Why Evans gets the spiders

Posted on | by Robin Hopkins

I told you FOI was sexy.

The Supreme Court’s judgment in R (Evans) v Attorney General [2015] UKSC 21 has received vast amounts of media coverage – more in a single day than everything else about FOI has received in ten years, I reckon. No need to explain what the case was about – the upshot is that Rob Evans gets Prince Charles’ ‘black spider’ letters. Here’s why.

In other words, this post summarises why the judgment went Evans’ way 5:2 on the FOIA veto and 6:1 on the EIR veto. I leave aside the trenchant dissenting judgments (Lord Wilson on both FOIA and the EIRs; Lord Hughes on FOIA only), which merit a post in their own right.

FOIA and the ministerial veto

Three of the five JSCs who found that the Attorney General’s veto under FOIA was unlawful took the following view (that of Lord Neuberger).

The constitutional context and the restrictive view of section 53

“A statutory provision which entitles a member of the executive… to overrule a decision of the judiciary merely because he does not agree with it would not merely be unique in the laws of the United Kingdom. It would cut across two constitutional principles which are also fundamental components of the rule of law”, i.e. (i) that a court’s decisions are binding and cannot be ignored or set aside by anyone, and (ii) that the executive’s actions are reviewable by the court on citizens’ behalf. “Section 53, as interpreted by the Attorney General’s argument in this case, flouts the first principle and stands the second principle on its head” (paragraphs 51-52).

Therefore, if Parliament intends to permit the executive to override a judicial decision merely because it disagrees with that decision, it must ‘squarely confront what it is doing’ and make its intentions ‘crystal clear’. Section 53 FOIA is a long way from authorising such an override on the grounds of disagreement (paragraphs 56-58).

The upshot is that a minister cannot use section 53 to override a judicial decision simply on the grounds that, having considered the issue based on the same facts and arguments as the court or tribunal, he reaches a different view. In their context, and in light of the serious constitutional implications, the words “on reasonable grounds” in section 53 FOIA must be construed more restrictively: mere disagreement with the court/tribunal will not do.

The threshold is higher: a section 53 certificate will be lawful if there has been a material change in circumstances, or if facts or matters come to light at some point which (a) indicate that the judicial decision being overturned was seriously flawed, but (b) cannot give rise to an appeal against that decision. Such cases will be exceptional, but they are a real possibility, in Lord Neuberger’s judgment. Section 53 therefore retains some utility (see paragraphs 68, 77 and 78). Lord Kerr and Lord Reed agreed with Lord Neuberger’s restrictive view of section 53.

A less restrictive view of section 53

Lord Mance (with whom Lady Hale agreed) also found the Attorney General’s veto in this case to have been unlawful. He agreed that mere disagreement with the decision being overturned will not do. Lord Mance’s interpretation of section 53, however, is markedly less restrictive than that of Lord Neuberger: the accountable person is entitled under section 53 to reach a different view on the balancing of competing interests, even in the absence of the sorts of new considerations Lord Neuberger envisages, provided he gives properly explained and solid reasons against the background and law established by the judicial decision (see paragraphs 130-131).

There is thus more scope for a lawful veto on Lord Mance’s view – but his was not the majority view. Lord Neuberger’s more restrictive view commanded wider support. This makes a big difference to the future use of section 53.

What about First-Tier and ICO decisions?

Here are some further important implications addressed by Lord Neuberger.

This veto was against a decision of the Upper Tribunal, which is a court of record. Do the same stringent restrictions apply to an attempt to veto a decision of the First-Tier Tribunal? Answer: yes.

What about the ICO’s decisions? Is the threshold for a lawful veto equally high, or is it lower? Answer: it is lower, as the ICO’s evaluation can seldom be as exhaustive as that of a Tribunal. Nonetheless, the option to appeal to the Tribunal will be a relevant consideration: to use the section 53 power to achieve what you could also achieve by the more constitutionally appropriate route of an appeal may be an abuse of that power.

Those distinctions are important. Some section 53 certificates have been issued against First-Tier Tribunal decisions – the NHS risk register veto, for example. Others have been against ICO decisions – the High Speed 2 veto, for example. The Iraq war cabinet minutes have been the subject of two section 53 certificates – one against a Tribunal decision, the other against an ICO decision.

The EIRs and the ministerial veto

By comparison, the answer under the EIRs was relatively straightforward: Article 6 of Directive 2003/4/EC requires that refusals to disclose environmental information can be challenged before court whose decisions will be final. The ministerial veto provision does not square with that requirement. Environmental information cannot be the subject of the ministerial veto. These were the arguments advanced by Mr Evans, and by Tim Pitt-Payne on the ICO’s behalf. They were accepted by six of the seven JSCs.

So, a triumphant day for Rob Evans and The Guardian – and indeed for FOIA, the EIRs, transparency and the rule of law.

The outlook for the future use of section 53 is challenging, though there is nuance aplenty, even aside from the dissenting judgments.

Robin Hopkins @hopkinsrobin

Evans – Supreme Court rules that AG’s veto was unlawful

Posted on | by Anya Proops KC

The Supreme Court has today handed down a judgment which has very significant ramifications for the operation of the veto regime by the Government in connection with FOIA and EIR cases: R(Evans) v Attorney General. It marks a great victory for the Guardian in its 10 year struggle to gain access to correspondence written by HRH Prince Charles to various government departments. But more than this, it marks an important milestone in the development of FOI jurisprudence, as our highest court makes clear that, when it comes to the application of FOIA, Government cannot trump the decisions of the courts merely because it takes a different view of the facts of the case.

In short, the Supreme Court has held: (a) by a 5:2 majority that the veto issued under FOIA by the AG in respect of the Upper Tribunal’s order that the correspondence should be disclosed was unlawful and (b) by a 6:1 majority that provisions in the EIR which permit the Government to issue a veto in cases falling within the scope of the environmental information access regime were invalid, as they are incompatible with the EU Directive on public access to environmental information (2003/4/EC). The Supreme Court’s Press Summary, which contains a useful summary of the judgment, can be found here.

Posts containing careful analysis of the judgment will undoubtedly follow on Panopticon. 11KBW’s Karen Steyn QC appeared for the Attorney General. Timothy Pitt-Payne QC appeared for the ICO.

Anya Proops

Google Spain, freedom of expression and security: the Dutch fight back

Posted on | by Robin Hopkins

The Dutch fighting back against the Spanish, battling to cast off the control exerted by Spanish decisions over Dutch ideologies and value judgments. I refer of course to the Eighty Years’ War (1568-1648), which in my view is a sadly neglected topic on Panopticon.

The reference could also be applied, without too much of a stretch, to data protection and privacy rights in 2015.

The relevant Spanish decision in this instance is of course Google Spain, which entrenched what has come to be called the ‘right to be forgotten’. The CJEU’s judgment on the facts of that case saw privacy rights trump most other interests. The judgment has come in for criticism from advocates of free expression.

The fight-back by free expression (and Google) has found the Netherlands to be its most fruitful battleground. In 2014, a convicted criminal’s legal battle to have certain links about his past ‘forgotten’ (in the Google Spain sense) failed.

This week, a similar challenge was also dismissed. This time, a KPMG partner sought the removal of links to stories about him allegedly having to live in a container on his own estate (because a disgruntled builder, unhappy over allegedly unpaid fees, changed the locks on the house!).

In a judgment concerned with preliminary relief, the Court of Amsterdam rejected his application, finding in Google’s favour. There is an excellent summary on the Dutch website Media Report here.

The Court found that the news stories to which the complaint about Google links related remained relevant in light of public debates on this story.

Importantly, the Court said of Google Spain that the right to be forgotten “is not meant to remove articles which may be unpleasant, but not unlawful, from the eyes of the public via the detour of a request for removal to the operator of a search machine.”

The Court gave very substantial weight to the importance of freedom of expression, something which Google Spain’s critics say was seriously underestimated in the latter judgment. If this judgment is anything to go by, there is plenty of scope for lawyers and parties to help Courts properly to balance privacy and free expression.

Privacy rights wrestle not only against freedom of expression, but also against national security and policing concerns.

In The Hague, privacy has recently grabbed the upper hand over security concerns. The District Court of The Hague has this week found that Dutch law on the retention of telecommunications data should be down due to its incompatibility with privacy and data protection rights. This is the latest in a line of cases challenging such data retention laws, the most notable of which was the ECJ’s judgment in Digital Rights Ireland, on which see my post here. For a report on this week’s Dutch judgment, see this article by Maarten van Tartwijk in The Wall Street Journal.

As that article suggests, the case illustrates the ongoing tension between security and privacy. In the UK, security initially held sway as regards the retention of telecoms data: see the DRIP Regulations 2014 (and Panopticon passim). That side of the argument has gathered some momentum of late, in light of (for example) the Paris massacres and revelations about ‘Jihadi John’.

Just this week, however, the adequacy of UK law on security agencies has been called into question: see the Intelligence and Security Committee’s report entitled “Privacy and Security: a modern and transparent legal framework”. There are also ongoing challenges in the Investigatory Powers Tribunal – for example this one concerning Abdul Hakim Belhaj.

So, vital ideological debates continue to rage. Perhaps we really should be writing more about 17th century history on this blog.

Robin Hopkins @hopkinsrobin

Catt is put back in the bag – supreme court reverses court of appeal in police data retention case

Posted on | by Anya Proops KC

The Catt and T cases are both concerned with this important question: to what extent may the police lawfully retain records relating to individuals who have not in fact been arrested or charged in connection with any criminal offence. The Supreme Court has now had its say on this question – see the judgment here.

The background to the appeal is very helpfully set out in this earlier post. In short, Mr Catt (C) is a peaceful protestor who participated in an anti-arms trade protest conducted by a group called Smash-EDO. Smash-EDO is associated with violent crime. The police overtly recorded information about individuals attending Smash EDO demonstrations, including C. The police went on to retain information about C, including his name, address and information confirming his presence at a particular protest. The data was stored on the police’s Domestic Extremism Database. T is an individual who is alleged to have made a homophobic comment to a neighbour’s friend. The police sent her a ‘Prevention of Harassment’ letter warning her that she could be liable to arrest and prosecution should she commit any act amounting to harassment. The letter was originally retained on the police’s files in accordance with its policy that such correspondence should be retained for 7 years. However, in point of fact, the letter sent to T was destroyed after only two and half years.

The High Court dismissed claims made by C and T that the police’s act of retaining their data constituted a breach of their Article 8 rights. The Court of Appeal allowed the claimants’ appeal, reversing the High Court’s judgment. Now the Court of Appeal’s judgment has itself been reversed by the Supreme Court which, in summary, held that whilst retention of the data interfered with the claimants’ Article 8 rights, the retention was justified under Article 8(2). The core question which the Supreme Court had to address was the proportionality of the retention, particularly having regard to the fact that neither claimant had actually been arrested or charged with any offence.

Mr Catt’s case – The judgment in C’s case was a majority judgment, with Lord Toulson dissenting. In terms of the majority (Lords Sumption, Mance and Neuberger and Lady Hale), it is clear that the judges were of the view that the retention of C’s data was not disproportionate because:

  • the level of intrusion with C’s privacy rights was minimal, particularly given that:
    • the information in question is not intimate or sensitive;
    • it related to C’s activities in a public forum – the recorded facts were in that sense in the public domain;
    • there are tight constraints on the uses to which the data may be put (essentially they may only be used for police purposes and are subject to a strict review/deletion policy
  • moreover, it would require disproportionate effort for the police to have to weed out this type of record from its other records.
  • by way of contrast, the benefits to be obtained from retaining the data were potentially substantial and included enabling the police to develop a detailed intelligence picture of organisations prepared to engage in violent crime

Lord Toulson took a different view of the proportionality issues. In essence, he concluded that the information in question was unlikely to add much value in terms of meeting policing objectives and, further, that the weeding exercise would not be unduly onerous, particularly given that the police regularly had to undertake such weeding exercises in any event.

T’s case – In T’s case, the majority (Lady Hale, Lord Toulson and Lord Mance) were of the view that the retention policy in issue was lawful. Lady Hale and Lord Toulson both made the point that retention of such information over an extended period of time was important, particularly in terms of dealing effectively with domestic abuse cases. By way of contrast, Lord Sumption was of the view that such a lengthy retention period was disproportionate, particularly given the trivial nature of the incident in question. However, on the facts relating to T’s case, he held that it was not disproportionate for the police to have retained the letter for the relatively short period of 2.5 years. Thus, he concurred with the conclusion that the appeal should be allowed.

A key point emerging from the judgment, and indeed the litigation history of these appeals, is that there is no perfect science when it comes to applying the proportionality principle. Instead, the exercise of assessing proportionality is inherently impressionistic, as is illustrated by the wide divergence of views expressed by the judges in the High Court, Court of Appeal and the Supreme Court. It is understood that the claimants will now seek to have the case referred to the European Court of Human Rights. So we may yet see another reversal of fortunes in this interesting and important litigation.

Jason Coppel QC and Robin Hopkins appeared for the Secretary of State for the Home Department, who intervened in the appeal.

Anya Proops

High Court considers purpose behind subject access request under the DPA

Posted on | by Robin Hopkins

It is not uncommon for data controllers to be faced with subject access requests under s. 7 of the Data Protection Act 1998 the motivations for which appear to have nothing whatever to do with the purposes of the DPA.

The DPA seeks to protect individuals’ privacy rights with respect to data which is processed about them. The subject access provisions help people check up on that data and its processing (see for example YS v Minister voor Immigratie (Cases C-141/12 & C-372/12)). In practice, however, a subject access request is a fishing expedition with an eye on prospective litigation.

How does this affect the individual’s right to have his subject access complied with? The general answer is that, at least as regards applications to the Court under s. 7(9) DPA for the enforcement of a subject access request, the remedial discretion is wide enough to take the requester’s motive and purposes into account.

Kololo v Commissioner of Police for the Metropolis [2015] EWHC 600 (QB) – a judgment of Dingemans J handed down yesterday – looked set to consider the relevance of a requester’s motive (albeit that the context was not the commonplace pre-litigation fishing expedition). In the end, the judgment was largely fact-specific. Nonetheless, it is an interesting illustration of a Court engaging with a requester’s motive and that place of that motive in the statutory scheme.

The judgment is here: Kololo. There is also some press coverage in the Telegraph.

Mr Kololo is on death row in Kenya. He is challenging his conviction and sentence for robbery, kidnapping and murder of British nationals. He has never been to the UK, but officers of the Metropolitan Police were involved in the investigation of the crimes in Kenya and in evidence given at the trial.

His lawyers made subject access requests to the Foreign Office and the Metropolitan Police. The former provided data, but the Police refused. It said his request was an abuse of process.

The predominant purpose of the request was to assist with Mr Kololo’s appeal in the Kenyan Courts. The subject access request itself had said that the information sought “could prove crucial to Mr Kololo’s case”.

In his witness statement to the Court, however, Mr Kololo said that he also wanted to know what information the Police held on him “and what they are doing or have done with it”. He said he was worried about how information about him and his family may be used by the Police.

Dingemans J considered such worry to be speculative. Mr Kololo’s principal aim was plainly to obtain information which might assist with his appeal. But Dingemans J took this view (para. 31): “However, in order for any data which Mr Kololo might obtain from the Commissioner to be of any assistance to Mr Kololo on his appeal, it is likely that Mr Kololo will want to try and point to inaccuracies in the data” (if any such inaccuracies existed).

Therefore, Mr Kololo’s purpose was at least in part aligned with the purposes of the DPA: “a purpose for which Mr Kololo is making the subject access request is to determine whether there are inaccuracies in the data. This means that Mr Kololo (or his legal representatives) is making the subject access request to verify the accuracy of the data. This is so even though verifying the accuracy of the data is unlikely to be of assistance to Mr Kololo for his appellate proceedings. However if the data is not accurate Mr Kololo (or his legal representatives) may seek to correct any inaccuracies in the data. This might, depending on the inaccuracies, be of assistance to Mr Kololo for his other purposes” (para. 35).

Dingemans J noted that the Court’s discretion under s. 7(9) DPA was “’general and untrammelled’ but it is also common ground that such discretion should be exercised to give effect to the purposes of the DPA and be proportionate” (paragraph 32). On the facts, however, one of Mr Kololo’s purposes did accord with the purposes of the DPA. Therefore, his request was held not to be an abuse of process, and the Police were ordered to comply with it.

Additionally, Dingemans J briefly considered the Crime (International Co-operation) Act 2003 for an overseas court or prosecuting authority to request assistance from UK authorities. The existence of that mechanism also did not render Mr Kololo’s subject access request an abuse of process.

Anya Proops and Chris Knight appeared for the Commissioner of Police for the Metropolis.

Robin Hopkins @hopkinsrobin

Facing justice: judgment against Facebook in privacy/data protection case

Posted on | by Anya Proops KC

The extent to which privacy and data protection rights can effectively resonate within the online environment is an acutely important issue for all information law practitioners. Moreover, it is an issue which seems to be gaining ever increasing traction in the litigation context, as is illustrated not least by the following developments.

  • As most readers of this blog will know, last year the CJEU sent shock waves through the information law community when it held, in Google Spain, that EU data protection legislation operated so as to enable the so-called ‘right to be forgotten’ to be asserted against Google. (That principle is due to receive further consideration from our domestic courts in the forthcoming case of Max Mosley v Google – see Robin’s post on the Mosley case here).
  • Then we had the judgment of the High Court in Vidal-Hall v Google, where the court concluded, in the face of a jurisdictional defence mounted by Google, that claims brought against Google concerning its tracking of the internet browsing habits of users could properly proceed. (An appeal against the High Court’s judgment in that case is due to be heard by the Court of Appeal on 2nd or 3rd March – the ICO is intervening in support of the claimants’ case).
  • Now the High Court in Northern Ireland has given judgment in an important case involving a compensation claim made against Facebook: CG v Facebook & Anor [2015] NIQB 11.

Key aspects of the CG judgment are as follows:

  • The claim was brought by a convicted paedophile in respect of a series of postings placed on Facebook by third parties, one of whom had been named as second defendant to the claims. The postings not only included data amounting to vituperative name-calling but also repeated incitements to violence in respect of the claimant.
  • The High Court held that Facebook was liable in respect of the postings, particularly on the basis that it had misused the claimant’s private information by failing to delete the postings after Facebook’s attention had been drawn to their existence.
  • The High Court rejected Facebook’s assertion that its liability in respect of the postings was excluded on an application of the Electronic Commerce (EC Directive) Regulations 2002. On this issue, the court held that: (a) the Regulations only immunise the relevant information society service (ISS) against liability if the ISS has no actual or constructive knowledge of the unlawful activity on its site or, if it has acquired that knowledge, it acts expeditiously to remove or disable access to the relevant information and (b) Facebook could not rely on the Regulations in the present case because, after being notified of the relevant postings, Facebook had failed to remove or disable access to them.
  • The second defendant, an individual who was responsible for one of the disputed postings, was liable for misuse of the claimant’s private information in his capacity as primary publisher. He was also liable for harassment under the Protection from Harassment Act.
  • As for the claim under the DPA 1998, which was brought only against Facebook and not against the second defendant, that claim could not proceed because, on an application of s. 5 DPA 1998, the claim fell outside of the territorial ambit of the legislation. (Notably no reference was made in this context to the CJEU’s approach to territorial ambit under the data protection Directive in the Google Spain case).
  • Whilst no DPA claim was pleaded against the second defendant, the court made the following points about the application of the journalistic exemption contained in s. 32 DPA:
    • The court noted that the Claimant had conceded that the second defendant’s activities in posting material on Facebook might about to ‘journalism’.
    • However, the court went on to conclude there was no scope for the second defendant to rely on the journalistic exemption contained in s. 32 DPA 1998. This was particularly because the second defendant could not have had any ‘reasonable’ belief that his publications were in the public interest for the purposes of s. 32(1)(b).
  •  The claimant was awarded £20,000 in compensation in respect of his claim for misuse of private information.

What is interesting and important about the CG judgment is that it reinforces the point that organisations which operate merely so as to facilitate online freedom of expression can no longer safely assume that they are always operating in the stratosphere, far above the mire of the privacy litigation battlefield. Instead, they must appreciate that those rights are sufficiently flexible and powerful that they can potentially draw such organisations firmly into the fray.

Anya Proops