PRISM and TEMPORA: ECtHR proceedings issued against UK

Panopticon reported in July that Privacy International had commenced proceedings in the Investigatory Powers Tribunal against the UK intelligence and security agencies concerning PRISM and TEMPORA.

Big Brother Watch, the Open Rights Group, English PEN and Dr Constance Kurz announced yesterday that they have issued proceedings on the same issues – this time in the European Court of Human Rights. They have also published their pleadings and expert evidence (see the bottom of this page). To quote from their pleadings, they challenge on Article 8 ECHR grounds:

(a)    The soliciting or receipt and use by the UK intelligence services (“UKIS”), of data obtained from foreign intelligence partners, in particular the US National Security Agency’s “PRISM” and “UPSTREAM” programmes; and

(b)   The acquisition of worldwide and domestic communications by the Government Communications Head Quarters (“GCHQ”) for use by UKIS and other UK and foreign agencies through the interception, under global and rolling warrants, of electronic data transmitted on transatlantic fibre-optic cables (the “TEMPORA” programme).

The claim is put in summary terms as follows (again, quoting from the pleadings):

(1) In relation to receipt of foreign intercept material—i.e. the receipt, use, retention and dissemination of information received by UKIS from foreign intelligence partners which have themselves obtained it by communications intercept—the legal framework [including RIPA 2000] is inadequate to comply with the “in accordance with the law” requirement under Article 8(2).

(2) In relation to GCHQ’s own generic interception capability, the provisions contained in RIPA relating to external communications warrants allow UKIS to obtain general warrants permitting indiscriminate capturing of vast amounts of communication, effectively on an indefinite basis. The legal provisions which permit generic warrants in relation to such external communications are insufficiently protective to provide an ascertainable check against arbitrary use of secret and intrusive state power.

(3) Such legal provisions do not enable persons to foresee the general circumstances in which external communications may be the subject of surveillance (other than that any use may be made of communications if considered in the interests of national security—a concept of very broad scope in UK law); they do not require authorisations to be granted in relation to specific categories of persons or premises; they permit indiscriminate capture of communications data by reference only to its means of transmission; and they impose no significant restrictions on the access that foreign intelligence partners may have to such intercepted material. In short, there are no defined limits on the scope of discretion conferred on the competent authorities or the manner of its exercise. Moreover, there is no adequate degree of independent or democratic oversight. Indiscriminate and generic interception and the legal provisions under which it is carried out thereby breach the requirements that interferences with Article 8 must be “in accordance with the law” and must be proportionate.

To quote the briefing note, the applicants “are asking the Court to declare that the UK’s internet surveillance practices are disproportionate and that the legislation intended to protect the public’s rights to privacy in this context is not fit for purpose”.

In other words, this is challenge not only to specific actions, but to the UK’s regulatory regime for surveillance more broadly. The applicants also draw attention (pleadings, paragraph 121.7) to the fact that the Data Protection Act 1998 is powerless to protect personal data in this context, given the exemption for national security at s. 28 of that Act.

Robin Hopkins

Refusal to destroy part of a ‘life story’ justified under Article 8(2) ECHR

The High Court of Justice (Northern Ireland) has today given judgment In the matter of JR60’s application for judicial review [2013] NIQB 93. The applicant sought to challenge the right of the two Social Care Trusts to keep and use various records generated when she was a resident of children’s homes and a training school between the years 1978-1991.

In most cases of challenges to the retention of records, the applicant seeks to expunge information which suggests they have done wrong. This application is interesting because it focused (though not exclusively) on what the applicant had suffered, as opposed to what she had done. In short, she wished to erase from the record a part of her life story which was painful for her to recall. The application failed: there were weightier reasons for retaining those records, and in any event whatever her current wish to forget matters of such import, she might come to change her mind.

The applicant was described as having had a very difficult childhood, to which those records relate. It was not known who her father was. She had grown up to achieve impressive qualifications. Horner J described her as having “survived the most adverse conditions imaginable and triumphed through the force of her will. By any objective measurement she is a success”.

She wished to move on, and to have the records about her childhood expunged. The Trusts refused; their policy was to retain such information for a 75-year period. The applicant challenged this refusal on Article 8 ECHR grounds. Horner J readily agreed that the retention of such information interfered with her rights under Article 8, but dismissed her application on the grounds that the interference was justified.

The applicant had argued that (i) she did not intend to make any claim for ill-treatment or abuse while she was in care, (ii) she did not want to retrieve information about her life story, (iii) she did not want the records to be used to carry out checks on her, as persons who were not in care would not be burdened by such records in respect of their early lives, and (iv) she did not want others, including her own child, to be able to access these records.

In response to the applicant’s assertion that she did not want and did not envisage wanting access to her records, Horner J said this at paragraph 19:

“Even if the applicant does not want to know at present what is in her records, it does not follow that she may not want to find out in the future what they contain for all sorts of reasons. She may, following the birth of a grandchild, be interested in her personal history for that grandchild’s sake. She may want to find out about her genetic inheritance because she may discover, for example, that she, or her off-spring, is genetically predisposed to a certain illness whether mental or physical. She may want to know whether or not this has been passed down through her mother’s side or her father’s side. There may be other reasons about which it is unnecessary to speculate that will make her want to seek out her lost siblings. There are any number of reasons why she may change her mind in the future about accessing her care records. Of course, if the records are destroyed then the opportunity to consider them is lost forever.”

The Trusts argued that they needed to retain such records for the purposes of their own accountability, any background checks on the applicant or related individuals which may become necessary, for the purposes of (hypothetical) public interest issues such as inquiries, and for responding to subject access requests under the Data Protection Act 1998. Horner J observed that the “right for an individual to be able to establish details of his or her identity applies not just to the Looked After Child but also, inter alia, to that child’s offspring”.

In the circumstances, the application failed; the Trusts’ interference with the applicant’s Article 8 rights was justified.

Horner J added a short concluding observation about the DPA (paragraph 29):

“It is significant that no challenge has been made to the Trust’s storage of personal information of the applicant on the basis that such storage constitutes a breach of the Data Protection Act 1998. This act strengthens the safeguards under the 1984 Act which it replaced. The Act protects “personal data which is data relating to a living individual who can be identified from data whether taken alone or read with other information which is the possession (or is likely to come into possession) of the data controller: see 12-63 of Clayton and Tomlinson on The Law of Human Rights (2nd Edition). It will be noted that “personal” has been interpreted as almost meaning the same as “private”: see Durant v Financial Services Authority [2004] FSR 28 at paragraph [4].”

Robin Hopkins

What does ‘surveillance’ mean?

A five-member panel of the Investigatory Powers Tribunal last week issued its decision in Re: a Complaint of Surveillance (case no: IPT/A1/2013). The decision was on a preliminary point arising from this sort of factual scenario: suppose you voluntarily participate in an interview with policing/investigatory authorities but, unbeknownst to you, the investigators use a device to record that interview? Would this act of recording constitute ‘surveillance’ for the purposes of the Regulation of Investigatory Powers Act 2000 (RIPA), such that it requires authorisation (assuming it to be ‘directed’) was required? Would it engage your rights under Article 8 ECHR?

There are arguments both ways. As the IPT observed, “the wording in Part II [of RIPA] presents some difficulties for the reasonable reader”. The official guidance publications answer the above questions differently: the Office of the Surveillance Commissioners answers ‘yes’, but the Home Office answers ‘no’.

The IPT has agreed with the Home Office’s interpretation.

By s. 48(2) RIPA, Parliament has chosen not to define ‘surveillance’ as such, but to deem that surveillance shall be construed so as to include certain activities. Those deeming examples extend or amplify the ordinary meaning of ‘surveillance’, the essence of which is that person who is subject to surveillance is intended to remain unaware of those means and does not engage with the person secretly gathering the intelligence. In the IPT’s view, “the notion of a ‘covert interview’ requiring RIPA authorisation is one that is difficult to grasp. An interview is by its very nature an overt intelligence gathering operation in which the interviewee actively participates, even if only to the extent of refusing to answer questions”. Such interviews cannot constitute ‘surveillance’ and Article 8 rights are not engaged here.

It follows that the recording of the interview is not observing or listening to “in the course of surveillance” within the meaning of s. 48(2)(b) of RIPA, and no authorisation is required. The making of the recording only involves the recording process itself. It does not involve a separate act of “observing or listening to” the person being interviewed.

The IPT expressly rejected the contention that, regardless of the purpose, nature or circumstances of the intelligence-gathering activities in question, every act of “observing or listening to persons”, their conversations or communications is automatically treated as surveillance.

Robin Hopkins (@hopkinsrobin)

One hundred years of solicitude

In 2004, a man known as TD was arrested for an alleged sexual assault. He was interviewed twice. No further action was taken. The biometric data was in due course destroyed, as will be the case with others in such positions, thanks to provisions of the Protection of Freedoms Act 2012. But 40 pages of information about his arrest and the allegation are to be retained by the Metropolitan Police in the form of crime reports and a record shall be retained on the Police National Computer until 2104, when the claimant would be 128 years old. The Metropolitan Police’s policy (of August 2012) concerned Serious Specified Offences provides for retention of such information – without review – for a century. It contends that such long-term policing solicitude as regards these types of allegations is supported by research conducted by University College London in 2009.

TD sought judicial review of this retention to decision (i.e. the refusal to delete this information). Last week, in R (TD) v Commissioner of Police for the Metropolis and Secretary of State for the Home Department [2013] EWHC 2231 (Admin), Moses LJ and Burnett J dismissed his application.

The Court surveyed the relevant line of domestic and Strasbourg authorities which have abounded in recent years: R(L), R (C) and (J), S v UK, Catt, MM v UK (the majority of which are covered in Panopticon’s archive).

The Police said its policy will need to be reviewed, but that it was too early to say that the records about TD are of no use.

Moses LJ said this (paragraph 14):

“It is necessary to be cautious as to how far the considerations of the use to which the records may be put take the Commissioner.  Every record of an allegation of crime may be of use for the indefinite future, as the research to which the Commissioner refers demonstrates.  This was the very argument on which the United Kingdom Government relied in Strasbourg in S, relying on the “inestimable value” of the data [91].  But S shows that the fact that material is of potential use, and, certainly, of greater use than in Catt, is not dispositive.  Weighed against that there remains the discomfort or worse that any citizen must feel when the state retains personal information about him, particularly when it relates to an allegation, however unfounded, of a sexual nature.  In S, it was recognised that the mere storage and retention of the data amounted to an interference within the meaning of Article 8 (para 67).”

He concluded, however (and Burnett J agreed) that (paragraph 16):

“In my view, now that only nine years have elapsed and in the knowledge that access to the information is restricted to those who seek to investigate a crime it seems to me, like Richards LJ in J, that the Commissioner has demonstrated that the use to which the records of the allegation may be put justifies their retention, at least for the time being.”

The important qualifier was that the Police’s policy should provide for a review of the retention decision, but again, it was considered too early to order any such review in this case.

This will not be the last in this line of cases. The jurisprudential debate about balancing policing utility with the privacy rights of suspects – particularly concerning the question ‘how long is too long?’  – continues.

Robin Hopkins (@hopkinsrobin)

(Scottish) Data protection litigation – South Lanarkshire and more

I have observed (Panopticon passim) that the Data Protection Act 1998 features surprisingly sparingly in litigation. That appears to be somewhat less true of Scotland: for instance, Common Services Agency [2011] 1 Info LR 184, the leading case on anonymisation and barnardisation, came before the House of Lords from Scottish litigation. Here are two more recent examples, one from today, the other from last month.

South Lanarkshire

The Supreme Court has today given judgment in an appeal from the Inner House of the Scottish Court of Session about a FOI(S)A request for the number of individuals employed by South Lanarkshire Council on specific points in the pay structure, for the purposes of analysing compliance with Equal Pay legislation. The Council relied on the personal data exemption (contending that individuals could be identified from the requested information), but the Scottish Information Commissioner ordered disclosure. The Council’s appeal was dismissed by the Court of Session ([2012] CSIH 30) and, today, by the Supreme Court (South Lanarkshire Council v Scottish IC [2013] UKSC 55).

There were two issues for the Supreme Court. First, what does ‘necessary’ mean when it comes to condition 6(1) of schedule 2 to the DPA (the condition most often relied upon in support of disclosing personal data to the public), which provides that:

The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.

Giving the Court’s judgment, Baroness Hale said that it was obvious that condition 6 requires three questions to be answered: (i) is the data controller or the third party or parties to whom the data are disclosed pursuing a legitimate interest or interests?, (ii) is the processing involved necessary for the purposes of those interests?, and (iii) is the processing unwarranted in this case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject? In her view, “it is not obvious why any further exegesis of those questions is required” (paragraph 18).

Further exegesis was, however, required because of the Council’s submissions as to how strictly the term “necessary” should be construed. Baroness Hale’s answer was entirely unsurprising (see paragraphs 25-28). “Necessary” has to be considered in relation to the processing to which it relates. If the processing involves no interference with Article 8 ECHR rights, then it might be thought that all that has to be asked is whether the requester is pursuing a legitimate interest in seeking the information (which was not at issue in this case) and whether he needs that information in order to pursue it. If the processing does engage Article 8 ECHR rights, then “it is well established in community law that, at least in the context of justification rather than derogation, “necessary” means “reasonably” rather than absolutely or strictly necessary”. None of this will come as a surprise – as, for example, Jon Baines has observed in his Information Rights and Wrongs post. Indeed, as Baroness Hale observed, it is unclear that the stricter standard of necessity for which the Council argued would have been any more favourable to it.

The second issue before the Supreme Court was a natural justice challenge. The Scottish IC had asked the applicant a number of questions during his investigation, and had also received letters supporting the request from a number of MPs. This information had not been shared with the Council.

Baroness Hale observed that it was common ground that the Commissioner has a duty to act fairly (see for example Glasgow City Council v Scottish Information Commissioner [2009] CSIH 73, 2010 SC 125). The Commissioner is entitled to make his own enquiries and formulate cases on behalf of applicants, but “he must, of course, give them notice of any new material which his inquiries have elicited and which is adverse to their interests” (paragraph 31). Her Ladyship further observed (paragraphs 31-32) that:

“31. I would add that the Commissioner is fulfilling more than an administrative function. He is adjudicating upon competing claims. And in Scotland, unlike England and Wales, there is no appeal to a tribunal which can decide questions of both fact and law. The Commissioner is the sole finder of facts, with a right of appeal to the Inner House on a point of law only. These factors clearly enhance his duty to be fair. If wrong findings of fact are made as a result of an unfair process, the Inner House will not be able to correct them.

32. However, it does not follow that every communication passing between the Commissioner and the applicant, or between the Commissioner and third parties such as Members of the Scottish Parliament, has to be copied to the public authority…”

In this case, there was no breach of natural justice, and the Council’s appeal failed on both grounds.


Another of the more notable recent data protection cases is also Scottish. Additionally, it touches upon another of my observations (see here, for example) about the potential synergies and overlaps between the DPA and defamation. The case is Lyons v Chief Constable of Strathclyde Police [2013] CSIH 46 A681/10, and will be reported in the upcoming edition of the 11KBW/Justis Information Law Reports. In rough outline, the case concerned Mr Lyons’ complaints about two disclosures about him made by the police authority to regulatory/licensing bodies. The police had said that he was recorded on the Scottish Intelligence Database as having been involved in serious organised crime. Mr Lyons denied such involvement, and sued for defamation and damages under section 13 of the DPA.

His defamation claim failed because the police’s communications were made in circumstances which attracted qualified privilege, and were not tainted by malice.

The DPA claim failed too. The accuracy requirement of the fourth data protection principle had not been breached, because even if “Mr Lyons is involved in crime” were inaccurate, “Mr Lyons is recorded on the database as being involved in crime” could not be said to be inaccurate. The police’s reporting of that information arguably lent it some credence, but there was no indication on the facts of unequivocal endorsement of these statements such as to constitute the processing of inaccurate personal data by the police. Here the Court considered the Kordowski DPA/defamation case.

There was also an argument that disclosure of this information had been unfair, though (surprisingly) the case does not appear to have been pleaded as such. The essence of the unfairness argument was that, in Mr Lyons’ view, the police should have contextualised its disclosures by explaining to the recipients the source of the intelligence as to his alleged criminal involvement. The Court of Session dismissed this argument: the police could not sensibly disclose the identities of informants, given the DPA rights of the informants themselves, while Mr Lyons would not be entitled to learn through a subject access request who the informants were (see the exemptions under sections 29 and 31 of the DPA).

Here are a few interesting DPA points to emerge from the Court’s discussion. One is if a data controller endorses the veracity of inaccurate information obtained from someone else, that is not of itself a breach of the DPA (see paragraph 21). Some might query this, at least if applied inflexibly.

A second interesting point is that some might argue as follows: “to present decontextualised allegations in a manner which suggests you consider them credible could surely constitute unfairness. Perhaps you were not required to name your sources, but in the interests of fairness you could at least have made clear that you were passing on information obtained from others whom you considered to be credible”. Roughly that sort of argument seems to have been advanced here; no doubt the facts did not ultimately support it, but stepping back from the facts of this case, the (admittedly woolly and under-litigated) notion of fairness would arguably demand such an approach in many cases.

A third and final point of interest: the complainant relied on what he said were breaches by the police of a number of common law principles emerging from judicial review jurisprudence and the like. The Court was not impressed by their relevance to alleged DPA breaches, at least in the context of this case: see paragraphs 26-27, where the Court suggested that for there to be a DPA breach, there must be a particular DPA requirement which has been breached (though admittedly it did observe earlier in its judgment that ‘lawful’ in the context of the first data protection principle has no special meaning). Some might argue that fairness and lawfulness are designed to be broad enough to encompass principles outside of the black letters of DPA law. Indeed, Article 8 ECHR is increasingly the focus of arguments as to the lawfulness of processing: see for example the ICO’s enforcement notice concerning the use of ANPR cameras in the policing context, issued last week.

In other words, the DPA is not designed to be an entirely self-contained legal world, but rather to protect personal information by reference to all considerations having a bearing on what is being done with that individual’s information, whether or not they are listed by name in the DPA. This is not necessarily a point of disagreement with the Lyons outcome, but a broader observation about what kind of a creature the DPA is, or is intended to be.

Robin Hopkins (@hopkinsrobin)

Anonymity: publication and open justice

The tension between transparency and individual privacy is part of what makes information rights such a fascinating and important area. When it comes to high-public interest issues involving particular individuals, prevailing wisdom has tended to be something like this: say as much as possible on an open basis, but redact and anonymise so as to protect the identity of the individuals involved. Increasingly, however, transparency is outmuscling privacy. See for example my post about the Tribunal’s order of disclosure, in the FOIA context, of the details of the compensation package of a Chief Executive of an NHS Trust (the case of Dicker v IC (EA/2012/0250).

The recent Care Quality Commission debate is the highest-profile recent illustration: the health regulator published a consultant’s report into failings regarding the deaths of babies at Furness General Hospital, but withheld the names of the individuals being criticised (including for alleged ‘cover-ups’), relying on the Data Protection Act 1998. The anonymisation was not endorsed by the Information Commissioner, and attracted widespread criticism in media and political circles. Transparency pressures held sway.

In a similar vein, the BBC has come under great pressure over the past week – particularly from Parliament’s Public Accounts Committee – to reveal the names of approximately 150 departing senior managers who received pay-offs averaging £164,000 in the past three years. As the Telegraph reports, the Committee is threatening to use parliamentary privilege to publish those names. The BBC admits that it “got things wrong” by overpaying in many cases (as confirmed by the National Audit Office), but is concerned to protect the DPA and privacy rights of the affected individuals, as well as to safeguard its own independence. The Committee says the public interest in transparency is compelling; Lord Patten, chair of the BBC Trust, says there will be “one hell of an argument” about this.

Such arguments become all the more thorny in the context of open justice disputes, of which there have been a number in recent weeks.

In the matter of Global Torch Ltd/Apex Global Management Ltd (The Guardian, The Financial Times and others intervening) [2013] EWCA Civ 819 involved competing petitions of unfair prejudice alleging misconduct in the affairs of a particular company. Two Saudi Arabian princes and one of their private advisers applied to have the interlocutory hearings held in private under CPR rule 39.2(3). The Court of Appeal agreed with the judge who dismissed those applications. It rejected the contention that the judge had elevated open justice above Article 8 ECHR rights as a matter of law. Rather, he noted that some general presumptions were valid (for example, open justice is likely to trump reputational damage) and applied those in the factual context of this case. Maurice Kay LJ said  (paragraph 34) that there was sometimes a “need for a degree of protection so as to avoid the full application of the open justice principle exposing a victim to the very detriment which his cause of action is designed to prevent… If such an approach were to be extended to a case such as the present one, it could equally be applied to countless commercial and other cases in which allegations of serious misconduct are made. That would result in a significant erosion of the open justice principle. It cannot be justified where adequate protection exists in the form of vindication of the innocent through the judicial process to trial”.

Open justice is of course fundamental not only to freedom of expression, but is also the default setting for fair trials. This is illustrated in the regulatory/disciplinary context by Miller v General Medical Council [2013] EWHC 1934 (Admin). The case involved a challenge to a decision by a Fitness to Practise Panel of the Council’s Medical Practitioners Tribunal Service that a fitness to practise hearing should take place in private because it considered that the complainant, a former patient of the claimant, was otherwise unlikely to give evidence. HHJ Pelling quashed the decision; there was insufficient evidence for the Panel’s conclusion about witness participation, and in any event the Panel “fell into error at the outset by not reminding itself sufficiently strongly or at all that the clear default position under Article 6 is that the hearing should be in public. It failed to remind itself that Article 6 creates or declares rights that are the rights of the Claimant and that it was for the GMC to prove both the need for any derogation from those rights and for a need to derogate to the extent claimed” (paragraph 20).

Robin Hopkins