LANDMARK IPT DECISION ON LOCAL AUTHORITY’S USE OF RIPA

The Investigatory Powers Tribunal today issued its decision in the first substantive public case on the use of surveillance powers under the Regulation of Investigatory Powers Act 2000.

Poole Borough Council suspected that Jenny Paton and her family may have lied about living in the catchment area of a sought-after primary school in Dorset. It therefore monitored their activity for around 3 weeks in 2008. This included covertly monitoring the movements of family members and their car, as well as examining the contents of their rubbish.

The IPT found that:

(1) investigating a potentially fraudulent school application was not a proper purpose in the sense required by RIPA;
(2) in these circumstances, the Council’s actions were in any event disproportionate, in that they were not necessary to achieve that aim, and
(3) the Council’s actions had breached the family’s rights under Article 8 of the ECHR.

Poole Borough Council has accepted the ruling and apologised to Ms Paton and her family.

PRIVACY ACROSS THE POND

On Thursday, the US Supreme Court unanimously held that a Police Chief did not violate a police officer’s 4th amendment rights by reading personal text messages which the officer had send via a pager provided to him by his employer – see the judgment here. The 4th amendment guarantees a person’s privacy, dignity, and security against arbitrary and invasive governmental acts. The text messages were sent on a pager provided by the officer’s employer, they included a number of sexually explicit messages. The texts were reviewed as part of a process of examining whether officers were using the pagers excessively for personal use. In a judgment which rejected a broad right of privacy for workers, the Supreme Court recognised that interferences with privacy may be justified where there is a reasonable suspicion that rules are being breached by the employee. Notably, the Supreme Court recognised that, in an age of fast-evolving technology, the law of privacy should develop flexibly rather than through the introduction of broad, rigid rules.

UK interception regime upheld in Strasbourg

The European Court of Human Rights handed down a significant judgment today in Kennedy v. UK (application no. 26839/05).

A warrant under s. 8(1) of the Regulation of Investigatory Powers Act 2000 permits the interception of the communications of a particular person (or particular set of premises). Mr Kennedy sought to challenge the Art. 8 compatibility of the s. 8(1) warrant regime, and in particular sought to criticise its foreseeability. The Court unanimously rejected his challenge and, in a relatively detailed judgment, upheld the compatibility of the domestic law.

The case is also interesting for the Court’s analysis of Mr Kennedy’s Art. 6 complaint. Mr Kennedy had brought domestic proceedings in the Investigatory Powers Tribunal, which had resulted in two public decisions on legal issues, together with a final ruling that no determination had been made in his favour (i.e. that there had either been no interception, or that any interception that had taken place had been lawful). In Strasbourg, Mr Kennedy complained that the restrictive procedures of the Tribunal had breached Art. 6. In its judgment, the Court avoided deciding whether Art. 6 applied to such proceedings, but went on to confirm that if Art. 6 did apply then the Tribunal’s procedures satisfied its requirements.

GOOGLE IN EUROPE – PRIVACY CONTROVERSIES CONTINUE

In March 2010, we posted on a New York Times article which explored how Google’s quest to increase access to information via the internet appeared to be clashing with European privacy laws. The article followed in the wake of the prosecution in Italy of Google executives for violating Italian privacy laws after Google allowed a user to post a video showing an autistic boy being bullied. More recently, further controversies over Google’s record on privacy rights have emerged. First, privacy regulators from a number of different countries, including our own Information Commissioner, Christopher Graham, wrote a joint letter to Google’s chief executive and challenging him to improve protections for users, thereby highlighting concerns that Google is not doing enough to protect the privacy of users – see further this article in the Guardian dated 20 April 2010. Second, last week reports emerged that German regulators had renewed their criticism of Google’s Streetview when it emerged that Google was using the Streetview system to archive information about the location of household wireless networks – see this article in the New York Times dated 29 April 2010. What these developments suggest is that the clash between European social values and the expansion of Google’s techno-commercial empire is likely to continue for some time to come.

Banned Aid

In March this year the Information Commissioner took enforcement action against the Consulting Association, which had been operating a secret blacklist of employees in the construction industry, including details of trade union activity. We posted about this story here, earlier this year.

Today, the Guardian has extensive coverage of what has happened since.

The Department for Business, Enterprise and Regulatory Reform has now consulted on draft regulations under section 3 of the Employment Relations Act 1999. The consultation ended on 18th August 2009. The proposed regulations are intended to outlaw the compilation, dissemination and use of blacklists of trade unionists. They would make it unlawful to refuse employment, or to dismiss employees or subject them to a detriment, for reasons related to a prohibited blacklist. Individuals who suffer loss through blacklisting would be able to bring claims either in the Employment Tribunal or in the civil courts, depending on the nature of their complaint.

The trade union UCATT commissioned a report from the Institute of Employment Rights about the proposed regulations. The report, by Professor Keith Ewing, was published on 15th September 2009: it is entitled “Ruined Lives”, and deals specifically with blacklisting in the construction industry. It includes sample material from Consulting Association files.  The report gives a fascinating history of the practice of blacklisting, going back to the late 19th century. It suggests a number of changes to the draft Regulations, including: that keeping or using a blacklist, or supplying information to it, should be a criminal offence; and that there should be a right to compensation for the fact of being included on a blacklist, even if the inclusion does not lead to any loss.

A further point to note about the draft Regulations is that they deal specifically with the blacklisting of trade unionists (as does section 3 of the 1999 Act). So they would not assist individuals who had been blacklisted for other reasons; e.g. because of their political beliefs and affiliations, or because they have a history of raising concerns about health and safety issues.

A number of individuals have brought employment tribunal claims arising out of alleged blacklisting. The claims have been consolidated and there will be a case management discussion in Manchester ET on 24th November 2009. This blog gives further information.

Meanwhile the Information Commissioner’s Office (ICO) has taken control of the Consulting Association database. Individuals who think that they may have been blacklisted can contact the ICO; for more information, see this page of the ICO’s website.

Home Office publishes response to its consultation on communications data

The Home Office has published a summary of responses to its April 2009 consultation paper on ‘communications data’, i.e. information about a communication that does not include the content of the communication itself. At present, such data is owned by communications service providers and accessed by certain public authorities under disparate statutory powers for the purposes of combating, for example, fraud, terrorism and other serious crime. The government is considering an overhaul so as to bring all communication types (such as web chat) and all relevant service providers (some of whose contractual positions place them beyond the current statutory arrangements) within the system.

 

The attendant tension between individual liberty and public protection is reflected in the 221 responses to this consultation.

 

A substantial minority of respondents objected in principle to any ‘surveillance’ of communications. A majority (albeit a fairly narrow one) agreed that communications data served an important public purpose and that the government should therefore act to maintain the capability of public authorities to make use of this type of information.

 

As to what form this action should take, only one element of the government’s proposed approach was widely welcomed, namely its rejection of a central database for holding all data of this type. Reservations were otherwise expressed about technological feasibility, data security and the proportionality of public authorities’ use of communications data.

 

Nonetheless, such reservations were not deemed forceful or widespread enough to deter the government from its proposed course. A number of respondents’ suggestions have been rejected, including the specifying of categories of data which should not be retained, and the requirement for a magistrate’s authorisation before communications data can be accessed.

The government is also satisfied that the DPA 1998 and RIPA 2000 provide sufficient safeguards against abuse of such data. A legislative review is, however, proposed, to see if a single means of authorised access (through RIPA 2000) would be practicable. Fresh or consolidating legislation appears likely.