Google Spain – article in The Lawyer by Anya Proops

Posted on | by Rachel Kamm

Ahklaq Choudhury posted this week about the Google Spain judgment. For more 11KBW commentary on the topic, see the article in The Lawyer by Anya Proops: “Privacy but at what price?“. Anya’s article concludes:

Of course, it may well be that these issues will be resolved in the context of the new Data Protection Regulation which is still being debated in Europe. However, in the meantime, the judgment in Google Spain means we may well find ourselves exposed to a degree of data impoverishment which augurs ill for the development of our information society.”

Rachel Kamm, 11KBW

The Common Law and the Spirit of Kennedy

Posted on | by Christopher Knight

Following the Supreme Court’s lengthy, slightly unexpected, and difficult to grasp judgment in Kennedy v Charity Commission [2014] UKSC 20 (on which I have been quiet because of my involvement, but see Tom Cross’s blogpost here) there has been room for quite a large amount of debate as to how far it goes. Was the majority only suggesting access to the Charity Commission’s information under the common law principle of open justice applied because of the particular statutory regime and/or the nature of the statutory inquiry involved? Or was the principle rather more wide-ranging?

An answer has perhaps begun to emerge, as there was some discussion of this in the judgment of Green J in R (Privacy International) v HMRC [2014] EWHC 1475 (Admin). The judgment is, again, a long one, but the case was a judicial review of a decision of the HMRC that they had no power or duty to disclose information about their export control functions and in particular any investigations into the export by United Kingdom companies of software used for covert surveillance of political activists by repressive foreign regimes. Green J held that section 18 of the Commissioners for Customs and Revenue Act 2005 did provide such a power, and the HMRC had construed it too narrowly, when the power existed but was fact and context-dependent: see too R (Ingenious Media Holdings Plc) v HMRC [2013] EWHC 3258 (Admin), [2014] S.T.C. 673.

The judgment in Kennedy came out shortly after the oral hearing in Privacy International and it obviously sparked something of a debate. Green J accepted that the type of legal process involved was different to that in Kennedy, but he was of the view that Kennedy was authority for a more general proposition, or at least approach: at [62]:

I do not consider that the judgments in Kennedy lack all relevance. The Supreme Court was at pains to point out that the common law treated openness as very important and, with all the ecessary provisos and caveats, that message can in some measure carry through into section 18(2) CRCA 2005. In Kennedy Lord Mance, who gave the leading judgment for the majority, introduced his judgment with the following message which goes well beyond the narrow confines of the Charity Commission:

“1. Information is the key to sound decision-making, to accountability and development; it underpins democracy and assists in combatting poverty, oppression, corruption, prejudice and inefficiency. Administrators, judges, arbitrators, and persons conducting inquiries and investigations depend upon it; likewise the press, NGOs and individuals concerned to report on issues of public interest. Unwillingness to disclose information may arise through habits of secrecy or reasons of self-protection. But information can be genuinely private, confidential or sensitive, and these interests merit respect in their own right and, in the case of those who depend on information to fulfil their functions, because this may not otherwise be forthcoming. These competing considerations, and the balance between them, lie behind the issues on this appeal”.

The claimant conceded in the light of the Supreme Court decision that Article 10 ECHR did not give it a right of access to information, but argued that Article 10 did prevent one state body from stopping another state body imparting information which it wished to impart. Green J felt it unnecessary to decide the point because it added nothing to the common law: at [176], [179].

For various reasons on the facts of the case, and the particular context of HMRC’s approach to section 18, the decision was quashed. But it is a useful indication of how the courts have begun to think about the impact of Kennedy and other information access provisions.

Christopher Knight

Google Spain and the CJEU judgment it would probably like to forget.

Posted on | by Akhlaq Choudhury

In the landmark judgment in Google Spain SL and Google Inc., v Agencia Espanola de Proteccion de Datos, Gonzales (13th May 2014), the CJEU found that Google is a data controller and is engaged in processing personal data within the meaning of Directive 95/46 whenever an internet search about an individual results in the presentation of information about that individual with links to third party websites.  The judgment contains several findings which fundamentally affect the approach to data protection in the context of internet searches, and which may have far-reaching implications for search engine operators as well as other websites which collate and present data about individuals.

The case was brought Mr Costeja Gonzales, who was unhappy that two newspaper reports of a 16-year old repossession order against him for the recovery of social security debts would come up whenever a Google search was performed against his name. He requested both the newspaper and Google Spain or Google Inc. to remove or conceal the link to the reports on the basis that the matter had long since been resolved and was now entirely irrelevant. The Spanish Data Protection Agency rejected his complaint against the newspaper on the basis that publication was legally justified. However, his complaint against Google was upheld. Google took the matter to court, which made a reference to the CJEU.

The first question for the CJEU was whether Google was a data controller for the purposes of Directive 95/46. Going against the opinion of the Advocate General (see earlier post), the Court held that the collation, retrieval, storage, organisation and disclosure of data undertaken by a search engine when a search is performed amounted to “processing” within the meaning of the Directive; and that as Google determined the purpose and means of that processing, it was indeed the controller. This is so regardless of the fact that such data is already published on the internet and is not altered by Google in any way.

 The Court went on to find that the activity of search engines makes it easy for any internet user to obtain a structured overview of the information available about an individual thereby enabling them to establish a detailed profile of that person involving a vast number of aspects of his private life.  This entails a significant interference with rights to privacy and to data protection, which could not be justified by the economic interests of the search engine operator.  In a further remark that will send shockwaves through many commercial operators providing search services, it was said that as a “general rule” the data subject’s rights in this regard will override “not only the economic interest of the operator of the search engine but also the interest of the general public in finding that information upon a search relating to the data subject’s name” (at paras 81 and 97). Exceptions would exist, e.g. for those in public life where the “the interference with…fundamental rights is justified by the preponderant interest of the general public in having…access to the information in question”.

However, the Court did not stop there with a mere declaration about interference. Given the serious nature of the interference with privacy and data protection rights, the Court said that search engines like Google could be required by a data subject to remove links to websites containing information about that person, even without requiring simultaneous deletion from those websites.

Furthermore, the CJEU lent support to the “right to be forgotten” by holding that the operator of a search engine could be required to delete links to websites containing a person’s information. The reports about Mr Costejas Gonzales’s financial difficulties in 1998 were no longer relevant having regard to his right to private life and the time that had elapsed, and he had therefore established the right to require Google to remove links to the relevant reports from the list of search results against his name. In so doing, he did not even have to establish that the publication caused him any particular prejudice.

The decision clearly has huge implications, not just for search engine operators like Google, but also other operators providing web-based personal data search services. Expect further posts in coming days considering some of the issues arising from the judgment.

Akhlaq Choudhury

11KBW at PDP’s FOI Conference

Posted on | by Robin Hopkins

PDP Conferences is hosting its 10th annual Freedom of Information Conference in London on 15 and 16 May, with 11KBW hosting the wine and canapés reception.

The conference will be chaired by Robin Hopkins.

The Deputy Information Commissioner, Graham Smith, is the keynote speaker, with Timothy Pitt-Payne QC also among the speakers on day 1 of the conference.

On day 2, 11KBW’s Ben Hooper will host one of the workshops.

The full programme can be found here.

Open Justice in the Supreme Court

Posted on | by Christopher Knight

The principle of open justice has been reaffirmed today by the Supreme Court in A v BBC [2014] UKSC 25, as have its limits. In A, a foreign national had been given notice of deportation following conviction for a sexual offence against a child. In the subsequent tribunal appeals (dating back to 2001), A was anonymised because of the Article 2 and 3 ECHR concerns he had over his treatment if deported. That anonymisation position was retained by the Court of Session in 2012 when A sought to judicially review the refusal of the Upper Tribunal to grant him permission to appeal. The Court of Session’s directions were made under section 11 of the Contempt of Court Act 1981. The BBC, having learned of the directions, applied to set them aside.

The Supreme Court unanimously held that it could be in the interests of justice to limit the open justice principle, considering the purpose of the open justice principle, the potential value of the information in advancing that purpose, and any risk of harm that its disclosure may cause to the maintenance of an effective judicial process or to the legitimate interests of others (see at [41]). Lord Reed held that the order allowing A to withhold his identity was in accordance with the court’s common law powers; the section 11 order was made in accordance with the power conferred by that provision; and it was not incompatible with the BBC’s Article 10 ECHR rights. Lord Reed also reiterated that the common law principles applied just as vigorously, even where the ECHR was engaged (at [55]-[57]), reiterating a point he had made at length in Osborn v Parole Board [2103] UKSC 61.

Christopher Knight

Open Justice and Court Files

Posted on | by Christopher Knight

Perhaps not hot off the press, but nonetheless worth noting, is the decision of the High Court last month in NAB v Serco & Home Office [2014] EWHC 1225 (QB), which reiterates the Court’s commitment to the open justice principle and press access.

B had been a detainee in an immigration removal centre, in which she alleged she had been sexually assaulted by a male nurse employed by Serco. She brought claims against Serco (in vicarious liability for the assault) and the Home Office (for false imprisonment) for damages. A statement was filed which exhibited Serco’s internal investigation report into B’s complaint of assault. Serco settled the claim, but the claim proceeded against the Home Office. The exhibited report remained part of the trial bundle but was not referred to in the judgment and was not relevant to the issues between B and the Home Office. After the judgment, the Guardian applied for a declaration that B could lawfully provide it with a copy of the report, under CPR r.31.22.

Bean J granted the declaration. It is now fairly well-established that in R (Guardian News and Media Ltd) v City of Westminster Magistrates’ Court [2012] EWCA Civ 420, [2013] QB 618 it had been held that in a case where documents had been placed before a judge and referred to in the course of proceedings, and the default position should be that access to those documents should be permitted on the open justice principle. Although it was an unusual feature that Serco was no longer a party to the claim and the report was no longer relevant to the issues in the case, those matters were not decisive. The particulars of claim and other pleadings were public documents subject to inspection as of right under CPR r.5.4C(1). The fact of the allegations having been made was therefore in the public domain. If after the settlement, but before the case against the Home Office had come to trial, the Guardian had applied under r.5.4C(2) for access to the report, the application, would have succeeded, just as it would had it been made at any time before the Court disposed of the file. There was a proper journalistic reason for seeking the report, and it was sometimes important to understand why a claim had settled. Providing the individuals were anonymised, the Guardian could be provided with the report.

The application of the open justice principle, and the ability of journalists to access court documents remains a current trend in the case law – given a kick-start by Guardian v Westminster and an unexpected sidewind in Kennedy v Charity Commission [2014] UKSC 20 – and NAB is a helpful reminder of its utility when using the existing court records access provisions in the CPR.

Christopher Knight