If you take the view that a reader’s comments about you posted on a news website infringe your privacy or data protection rights, should you be able to sue the website (as opposed to the author of the comments)? This question is enormously important. It reflects our evolving legal, social and ethical approach to resolving tensions between freedom of expression and privacy. It goes to the heart of both online journalism and internet business models. A new judgment given today makes an important contribution to this debate – and will be seen as heartening for advocates of free expression in an online world. Continue reading
Author: Robin Hopkins
Employer was entitled to access employee’s private Yahoo! messages (and to sack him)
Employers very often wish to monitor how their employees are using work computing facilities during office hours. They may suspect wrongdoing, such as improper use of confidential client or business information, or accessing material which is prohibited by the employer’s policies. They may be concerned about employees using work facilities – and work time – for personal communications. Can the employer investigate by accessing the employee’s communications without their knowledge? Continue reading
‘Plebgate’ and the protection of journalistic sources
It has been a mixed day for the media’s entanglements with the judiciary. Chris Knight posted earlier today about the unhappy outcome for Mirror Group Newspapers before the Court of Appeal in the Gulati privacy damages litigation arising from phone-hacking.
News Group Newspapers, however – together with Sun journalist claims Tom Newton Dunn, Anthony France and Craig Woodehouse – had a happier outcome in another case about telephone privacy, though this time with the media as victim rather than perpetrator of the interference.
Judgment IPT/14/176/H saw the claimants succeed in part in their claim against the Metropolitan Police in the Investigatory Powers Tribunal (‘IPT’). Continue reading
The new General Data Protection Regulation: nearly there
As has been foretold (see for example this prophecy from Christopher Knight), there is soon to be a new birth of exceeding great import, ushering in a new world order.
And lo: the General Data Protection Regulation is approaching the end of its long incubation. The text appears to have been agreed in the last few hours: see this press release from the European Commission. It will go to a committee vote on Thursday of this week and will then be put before the European Parliament. Happy Christmas everyone!
2016 will be a momentous one in data protection ones. Panopticon will try to round up some wise women or men to dissect the new GDPR for readers in due course.
Robin Hopkins @hopkinsrobin
Multi-billion dollar actions for inaccurate personal data?
Data protection has developed a curious habit of churning up heroic (or anti-heroic, depending on how you view it) figures who take on global behemoths to surprising effect. Maybe I am being too dramatic, but think of Mario Costeja González, the complainant at the heart of the Google Spain ‘right to be forgotten’ case, and Max Schrems, whose litigation has thrown Safe Harbor and transatlantic data transfers into turmoil.
If we maintain a transatlantic gaze, another such figure comes into view. On Monday of this week, the Supreme Court of the United States heard argument in the case of Spokeo Inc v Thomas Robins. Mr Robins – the potential David in this important new David v Goliath episode – is at the forefront of litigation against the ‘people search engine’ Spokeo (see Anya’s earlier post here).
The profile Spokeo compiled about him said he was a graduate, a professional in his 50s and a married man with children. Hardly defamatory stuff, except that none of it was correct. He did not establish that these errors caused him any financial loss, but he seeks damages for the publication of factually incorrect information about his life.
So what, you say? Well, consider the Amicus Briefs put before SCOTUS by Ebay, Facebook, Google and Yahoo. They all say that this is a very big deal. They point out that, as major global tech innovators, they are exposed to numerous federal and state laws which contain statutory damages provisions for private causes of actions. If standing is granted for “no injury” lawsuits “plaintiffs may pursue suits against amici even where they are not actually harmed by an alleged statutory violation, and in certain circumstances, seek class action damages that could run into the billions of dollars”.
The issues in Robins (should you be compensated for mere breaches or for ‘digital injuries’?) resonate with live issues before the courts in the UK: can you be compensated under the Data Protection Act 1998 for mere distress (see Vidal-Hall v Google, en route to the Supreme Court)? How should one compensate for privacy violations (see Gulati, on which the Court of Appeal’s judgment is awaited)?
Regardless of whether Mr Robins emerges as a Goliath-slayer, his case adds to the law’s increasingly intense scrutiny of global tech companies whose stock in trade is personal data.
Robin Hopkins @hopkinsrobin
FOI and Article 10: life after Kennedy (and Kenedi)
The right to freedom of expression under Article 10(1) of the European Convention on Human Rights includes “freedom… to receive and impart information and ideas without interference by public authority”. Does that mean that there is a human right to freedom of information?
The question has haunted the courtrooms of the UK and other EU member states in recent years. In England and Wales, the last domestic word has been Kennedy v Charity Commission [2014] UKSC 20. The answer in Kennedy was ‘no’: Article 10 ECHR does not impose a positive, free-standing duty on public authorities to disclose information upon request.
That is not, however, the final word. Kennedy is to be heard by the European Court of Human Rights in Strasbourg – but the case has been stayed. This is because the Grand Chamber accepted another case raising essentially the same question.
The case is Magyar Helsinki Bizottság v Hungary (18030/11). The applicant, a human rights NGO, asked police forces to disclose information about ‘public defenders’, i.e. defence counsel appointed in criminal proceedings. The police forces refused, and the Hungarian court refused to order disclosure. The applicant complains that the refusal interferes with its rights under Article 10.
The case Bizottság was heard by the Grand Chamber today.
The UK government was an intervener. It urged the Court to conclude that Article 10 ECHR does not create a right to receive information from a public authority, in accordance with a line of authority (Leander v Sweden (1987) 9 EHRR 433, Gaskin v United Kingdom (1990) 12 EHRR 36, Guerra v Italy (1998) 26 EHRR 357 and Roche v United Kingdom (2006) 42 EHRR 30).
The Hungarian government’s position was to the same effect. It contended that concessions made in cases supporting the link between Article 10 and freedom of information (such as Társaság a Szabadsagjogokert v Hungary (2011) 53 EHRR 3 and Kenedi v Hungary 27 BHRC 335) were fact-specific.
Statutory rights to freedom of information in England and Wales are currently under threat of curtailment. Kennedy introduced (or confirmed) that, at least in certain circumstances, freedom of information also has a common law foundation. The Grand Chamber’s judgment in Bizottság will reveal whether, in addition to its statutory and common law pillars, freedom of information has a human rights basis as well.
Jason Coppel QC, Karen Steyn QC and Christopher Knight of 11KBW represented intervening parties in Bizottság.
Robin Hopkins @hopkinsrobin