Tag: surveillance

ICO’S SURVEILLANCE REPORT 2010: ‘SLEEPWALKING’ RISK REMAINS; ‘PRIVACY IMPACT ASSESSMENTS’ PROPOSED FOR NEW LEGISLATION

Posted on | by Robin Hopkins

The Information Commissioner has delivered his latest report to the Home Affairs Select Committee on “the state of surveillance” in the UK. The report traces privacy-related developments since the Commissioner’s 2006 report on the same theme, which memorably observed that the UK may be “sleepwalking into a surveillance society”. According to the November 2010 report, that warning

 “… is no less cogent in 2010 than it was several years ago. It is not being suggested that the UK is a ‘police state’ or that there are surveillance conspiracies afoot against the public. Neither the 2006 report nor this one supports such an assumption, and evidence for it is lacking. Much of what is taken to be surveillance is done for benign reasons and has beneficial effects on individuals and society. But much surveillance also goes beyond the limits of what is tolerable in a society based on the rule of law and human rights, one of which is the right to privacy.”

The report provides an illuminating summary of trends in (amongst others) the use of CCTV, body scanning and border control (including ‘ethnic targeting’ for security searches), workplace monitoring, social networking, ‘crowdsourcing’, the monitoring of protest activities and even the use of unmanned drones. Scrutiny is also given to a number of governmental policy tools, such as databases and the use of ‘social sorting’ (eg into groups such as ‘high cost, high risk’ social groups who are vulnerable to social exclusion’) to develop targeted welfare strategies.

As regards private-sector online commerce, the Commissioner recommends a number of measures to correct what he describes as the “worrying trend particularly with those who provide on-line services not to have thought through the privacy implications of their activities and given users robust privacy settings as a default”.

What to do about the risks identified in the report? The ICO’s recommendations focus principally on overhauling the legislative process insofar as it affects privacy, by introducing: 

  • a requirement for a privacy impact assessment to be presented during the parliamentary process where legislative measures have a particular impact on privacy;
  • an opportunity for the Information Commissioner to provide a reasoned opinion to Parliament on measures that engage concerns within his areas of competence, and
  • a legal requirement to make sure all new laws that engage significant privacy concerns undergo post-legislative scrutiny to ensure they are being implemented and used as intended by Parliament.

If implemented, these measures would add substantially to the ICO’s clout as the guardian of privacy.

The report can be found here, with the accompanying press release from the ICO here.

LANDMARK IPT DECISION ON LOCAL AUTHORITY’S USE OF RIPA

Posted on | by Robin Hopkins

The Investigatory Powers Tribunal today issued its decision in the first substantive public case on the use of surveillance powers under the Regulation of Investigatory Powers Act 2000.

Poole Borough Council suspected that Jenny Paton and her family may have lied about living in the catchment area of a sought-after primary school in Dorset. It therefore monitored their activity for around 3 weeks in 2008. This included covertly monitoring the movements of family members and their car, as well as examining the contents of their rubbish.

The IPT found that:

(1) investigating a potentially fraudulent school application was not a proper purpose in the sense required by RIPA;
(2) in these circumstances, the Council’s actions were in any event disproportionate, in that they were not necessary to achieve that aim, and
(3) the Council’s actions had breached the family’s rights under Article 8 of the ECHR.

Poole Borough Council has accepted the ruling and apologised to Ms Paton and her family.

PRIVACY ACROSS THE POND

Posted on | by Anya Proops KC

On Thursday, the US Supreme Court unanimously held that a Police Chief did not violate a police officer’s 4th amendment rights by reading personal text messages which the officer had send via a pager provided to him by his employer – see the judgment here. The 4th amendment guarantees a person’s privacy, dignity, and security against arbitrary and invasive governmental acts. The text messages were sent on a pager provided by the officer’s employer, they included a number of sexually explicit messages. The texts were reviewed as part of a process of examining whether officers were using the pagers excessively for personal use. In a judgment which rejected a broad right of privacy for workers, the Supreme Court recognised that interferences with privacy may be justified where there is a reasonable suspicion that rules are being breached by the employee. Notably, the Supreme Court recognised that, in an age of fast-evolving technology, the law of privacy should develop flexibly rather than through the introduction of broad, rigid rules.

UK interception regime upheld in Strasbourg

Posted on | by Ben Hooper

The European Court of Human Rights handed down a significant judgment today in Kennedy v. UK (application no. 26839/05).

A warrant under s. 8(1) of the Regulation of Investigatory Powers Act 2000 permits the interception of the communications of a particular person (or particular set of premises). Mr Kennedy sought to challenge the Art. 8 compatibility of the s. 8(1) warrant regime, and in particular sought to criticise its foreseeability. The Court unanimously rejected his challenge and, in a relatively detailed judgment, upheld the compatibility of the domestic law.

The case is also interesting for the Court’s analysis of Mr Kennedy’s Art. 6 complaint. Mr Kennedy had brought domestic proceedings in the Investigatory Powers Tribunal, which had resulted in two public decisions on legal issues, together with a final ruling that no determination had been made in his favour (i.e. that there had either been no interception, or that any interception that had taken place had been lawful). In Strasbourg, Mr Kennedy complained that the restrictive procedures of the Tribunal had breached Art. 6. In its judgment, the Court avoided deciding whether Art. 6 applied to such proceedings, but went on to confirm that if Art. 6 did apply then the Tribunal’s procedures satisfied its requirements.

GOOGLE IN EUROPE – PRIVACY CONTROVERSIES CONTINUE

Posted on | by Anya Proops KC

In March 2010, we posted on a New York Times article which explored how Google’s quest to increase access to information via the internet appeared to be clashing with European privacy laws. The article followed in the wake of the prosecution in Italy of Google executives for violating Italian privacy laws after Google allowed a user to post a video showing an autistic boy being bullied. More recently, further controversies over Google’s record on privacy rights have emerged. First, privacy regulators from a number of different countries, including our own Information Commissioner, Christopher Graham, wrote a joint letter to Google’s chief executive and challenging him to improve protections for users, thereby highlighting concerns that Google is not doing enough to protect the privacy of users – see further this article in the Guardian dated 20 April 2010. Second, last week reports emerged that German regulators had renewed their criticism of Google’s Streetview when it emerged that Google was using the Streetview system to archive information about the location of household wireless networks – see this article in the New York Times dated 29 April 2010. What these developments suggest is that the clash between European social values and the expansion of Google’s techno-commercial empire is likely to continue for some time to come.

Banned Aid

Posted on | by Timothy Pitt-Payne KC

In March this year the Information Commissioner took enforcement action against the Consulting Association, which had been operating a secret blacklist of employees in the construction industry, including details of trade union activity. We posted about this story here, earlier this year.

Today, the Guardian has extensive coverage of what has happened since.

The Department for Business, Enterprise and Regulatory Reform has now consulted on draft regulations under section 3 of the Employment Relations Act 1999. The consultation ended on 18th August 2009. The proposed regulations are intended to outlaw the compilation, dissemination and use of blacklists of trade unionists. They would make it unlawful to refuse employment, or to dismiss employees or subject them to a detriment, for reasons related to a prohibited blacklist. Individuals who suffer loss through blacklisting would be able to bring claims either in the Employment Tribunal or in the civil courts, depending on the nature of their complaint.

The trade union UCATT commissioned a report from the Institute of Employment Rights about the proposed regulations. The report, by Professor Keith Ewing, was published on 15th September 2009: it is entitled “Ruined Lives”, and deals specifically with blacklisting in the construction industry. It includes sample material from Consulting Association files.  The report gives a fascinating history of the practice of blacklisting, going back to the late 19th century. It suggests a number of changes to the draft Regulations, including: that keeping or using a blacklist, or supplying information to it, should be a criminal offence; and that there should be a right to compensation for the fact of being included on a blacklist, even if the inclusion does not lead to any loss.

A further point to note about the draft Regulations is that they deal specifically with the blacklisting of trade unionists (as does section 3 of the 1999 Act). So they would not assist individuals who had been blacklisted for other reasons; e.g. because of their political beliefs and affiliations, or because they have a history of raising concerns about health and safety issues.

A number of individuals have brought employment tribunal claims arising out of alleged blacklisting. The claims have been consolidated and there will be a case management discussion in Manchester ET on 24th November 2009. This blog gives further information.

Meanwhile the Information Commissioner’s Office (ICO) has taken control of the Consulting Association database. Individuals who think that they may have been blacklisted can contact the ICO; for more information, see this page of the ICO’s website.