DATA PROTECTION IN THE UK: CURRENT AND FUTURE CONCERNS

Posted on | by Robin Hopkins

The British Medical Association has expressed concern this week about the Health and Social Care Bill – in particular, about its approach to data protection and the sharing of patients’ medical information. The Bill proposes a new “information standard” for the NHS which, according to the BMA, shows that “the Government has decided to place its desire for access to information over the need to respect patient confidentiality”. The new law would empower the Secretary of State to obtain such information as he considers it necessary to have; it would also widen the access to medical information by the NHS Commissioning Board, NHS Information Centre and local authorities. More detail on the proposed changes can be found in articles in the Daily Telegraph here, and the Guardian here.

The BMA wants to see the Bill amended: “so that it enshrines the need for explicit patient concent to any disclosure of information, unless the information has been properly anonymised or there is an overriding public interest.” The Department for Health, on the other hand, is confident that the proposals would preserve confidentiality and comply with the data protection law. Presumably, the Department means data protection law as implemented in the UK. At the 11KBW Information Law Seminar last week, I discussed the tension between the narrow approach to data protection that has prevailed under UK common law since Durant, and the considerably wider approach taken at a European level (and favoured domestically by the Information Commissioner).

On this subject, there is a very interesting report on Amberhawk this week, available here. This sets out in some detail the European Commission’s concerns about the UK’s apparently “bare minimum” approach to implementing its data protection obligations. It’s not yet clear what the Commission will do about this, but it appears to be only a matter of time before negotiation or confrontation on this issue comes to a head.

CONTRACTING OUT OF FOIA AND THE DPA?

Posted on | by Robin Hopkins

Roy Greenslade has posted a very interesting piece this afternoon on his blog on the Guardian website about a purported instance of “contracting out” of FOIA and DPA rights. According to his piece, Cheshire West and Chester Council has signed a compromise agreement with a former employee in which he or she contracts not to make requests to the Council under FOIA or the DPA (the EIR is not mentioned). The Council is confident that these provisions are effective. The ICO takes the opposite view – I suspect it will not be alone in doing so. Click here to read the piece.

PAYMENTS TO SENIOR PUBLIC SECTOR EMPLOYEES: ROUNDUP OF RECENT PERSONAL DATA CASES

Posted on | by Robin Hopkins

The FOIA update paper given at last week’s 11KBW Information Law Seminar provides a roundup of recent caselaw in a few of the most common areas of Tribunal litigation.

One is commercially sensitive or confidential information: in particular, Veolia and its aftermath.

Another is information on planning applications and property developments: in particular, those cases subsequent to South Gloucestershire, namely Bristol City, Bath & North East Somerset and Elmbridge.

A third area is personal data: here the recent cases of Dun, Bryce, Ferguson and Ince have all – like the cases mentioned above – been covered in Panopticon posts. Two others to take note of, however, both in the context of public sector pay (other than salaries).

One concerns bonus payments to public sector employees. Davis v IC and Olympic Delivery Authority (EA/2010/0024) saw the Tribunal distinguish between bonus information and performance assessment information. It ordered disclosure of certain information relating to the bonuses of senior employees of the ODA: the maximum performance-related bonuses to which the chief executive and communications director were contractually entitled, and the percentage of the maximum available bonus actually paid to certain other members of senior management. The Tribunal decided, however, that details of the performance targets which individuals failed to hit to 100% satisfaction should not be disclosed.

The other recent case on the personal data exemption is Pycroft v IC and Stroud District Council (EA/2010/0165). The context was an auditor’s report which observed that the local authority’s former Strategic Director of Housing “did not ensure that staff had taken ownership of managing the budgets”. The applicant requested the details of this Director’s early retirement package. The Commissioner found that disclosure of this information would not be fair, and the Tribunal agreed. It should be noted by those dealing with requests for information about payments to allegedly poorly-performing public sector employees.

REDUCING DATA REPORTING BURDENS ON LOCAL AUTHORITIES: LGA DISAPPOINTED BY LACK OF PROGRESS

Posted on | by Robin Hopkins

In October of 2010, Eric Pickles, Secretary of State for Communities and Local Government announced – as part of the government’s drive to boost localism and reduce bureacracy – his intention to reduce the amount and complexity of data which local authorities are required to provide to central government for performance monitoring purposes. In particular, he announced that the “National Indicator Set” was to be replaced with a single comprehensive list of all the data returns central government expects local authorities to provide. Apparently, these requirements involve thousands of datasets and the employment of high numbers of full-time staff.

How has this drive progressed? Not very well, according to the Local Government Association. 

The LGA welcomed Mr Pickles’ announcement and the Department’s consultation on its ‘Reducing Data Burdens’ Code of Practice. It announced yesterday, however, that it is “disappointed at the scale of the reductions proposed so far and remain unconvinced about the extent of the Government’s ambition to minimise the reporting burdens it imposes on councils”. It provides this example: for the 45 data items or collections that have been stopped, another 18 new ones have been introduced. 

It calls for “an immediate and significant reduction in the data Government requires of local government”. See the details of the LGA’s position here.

LATE RELIANCE AND OTHER DEVELOPMENTS TO LOOK OUT FOR

Posted on | by Robin Hopkins

My paper from last week’s 11KBW Information Law Seminar contains a number of updates on important developments – both recent and imminent – at Upper and First-Tier Tribunal levels.

One of the most important concerns the contentious question of late reliance: in particular, is a public authority entitled to rely as of right on an exemption it raises for the first time before the Commissioner or even the Tribunal? The Upper Tribunal has recently answered with a firm “yes”: the decision in the joint appeals from the Tribunal decisions in Home Office v IC, and DEFRA v IC and Birkett (GIA/1694/2010 and GIA/2098/2010) can be downloaded here; see also commentary by FOI Man on his blog here. As I mention in my paper, however, the Upper Tribunal may have more to say on this matter very shortly (in an appeal involving the All Parliamentary Group on Extraordinary Rendition) – so watch this space for updates.

Another imminent Upper Tribunal decision to look out for is the case of Gaskell. concerns an appeal against a Decision Notice involving the Valuation Office Agency. In that Decision Notice, the Commissioner found that – notwithstanding the public authority’s unlawful withholding of the requested information – he would not be ordering disclosure because of events (in this case, the coming into force of new legislation) arising after the time at which the request was handled. The appeal invites the Upper Tribunal to find that the Commissioner has no discretion to make such a decision based on events subsequent to the relevant time for his assessment.

The High Court has recently confirmed that the “costs of compliance” for FOIA purposes does not include the costs of redaction: see Chief Constable of South Yorkshire v IC ([2011] EWHC 44 (Admin)).

Two notable EIR decisions are expected shortly, one at first instance in the GM Freeze case (which is expected to provide much-needed guidance on how widely the concept of “emissions” should be construed), the other by the Upper Tribunal in the Kirklees case (which is expected to clarify the question of imposing charges following a request to inspect information).

The latter case also saw this argument raised before the Upper Tribunal: a “purposive request” (i.e. one that takes the form “please provide me with the information I would need to answer the following questions”) is not a valid request for EIR and FOIA purposes.

Finally, the First-Tier Tribunal has recently heard an appeal by Channel 4, in which the appellant argued that contracts should be treated as whole, rather than severable documents, meaning that if part of the contract can be withheld, then the whole contract can also be withheld. The implications of this position would be substantial, so again – watch this space.

BIOMETRIC INFORMATION IN SCHOOLS

Posted on | by Timothy Pitt-Payne KC

In my post yesterday about the Protection of Freedoms Bill I referred to the provisions about biometric information in schools.  I asked why this subject had been singled out for attention in the Bill, and whether there was any evidence that the current situation  was unsatisfactory.

Action on Rights for Children (ARCH) have just posted on their website a very interesting briefing on the subject:  see here.  This is clearly an issue that has been of concern to ARCH for some years, and their paper gives an overview of developments since 2001.  ARCH welcome the proposal to introduce consent into the process of taking children’s biometric data, but suggest that ensuring any consent is valid and informed will present a considerable challenge.