Information Commissioner responds to Leveson

Posted on | by Holly Stout

The Information Commissioner’s Office (“ICO”) has published its response to the recommendations that Lord Justice Leveson made to the ICO and the Ministry of Justice (“MoJ”) in his Inquiry Report on the Culture, Practices and Ethics of the Press.  See here for the full response.

The ICO begins its response by reminding us of the leading role that the ICO played in revealing the press involvement in the unlawful trade in personal data in 2003 (Operation Motorman) which ultimately led to the Leveson Inquiry.

The ICO also emphasises that the Leveson Inquiry focused on events that took place between 2003 and 2007 and so Leveson’s Report does not take into account the significant strides that the ICO has made in recent years, in particular in its Regulatory Action Division and Enforcement Department and through its power to impose civil monetary penalties.

Nonetheless, the ICO is broadly welcoming of the vast majority of Leveson’s recommendations.  See Rachel Kamm’s post of 29 November 2012 for details of those recommendations.

In response to Leveson, the ICO will be:

  • Revising its Data Protection Regulatory Action Policy so that it specifically addresses how the ICO will use its regulatory powers to ensure that the press complies with the legal requirements of the data protection regime (by March 2013);
  • Developing a new Code of Practice on appropriate principles and standards to be observed by the press in the processing of personal data (hopefully within 6 months) – watch out for consultation on this;
  • Developing guidance to the public on their individual rights in relation to the obtaining and use by the press of their personal data, and how to exercise those rights (by May 2013) – watch out for a new dedicated media data rights advice on the ICO’s website;
  • Providing regular reports to Parliament (through its statutory Annual Report) on the effectiveness of the new measures and on the culture, practices and ethics of the press in relation to the processing of personal data;
  • Continuing to work with other prosecuting authorities in relation to alleged media crime (the ICO has already adopted the CPS Guidelines for Prosecutors);
  • Allocating specific responsibility for managing relations with the press and key stakeholders to the Government and Society team in its Strategic Liaison Dept and looking to establishing a media reference panel along similar lines to its existing Technology Reference Panel to ensure that a ready source of expertise is available to the ICO on key media issues;
  • Establishing an Intelligence Hub to make sure that the ICO identifies existing and emerging large-scale issues more quickly, as well as refining its process for handling high profile cases with significant policy or political implications;
  • Ensuring that its Management Board comprises people with suitable expertise from a range of backgrounds, including the media.

As to Leveson’s suggestions for amendments to the Data Protection Act 1998 (“DPA”) (see Rachel Kamm’s previous post), the ICO says that he can “see the merit in certain changes but not all of them” and emphasises that it is a matter for Parliament to determine whether the ICO should have a wider role in press regulation – the ICO is not actively seeking such a role.  Thus, while apparently

  • broadly in favour of ‘tightening up’ the current exemption from the provisions of the DPA for data processed for journalistic purposes,
  • strongly in favour of allowing individuals to claim damages for any breach of the DPA, even if it does not result in pecuniary loss, and
  • strongly in favour of bringing in ss 77 and 78 of the Criminal Justice and Immigration Act 2008 (increased sentences for criminal breaches of the DPA and enhanced defence for public interest journalism),

the ICO nevertheless sounds some notes of caution:

  • The ICO observes that Leveson’s proposed amendments to s 32 of the DPA would move the ICO much closer to being a general regulator of the press.  Section 32 currently provides an exemption from most of the requirements of the DPA for data processing undertaken ‘with a view to the publication’ of journalistic material, provided that the data controller reasonably believes would be in the public interest, ‘having regard … to the special importance of the public interest in freedom of expression’ and the data controller reasonably believes that compliance with the relevant part of the DPA would be ‘incompatible’ with the journalistic purpose.  Leveson proposes amending the exemption so that the processing must be ‘necessary’ for publication, so that no special weight is given to freedom of expression and so that the decision on whether the exemption applies is to be taken objectively rather than on the basis of the data controller’s reasonable belief.  The latter proposed change is most significant in terms of the role of the ICO.

 

  • The ICO points out that the new draft European Data Protection Regulation will require a number of changes to UK data protection law and therefore suggests that the Government may wish to consider how far it is sensible and practicable to introduce legislative changes ahead of the adoption of the new European Regulation.

 

  • The ICO says that Leveson’s recommendation that the press should never be exempt from the subject access rights in the DPA raises legitimate concerns about the ‘chilling effect’ that this might have on investigative journalism and says this area will need very careful consideration.

 

  • The ICO questions whether it is necessary to include specific provisions in the DPA requiring the IC to have special regard to the legal obligation to balance the public interest in freedom of expression alongside the public interest in upholding the data protection regime, pointing out that he is already subject to that duty by virtue of s 6 of the Human Rights Act 1998.

 

  • Similarly, the ICO suggests that there is no need to enshrine in statute a duty to consult with the CPS and other enforcement agencies, but that is already something done as a matter of course.  The ICO became a signatory to the Prosecutor’s Convention in July 2012 (an agreement between all the main government related prosecuting bodies to collaborate on cases that overlap jurisdictional areas).

 

  • The ICO points out that Leveson’s proposal to widen the ICO’s powers of prosecution to include any crimes that are likely to involve breaches of data protection principles, e.g. phone hacking, computer hacking, etc would substantially increase the ICO’s role as an investigatory and prosecuting authority which would bring with it significant resource implications.

 

  • While agreeing that the opportunity should be taken to consider the structure of the ICO and whether it would be better to have an Information Commission (i.e. a Board of Commissioners leading the organisation) rather than a single Information Commissioner, the ICO indicates that such a change would risk losing certain virtues of the current arrangements, which include the ability for the organisation to take decisions quickly where necessary and the higher degree of accountability that comes from having a single figurehead.

 Holly Stout

 

EIR Exemptions and Aggregation : a round trip

Posted on | by Charles Bourne

The First-Tier Tribunal (Information Rights) has ruled on the appeal by the Office of Communications (Ofcom) which was remitted following the Supreme Court’s judgment in Ofcom v IC [2010] UKSC 3, [2011] 1 Info LR 1288 (which itself followed the decision of the Court of Justice of the European Union in Ofcom v IC [2011] 2 Info LR 1). By its new decision of 12 December 2012 the Tribunal declined to depart from its previous decision which was made back on 4 September 2007.

This lengthy circular journey began with a request in January 2005 by a representative of Health Protection Scotland for a list of mobile phone base stations held on the “Sitefinder” website  and for information that was not publically accessible through Sitefinder such as grid references for each base station. The information was requested under the Environmental Information Regulations 2004 (EIR).

 Ofcom refused and relied on the exemption under regulation 12(5)(a), contending that the public interest favoured withholding the information since public safety would be adversely affected by the precise disclosure of the base sites. In particular, this would reveal the locations of the relevant database and thereby assist possible criminal activity. Ofcom also relied on regulation 12(5)(c), contending that the public interest favoured withholding the information because the intellectual property rights of the mobile network operators (MNOs) would thereby be adversely affected giving competitors an undue advantage.

 On 11 September 2006 the Information Commissioner (ICO) ordered disclosure, ruling that public safety would not be put at risk and also that regulation 12(5)(c) was not engaged. Ofcom appealed.

 In its 2007 decision the Tribunal upheld the ICO’s decision, taking the view that the purpose of Sitefinder was to permit important health research and that this comfortably outweighed any risk to the public from disclosing the information sought and any adverse effect to the public interest arising from prejudice to MNOs’ intellectual property rights. In particular it took the view that the exception would be made unworkable if it had regard to disadvantages the public might suffer if the MNOs, piqued by disclosure, decided permanently to withdraw their co-operation with Sitefinder.

 Ofcom appealed unsuccessfully to the Administrative Court on a number of issues but, on a further appeal to the Court of Appeal, succeeded on one i.e. whether the public interest in maintaining the two relevant exemptions could be aggregated – as opposed to the public interest balance being struck on each exemption separately.

 The ICO, undeterred, appealed this question to the Supreme Court. The Justices, unable to agree on the answer, referred it to the European Court which ruled that a public authority in these circumstances “may, when weighing the public interests served by disclosure against the interests served by refusal to disclose, in order to assess a request for that information to be made available to a natural or legal person, take into account cumulatively a number of the grounds for refusal set out in that provision.” The word “may” would prove to be rather important.

 The Supreme Court remitted the case so that the Tribunal could reconsider the public interest balance. And there this eventful journey ended with a second decision which largely echoed the first.

 The Tribunal (chaired by Tribunal Judge Marks QC) endorsed the ICO’s approach that aggregation is a right, not  a duty, so a decision maker will consider whether to aggregate but is not bound to do so. Aggregation may not always be appropriate, e.g. where the exemptions relied upon are so different that the exercise would not be feasible. The aggregation exercise is “impressionistic” rather than “mathematical”.

 What undid Ofcom was that the weight given to the exemptions was very limited. In respect of public safety, despite references to possibilities of crimes ranging from metal theft to terrorist attack, it was held that such risks already existed as a result of information already available so that disclosure of further information would not make much difference. As to intellectual property rights, the interests in question were held to be more private than public. And in each case, either they were already at risk or “the enhanced risk is so small as to be given no significance”. Once again the Tribunal ruled that it would not be appropriate to ascribe weight to any ongoing non-participation by MNOs.

 Aggregation did not alter these conclusions. The two exemptions were characterised as “apples and pears”, with no real link and thus no “sensible way of extracting or recognising, let alone applying, any common content as to public interest or interests”. But even when aggregated, the overall weight to be given to them was adjudged to be minimal. Where such minimal harm was difficult to identify and characterise in view of the large amount of information already in the public domain, an “impressionistic” approach would not lead to a different result.

 This case, believed to contain the first full consideration of aggregation, therefore does not give the impression that aggregation will be an especially powerful tool. The emphasis was on the ruling that a decision maker or tribunal may, but not must, aggregate.

 However, it remains to be seen whether future cases may bring further analysis of the “apples and pears” approach. Whilst different exemptions may protect quite different aspects of the public interest, it does not necessarily follow that the value of protecting the public in two different ways is not cumulatively greater than the value of protecting them in only one. If aggregation for some reason is “not feasible”, that is the end of the matter, but debate can be expected to continue on how often it will actually not be feasible to conduct a suitably “impressionistic” comparison of the totality of interests for and against disclosure.

Charles Bourne

Supreme Court: Articles 3, 6 and 8 ECHR in child protection PII case

Posted on | by Robin Hopkins

There have been a number of important privacy judgments in recent weeks, particularly concerning Article 8 ECHR in cases with child protection elements. I have blogged on two Court of Appeal judgments. In the matter of X and Y (Children) [2012] EWCA Civ 1500 (19 November 2012) (Pill, Touslon and Monby LJJ; appeal against a decision of Peter Jackson J in the Family Division) concerned the tension between Articles 8 and 10. A second, more recent Court of Appeal judgment in Durham County Council v Dunn [2012] EWCA Civ 1654 (13 December 2012) (Maurice Kay, Munby and Tomlinson LJJ; appeal against a decision of HHJ Armitage QC) focused on balancing competing rights under Articles 8 (private and family life) and 6 (fair trial).

The Supreme Court has this week handed down an important judgment of the latter variety (Articles 8 and 6, as well as an Article 3 claim) in Re A (A Child) [2012] UKSC 60 (12 December 2012) (Lady Hale, with whom Lords Neuberger, Clarke, Wilson and Reed agreed;  appeal against a decision of McFarlane, Thorpe and Hallett LJJ).

Lady Hale began by summarising the case thus:

“We are asked in this case to reconcile the irreconcilable. On the one hand, there is the interest of a vulnerable young woman (X) who made an allegation in confidence to the authorities that while she was a child she had been seriously sexually abused by the father of a little girl (A) who is now aged 10. On the other hand we have the interests of that little girl, her mother (M) and her father (F), in having that allegation properly investigated and tested. These interests are not only private to the people involved. There are also public interests, on the one hand, in maintaining the confidentiality of this kind of communication, and, on the other, in the fair and open conduct of legal disputes. On both sides there is a public interest in protecting both children and vulnerable young adults from the risk of harm.”

In essence, X made the allegations of past sexual abuse by F to the local authority, but did not wish to take action against F. She asserted her rightsto privacy and confidentiality under Article 8  and argued that disclosure of her identity and the details of her allegations would amount to inhuman or degrading treatment contrary to Article 3.

The local authority asserted public interest immunity from disclosure. Lady Hale held that, analysed in terms of common law principles, disclosure should be ordrerd despite the important public interest in preserving the confidence of people who come forward with allegations of child abuse. At paragraph 30, she said this:

“Those allegations have to be properly investigated and tested so that A can either be protected from any risk of harm which her father may present to her or can resume her normal relationship with him. That simply cannot be done without disclosing to the parents and to the Children’s Guardian the identity of X and the detail and history of the allegations which she has made.”

The same conclusion was reached by analysing the matter in Convention terms. X’s case was primarily based on Article 3. Lady Hale agreed with the Court of Appeal that disclosure would not violate those rights: “The context here is not only that the state is acting in support of some important public interests; it is also that X is currently under the specialist care of a consultant physician and a consultant psychiatrist, who will no doubt do their utmost to mitigate any further suffering which disclosure may cause her” (paragraph 32).

Leaving aside Article 3, Lady Hale concluded that the rights of C, M and F under Articles 8 and 6 outweighed the Article 8 rights of X in the circumstances. A closed procedure seeking to minimise the impact on X’s privacy was not possible here. Furthermore, disclosure would not automatically expose X to the trauma of cross-examination: medical evidence and other means of giving evidence could, for example, be appropriate.

The case is an illuminating instance of extremely strong privacy rights being trumped by a combination of the family life rights of others, and in particular their right to a fair trial. In particular, it illustrates how, when serious allegations are made against individuals, the notion of privacy can cut both ways.

Robin Hopkins

Universities and requests for lecturers’ private research: when will it be “held” by the University?

Posted on | by Julian Milford

The First-Tier Tribunal’s decision of 13 December 2012 in Montague v (1) Information Commissioner (2) Liverpool John Moores University EA/2012/0109 will be of interest to academic institutions, and any other public bodies whose employees have research interests not necessarily connected with their job. Anya Proops of 11KBW appeared for the University.

The Appellant Mr Montague asked Liverpool John Moores University for copies of emails sent by a senior lecturer at the University from his University email account, linked to his work with the Global Warming Policy Foundation (“GWPF”). The lecturer in question had worked at the University from November 1993 to July 2010 as a social anthropologist. In November 2009, he had become Director of the GWPF. The GWPF is a controversial organisation founded under the aegis of Lord Lawson, which promotes scepticism about man-made climate change.

The question at issue was whether the University “held” the information for the purposes of the Freedom of Information Act 2000 (“FOIA”), even if it was in fact contained in a university email account to which it had access.

Information is “held” by an authority for the purposes of FOIA if it is held by the authority “otherwise than on behalf of another person”, or is held by another person “on behalf of the authority”: see s.3(2) FOIA. That means mere physical possession of information is not enough to establish that information is “held”; it must also, to a sufficient extent, be meaningfully connected to the authority: see for example University of Newcastle v IC and BUAV [2011] UKUT 185 (AAC).

Both the University and the ICO considered that the University did not “hold” the information in this case, and the Tribunal agreed. The crucial point was that there was no connection between the lecturer’s private research for the GWPF, and the work he did within the University. The lecturer pursued the subject of global warming in his own free time, and exclusively in his own private interest. It had no bearing on his role as an academic employed in the University’s School of Sport and Exercise Science. The research was not funded by the University, and the University neither had any interest in the research nor sought to benefit from it. Since the emails were sent in a purely private and personal capacity, the University did not “hold” them.

This outcome is plainly in accordance with FOIA, and was perhaps inevitable on the facts. It should be of comfort to academic institutions whose lecturers pursue private interests. Of course, the situation would have been very different if the research had been connected in any way with the lecturer’s post. The decision can usefully be compared and contrasted with the ICO’s recent decision concerning emails sent by the Secretary of State for Education (Michael Gove) from his private email account. There, the information was in fact “held” by the Department for Education for the purposes of FOIA, even though the Department was not in physical possession of the information, because the ICO considered it concerned the business of the Department, rather than purely party political matters. The thread running through the two contrasting decisions is the same: what matters is not whether the authority actually has possession of the information, but whether the information has a substantial connection to its business.

Julian Milford

CPR disclosure applications: ignore the DPA; balance Articles 6 and 8 instead

Posted on | by Robin Hopkins

It is increasingly common for requests for disclosure in pre-action or other litigation correspondence to include a subject access request under section 7 of the Data Protection Act 1998. Litigants dissatisfied with the response to such requests often make applications for disclosure. Where an application is made in the usual way (i.e. under the CPR, rather than as a claim under section 7 of the DPA), how should it be approached? As a subject access request, with the “legal proceedings” exemption (section 35) arising for consideration, or as an “ordinary” disclosure application under CPR Rule 31? If the latter, what role (if any) do data protection rights play in the analysis of what should be disclosed?

As the Court of Appeal in Durham County Council v Dunn [2012] EWCA Civ 1654 observed in a judgment handed down today, there is much confusion and inconsistency of approach to these questions. Difficulties are exacerbated when the context is particularly sensitive – local authority social work records being a prime example. Anyone grappling with disclosure questions about records of that type will need to pay close attention to the Dunn judgment.

Background to the disclosure application

Mr Dunn alleged that he had suffered assaults and systemic negligence while in local authority care. He named individual perpetrators. He also said he had witnessed similar acts of violence being suffered by at other boys. He brought proceedings against the local authority. His solicitors asked for disclosure of various documents; included in the list of requested disclosure was the information to which Mr Dunn was entitled under section 7 of the DPA. Some documents were withheld from inspection, apparently on data protection grounds.

Mr Dunn made a disclosure application in the usual way, i.e. he did not bring a section 7 DPA claim. The District Judge assessed the application in data protection terms. He ordered disclosure with the redaction of names and addresses of residents of the care facility – but not those of staff members and other agents, who would not suffer the same stigmas or privacy incursions from such disclosure.

Mr Dunn said he could not pursue his claim properly without witnesses and, where appropriate, their contact details. He appealed successfully against the disclosure order. The order for redaction was overturned. The judge’s approach was to consider this under the CPR (this being a civil damages claim) – but to take the DPA into account as a distinct consideration in reaching his disclosure decision.

The relevance of the DPA

The Court of appeal upheld the use of the CPR as the correct regime for the analysis. It also upheld the appeal judge’s ultimate conclusion. It said, however, that he went wrong in treating the DPA as a distinct consideration when considering a disclosure application under the CPR. With such applications, the DPA is a distraction (paragraphs 21 and 23 of the judgment of Maurice Kay LJ). It is potentially “misleading to refer to a duty to protect data as if it were a category of exemption from disclosure or inspection. The true position is that CPR31, read as a whole, enables and requires the court to excuse disclosure or inspection on public interest grounds” (paragraph 21).

This was not to dismiss the usefulness of a subject access request to those contemplating litigation. See paragraph 16:

“I do not doubt that a person in the position of the claimant is entitled – before, during or without regard to legal proceedings – to make an access request pursuant to section 7. I also understand that such a request prior to the commencement of proceedings may be attractive to prospective claimants and their solicitors. It is significantly less expensive than an application to the Court for disclosure before the commencement of proceedings pursuant to CPR31.16. Such an access may result in sufficient disclosure to satisfy the prospective claimant’s immediate needs. However, it has its limitations. For one thing, the duty of the data controller under section 7 is not expressed in terms of disclosure of documents but refers to communication of “information” in “an intelligible form”. Although this may be achieved by disclosure of copies of original documents, possibly redacted pursuant to section 7(5), its seems to me that it may also be achievable without going that far. Secondly, if the data subject is dissatisfied by the response of the data controller, his remedy is by way of proceedings pursuant to section 7 which would be time-consuming and expensive in any event. They would also engage the CPR at that stage: Johnson v Medical Defence Union [2005] 1 WLR 750; [2004] EWCH 2509 (Ch).”

Instead, the CPR disclosure analysis should balance Article 6 and Article 8 rights in the context of the particular litigation.

Maurice Kay LJ summed up the requisite approach as follows:

“What does that approach require? First, obligations in relation to disclosure and inspection arise only when the relevance test is satisfied. Relevance can include “train of inquiry” points which are not merely fishing expeditions. This is a matter of fact, degree and proportionality. Secondly, if the relevance test is satisfied, it is for the party or person in possession of the document or who would be adversely affected by its disclosure or inspection to assert exemption from disclosure or inspection. Thirdly, any ensuing dispute falls to be determined ultimately by a balancing exercise, having regard to the fair trial rights of the party seeking disclosure or inspection and the privacy or confidentiality rights of the other party and any person whose rights may require protection. It will generally involve a consideration of competing ECHR rights. Fourthly, the denial of disclosure or inspection is limited to circumstances where such denial is strictly necessary. Fifthly, in some cases the balance may need to be struck by a limited or restricted order which respects a protected interest by such things as redaction, confidentiality rings, anonymity in the proceedings or other such order. Again, the limitation or restriction must satisfy the test of strict necessity.”

How to approach disclosure of social work records in litigation

This issue was dealt with by Munby LJ. In short, the main question was whether those seeking to withhold or redact social work records in litigation should analyse the issue in terms of public interest immunity (as some textbooks, older authorities and even the White Book appeared to suggest) or in terms of a balancing between competing rights under the ECHR (in particular, Articles 6 and 8).

Munby LJ made clear that the right answer is the latter. Where information contained in social work records is to be withheld in legal proceedings, this should not now be on the basis of a claim to public interest immunity; we are “a world away from 1970 or even 1989” (paragraph 43). This was despite the fact that “the casual reader of the White Book” (paragraph 31.3.33 in particular) could be forgiven for thinking that PII applies to local authority social work records. Here Munby LJ said he “would respectfully suggest that the treatment of this important topic in the White Book is so succinct as to be inadvertently misleading” (paragraph 48).

Importantly, Munby LJ also went on to explain how (and with what stringency) Article 8 rights to privacy and the protection of personal information should be approached when disclosing information pursuant to litigation. At paragraph 50, he gave the following guidance:

“… particularly in the light of the Convention jurisprudence, disclosure is never a simply binary question: yes or no. There may be circumstances, and it might be thought that the present is just such a case, where a proper evaluation and weighing of the various interests will lead to the conclusion that (i) there should be disclosure but (ii) the disclosure needs to be subject to safeguards. For example, safeguards limiting the use that may be made of the documents and, in particular, safeguards designed to ensure that the release into the public domain of intensely personal information about third parties is strictly limited and permitted only if it has first been anonymised. Disclosure of third party personal data is permissible only if there are what the Strasbourg court in Z v Finland (1998) 25 EHRR 373, paragraph 103, referred to as “effective and adequate safeguards against abuse.” An example of an order imposing such safeguards can be found in A Health Authority v X (Discovery: Medical Conduct) [2001] 2 FLR 673, 699 (appeal dismissed A Health Authority v X [2001] EWCA Civ 2014, [2002] 1 FLR 1045).”

Robin Hopkins

Redacting for anonymisation: Article 8 v Article 10 in child protection context

Posted on | by Robin Hopkins

Panopticon has reported recently on the ICO’s new Code of Practice on Anonymisation: see Rachel Kamm’s post here. That Code offers guidance for ensuring data protection-compliant disclosure in difficult cases such as those involving apparently anonymous statistics, and situations where someone with inside knowledge (or a ‘motivated intruder’) could identify someone referred to anonymously in a disclosed document. The Upper Tribunal in Information Commissioner v Magherafelt District Council [2012] UKUT 263 AAC grappled with those issues earlier this year in the context of disclosing a summarised schedule of disciplinary action.

Redaction is often crucial in achieving anonymisation. Getting redaction right can be difficult: too much redaction undermines transparency, too much undermines privacy. The Court of Appeal’s recent judgment In the matter of X and Y (Children) [2012] EWCA Civ 1500 is a case in point. It involved the publication of a summary report from a serious case review by a Welsh local authority’s Safeguarding Children Board. The case involved very strong competing interests in terms of Article 8 and Article 10 ECHR. For obvious reasons (anonymity being the key concern here) little could be said of the underlying facts, but the key points are these.

A parent was convicted in the Crown Court of a serious offence relating to one of the children of the family (X). The trial received extensive coverage in the local media. The parent was named. The parent’s address was given. The fact that there were other siblings was reported, as also their number. All of this coverage was lawful.

The local authority’s Safeguarding Children Board conducted a Serious Case Review in accordance with the provisions of the Children Act 2004 and The Local Safeguarding Children Boards (Wales) Regulations 2006. Those Regulations require the Board to produce an “overview report” and also an anonymised summary of the overview report. The relevant Guidance provides that the Board should also “arrange for an anonymised executive summary to be prepared, to be made publicly available at the principal offices of the Board”.

Here two features of the draft Executive Summary were pivotal.

First, reference was made to the proceedings in the Crown Court in such a way as would enable many readers to recognise immediately which family was being referred to and would enable anyone else so inclined to obtain that information by only a few minutes searching of the internet.

Second, it referred, and in some detail, to the fact, which had not emerged during the proceedings in the Crown Court and which is not in the public domain, that another child in the family (Y), had also been the victim of parental abuse.

The local authority wanted to publish the Executive Summary, seeking to be transparent about its efforts to put right what went wrong and that it has learned lessons from X’s death. It recognised the impact on Y, but argued for a relaxtion of a restricted reporting order to allow it to publish the Executive Summary with some redactions. It was supported by media organisations who were legally represented.

The judge (Peter Jackson J) undertook a balance of interests under Articles 8 and 10. He allowed publication, with redactions which were (in the Court of Appeal’s words) “in substance confined to three matters: the number, the gender and the ages of the children.”

In assessing the adequacy of these redaction, the Court of Appeal considered this point from the judgment of Baroness Hale in ZH (Tanzania) v Secretary of State for the Home Department [2011] UKSC 4, [2011] 2 AC 166, at paragraph 33:

“In making the proportionality assessment under article 8, the best interests of the child must be a primary consideration. This means that they must be considered first. They can, of course, be outweighed by the cumulative effect of other considerations.”

Munby LJ thus concluded (paragraph 47 of this judgment) that “it will be a rare case where the identity of a living child is not anonymised”.

He recognised, on the other hand, that Article 10 factors always retained their importance: “there could be circumstances where the Article 8 claims are so dominant as to preclude publication altogether, though I suspect that such occasions will be very rare.”

On the approach to anonymisation through redaction, Munby LJ had this to say (paragraph 48):

“In some cases the requisite degree of anonymisation may be achieved simply by removing names and substituting initials. In other cases, merely removing a name or even many names will be quite inadequate. Where a person is well known or the circumstances are notorious, the removal of other identifying particulars will be necessary – how many depending of course on the particular circumstances of the case.”

In the present case, the redactions had been inadequate. They did not “address the difficulty presented by the two key features of the draft, namely, the reference to the proceedings in the Crown Court and the reference to the fact that Y had also been the victim of parental abuse” (paragraph 53).

Far more drastic redaction was required in these circumstances: to that extent, privacy trumped transparency, notwithstanding the legislation and the Guidance’s emphasis on disclosure. In cases such as this (involving serious incidents with respect to children), those taking disclosure decisions should err on the side of heavy redaction.

Robin Hopkins