ENHANCED CRB CHECKS – YET AGAIN

Posted on | by Timothy Pitt-Payne KC

The system of CRB checks (established under Part V of the Police Act 1997) is currently under review:  for the review’s terms of reference, see here.   At present, where an enhanced CRB check is carried out it is for the police to decide whether there is any non-conviction information that ought to be included in the enhanced CRB certificate:  for instance, information about acquittals, or about allegations that have never been tested at a criminal trial.  The legal principles governing this exercise – in particular, the relevance of Article 8 of the Convention – were extensively discussed by the Supreme Court in R (L) v Commissioner of Police of the Metropolis [2009] UKSC 3.

The recent decision of the Court of Appeal in Desmond v Chief Constable of Nottinghamshire Police [2011] EWCA Civ 3 raises a different issue:  for the purposes of the law of negligence, do the police owe a duty of care to the individual who is the subject of the certificate?  The Court of Appeal holds that they do not.

In Desmond, the claimant’s case (put very shortly) was that adverse information about him had been included in an enhanced CRB check; that the information disclosed was misleading; and that the decision to disclose could not be justified on the basis of the material available to the police, and had been reached without making proper enquiries.  He brought a claim against  the relevant Chief Constable, alleging (inter alia) breach of Article 8, breach of the Data Protection Act 1998, and negligence.

The claim in negligence was struck out, but this decision was partly reversed on appeal by Wyn Williams J, whose judgment is at [2009] EWHC 2362 (QB).  On further appeal, the Court of Appeal restored the original decision to strike out the negligence claim in full.  There was no proper basis for concluding that the chief officer was to be taken to have assumed responsibility to Mr. Desmond; the structure and purpose of the relevant legislation strongly suggested that there should be no duty of care; there was no case which persuaded the Court of Appeal, by analogy, that a duty of care should be imposed; and the existence of various other remedies that Mr. Desmond could pursue also supported the conclusion that no duty of care was owed. 

The Court of Appeal also states that Article 8 of the Convention is likely to be applicable in every case where non-conviction information is disclosed as part of an enhanced CRB certificate, and that a breach of Article 8 would give rise to a potential damages claim under section 8 of the Human Rights Act 1998:  see paragraph 9 of the judgment.  It appears from the Court of Appeal’s judgment that Mr. Desmond’s Article 8 claim still continues, as does his claim under the Data Protection Act 1998. 

COMMERCIAL INFORMATION AND HUMAN RIGHTS – NEW TRIBUNAL DECISION

Posted on | by Anya Proops KC

Last month I blogged on a recent Tribunal decision which considered whether, following Veolia v Nottinghamshire CC [2010] EWCA 1214 (“Veolia”), human rights considerations had a role to play in FOIA/EIR  cases involving the potential disclosure of confidential commercial information – see my post on the decision in Staffordshire CC v IC & Sibelco here. This month the Tribunal has promulgated another decision on the issue: see Nottinghamshire CC v IC & Veolia & UK Coal Mining Ltd (EA/2010/0142). The Notts case was concerned with a request for disclosure of particular information contained in a waste management contract between the council and Veolia. The particular information in dispute before the Tribunal was information contained in a schedule to that contract. In essence, the schedule detailed the leasing arrangements under which the council had an option to lease certain land from UKCM. The intention was that, once the leasing option was exercised by the council, Veolia would take a sub-lease of the land and then would build and maintain an incinerator on the land for the purposes of discharging its waste management obligations under the contract.

Contrary to the position adopted by the Commissioner, the Tribunal took the view that, despite the fact that it formed part of an overarching waste management contract, the information in the schedule did not in itself amount to environmental information (i.e. as it was simply information relating to prospective commercial leasing arrangements); accordingly, disclosure of the disputed information fell to be considered under FOIA rather than EIR. The applicable FOIA exemption was the commercial interests exemption (s. 43).

The Tribunal went on in its decision to comment on the application of human rights principles to the appeal, those principles having been considered by the Court of Appeal in the Veolia case. In essence, the Tribunal appears to have held that: (a) following Veolia, valuable commercial information could constitute a ‘possession’ of UKCM under Article 1 of Protocol 1 ECHR; (b) that, if the disputed information amounted to a ‘possession’, then UKMC had a right to privacy in respect of that information under Article 8(1) ECHR and, accordingly (c) disclosure under FOIA of that information would only be lawful if it was justified for the purposes of Article 8(2) ECHR. However, having reached these conclusions, the Tribunal appears to have taken the view that in fact these human rights considerations did not add very much to the overall analysis under FOIA, particularly as the requirements of the Article 8(2) justification test were already effectively reflected in the public interest balancing exercise which was built into s. 2 FOIA (see para. 74 of the decision).

It remains to be seen whether those with an interest in avoiding disclosure of commercially sensitive information will seek to argue in other cases before the tribunal that human rights considerations do in fact alter the analysis of the public interest balance under FOIA and, in particular, that they increase the weight in favour of maintaining the s. 43 exemption.

GOVERNMENT ANNOUNCES PLANS TO EXPAND THE FOIA EMPIRE

Posted on | by Anya Proops KC

The Ministry of Justice has today unveiled plans to extend the scope of FOIA, including plans to expand the number and type of bodies which are subject to FOIA. New authorities falling within the ambit of FOIA will include the Association of Chief Police Officers, the Financial Services Ombudsman, UCAS and all companies wholly owned by more than one public authority. The MOJ also intends to consult on bringing a range of further bodies which are believed to perform public functions within the scope of FOIA, including for example: Examination Boards, Harbour Authorities, the Local Government Association and NHS Federation. The Bar Council and the Law Society are also apparently identified as possible candidates for inclusion. There are also plans to make most public records available at the National Archives after 20 years (rather than the current arrangements where access is not permitted until after 30 years). The Justice Minister Lord McNally has confirmed that the Government intends to carry out a ‘full review of the FOI Act to ensure it is still operating in the most effective way’. In practical terms, it is intended that inclusion of new authorities such as ACPO and the FS Ombudsman to FOIA will be achieved via a Freedom Bill to be introduced by February 2011. See further the MOJ’s Press Release here.

DEPUTY PM DETAILS GOVERNMENT’S PLANS TO EXTEND FOIA

Posted on | by Robin Hopkins

This morning’s speech by Nick Clegg on civil liberties had much to say about FOIA and access to information more broadly.

The Deputy Prime Minister said that the progress in transparency brought about by the introduction of FOIA has stalled: FOIA, he said “was a good start, but it was only a start. Exceptions remain far too common. And the available information is too often placed behind tedious bureaucratic hurdles.”

He hailed the Treasury’s COINS database, which details public services expenditure, the work of The Open Knowledge Foundation in processing that data for ready public consumption, and the Cabinet Office’s new transparency rules concerning the publication of spending figures by Whitehall departments (the Cabinet Office’s website explains its work on transparency).

He advertised the government’s plans for a Public Data Corporation, which will “bring existing government bodies together into one organisation, responsible for disseminating a wealth of data” (on which, see The Guardian‘s article here).

FOIA’s scope is to be extended “to cover potentially hundreds more bodies; including UCAS, the Association of Chief Police Officers, the Financial Ombudsman Service and many more”. A complete list has yet to be announced. The government does not, it appears, intend to make bodies such as water utility companies or Network Rail subject to FOIA.

Nor, it appears, will the Secretary of State’s right of veto over Tribunal decisions be repealed.

The 30-year rule is being scaled back to a 20-year rule.

Finally, the Justice Select Committee is to be tasked with “post-legislative scrutiny” (although it is not entirely clear to what legislation this task will apply) of how FOIA is being implemented.

Data protection crept in via Mr Clegg’s recognition that government “must be very respectful in handling personal information”. The EIR did not get a mention in the speech.

The full text of Mr Clegg’s speech is available here.

TRIBUNAL ORDERS DISCLOSURE OF VIABILITY REPORT FROM HAMPTON COURT PLANNING APPLICATION

Posted on | by Robin Hopkins

Elmbridge Borough Council v IC (Additional Party: Gladedale Group Limited) (EA/2010/0106) is the latest Tribunal decision concerning requests for information about planning applications (see my posts on other such cases here and here, and Anya’s post on an earlier important planning case here). In particular, the disputed information here comprised a viability report containing details on costs, revenues, values and finances of a development in the vicinity of Hampton Court. The Council pleaded commercial confidentiality and sought to rely on regulations 12(5)(e) and 12(5)(f) EIR. The Commissioner found that these exemptions were not engaged. The Tribunal agreed, and ordered disclosure.

In so doing, the Tribunal confirmed that the confidentiality of this information must be objectively required at the time of the request (rather than, for example, when the information was created or passed to the Council) in order to protect a relevant interest. The Tribunal also confirmed that it is not enough that some harm might be caused by disclosure, but that it is necessary to establish (on the balance of probabilities) that some harm to the economic interest would be caused by disclosure.

A crucial feature of this case was the lack of evidence offered to demonstrate commercial confidentiality or prejudice. The Tribunal observed that:

“Throughout the investigation and consideration of the issues leading to the Decision, the Respondent consistently and repeatedly sought evidence from the Appellant to support their contention that the subject information was commercially sensitive or that its release would be prejudicial to the third parties concerned. It is noted by this Tribunal that the information made available to the respondent amounts to assertions and speculation by the interested parties. There is a notable absence of independent or objective evidence to support the assertions or speculation put before the Respondent.” 

SCOTTISH GOVERNMENT ISSUES PRIVACY GUIDANCE

Posted on | by Robin Hopkins

The Scottish Government has published its guidance document on Identity Management and Privacy Principles. The guidance is aimed at both public sector policy makers and with those involved in devising or operating systems for proving or recording identity. Key principles include:

  • For services which are used frequently and for which identification is needed, users should be required to register only once. Thereafter, unless there is a statutory requirement to prove identity, a person should generally be able to access the service by authenticating themselves using a token (such as a bus pass or library card) that proves their entitlement without revealing personal information. In other circumstances, a user name and a password may be required.
  • A Privacy Impact Assessment (PIA) or proportionate equivalent should be conducted and published prior to the implementation of a project which involves the collection of personal information.
  • Where a public body has a contract with the private sector or the third sector, the contractor must be contractually bound to adhere to best practice as outlined in the guidance.
  • The creation of centralised databases of personal information is to be avoided.
  • If a public service organisation needs to link personal information from different systems and databases (internally or between organisations), it should avoid sharing persistent identifiers. Instead, other mechanisms – such as matching – should be considered.