GOOGLE ESCAPES FINE OVER STREET VIEW CARS, BUT MUST SIGN UNDERTAKING

Posted on | by Robin Hopkins

Google used cars equipped with cameras to gather material for its much-publicised Street View feature. The material was not confined to photographs, but also included data by which wi-fi hotspots could be located. Earlier in 2010, the ICO investigated this ‘payload data’. It concluded that the information it had inspected was not personal data, in that it could not be linked to identifiable individuals. The ICO stated, however, that it would continue to work with its international counterparts, such as the Canadian authorities, in investigating Google. This co-operation has now shown the payload data to include URLs, passwords and email details.

 

The ICO today announced that:

 

“The Commissioner has concluded that there was a significant breach of the Data Protection Act when Google Street View cars collected payload data as part of their wi-fi mapping exercise in the UK. He has instructed Google UK to sign an undertaking in which the company commits to take action to ensure that breaches of this kind cannot happen again. An audit of Google UK’s Data Protection practices will also be undertaken. The Commissioner has rejected calls for a monetary penalty to be imposed but is well placed to take further regulatory action if the undertaking is not fully complied with”.

 

This follows the ICO’s press release on Monday, in which it commented that:

 

“It is also important to note that none of the regulators currently investigating Google Street View have taken direct enforcement action at this stage, with the US investigation led by the US Federal Trade Commission for example ruling out direct action, although mirroring our own concern that this data was allowed to be collected by an organisation who showed such disregard for international data protection legislation. This week the Metropolitan Police have also closed their case believing it would not be appropriate to pursue a criminal case against Google under the Regulation of Investigatory Powers Act (RIPA). Whilst we continue to work with our other international counterparts on this issue we will not be panicked into a knee jerk response to an alarmist agenda.”

 

The latter press release also explained the ICO is “keen to discuss with MPs and Ministers how we can further defend privacy on the internet as technologies and applications develop”. In this regard, the Guardian reports today that culture minister Ed Vaizey is proposing a new internet code of conduct and a mediation mechanism to resolve complaints by individuals against data controllers. He is reportedly meeting with the ICO today to discuss these matters. Watch this space.

 

LPP

Posted on | by James Goudie KC

Legal professional privilege (“LPP”) as an exemption from disclosure under Section 42 of the Freedom of Information Act 2000 (“FoIA”) and Regulation 12 of the Environmental Information Regulations 2004 arose again in West v Information Commissioner, EA/2010/0120.  Bexley Council had transferred a major part of its Council housing stock to a Housing Association.  Mr West is a member of a leaseholders’ group that objected to having to pay service charges for the cost of the maintenance of roads and footpaths within the housing estates.  They said that remained the responsibility of the Council.  They sought to challenge the lawfulness of the stock transfer agreement.  The Council took advice from Counsel.  Mr West sought a copy of Counsel’s Opinion.  The Council refused to provide it, relying on LPP.  The Information Commissioner upheld the Council’s refusal.  The Tribunal dismissed Mr West’s appeal.  Not only might “legal advice privilege” apply.  So too might “litigation privilege”.  Mr West had threatened to bring a case before the Leasehold Valuation Tribunal and/or judicial review proceedings.  The real issue was the Public Interest Test.  The Tribunal duly identified the public interest factors in maintaining the exception, referring to DBERR v O’Brien [2009] EWHC 164, and the public interest factors in disclosure.  Weighing up and balancing the competing public interests, and bearing in mind the presumption in favour of disclosure, the Tribunal (Judge Shanks presiding) agreed with the Commissioner that the public interest in maintaining the LLP exception outweighed the public interest in disclosure.

James Goudie QC

DRAFT DATA SHARING CODE OF PRACTICE

Posted on | by Rachel Kamm

The Information Commissioner is currently consulting on a draft Data Sharing Code of Practice. Subject to consultation and obtaining the Secretary of State’s approval, this will be a statutory code of practice issued under sections 52A and 52D of the Data Protection Act 1998 which can be used as evidence in any legal proceedings. The draft code is relatively short  (less than 40 pages) and does not include as much practical detail as perhaps might have been expected. It is available on the Information Commissioner’s website (ww.ico.gov.uk)  and the consultation period closes on 5 January 2011.  

COUNCIL ENTITLED TO WITHHOLD PROPERTY DEVELOPER’S FINANCIAL MODEL: BRISTOL CITY DISTINGUISHED

Posted on | by Robin Hopkins

Bath & North East Somerset Council v IC (EA/2010/0045) is the latest application of the ‘commercial confidentiality’ exemption under regulation 12(5)(e) EIR to a request for information on agreements between a local authority and a property developer.

 

The council and the developer entered into discussions about building homes on 70 acres of brownfield land within a UNESCO World Heritage Site. Only a small proportion of this land was owned by the council, the rest being owned by the developer, who would also bear 100% of the risk of the project. The proposed £500m project would deliver 50% of the council’s new homes target for the next 10 years – the council was therefore acting as both beneficiary and planning authority.

 

With a potential section 106 agreement in mind, the council and developer reached a co-operation agreement, whereby the developer taking an ‘open book’ approach, i.e. making its financial models and reports available to the council. This was the information at issue before the Tribunal.

 

The Tribunal found that the public interest favoured maintaining the exemption. In so doing, it distinguished this case from Bristol City Council v ICO and Portland and Brunswick Squares Association (EA/2010/0012) – on which, see my post here and article in the Local Government Lawyer here – where disclosure of the information was ordered. Bristol City concerned a viability assessment designed to show that a hypothetical scheme was not viable; that assessment used generic, industry-level pricing. In contrast, this case concerned detailed and developer-specific financial information about an actual proposal. The commercial sensitivities differed materially.

 

Disclosure of such information, held the Tribunal, would lead to the developer refusing to provide any further ‘open book’ information, which would stymie this particular development and dissuade developers from future ‘open book’ co-operation. The Tribunal was also impressed by the availability of alternative scrutiny mechanisms in this case. It was less impressed with the council’s argument that disclosure of the disputed information would damage its reputation with developers.

 

The Tribunal did order the disclosure of consultants’ reports and emails, with commercially sensitive information redacted. The developer’s financial model however, could not be redacted, and could be withheld. On this last point, a notable practical issue emerged: both the council and the Commissioner had interpreted the request as being for a static version of the developer’s financial model. A ‘live’ model – i.e. a spreadsheet containing visible formulae – is another matter. The Tribunal warned that in future cases, clarification should be sought from the requester.

Digital Agenda: EU Commission refers UK to ECJ over privacy and personal data protection

Posted on | by James Goudie KC

October 4th 2010 by James Goudie QC

The European Commission has decided (IP/10/1215) to refer the United Kingdom to the ECJ for not fully implementing EU rules on the confidentiality of electronic communications such as e-mail or internet browsing. Specifically, the Commission considers that UK law does not comply with EU rules on consent to interception and on enforcement by supervisory authorities. The EU rules in question are laid down in the ePrivacy Directive 2002/58/EC and the Data Protection Directive 95/46/EC. The infringement procedure was opened in April 2009 (IP/09/570), following complaints from UK internet users notably with regard to targeted advertising based on analysis of users’ internet traffic. These complaints were handled by the Information Commissioner’s Office, the UK personal data protection authority, and the police forces responsible for investigating cases of unlawful interception of communications. The Commission previously requested the UK authorities in October 2009 (IP/09/1626) to amend their rules to comply with EU law.

The Commission considers that existing UK law governing the confidentiality of electronic communications is in breach of the UK’s obligations both under the ePrivacy Directive and under the Data Protection Directive in three specific areas:

  •  there is no independent national authority to supervise the interception of some communications, although the establishment of such authority is required under the ePrivacy and Data Protection Directives, in particular to hear complaints regarding interception of communications
  • current UK law authorises interception of communications not only where the persons concerned have consented to interception but also when the person intercepting the communications has ‘reasonable grounds for believing’ that consent to do so has been given. These UK provisions do not comply with EU rules defining consent as “freely given, specific and informed indication of a person’s wishes”
  • current UK law prohibiting and providing sanctions in case of unlawful interception are limited to ‘intentional’ interception only, whereas EU law requires Member States to prohibit and to ensure sanctions against any unlawful interception regardless of whether committed intentionally or not.

TRIBUNAL ORDERS DISCLOSURE OF 1986 ‘WESTLAND HELICOPTER’ CABINET MINUTES

Posted on | by Robin Hopkins

A number of Tribunal decisions have dealt with requests for minutes of cabinet meetings. Section 35 is inevitably relied upon, and arguments about both collective responsibility and confidentiality ensue.

 

The most famous concerned the decision to go to war in Iraq, which case saw disclosure being ordered by the Tribunal, but vetoed by Jack Straw.

 

More recently (Cabinet Office v ICO (EA/2010/ 0031)), the Tribunal has ordered disclosure of the cabinet’s meeting on 9th January 1986, in which Michael Heseltine resigned over the Westland Helicopter decision.

 

The Tribunal agreed that cabinet minutes are of the highest sensitivity, and should only be disclosed in rare cases “where it involves no apparent threat to the cohesive working of Cabinet government, whether now or in the future”. Relevant factors include: the passage of time, the departure of the relevant ministers from active politics, publication of memoirs and ministerial statements describing the meeting, the issue lacking ongoing significance, the ‘objectivity value’ where publicised accounts conflict, and whether the issue is of “particular political or historical significance”.

 

The last-mentioned factor was one Jack Straw expressly disagreed with when issuing the certificate of veto mentioned above: in other words, his position was that the more momentous a decision, the greater the need for confidentiality.

 

Many of these factors were, however, at work in the present case: for example, Margaret Thatcher and Michael Heseltine both made (acrimonious) public statements about the meeting at the time, and the meeting has since surfaced in plenty of memoirs. The outcome was that, whilst section 35 was engaged, the public interest favoured disclosure.

 

No sign of the incumbent Lord Chancellor, Ken Clarke – who, incidentally, was in the cabinet and present for the 1986 Westland Helicopter meeting – reaching for the veto just yet.

 

The Tribunal concluded its judgment with stringent criticism of the Cabinet Office’s delay in dealing with this request. The Cabinet Office is one of the 33 authorities on the ICO’s first monitoring list – on which, see my post below.