Meaning of ‘public authority’ under the EIRs: ECJ to consider

Posted on | by Robin Hopkins

The leading authority on the meaning of “public authority” under regulation 2 of the EIR is Smartsource v IC and a Group of 19 additional water companies [2010] UKUT 415 (AAC). In that case, the Upper Tribunal found that the water companies were not public authorities for EIR purposes. Smartsource has been applied in, for example, Bruton v IC and Duchy of Cornwall and Montford v IC and BBC.

The issue has returned to the Upper Tribunal in Fish Legal v IC [2012] UKUT 177 (AAC), again in the context of water companies. As the Upper Tribunal has noted, however, the principles are relevant to other privatised, regulated industries that deliver a once publicly-owned service: electricity, gas, rail and telecoms. As the EIR implement European legislation, the meaning of “public authority” has been referred to the ECJ, which has recently published the questions it will be considering.

These involve the meaning of ‘performing public administrative functions under national law’ (is the applicable law and analysis purely a national one? If not, what EU law criteria should be used?), what does ‘control’ mean (in the context of one person/body controlling another) and does an ‘emanation of the state’ necessarily come within the definition? Another crucial issue is the so-called ‘hybrid authority’ question: if a body falls partly within the definition, do EIR rights apply only to those parts (functions, activities etc) that do, or to the whole of the person/body?

Those are, of course, paraphrases. The actual questions can be found here. The ECJ’s answers will be enormously important to information access rights in the UK.

11KBW’s Rachel Kamm represented the Information Commissioner before the Upper Tribunal.

Robin Hopkins

The Equitable Life collapse: strong public interests needed to trump s. 30

Posted on | by Robin Hopkins

Wynn v IC and Serious Fraud Office (EA/2011/0185) concerned the dramatic closure in late 2000 of the insurer Equitable Life. Both the Ombudsman and the Penrose Inquiry examined the collapse and published their reports. Attempts to compensate those who lost money have been pursued through the courts and considered by parliament.

The Serious Fraud Office became involved to consider whether any criminal charges should be brought against those involved in the collapse. Pursuant to its functions under the Criminal Justice Act 1987, it analysed the material and took legal advice in order to decide whether or not to commence a criminal investigation. In effect, it investigated whether or not to investigate. In December 2005, the SFO announced that it would not commence an investigation.

Mr Wynn was dissatisfied with that decision. Eventually, in 2009, he asked the SFO for all of the information it held on Equitable Life. It provided him with some information – importantly, this included (pursuant to a direction from the ICO) a ‘vetting note’, which summarised the SFO’s reasoning on why successful prosecutions were unlikely. The SFO withheld the remainder of the voluminous information it held, relying on s. 12 (cost of compliance) for some it and ss. 30(1) (investigations) and 42 (legal professional privilege) for the rest. The ICO agreed.

Mr Wynn’s appeal to the Tribunal was dismissed. The Tribunal was satisfied that the s. 12 estimate was reasonable and well evidenced. S. 30(1) was engaged: a preliminary investigation (or, as I have put it above, an investigation into whether to investigate) was an investigation for s. 30(1) purposes nonetheless.

The public interest favoured maintaining that exemption. Case-specific points included the substantial transparency delivered by the Ombudsman and Penrose Inquiry reports and the SFO’s vetting note. There was nothing to suggest that the SFO had got things wrong.

The decision also contains a number of points of more general application. The Tribunal endorsed the account given in Breeze v Information Commissioner (EA/2011/0057) of the concerns protected by s. 30(1): protecting witnesses and informants (including their confidentiality), maintaining the integrity of the prosecution and judicial process, and ensuring that the court remained the sole forum for determining guilt. The ‘safe space’ point was also important: prosecutors need a safe space in which to make their decisions without any fear their frank assessments being publicised too soon after the event.

Notwithstanding the passage of time between the conclusion of that investigation and the request under FOIA, those factors counted very heavily in favour of maintaining the exemption under s. 30(1). The Tribunal endorsed this general proposition from Public Prosecutor of Northern Ireland v IC (EA/2010/0109): “in order for disclosure to be ordered in such cases public interest factors of at least equal weight would have to be adduced. A general interest in transparency as to a prosecution authority’s decisions will not be sufficient. Something substantial and particular to the information would be required” (paragraph 35).

The general upshot is that, in recent years, s. 30(1) has grown into a ‘strong’ exemption, i.e. one that requires weighty and particular factors to ‘defeat’. ‘Safe space’ arguments have also fared somewhat better in the prosecution context than the policy-making
context (under s. 35 of FOIA) in Tribunal decisions over the last year or two.

Finally, it is long-established that s. 42(1) is a ‘strong’ exemption, requiring weighty factors if disclosure of privileged information is to ordered. None were forthcoming in Wynn.

Robin Hopkins

Data protection & article 8 – a smorgasbord of information law news stories…

Posted on | by Anya Proops KC

A number of interesting news stories engaging information law principles have been hitting the headlines over the last couple of days. First, the Communities Secretary, Eric Pickles, has issued a report condemning the excessive use of surveillance powers by public authorities under RIPA, including local authorities and others (you can read about the report in this Guardian article). Second, the Guardian has reported on information obtained from the Metropolitan Police under FOIA which apparently reveals that around 14m Metropolitan Police intelligence reports and 38m intelligence reports from other forces are being made available to all of Britain’s police agencies on the Police National Database. The reports evidently contain information about not only about convicted offenders but also about individuals who have never been charged or convicted of any crime (see the article here and see further on this issue my post in June of this year on the retention of police custody photos). Third, there has today been discussion in the media of the Legal Services Ombudsman’s decision to publish online the names of solicitors and barristers where either ‘a pattern of complaints’ has emerged in respect of a particular lawyer or where publication is otherwise ‘in the public interest’ (see further today’s Radio 4 ‘You and Yours’ programme where the LSO spelled out his policy on this issue – you can find the programme here; go to the 21st minute of the programme).

Whilst ostensibly disparate in nature, all of these stories raise a common information law question, namely whether the measures which have been adopted by these various public authorities accord with the rights of individuals under the Data Protection Act 1998 (DPA) and Article 8 ECHR. Answering this question entails consideration of a number of different issues including not least whether the particular measure serves a legitimate aim and also importantly whether it constitutes a proportionate means of achieving a legitimate aim (in the case of public authority surveillance further important questions will also arise under RIPA).What all of these stories confirm is a point which will not be news to information lawyers, namely that information law issues have an increasing resonance in debates over the ways in which public authorities operate.

Anya Proops

Section 7(9) DPA is about privacy, not employment disputes

Posted on | by Robin Hopkins

Disputes about subject access requests under section 7 of the Data Protection Act 1998 only rarely make their way to the Higher Courts. The leading – and often bedevilling – case of Durant is, for example, now 9 years old. Given this scarcity of precedent from the High Court and Court of Appeal, up-to-date illustrations of the judiciary’s approach to the DPA are most usefully sought in County Court judgments – see for example Panopticon’s post on the case of Elliot v Lloyds TSB Bank from earlier this year.

The most recent notable judgment is that of the County Court (HHJ May QC) in Professor Karim Abadir v Imperial College.

The applicant is an eminent econometrics professor employed by Imperial and has been since 2005. In 2011, Professor Abadir took issue when another professor at Imperial began to assess the academic staff by means of subjective metrics. The applicant objected to this, considering those metrics to be inappropriate for the academic staff in his department, and sought disclosure of the discussions that had taken place prior to their implementation.  Aggrieved, he made a subject access request. He was given some information, apparently of the human resources variety in the main. He objected to the nature of some of the comments which had been circulated about him and took the view that some of the emails he sought had been deleted. Imperial informed him in July that it would be implementing an email system upgrade and change of server in August. The applicant feared that some of the emails he wished to obtain would be permanently deleted. He sought an injunction preventing the systems work and requiring Imperial to search for and disclose to him “every document where reference is made” to him, including in deleted files.

Professor Abadir’s application was refused for a number of reasons.

Two reasons were matters of form, in that they related to what was missing from the application. The application was “objectionable” on the grounds that the applicant had not specified the nature of the underlying claim he would bring in due course. Also, assuming the underlying intended claim to be under section 7(9) of the DPA, the Judge expected the applicant to provide a draft order specifying exactly what information or searches he sought. The applicant had not done so. Instead, he asked for “generalised search of all computer systems, to include deleted data”.

Two further reasons were fatal in substantive terms. One was that there was no evidence to support the claim that the systems work would lead to the permanent loss of relevant emails. In fact, Imperial’s evidence contradicted that. There was thus no urgency to justify granting an injunction.

The final reason concerned the purpose or motive behind Professor Abadir’s claim. It was confirmed that his purpose was “to obtain disclosure of documents for purposes of deciding how to frame and pursue against Imperial College employment grievances which Prof Abadir believes he has. Put this way, the process by which documents are sought, given the purpose to which they are intended to be put, is much more akin to an application for pre-action disclosure.  It is disclosure, not right of access to personal data, which Prof Abadir is really seeking from Imperial College.”

On this point, HHJ May QC concluded that “disclosure is sought is not for the purposes of protecting Prof Abadir’s privacy but for the purposes of pursuing a claim against his employer.  To use the provisions of the DPA to pursue such a purpose is an abuse: Ezsias v The Welsh Ministers”.

Unusually, the Judge also awarded the University costs on an indemnity basis. In part, this was because the applicant had failed to identify the underlying cause of action, or to contact Imperial to make enquiries about its server changes before issuing his application for an injunction. HHJ May QC also concluded as follows: “to the extent that the injunction was sought for the purposes of supporting an intended action for DPA disclosure, it was clearly misconceived.  To seek disclosure under the DPA for the purposes of considering an employment claim is an abuse.  In any event, as DPA proceedings are for the purposes of protecting privacy, deletion/destruction of documents would not be contrary to those purposes, quite the reverse.”

It is apparent, therefore, that Courts continue to be unimpressed by the pursuit of subject access requests motivated by prospective litigation, and that they tend to see privacy concerns (rather than employment grievances) as the underlying rationale for the right of access to personal data. This will be welcomed by many data controllers.

Anya Proops appeared for Imperial College.

Robin Hopkins

The Data Protection Act in defamation cases: increasingly relevant, potentially primary?

Posted on | by Robin Hopkins

The Data Protection Act 1998 is increasingly being deployed as part of a claimant’s arsenal in defamation claims. The Information Commissioner has historically resisted policing DPA breaches in the context of allegedly defamatory expressions of opinion by one person about another.

Courts, on the other hand, have accepted that expressions of opinion about individuals are (as the definition at section 1 of the DPA makes clear) personal data, and that the DPA can therefore bite. This has arisen, for example, in the context of Norwich Pharmacal claims seeking the disclosure of the identities of users posting allegedly defamatory material. See for example Applause Store Productions Ltd and another v Raphael [2008] EWHC 1781 (QB), on which Anya posted here.

The use of the DPA in defamation claims (or cases which, though brought under the DPA, look in substance like defamation claims) has, it seems, gathered momentum. In late 2011, Tugendhadt J gave judgment in a case about the ‘solicitors from hell’ website:  The Law Society and others v Rick Kordowski [2011] EWHC 3185 (QB), on which Rachel Kamm posted here.

Last month, the DPA was again successfully relied upon as founding an arguable defamation-type claim. Desmond v Foreman, Shenton, Elliott, Cheshire West and Cheshire Council and Cheshire East Council [2012] EWHC 1900 (QB), involved a cover teacher who was suspended and ultimately dismissed following allegations that he had conducted himself in an inappropriate sexual manner towards a sixth-form student. The case involved a number of communications: meetings to discuss the allegations; requests for information from the police and previous employers; referrals to the Independent Safeguarding Authority, and queries about his home situation made by an officer of one local authority to an officer at another.

The claimant contended that a number of these communications implied that he was actually guilty of and had actually committed various serious offences (including rape, of which he had been accused in 2001 but exonerated through court proceedings). He brought a defamation claim, also contending that the allegedly defamatory statements infringed his rights under Article 8 and the DPA (in particular, breaches of data protection principles 1, 2, 3, 4 and 6).

The defendants – two local authorities, a headmaster and two local authority officers – sought summary judgment. They said the communications complained of were no more than expressions of concern that matters needed investigating, they asserted qualified privilege (based on the performance of their public duties) and justification.

The judge – as in Kordowski, Tugendhadt J – dismissed the application for summary judgment in part, finding that the claimant’s case under Article 8 and the DPA had a real prospect of success in relation to some of the communications complained of.

The judgment is of interest not only as an illustration of the difficulties of lawfully sharing sensitive information (including opinions) in the context of safeguarding children. It also illustrates that the DPA is increasingly – and realistically – being pressed into the service of types of complaint traditionally brought under other heads. The DPA and Article 8 are, of course, long-standing and natural complements to each other. Defamation, however, is slightly more alien territory for the DPA. Copyright infringement (on which, see a post of mine from last year here) is another area to which the DPA is increasingly relevant.

What, it is sometimes wondered, does a claim under the DPA add which is not already covered by claims under Article 8, defamation and so on? After all, as the defendants in Desmond argued, if someone is aggrieved at DPA breaches, then he has another remedy available, namely a complaint to the ICO. Interestingly, Tugendhadt J’s judgment in Desmond reverses this: what, he asked, would an Article 8 or defamation claim add to the DPA claim – at least with respect to one of the communications complained of? In particular, he was concerned with how best to deal with the claim that information about the 2001 rape allegation had been processed (retained, communicated) without reference to the judgments exonerating the claimant.

This last point about fair and accurate records of serious allegations is important: see an older post of mine here.

For the moment, back to Desmond and how best to deal with legal claims about this sort of complaint. Tugendhadt J said this:

“81. How and why it is that the references to the 2001 incident came to be recorded, but recorded without mentioning the public judgments of the court containing the police’s explanation for not charging the Claimant, is a question for which the proceedings under the DPA may provide the most appropriate form of investigation (as the Court of Appeal suggested in para 51 of their judgment). It is for consideration whether claims under the HRA or in defamation would add any benefit to the Claimant over and above a claim under the DPA. And as noted above, a claim under the DPA appears to raise no issues of limitation.

82. I invited the parties to consider why the Court should not direct that the claim under the DPA proceed first and separately from the other two claims, and give directions as to the filing of evidence (or agreed statements of facts) so that the matter could be determined in accordance with the overriding objective, and in particular with the objective of allotting to the case an appropriate share of the court’s resources.”

This demonstrates that, at least in some circumstances, the DPA may appropriately play the lead role rather than a supporting one in a complaint about unjustifiable and damaging communications about individuals. It looks as if the DPA will continue to flex muscles it did not even know it had.

Robin Hopkins

The BBC in the Tribunal: not a public authority under the EIR; strong arguments for disclosure of licence fee legal advice

Posted on | by Robin Hopkins

In Montford v IC and BBC (EA/2009/0114), the appellant had asked the BBC various questions about its expenditure in relation to Cambridge Media and Environment Program, which researched and planned a programme of seminars that had been running since 2005 at which BBC editorial staff discussed issues such as environmental change and world development, with the objective of improving BBC journalism in those areas.

The BBC is a public authority within Schedule 1 of FOIA only within the following parameters: “The British Broadcasting Corporation, in respect of information held the purposes other than those of journalism, art or literature”. The Supreme Court addressed this “derogation” from FOIA in Sugar v BBC [2012] UKSC 4: see our post here. Montford concerned not only the application of Sugar to this request, but also an argument that, given the subject matter of the request and the BBC’s activities, the BBC was a public authority within the meaning of regulation 2 of the EIR.

The Tribunal considered the leading cases on the latter point (Smartsource, Port of London, Network Rail, Bruton) and – applying the multifactorial approach from Smartsource – concluded that the BBC was not a public authority under the EIR. Further, the requested information was not environmental: that requires more than a remote link to the environment, and in the present case there was no link. It was therefore FOIA which applied, and Sugar meant that the requested information fell within the derogation. The BBC therefore did not have to provide it.

The BBC also featured – though not as a party – in another Tribunal decision of late. Crawford v IC and DCMS (EA/2012/0018) concerned the conclusion of the ‘BBC settlement’, ie the funding arrangements (freezing of the licence fee, BBC taking over World Service funding and so on) agreed with extraordinary speed between Jeremy Hunt and BBC Trust chair Michael Lyons in October 2010. The requester – a BBC journalist – sought information about that agreement. By the time of the hearing, the only disputed information was legal advice, which fell within section 42(1) of FOIA. The argument focuses on the public interest.

As readers will be aware, information falling within section 42(1) has very rarely been ordered for disclosure by the Tribunal. One gets the sense from the Tribunal’s decision in Crawford that the appellant here came closer than most to getting the information he sought.  The Tribunal noted the unprecedented speed with which negotiations about matters of great public interest were concluded in 2010. In the circumstances, there were “weighty factors in favour of disclosure of any information which can shed light on how this speedy settlement which affects so many people was reached. In other words there is a significant public interest in transparency and accountability in this case”. The stumbling block, however, was that the disputed legal advice shed only limited light on those concerns. Disclosure was thus not ordered. The Tribunal concluded on a note of sympathy with the requester:

“We would observe that we can understand why Mr Crawford has pursued this matter to a hearing despite disclosure of most of the information originally requested. It seems to us, that despite the exceptional nature of the CSR, the haste of the negotiations and lack of record of what took place means that Mr Crawford has quite understandably had to challenge the DCMS into providing whatever contemporaneous record there might be to help him in his journalist pursuit to provide the public with the facts of this unprecedented Licence Fee Settlement with its far reaching effects.”

Robin Hopkins