Charity served with monetary penalty notice

Posted on | by Ben Hooper

Today, the Commissioner served – for the first time – a monetary penalty notice on a charity. The charity in question, Norwood Ravenswood Ltd, is a social care charity. One of its social workers had attempted to deliver to the home of prospective adopters certain background reports containing highly confidential sensitive personal data on four young children. Finding the couple out, and unable to fit the package through the letterbox, the social worker left the package in a concealed area at the side of the house. When the prospective adopters returned home, the package had disappeared. It was never recovered.

At the time of the incident, the charity had no specific guidance on sending personal data to prospective adopters. Further, and in breach of the charity’s data protection policy, the social worker in question had not received any data protection training.

The Commissioner found that there had been a “serious contravention” of the seventh data protection principle (i.e. that appropriate technical and organisational measures shall be taken … against accidental loss … of … personal data). Perhaps unsurprisingly, the contravention was also found to be “of a kind likely to cause … substantial distress” (for the purposes of the second limb of the test, in s. 55A(1)(b) of the DPA). In addition, the Commissioner concluded that the charity knew or ought to have known that there was a risk that the contravention would occur, and that such a contravention would be of a kind likely to cause substantial distress, but failed to take reasonable steps to prevent the contravention within the meaning of s. 55A(3) of the DPA.

Although the Commissioner was not aware of any previous similar security breach, and the charity had voluntarily reported the incident to the Commissioner and had fully cooperated thereafter, the Commissioner nevertheless set the penalty at £70,000. Interestingly, the Commissioner does not appear to have taken the data controller’s charitable status to be a factor of any significance in this regard, on the basis that it had “substantial reserves”. Although the penalty is at the lower end of the spectrum of penalties awarded to date this year, it remains a substantial sum.

Overall, today’s decision serves as a useful reminder both of the potential consequences of inadequate data protection procedures and of the fact that even charitable bodies may face heavy penalties if serious contraventions occur.

There is still no monetary penalty case law to offer guidance. But, as regular readers of this blog may recall, the first appeal against a monetary penalty notice (brought by London Community Healthcare NHS Trust) is in the pipeline. It will be heard in December this year (with Tim Pitt-Payne QC and Anya Proops of 11KBW acting for the opposing parties).

One final thought, or, rather, question. The vast majority of the monetary penalty notices concern public authorities. Are public authorities really committing many more “serious contraventions” than private persons, or are they simply more likely to be reporting such contraventions to the Commissioner?

Ben Hooper

Cloud computing – new ICO guidance

Posted on | by Anya Proops KC

Cloud computing is becoming an ever more pervasive feature of the technological world. Whether one is dabbling in social networking or purchasing goods online, the truth is that we all, to a greater or lesser extent, now have our heads in the virtual clouds. However, the use of cloud computing inevitably raises important information law issues, particularly in terms of the impact on privacy rights and also under the Data Protection Act 1998. So far as the DPA is concerned, issues which fall to be considered include:

  • who actually controls the data which is being processed via the cloud (i.e. who is liable under the DPA if things go wrong in data protection terms)

 

  • what steps a data controller may be required to take to safeguard against misuses of personal data within the cloud

 

  • the security implications of processing personal data through cloud computing and, in particular, whether the processing of data via the cloud is compliant with the seventh data protection principle

 

  • the legality of using clouds which operate transnationally and, hence, which may bring into play the application of the eighth data protection principle on cross-border data transfers

Importantly, the Information Commissioner has today issued guidance which is designed to help organisations navigate their way through the potentially complex DPA issues which may arise in the context of cloud computing. You can find the guidance here.

Particular points to note about the guidance include the following:

  • the Commissioner has (unsurprisingly) confirmed that the DPA applies to any processing of personal data which takes place in the cloud

 

  • the guidance suggests that, when it comes to determining who is the ‘data controller’ in respect of data which is processed via the cloud, one should generally look to the purchaser of the particular cloud services (i.e. the cloud service customer). This is because it is typically the cloud customer who will determine the purposes for which and the manner in which the data is being processed (see further the definition of ‘data controller’ in s. 1(1) DPA). However, that is not to say that there will not be cases where the cloud provider itself has sufficient control over the data such that it can properly be designated as a ‘data controller’ under the Act

 

  • if two or more data controllers within a ‘community cloud’ intend to share data they should take time to clarify their roles and decide who is the controller in respect of which data

 

  • a data controller cannot simply assume that, because a cloud provider has a set of standard terms and conditions, those terms and conditions afford sufficient safeguards to guarantee compliance with the DPA. The data controller must itself take steps to ensure that the safeguards deployed by the particular cloud provider are fit for purpose, having regard not least to the sort of data in issue and how it is to be processed. This may well entail the data controller looking for cloud providers which can tailor their services to accommodate the data controller’s specific requirements

 

  • data controllers should ensure that they are only putting data into the cloud which actually needs to be there. Thus, data controllers should effectively ensure that they are sieving their data before putting it on the cloud and should create clear records of the sort of data they intend to move to the cloud

 

  • insofar as the particular cloud service results in the collection of meta-data about the data subject (e.g. information revealing transaction histories), data controllers should be aware that this may also constitute personal data to which the data protection principles apply

 

  • cloud customers should adopt strategies to limit the chances that the use of cloud computing will breach the data protection principles, such strategies should include:

 

  • conducting risk assessments

 

  • ensuring that appropriate written contracts are in place with the cloud provider

 

  • reviewing the quality and depth of the security arrangements offered by the cloud provider

 

  • ensuring that adequate security measures are applied to the data (e.g. via encryption, use of password access etc)

 

  • ensuring that the cloud provider has in place a suitable retention and deletion policy and querying what happens to any data on the cloud in the event that the cloud customer withdraws from the cloud

 

  • ensuring that the cloud provider’s own access to the data is suitably controlled and limited

 

  • taking measures to ensure that the cloud provider is not itself in a position to start adapting the purposes for which the data is being processed without the cloud customer’s authorisation

 

  • exploring with the cloud provider the extent to which the data may be transferred abroad (e.g. because the cloud straddles a variety of different jurisdictions) and, further, the quality of any data protection regime applicable in any foreign jurisdiction to which the data may be transferred

 

  • having policies in place which ensure that data subjects are properly informed about how their data is being processed

 

  •  monitoring data compliance once the cloud services have been obtained

All organisations which use or provide cloud services should, as a matter of urgency, familiarise themselves with this policy or else risk developing a stormy relationship with the Commissioner in future.

Anya Proops

Legal advice on Scottish independence: date set for appeal

Posted on | by Robin Hopkins

In a decision notice of 6 July 2012, the Scottish Information Commissioner, Rosemary Agnew, ordered the Scottish Ministers to confirm or deny whether they had taken legal advice on the status of Scotland within the European Union should Scotland choose to break away from the UK. In essence, the underlying issue is whether or not an independent Scotland would retain EU membership or whether it would need to apply afresh. The Scottish Ministers have appealed against that decision, arguing that they were entitled under the Freedom of Information (Scotland) Act 2002 to refuse to confirm or deny whether they had taken such advice. The appeal is being fast-tracked, and has been listed for 18-19 December. In the meantime, here is Panopticon’s synopsis of the issues in the decision notice.

First, it is important to note how the ‘neither confirm nor deny’ (NCND) provision under s. 18 of FOISA works. Public authorities are entitled to issue a NCND response if the underlying informationm if held, would be exempt from disclosure (due to the balance of interest in maintaining a qualified exemption) and if the public interest in neither confirming or denying whether such information is held outweighs that in confirmation or denial.

The Scottish IC agreed with the Scottish Ministers on the first limb – but not the second.

The first qualified exemption relied on was s. 29(1)(a) FOISA (formulation or development of government policy. The Commissioner took the view “that “formulation” of government policy suggests the early stages of the policy process where options are identified and considered, risks are identified, consultation takes place and recommendations and submissions are presented to the Ministers. “Development” suggests the processes involved in reviewing, improving upon or amending existing policy; it can involve piloting, monitoring, analysing, reviewing or recording the effects of existing policy” (paragraph 15). The Commissioner accepted that this exemption was engaged would be engaged with respect to the underlying legal advice (if any were held). She rejected the requester’s argument that policy (here: achieving independence for Scotland) is one thing, but advice on the legal effects of that policy (here: EU membership) was a different and separate matter.

The second qualified exemption relied on was s. 30(c), which applies “would otherwise prejudice substantially, or be likely to prejudice substantially, the effective conduct of public affairs”. The Commissioner said (paragraph 22): “This is a broad exemption and the Commissioner expects any public authority citing it to show what specific harm would be caused to the conduct of public affairs by release of the information, and how that harm would be expected to follow from release.”

Again, she was satisfied that the exemption would be engaged. See paragraph 26: “The Commissioner accepts the Ministers’ arguments that disclosure of any such advice at this stage could be obstructive to future dialogue and negotiations with other parties and stakeholders concerning a matter of sensitivity, importance and significance.”

The requester argued that, if such legal advice was held, one could scarcely think of information in which there was a stronger public interest in disclosure. In contrast, the Ministers advanced arguments based on the need for a safe space, the risk of a chilling effect on communications, and the risk that disclosure of such information at the time of the request would create substantially misleading impressions. The Commissioner agreed that these factors were significant and that, if such information were held, the public interest would favour the maintenance of the exemptions. She added that “… in September 2011, the independence referendum was still some years away. In her view, the urgency of the need to understand the consequences of any legal advice obtained by the Ministers would be considerably less at that time (or even now) than it would be as the referendum approached” (paragraph 44).

That, however, only got the Ministers part of the way to an NCND position. The Commissioner found that the public interest favoured confirming or denying whether the Ministers had taken legal advice on this issue. At paragraph 52, she concluded that:

“In the Commissioner’s view, the role of FOISA is important not only in enabling transparency in information held by public authorities, but also in enabling transparency in information about process. In this case, whilst the Commissioner has concluded that, if the advice existed and was held by the Ministers, they would have been entitled to issue a refusal notice under section 16(1), the Commissioner considers that it is in the public interest to know the type of information that the Ministers were taking into account in developing policy in relation to such a significant issue as independence.  While it is a matter for Ministers to take the approach they consider appropriate, this would enable interested parties to form their own opinions on the way in which Ministers develop policy and take decisions.”

The appeal will be extremely interesting both for its importance and for its analysis of the mercurial concept of the public interest which lies at the heart of information rights legislation.

Robin Hopkins

Chagos Refugees Group in the First-Tier Tribunal: some key points

Posted on | by Robin Hopkins

The Chagos Archipelago forms part of the British Indian Ocean Territory (“BIOT”). In the late 1960s and early 1970s, the inhabitants of the Chagos Islands were required to leave those islands. At or around that time, a US military base was established on Diego Garcia, the largest of the Chagos Islands. The removal of the “Chagossians” has been a matter of considerable political and media debate, as well as complex legal proceedings. Two legal challenges are ongoing: Chagos Islanders v UK before the European Court of Human Rights, and Bancoult (No 3) before the domestic courts.

In 1999, the then Foreign Secretary commissioned a feasibility study concerning the possible resettlement of some of the islands. A preliminary study was conducted, followed a “phase 2B” study conducted by external consultants. The final report of the phase 2B study was made public. There was some ministerial correspondence about the studies.

In April 2010, representatives of the Chagossians sought information from the Foreign & Commonwealth Office about these studies. In particular, they asked for any draft versions of the phase 2B study (and any accompanying reports), as well as related ministerial correspondence.

The FCO disclosed some information, but withheld one note to a minister (Baroness Amos). As regards the draft reports, it claimed that – if these existed at the time of the request – they were held by the external consultants who authored them. The FCO maintained that the consultants did not hold that information “on behalf of” the FCO for the purposes of the Environmental Information Regulations 2004. The Commissioner upheld the FCO’s position.

The Tribunal (chaired by Andrew Bartlett QC) upheld the Chagossians’ appeal in part. A disclaimer to the following analysis: I appeared for the Information Commissioner. The post below is not a commentary on the case, but (with my Panopticon hat on) I highlight some of the points of general interest to FOIA and EIR practitioners. For a broader commentary on the case, see the excellent post from David Hart QC on One Crown Office Row’s UK Human Rights Blog.

The Tribunal in Chagos Refugees Group in Mauritius and Chagos Social Committee (Seychelles) v IC and FCO (EA/2011/0300) agreed with the FCO that information held by the consultants was not, at the date of the request, held “on behalf of the FCO” for EIR purposes. The Tribunal applied the guidance on the approach to “held” from University of Newcastle v IC and BUAV [2011] UKUT 185 (AAC), [2011] 2 Info LR 54 (see paragraphs 59-67). Generally, whether information is “held” will be a question of fact, but the Tribunal added that “we would also wish to qualify the proposition in McBride v IC and Ministry of Justice (EA/2007/0105) that whether information is held on behalf of a public authority is “simply a question of fact”. In some cases it will be important to determine the exact nature of the legal relationship between a person holding information and the public authority, or to determine the legal structure pursuant to which information was created and held” (paragraph 61).

The Tribunal analysed both the factual and legal relationship between the FCO and the consultants in reaching its conclusion. Its decision should be given careful attention when considering whether information is “held on behalf of” a public authority.

On the adequacy of the FCO’s own searches, the Tribunal said this at paragraph 70:

“… we consider it is relevant to draw attention also to the Tribunal’s remarks in the context of a FOIA request in Muttitt v IC (EA/2011/0036) (31 January 2012) at [68], to the effect that a search should be conducted intelligently and reasonably, and that this does not mean it should be an exhaustive search conducted in unlikely places: those who request information under FOIA will prefer a good search, delivering most relevant information, to a hypothetical exhaustive search delivering none, because of  the cost limit.”

As to the Baroness Amos note, the Chagossians were largely successful in their appeal: disclosure was ordered, bar a few redactions. In its analysis, the Tribunal considered the time at which the public interest was to be assessed. It has become almost trite in FOIA and EIR cases that the answer to this question is “at the time of the request or, at the latest, the date at which the public authority ought to have responded”. This question is, however, not altogether settled. In this case, the Tribunal was content to assess matters up to the date of the conclusion of the FCO’s internal review (see paragraphs 22-29). On a similar point, the UpperTribunal in Evans (see my earlier post on this) by no means considered it beyond doubt that matters should only be assessed at or shortly after the date of the request.

The Tribunal considered that weighty public interests would be served by disclosure of the contents of the Baroness Amos note, despite that being only a small amount of information. At paragraph 112 it said this:

“The amount of information in a potentially disclosable document is without doubt a material matter to take into account. At the same time, it is important not to discount unduly the significance, in the public interest, of the disclosure of small amounts of information. Publicly useful freedom of information requests are generally limited in scope. If too broad, they face the obstacle under FOIA of the costs limit, and under the EIR of the proportionality requirement. If the Tribunal were to take an unduly minimalist view of the value of the publication of relatively small amounts of information on matters of considerable legitimate public interest, this would materially reduce the effectiveness of the legislation. We would regard this as tending to conflict with the general purpose of  the legislation, as seen in the authoritative remarks in Sugar v BBC [2012] UKSC 4 at [76]-[77], which in our view apply with equal force to the EIR, particularly in view of the presumption in favour of disclosure found in EIR regulation 12(2).”

This outweighed the public interest in maintaining the exception for internal communications. Timing was key to the ‘safe space’ argument advanced by the FCO and the Commissioner. The Tribunal endorsed the approach taken in the Department of Health (NHS risk registers) case, whereby policy formulation can “dip in and out” of the need for a safe space. The Tribunal in this case concluded that (paragraph 123):

“We acknowledge the prospect that at some future date – perhaps in 2013, perhaps later – after the final conclusion of the two pending pieces of litigation, the resettlement policy is likely to be the subject of reconsideration. In our view that was at all material times, and remains today, a very weak reason for maintaining the confidentiality of a document written in entirely different circumstances in 2002.”

Robin Hopkins

HRH the Prince of Wales: advocacy of an ordinary man

Posted on | by Robin Hopkins

The Upper Tribunal’s judgment in Evans v IC and Others (Seven Government Departments) [2012] UKUT 313 (AAC) (Mr Justice Walker, Professor John Angel and Suzanne Cosgrave), handed down yesterday, has received extensive media coverage – unsurprisingly so, given the subject matter (Prince Charles’ correspondence with government departments) and the requester (Rob Evans of the Guardian). The judgment is stupendously long (65 pages, plus 3 open annexes). Here are the salient points.

The issues

Mr Evans made requests in April 2005 for correspondence between Prince Charles and seven government departments. Crucially, this was confined to correspondence involving “advocacy” on the part of Prince Charles, i.e. information on (a) “identifying charitable need and setting up and driving forward charities to meet it”, and/or (b) the promotion of Prince Charles’ views on various issues. It was described as “argumentative correspondence”. The interaction with government first revealed in the Prince Charles-approved biography by Jonathan Dimbleby published in November 1994.

Disclosure was refused on the basis of a number of exemptions under FOIA: ss. 37(1) (communications with Her Majesty, with other members of the Royal Family or the Royal Household), 40(2) (presonal data) and 41 (actionable breach of confidence). Insofar as it comprised environmental information, the requested information was refused on the basis of reg. 12(5)(f) EIR (adverse affect on the interests of the person who provided the information).

The relevant date for the Upper Tribunal’s assessment was 40 days after Mr Evans’ requests for interal reviews of these refusals, i.e. 28 February 2006. At that stage, the relevant part of s. 37(1) was a qualified rather than an absolute exemption.

The Upper Tribunal found in Mr Evans’ favour with respect to all of the exemptions: the public interest favoured disclosure (in the case of the qualified and EIR exemptions), disclosure of the relevant personal data would not breach a data protection principle, and any action for breach of confidence would be defeated by a public interest defence.

The crucial issue: advocacy correspondence and the education/apprenticeship convention

The case for withholding the information was to stand or fall with the analysis of the relevant constitutional conventions (practices which are non-legal but fundamental to the UK’s parliamentary democracy) concerning communications between the monarchy and government. The Upper Tribunal analysed these conventions in depth, and addressed the crucial issue of the extent to which they were relevant to the “advocacy” correspondence in dispute.

Two conventions are extremely important. The cardinal convention is that the monarch acts on advice. The tripartite convention is that the monarch is entitled to be consulted, to encourage and to warn her ministers. The Upper Tribunal was satisfied that “there is ample reason to justify the principle that the internal operation of these two conventions is not revealed, at least until after a long time has passed” (paragraph 87). These two conventions, however, apply only to the sovereign – not to the heir.

The pivotal convention relied on in this case was the “education convention”, whereby the heir to the throne is to be instructed in the business of government. The Upper Tribunal preferred this label to the proposed alternative of “apprenticeship convention”: the latter term assumed what it had to prove, namely that Prince Charles was through the disputed correspondence practising the skills required of him when he becomes the sovereign, rather than some other skills. Also, the work of apprentices is overseen by masters; Prince Charles is thus not like an apprentice or, for that matter, a pupil barrister (the Upper Tribunal noted) insofar as he is conducting his advocacy correspondence.

Until relatively recently, the education convention was, in constitutional terms, “little more than a footnote” (paragraph 89). Nonetheless, it was important, and the Upper Tribunal’s judgment did not entitle Mr Evans to information caught by that convention.

The fundamental issue here was that, contrary to the case for the government departments (who advanced the novel case that the education convention encompassed all information of this kind) the advocacy correspondence did not come within the education convention. The Upper Tribunal considered that the alleged constitutionally-important confidentiality of such advocacy correspondence could not be reconciled with the disclosures in the Dimbleby biography.

Ultimately (paragraph 99):

“The plain facts are that what Prince Charles is doing is not prompted by a desire to become more familiar with the business of government, and simply is not addressing what his role would be as king…  they all have as their context Prince Charles’s strong belief that certain action on the part of government is needed.”

See also paragraph 106:

“… there is an overwhelming difficulty in suggesting that there is good reason for regarding advocacy correspondence by Prince Charles as falling within a constitutional convention… it is the constitutional role of the monarch, not the heir to the throne, to encourage or warn government. Accordingly it is fundamental that advocacy by Prince Charles cannot have constitutional status… the communication of encouragement or warning to government has constitutional status only when done by the monarch.”

The key conclusion: Prince Charles’ advocacy correspondence has no special status favouring non-disclosure

The Upper Tribunal was clear that, for Prince Charles as for anyone else seeking to advance charitable causes or promote views through correspondencw with government, such advocacy correspondence would generally be disclosable. See paragraph 7:

“Confidential interaction between government ministers and others, in a context where those others are seeking to advance the work of charities or to promote views, would generally be disclosable – especially where those others have privileged access to ministers. Our conclusion is that special factors concerning Prince Charles will not – under the legislation governing the requests in this case – generally result in a different consequence.”

In other words, Prince Charles’ advocacy correspondence is to be treated in the same way as anyone else’s. See paragraph 210:

 “We are not persuaded that they warrant giving correspondence between ministers and Prince Charles greater protection from disclosure than would be afforded to correspondence with others who have dealings with government in a context where those others are seeking to advance the work of charities or to promote views.”

The result was that the public interest/fairness factors favouring non-disclosure were not especially weighty, at least in that they did not have any constitutional significance. This judgment is also the first binding confirmation that, as with the EIR, the public interests protected by each separate FOIA exemption are to be aggregated, and the cumulative public interest in non-disclosure is to be weighed against that in disclosure (see paragraph 207).

The public interest in disclosure

So, when analysing the public interest/fairness case for withholding the information, Prince Charles was to be treated like an ordinary person. Prince Charles is, however, not like an ordinary person, given his position and influence. The Upper Tribunal found there to be great public interest in how he sought to wield that influence through his advocacy correspondence. It also made a number of important observations on ‘general’ (i.e. non-case-specific) factors favouring disclosure, and commented on the relevance of media interest. The most notable public interest points are below.

The Upper Tribunal firmly endorsed the strength of the public interest in transparency on important governmental matters generally, irrespective of whether the particular information does or does not answer any questions of specific concern. See paragraph 133 (my emphasis):

“… we think it important that the strength of these general interests should be acknowledged rather than minimised. It is because other methods of achieving accountability and transparency have had only limited success that freedom of information has been agreed by signatories to the Aarhus convention as regards environmental matters, and enacted more generally throughout the United Kingdom as a whole. When disputed information concerns important aspects of the working of government, the interests in accountability and transparency will be not merely of general importance, but of particular strength.”

On a similar note, the Upper Tribunal was clear that an informed debate was something of great importance, regardless of whether the information helped dispel or confirm any particular suspicions about how Prince Charles wielded influence. See paragraph 151:

“It seems to us that the perception that Prince Charles exercises special influence stems from the biography. As to whether it would either be confirmed or dispelled by disclosure of the disputed information, this too seems to us to miss the point: the public interest lies in having an informed debate.”

Moving on to the particular nature of the information in dispute, there was strong public interest in transparency of Prince Charles’ advocacy correspondence, particularly given that he seeks to conduct that correspondence in a way that represents the interests of (at least some of) the public. See paragraphs 141-142, and 152:

“The fact that Prince Charles corresponds with and meets ministers, on confidential terms, is in the public domain: but without the disclosure of actual examples of the correspondence, it is difficult for the public to understand what this actually means in practice… whether this country should remain a monarchy is of course a legitimate matter of public debate. More generally, debate about the extent and nature of interaction between government and the royal family, and how the monarchy fits in to our constitution, goes to the heart of understanding the constitutional underpinning of our current system of government. We conclude that these are all important and weighty considerations in favour of disclosure.

We agree with the Departments that when it is said that Prince Charles speaks “on behalf of us all” that reflects that he writes to ministers on what he believes is in the public interest. This, however, does not answer Mr Evans’s point that it seems incongruous that the public should not know about it.”

As to the public interest defence to a breach of personal confidence, the Upper Tribunal considered it important that Prince Charles voluntarily conducts himself as a public figure. See paragraph 202:

“It would be unreal to contend that Prince Charles is not a public figure. Neither the Commissioner nor the Departments advance such a contention. There is, however, in our view a strong air of unreality about their contention that his birth gave him no choice as to whether to engage in advocacy correspondence. The analogy made by Mr Fordham with a hereditary peer was in that regard compelling: some may feel impelled to intervene for the public good as they see it, either publicly or behind the scenes. Others may not. Applying the Strasbourg case-law we see no basis for saying that when Prince Charles does so his actions must be characterised as “truly personal.” On the contrary they are, on his own description, all motivated by a desire to put the “Great” back in Great Britain.”

Media interest was a relevant public interest factor, but the Upper Tribunal was careful to distinguish sensationalism from serious reporting. See paragraph 157 (my emphasis):

“The media interest in Prince Charles’s interaction with ministers is substantial.  It seems to us that this is not a factor which in itself necessarily favours disclosure.  What is relevant is that there is a real debate, generating widespread public interest, on a matter which goes to the heart of our constitution.  Sensationalism merely for the sake of it will not generally be in the public interest.  The media accounts we have seen have, on occasion, had sensationalist aspects.  For the most part, however, the media reporting is of a kind which has focused on the substance.  It is relevant when assessing the public interest to note the extent to which, over the relevant period, there have been media reports of this kind.”

The Upper Tribunal was not persuaded that disclosure would have a “chilling effect” on correspondence between the Prince and the government. Nor did it consider it relevant that the Prince’s advocacy was not motivated by any desire for commercial gain.

A final important point on the public interest balance concerned the argument (advanced relatively frequently) that disclosure of this information would engender misconceptions or misunderstandings on the part of the public. Again, the Upper Tribunal was not persuasive. It said this at paragraph 188 (my emphasis):

“There is, as it seems to us, a short answer to all the various ways in which the Departments have sought to rely on dangers of “misperception” on the part of the public. It is this: the essence of our democracy is that criticism within the law is the right of all, no matter how wrongheaded those on high may consider the criticism to be.

The future: ‘interesting questions’

Given its assessment of important constitutional principles (not only as regards the heir to the throne, but as regards democratic engagement more generally), this judgment is a very important development in FOIA jurisprudence.

However, s. 37 is now largely an absolute exemption (thanks to the changes to FOIA made by the Constitutional Reform and Governance Act; as an aside, see the unsuccessful attempt to obtain information on how those changes came about: Pragnell v IC and Ministry of Justice (EA/2011/0279)). Does this mean Evans is of largely historic interest when it comes to information concerning the monarchy? The answer is, probably not. First, some requests for information made prior to the CRAG changes remain to be resolved. Secondly, the EIR have of course not been correspondingly changed – which raises what the Upper Tribunal considered “interesting questions”. “Environmental information” has been sought from members of the royal family in the past: Bruton v IC and Duchy of Cornwall (EA/2010/0182)) was one such case, and one imagines it will not be the last. The Evans principles may therefore be highly relevant in future cases.

11KBW’s Jonathan Swift QC, Julian Milford and Tim Pitt-Payne QC appeared in this case.

Robin Hopkins

Important developments in surveillance law: RIPA and CCTV

Posted on | by Robin Hopkins

Important changes to the Regulation of Investigatory Powers Act 2000 come into force from 1 November 2012, thanks to the Protection of Freedoms Act 2012 (Commencement No. 2) Order 2012, passed last week. This is an extremely important development for local authorities.

Local authorities are empowered under RIPA to use three surveillance techniques: directed surveillance, the deployment of a Covert Human Intelligence Source (CHIS) and accessing communications data. Early in its term, the Coalition government indicated that it would impose additional safeguards on local authorities’ use of such powers, responding in part to concerns aired by Big Brother Watch and others (see our post here and the recent ‘Grim RIPA’ report here). Chapter 2 of Part 2 of the Protection of Freedoms Act 2012 Act amended RIPA so as to require local authorities to obtain the approval of a magistrate for any authorisation for the use of a covert investigatory technique.

The procedure for obtaining judicial approval may be much like that involved in obtaining search warrants. It remains to be seen how magistrates scrutinise the reasoning and evidence supporting an authorisation so as to ensure that the conditions laid down by RIPA – in particular, necessity and proportionality – are satisfied. Ibrahim Hasan has discussed the changes in his Local Government Lawyer piece here.

Last week also saw a second important announcement on surveillance. The government has announced that it is busy with preparatory work on a new CCTV code of practice, with the aim of consulting on the draft code over the autumn and bringing the new one into force in April 2013. Authorities specified in s. 33(5) of the Protection of Freedoms Act 2012 have a duty to have regard to the code, and other system operators will be encouraged to adopt it on a voluntary basis.

The Home Office Minister, Jeremy Browne MP, told the House of Commons last week that the government is “committed to ensuring that any deployment in public places of surveillance cameras, including close circuit television (CCTV) and automatic number plate recognition (ANPR), is appropriate, proportionate, transparent and effective in meeting its stated purpose”.

Oversight of – and independent recommendations about – the new code will fall to Andrew Rennison, who will remain in post as both surveillance camera commissioner and forensic science regulator until February 2014.

If one adds the Local Authorities (Executive Arrangements) (Meetings and Access to Information) (England) Regulations 2012, also passed last week (see my post here), this is clearly a time of great flux in terms of the information law landscape for local authorities in particular.

Robin Hopkins