie QC

The European Commission has decided (IP/10/1215) to refer the United Kingdom to the ECJ for not fully implementing EU rules on the confidentiality of electronic communications such as e-mail or internet browsing. Specifically, the Commission considers that UK law does not comply with EU rules on consent to interception and on enforcement by supervisory authorities. The EU rules in question are laid down in the ePrivacy Directive 2002/58/EC and the Data Protection Directive 95/46/EC. The infringement procedure was opened in April 2009 (IP/09/570), following complaints from UK internet users notably with regard to targeted advertising based on analysis of users’ internet traffic. These complaints were handled by the Information Commissioner’s Office, the UK personal data protection authority, and the police forces responsible for investigating cases of unlawful interception of communications. The Commission previously requested the UK authorities in October 2009 (IP/09/1626) to amend their rules to comply with EU law.

The Commission considers that existing UK law governing the confidentiality of electronic communications is in breach of the UK’s obligations both under the ePrivacy Directive and under the Data Protection Directive in three specific areas:

  •  there is no independent national authority to supervise the interception of some communications, although the establishment of such authority is required under the ePrivacy and Data Protection Directives, in particular to hear complaints regarding interception of communications
  • current UK law authorises interception of communications not only where the persons concerned have consented to interception but also when the person intercepting the communications has ‘reasonable grounds for believing’ that consent to do so has been given. These UK provisions do not comply with EU rules defining consent as “freely given, specific and informed indication of a person’s wishes”
  • current UK law prohibiting and providing sanctions in case of unlawful interception are limited to ‘intentional’ interception only, whereas EU law requires Member States to prohibit and to ensure sanctions against any unlawful interception regardless of whether committed intentionally or not.

The scope of the Freedom of Information (Scotland) Act

The scope of the Freedom of Information (Scotland) Act is the focus of a Scottish Government consultation that began on 28 July 2010. The consultation seeks views on whether the existing legislation should be widened to cover a greater range of bodies who deliver public services in Scotland. Organisations under consideration are contractors who build and/or maintain schools, hospitals and roads; private prison operators; leisure, sport and cultural trusts set up by local authorities; Glasgow Housing Association and the Association of Chief Police Officers in Scotland. The consultation process will run for 14 weeks, until 2 November 2010. The organisations to be consulted are: trusts and bodies established by local authorities with responsibility for providing leisure, sport and cultural services, which deliver services of a major benefit, and receive significant public money; private; prison operators, which provide services normally provided centrally by Government; Glasgow Housing Association; the Association of the Chief Police Officers in Scotland, which oversees and coordinates the direction and development of the Scottish police services, and which receives significant public funding; and private contractors who build and/or maintain schools and hospitals, and those who operate and maintain trunk roads across Scotland, which are key areas of public service which are often delivered under private contract.

James Goudie QC

TOWARDS A TRUE SINGLE MARKET OF DATA PROTECTION

Viviane Reding Vice-President of the European Commission responsible for Justice, Fundamental Rights and Citizenship, made a speech entitled “Towards a true Single Market of data protection” at a Meeting in Brussels, on July 14, 2010.  In her speech she said that we need a comprehensive and coherent approach so that the fundamental right to data protection is fully respected within the EU and beyond. She put forward five proposals.

 First, individuals’ rights should be strengthened by ensuring that they enjoy a high level of protection and maintain control over their data. Individuals need to be well and clearly informed, in a transparent way, by data controllers – be it services providers, search engines or others – about how and by whom their data are collected and processed. They need to know what their rights are if they want to access, rectify or delete their data. And they should be able to actually exercise these rights without excessive constraints.

Secondly, the internal market requires not only that personal data can flow freely from one Member State to another, but also that the fundamental rights of individuals are safeguarded. Provided that all data protection guarantees are in place and properly applied, personal data should freely circulate within the EU and, where necessary and appropriate, be transferred to third countries. This requires a level playing field for all economic operators in different Member States. This is currently not the case: indeed, one of the main concerns expressed by businesses in recent consultations is the lack of harmonisation and the divergences of national measures and practices implementing the 1995 Directive.  Further harmonisation and approximation of data protection rules at EU level is needed.

Thirdly, the current rules on data protection in the area of police cooperation and judicial cooperation in criminal matters should be revised.  Derogations to general data protection principles should be limited. They should not go beyond what is necessary and proportionate in order to pursue objectives of general interest, such as the fight against terrorism and organised crime, or the need to protect the rights and freedoms of others.

Fourthly, personal data must be adequately protected when transferred and processed outside the EU. To that end, the current procedures for international data transfers, including in the areas of police cooperation and judicial cooperation in criminal matters, will be improved, strengthened and streamlined.

Fifthly, EU monitoring of the implementation and enforcement by Member States of the existing rules to guarantee that individuals’ rights are actually respected will be a priority; the role of data protection authorities should be strengthened; and data protection authorities should be provided with the necessary powers and resources to be able to properly exercise their tasks both at national level and when cooperating with each other.

James Goudie QC

STRENGTHENED POWERS FOR THE COMMISSIONER?

 

The European Commission has requested the UK to strengthen the powers of its data protection authority so that it complies with the EU’s Data Protection Directive. The Commission request takes the form of a reasoned opinion – the second stage under EU infringement procedures. The UK has two months to inform the Commission of measures taken to ensure full compliance with the Directive.

 

In the Commission’s view data rules in the UK are curtailed in several ways that leave the standard of protection lower than required.  The Commission is concerned about limitations upon the Information Commissioner’s powers, in particular that he cannot monitor whether third countries’ data protection is adequate, assessments which should come before international transfers of personal information, and he can neither perform random checks on people using or processing personal data, nor enforce penalties following the checks. Also the Commission is concerned that Courts in the UK can refuse the right to have personal data rectified or erased, and that the right to compensation for moral damage when personal information is used inappropriately is also restricted.

James Goudie QC

Moray Council

The Scotsman reports that Moray Council has become the first in Scotland to put every FoI request it receives, and the responses, on its website. Private details of the requester are witheld. The requests are placed into groups, such as individuals, media, government researchers, etc. This will enable the public to see where requests are coming from, what sort of information is being asked for, what level of detail can be provided, and the level of investigation required by council staff to produce the information.” Headline perhaps : ” Tartan Transparency