On Tuesday, I blogged about the decision of the Secretary of State for Health to veto the order requiring disclosure of the transition risk register in the NHS risk registers case. Today the Secretary of State published his statement as to the reasons for the imposition of the veto. You can read the statement here: https://www.dh.gov.uk/health/2012/05/statement-transition-register/. The statement is notable not least because it suggests that, in the Government’s view, there is a very strong public interest in avoiding the disclosure of risk registers, which are used as a tool across government, particularly where the advice they contain ‘is required at highly sensitive times on highly sensitive issues’. The statement also reveals that, so far as the Government is concerned, despite being concerned with policy implementation rather than policy development, transition risk registers may yet retain a high degree of sensitivity, particularly where they are being used against a backdrop of shifting policy priorities. Finally, it is worth noting that one of the factors which apparently influenced the decision to issue the veto is the fact that the publication of the transition risk register would have acted as ‘a serious distraction from progressing the [NHS reform] proposals’. This is something which is likely to be leapt on by opponents to the reform proposals, many of whom take the view that the Government is deliberately seeking to avoid disclosure of the registers because it is concerned that they will reveal fundamental flaws in the proposals.
THE MINISTERIAL VETO STRIKES AGAIN – BUT THIS TIME NOT IN RESPECT OF CABINET MINUTES
In early April 2012, I posted on the Tribunal’s decision in the NHS risk registers case (you can see my post here and also Robin Hopkins’ follow up post here). In summary, the Tribunal concluded that the ‘transition risk register’ ought to have been disclosed but the ‘strategic risk register’ was lawfully withheld on an application of s. 35 FOIA. Today, the Government has announced that it is exercising its power of veto in respect of the order to disclose the ‘transition risk register’. Apart from the fact that the veto obviously represents an important twist in the NHS risk registers case, what is interesting about the veto decision is that it potentially represents a sea-change in the Government’s thinking on the use of the veto. To date, the veto has been used in only three cases, all of which involved requests for disclosure of Cabinet minutes. What is striking about today’s announcement is that the veto is being applied, not in respect of Cabinet minutes, but rather in respect of a risk assessment document which was prepared in respect of the Government’s controversial plans to reform the NHS. Notably, the statement made by the Secretary of State for Health, Andrew Lansley, confirms that the decision to issue the veto was influenced by the need to ensure that there was a ‘safe space where officials are able to give ministers full and frank advice in developing policies and programmes’ (see further this link to the statement). This compares with the emphasis on providing a ‘safe space’ for cabinet ministers which was highlighted in the context of the previous vetoes. The important question which the use of the veto in the risk registers case effectively poses is whether we are going to see a more prolific use of the powers of veto in the future. If we are, that may well have important political ramifications for the Coalition Government as well as generally recasting the FOIA landscape. See further my posts on the first two vetoes which you can find here and also my 2009 paper which considered the use of the veto which you can find here. The Commissioner has stated that he will report to Parliament on the use of the veto next week.
PROTECTION OF FREEDOMS ACT 2012
The Act was granted Royal Assent on 1 May 2012. Tim Pitt-Payne posted about it back in February 2011, when the Bill was introduced.
In its final form, it includes Parts on:
- the regulation of biometric data;
- the regulation of surveillance;
- the protection of property from disproportionate enforcement action;
- counter-terrorism powers;
- safeguarding vulnerable groups, criminal records etc; and
- freedom of information and data protection.
The key change to the Freedom of Information Act 2000 is a new approach for requests for data-sets. The new Act amends sections 11, 19 and 45 FOIA and inserts new sections 11A and 11B FOIA. The changes are discussed in this article on one of the Guardian’s blogs.
Other changes include:
- an amendment to the definition in section 6 FOIA of a publicly-owned company;
- the extension of certain provisions of FOIA to Northern Ireland bodies;
- an increase in the maximum term of appointment of the Information Commissioner from five years to seven years and amendments to the provisions for his/her removal;
- changes to the role of the Secretary of State in relation to the Information Commissioner’s guidance powers; and
- the Secretary of State’s consent is no longer required before the Information Commissioner can exercise his/her fee-charging powers or in relation to various matters concerning staff.
Rachel Kamm, 11KBW
LANDFILL OPERATOR’S INFORMATION NEITHER CONFIDENTIAL NOR COMMERCIALLY SENSITIVE
First-Tier Tribunal caselaw this past week has focused on the intersection between the common law of confidence and statutory rights of access to information. Moss v IC & Home Office (EA/2011/0081) (see Anya’s post here), the Tribunal analysed section 41(2) of FOIA (information provided in confidence). Shortly thereafter, the Tribunal handed down its decision in Rory Jones (on behalf of Swansea Friends of the Earth) v IC, The Environment Agency and SI Green Ltd (EA/2011/0156). This concerned the slightly different provision under regulation 12(5)(e) of the EIR. Regulation 12(5)(e) EIR provides that “a public authority may refuse to disclose information to the extent that its disclosure would adversely affect… the confidentiality of commercial or industrial information where such confidentiality is provided by law to protect a legitimate economic interest”.
When a landfill operator such as SI Green (UK) Ltd (“Green”) obtains a permit from the Environment Agency (EA”) to operate a waste landfill, financial provision is made for covering the costs of something going wrong. Most commonly, this is done by means of a bond. In the event that any of the events specified by the bond occur, the amount secured by the bond is paid directly to the EA which can then use the funds to put matters right.
In this case, the appellant requested information relating to financial guarantee arrangements put in place by Green pursuant to its EA permit for operating a waste landfill site at Cwmrhydycierw Quarry near Swansea. The EA provided a redacted version of two documents, a performance agreement and the associated bond. It relied on regulation 12(5)(e) EIR in redacting information concerned with the amount of the bonded sum Green is required to secure for each year of operation of the landfill and going forward through a period of 60 years after operations terminate. It contended that this was commercially sensitive confidential information.
The Tribunal agreed with the Appellant that regulation 12(5)(e) was not engaged, because the redacted information was not subject to confidentiality provided by law. First, it was not provided by legislation. The Pollution Prevention and Control (England and Wales) Regulations 2000 enable landfill operators to apply for any information they provide to the EA to be excluded from the public register on the grounds that it is commercially confidential. In this case, Green had made such an application for different information to that redacted here.
Secondly, the information was not subject to common law confidentiality either. As in the Moss case, the Tribunal stuck to the 3-limb test laid down in Coco v AN Clark. In this case, the respondents’ case came unstuck on the second limb, which requires that the information must have been imparted in circumstances importing an obligation of confidence. In this respect, the Tribunal applied regulation 12(5)(e) in a very similar way to s. 41(2) of FOIA. It held that “that element [the second Coco limb] implies the communication of the information by one party to the other. The evidence in the present case, however, is that the information came into existence through a process of negotiation between the parties”. It added that “we recognise that section 41 refers more explicitly to information being “obtained” by the public authority from any other person. That is not the language of regulation 12(5)(e). However, we consider that the same element is imported by the incorporation of the common law test of breach of confidence into regulation 12(5)(e) of the EIR.”
As the exception was not engaged, the public interest test was not necessary. Nevertheless, the Tribunal held that even if the exception had been engaged, the public interest favoured disclosure. The respondents’ cases were based largely on the assumption that the redacted information would reveal useful information about Green’s operating costs in relation to the landfill site in question. The Tribunal found that the evidence before it fell “far short” of supporting that assertion. On the other hand, the public interest in disclosure was made out: “the purpose of the bond is to provide the public with protection should things go seriously wrong. Disclosing the information would allow the public to understand the level of protection that is being provided to them and for them to feel confident that the provision is sufficient to deal with potential difficulties.”
Robin Hopkins
PROTECTING CONFIDENTIAL INFORMATION UNDER FOIA – NEW FTT DECISION
The FTT has recently handed down a decision which considers in some detail the operation of s. 41(2) FOIA (exemption in respect of confidential information): Moss v IC & Home Office (EA/2011/0081). In Moss, a request was made for disclosure of a particular report prepared by IBM and provided to the Home Office. The report was compiled in circumstances where IBM was seeking to tender for provision to the Identity and Passport Service (IPS) of a biometric recognition system and was, as part of this process, considering which biometric software provider to partner with. The report sought to test the suitability of various biometric software providers and their products with a view to establishing which provider should be treated as the preferred provider in the context of the tender. IBM decided to provide the report to the IPS in order to build confidence in the solution that it was offering to the IPS as part of the tender process. The report was provided to the IPS in circumstances where there were various agreements in place which, whilst recognising the IPS’ obligations under FOIA, effectively obliged the IPS to treat the information it received from tenderers as confidential. Mr Moss submitted a request to the Home Office for disclosure of the report. The Home Office refused to disclose the report, relying on a number of exemptions including s. 41(2). The Commissioner concluded that the refusal was lawful on an application of s. 41(2). On appeal to the tribunal, Mr Moss sought to argue that the Commissioner had misapplied s. 41(2). In a lengthy judgment, a majority of the tribunal upheld the Commissioner’s decision. However, the minority held that the report ought to have been disclosed, subject to redactions to protect in particular the commercial interests of the software providers. The majority judgment is notable not least because of its emphatic approval of the test for breach of confidence adopted by Megarry J in Coco v Clark [1968] FSR 415. Other aspects of the majority judgment which are worthy of note include the majority’s conclusion that the public interest defence will not be available in respect of a potential claim for breach of confidence merely because the public has an interest in seeing the information in question (see in particular paras. 84 et seq).
Interestingly, both the majority and the minority touched on issues relating to the application of Article 10 in their respective judgments. The majority alluded to Article 10 in the context of highlighting the ways in which the Article 10 right to freedom of expression may bolster a prospective public interest defence against a claim for breach of confidence. (The existence of such a defence is relevant to the question whether, for the purposes of s. 41(2), disclosure of confidential information would give rise to an ‘actionable breach of confidence’). The minority, by way of contrast, alluded to the Article 10 right to receive information, which had recently been considered in the Sugar and Kennedy cases (in the Supreme Court and Court of Appeal respectively). The minority queried whether and to what extent the recent jurisprudence on the Article 10 right to receive information ought to be shaping the analysis of the public interest defence under s. 41(2). See further my earlier post on the Kennedy judgment here.
Anya Proops
SUBJECT ACCESS REQUESTS – MIXED MOTIVES AND PROPORTIONATE SEARCHES
There are two questions which are frequently posed by data controllers in receipt of wide-ranging subject access requests. First, if the request is made in circumstances where the requester is pursuing litigation against the data controller, the data controller will often query whether the request can be refused on the ground that it is being pursued for improper collateral purposes. Second, if responding to the request comprehensively would be disproportionately resource intensive, the data controller will typically ask whether it is entitled to limit its search to one which is reasonable and proportionate in the circumstances. As the recent case of Elliot v Lloyds TSB Bank PLC & Anor (Case No: 0LS51908) illustrates, answering such questions is rarely straightforward.
The background to Elliott was that Mr Elliott was pursuing a grievance against Lloyds in connection with certain commercial matters. With a view to furthering his grievance, Mr Elliott submitted a request to Lloyds for pre-action disclosure. That request was refused on the ground that it did not comply with CPR 31.16. Thereafter, Mr Elliott submitted wide-ranging subject access requests to Lloyds. A considerable amount of information was disclosed by Lloyds in response to the requests. However, Mr Elliott was not satisfied with the material disclosed to him. He considered that further searches ought to be undertaken. Accordingly, he brought a claim against Lloyds in the County Court under s. 7(9) DPA (s. 7(9) affords the court a wide discretion to order a data controller to comply with a subject access request if it is satisfied that the data controller has not dealt with the request in accordance with the legislation). Lloyds sought to resist the claim on two grounds: first, the claim was an abuse of process as it was being pursued for the collateral purposes of furthering Mr Elliott’s interests in prospective commercial litigation against Lloyds; second, the claim should fail on the basis that the further searches for data which Mr Elliott was insisting should be conducted would be disproportionate in all the circumstances. Thus, both Mr Elliott’s motive and the issue of the proportionality of Lloyd’s searches were at stake in the litigation.
The Motive Issue
Mr Elliott’s case on the motive issue was that he was pursuing the claim for a legitimate purpose, namely that he wanted to find out whether Lloyds had been misusing his personal data (e.g. by improperly disclosing it to a third party). Lloyd’s position on the motive issue was as follows: either Mr Elliot was pursuing the claim purely in order to further his interests in the prospective commercial litigation or this was the dominant motivation for the claim; either way the s. 7(9) claim was being pursued for an improper collateral purpose and, as such, amounted to an abuse of process.
Following Durant v Financial Services Authority [2003] 1746, the judge (HHJ Behrens) readily accepted that, if the claim was being pursued purely for the collateral purpose of furthering Mr Elliott’s position in other prospective litigation, that would amount to an abuse of process which would justify the claim being struck out. However, he went on to query what the position would be if Mr Elliott in fact had mixed motives (i.e. he wanted the data in order to further the prospective commercial litigation but also wanted to discover whether his data had in fact been misused by Lloyds). Having considered the judgment of the High Court in Iesini v Westrip Holdings [2011] 1 BCLC 498, the judge took the view that, in a case involving mixed motives, the test which should be applied was a ‘but for’ test. Thus, if the claim would not have been brought but for the claimant’s collateral purpose in furthering his interests in the other litigation, the claim would have been brought for an improper purpose and would be liable to be struck out as an abuse of process. On the other hand, if the s. 7(9) claim would have been brought irrespective of the other prospective litigation, then it was not an abuse of process. Notably, the judge rejected an alternative test proposed by Lloyds, namely that the s. 7(9) claim would be an abuse of process if the ‘dominant purpose’ of the claim was an improper collateral purpose. The judge concluded that the dominant purpose test could not be reconciled with the approach approved by the court in Iesini.
With respect to Mr Elliott, the judge concluded that: he had mixed motives in bringing the s. 7(9) claim; however, he would still have brought the claim in the absence of the prospective commercial litigation and, as such, his claim under the DPA was not an abuse of process.
Proportionate Search
On the proportionate search issue, Mr Elliott argued that a data controller was not entitled to limit the scope of its search for personal data by reference to concepts such as reasonableness and proportionality. Insofar as the concept of proportionality was relevant at all under the DPA, it was relevant not to the search process per se but rather to the process of supplying the data to the applicant once it had been located (see further s. 8(2)(a) DPA which disapplies the general duty to provide the applicant with ‘a copy of the information in permanent form’ in circumstances where the supply of such a copy ‘is not possible or would involve disproportionate effort’). In support of these arguments, Mr Elliott relied on guidance published by the Information Commissioner.
Lloyds argued that this was not the correct approach and that, following Ezsias v Welsh Ministers [2007] All ER (D) 65, it was not obliged under the DPA to conduct a search requiring unreasonable or disproportionate effort. Lloyds further contended that, to the extent that the Commissioner’s guidance took a different view of the principles approved in Ezsias, the guidance was wrong and ought not to be followed. Lloyds argued that it would be disproportionate to conduct the further searches demanded by Mr Elliott. The judge accepted Lloyds’ case on the disproportionate effort issue. He agreed that the further searches sought by Mr Elliott were disproportionate and, hence, were not required under the DPA.
The court’s judgment on the proportionality issue is likely to offer considerable relief to data controllers, many of whom struggle under the burdens imposed by wide-ranging subject access requests. It remains to be seen whether the Commissioner will, in response to this judgment, seek to review his guidance. As for the judgment on the motive issue, it is worth noting that the court heard evidence directly from Mr Elliott on this issue and, further, that it found him to be ‘an honest witness’.
Finally, it is worth noting that, despite having won on the disproportionate search issue, Lloyds was still required to pay a substantial part of Mr Elliott’s costs. This was in no small part because Lloyds had disclosed a substantial amount of new data following the lodging of Mr Eliott’s claim. 11KBW’s James Cornwell acted for Lloyds.
Anya Proops