Category: Random

Finding the balance: LAD Media Ltd -v- Informtion Commissioner

On 18th January 2017 the Information Commissioner exercised her powers under Section 55A of the Data Protection Act 1998, as modified by the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), and served a Monetary Penalty Notice [pdf] on LAD Media Limited in the amount of £50,000.

LAD Media is a Greater Manchester based lead generation and data brokerage company operating in the financial services and debt and claims sectors.  The company had engaged in a direct marketing campaign sending 393, 872 SMS messages.  The numbers had been bought in from a third party and the contract between LAD Media and its supplier warranted that all of the numbers had valid consent for the purposes of direct marketing.  In fact there was not valid consent in place which enabled LAD Media to utilise them for marketing.

LAD Media appealed the penalty to the First-Tier Tribunal (Information Rights) on 6 grounds.  The Tribunal’s decision [pdf] records that it refused 5 out of the 6 grounds of appeal and allowed one ground of appeal.  The successful ground of appeal related to the amount of the monetary penalty notice.  The Tribunal reduced the amount from £50,000 to £20,000. In doing so the Tribunal has given some guidance on relevant factors in setting the amount of a Monetary Penalty, although, it was clear that it wasn’t being prescriptive.

Relevant considerations include:

  • The circumstances of the contravention;
  • The seriousness of the contravention (as assessed by (i) the harm caused, or likely to be caused, by the contravention; (ii) whether the contravention was deliberate or negligent; (iii) the culpability of the recipient, including reference to any steps taken to avoid the contravention)
  • whether the recipient is an organisation or an individual, including its size and sector
  • the financial circumstances of the recipient, including the MPN’s impact
  • Steps taken to avoid further contravention(s)
  • Any redress offered to those affected by the contravention

The Tribunal also stated, at paragraph 48, that it considers deterrence as a relevant factor and that this extends not only to deterring the recipient from further contraventions, but also to deterring others.

In the case of LAD Media, the tribunal took a number of factors into consideration; including that it was the only contravention of PECR and that it was the first time that the LAD Media had engaged in a marketing campaign of this nature.  The Tribunal was provided with LAD Media’s accounts for 2014, 2015 and 2016; it noted that at the time of the contravention there was a substantial increase in both turnover and profit.  It also noted that there was no evidence that LAD Media would go bankrupt if it had to pay the MPN nor what the real impact of paying a MPN would be (see paragraph 49).

At paragraph 50 the Tribunal noted that the lack of provision of full information to the Commissioner and the woeful lack of due diligence undertaken were aggravating factors.  Although, there is little indication as to how the Tribunal treated these aggravating factors in setting the £20,000 figure for the Monetary Penalty.

What does this case tell us?

This tribunal decision ought not to be slavishly followed by anyone; it does not bind the Commissioner or the First-Tier Tribunal.  However, it does provide some interesting and useful guidance as to the sort of matters that the Commissioner ought to be taking into account when determining the amount of a Monetary Penalty Notice.

On financial impact, it is clear that the Tribunal considers that the Commissioner ought to be considering what the impact of the penalty will be on the recipient’s finances; however, that should be taken in context with what it said about deterrence.  It suggests that while the financial circumstances of the recipient are a relevant consideration, they may not necessarily be determinative.  Recipients should probably expect any monetary penalty to be painful financially.

How the data controller responds to the contraventions in question may be of importance in mitigating against the amount of the monetary penalty.  Holding your hands up to a breach and taking steps to try and prevent future contraventions may well go in a data controller’s favour.  However, the Tribunal considered the level of due diligence taken by LAD Media to be an aggravating factor, so any steps taken following a contravention may well be outstripped by a failure to take adequate steps in the first place to prevent a contravention.

The Tribunal seemed unimpressed with the way in which LAD Media dealt with the Commissioner following the contravention; reference was made to a lack of full disclosure and this was noted to be an aggravating factor.  There may be a temptation to try and minimise things in the hope of minimising the extent of any financial penalty; however, this approach could have the opposite effect and result in an increased penalty.

Brexit and Parliamentary time: the Scottish Tories’ complaint

Conservative MSP Douglas Ross bemoaned, in the Scottish Parliament debating chamber, today the amount of time that has been spent discussing Brexit and its implications for Scotland.  He felt that this was to the detriment to other matters.  To be fair, it is to the detriment of other matters; however, that is the reality of the political landscape we find ourselves in.  Whether people like it or not, Brexit is going to swallow up vast amounts of government time (both in Edinburgh and in London), parliamentary time (both in Holyrood and Westminster) and civil service time (both at a Scottish and UK level).

We hear talk about soft Brexit and hard Brexit, but the reality is that Brexit itself is hard.  EU law directly affects or influences almost every single area of devolved responsibility.   Reserved matters which will be affected by Brexit also have direct implications on areas of devolved responsibility.  The reality is, especially as we continue through a period of austerity, that things have to give to make way for Brexit. More and more ministerial time will be taken up with Brexit as will the time spent by Civil Servants.  Yes, the business of Government must go on (and it will do so), but the priorities will have to change.  A lot of time will be spent on figuring out what needs to be done to ensure that when the UK leaves the European Union there aren’t any lacunas in the law and as time progresses and we learn more about what the UK’s new relationship with the EU will be legislation will need to be enacted (both in Holyrood and Westminster) to give effect to that.  Ensuring that there are no lacunas and that the legislative framework is in place to give effect to our new relationship with the EU, whatever shape that will be, will feature highly on the legislative agenda between over the majority of this Session of the Scottish Parliament.

Mr Ross pointed out that Education was said by the First Minister to be her and her Government’s number one priority; well, education will be affected by Brexit.  Changes to rules on immigration may well impact upon the recruitment of staff and students, it will have an impact upon issues like tuition fees and university and secondary school foreign exchange programmes to name some areas.  Mr Ross highlighted the ambition of getting more women to take up the STEM subjects; well here is another area where Brexit will have an impact: through research funding.  A lot of research funding (from PhD level all the way through to top end research) derives from EU sources.  Research work undertaken can act as a way to inspire young people, including young women, into STEM subjects.

I have been known to castigate and criticise the SNP on many occasions over the years; however, I can’t help feel that the Conservative Party are being rather foolish here.  It was the decision of the former Conservative party leader to hold the referendum that will now result in one of the biggest constitutional, legal and political upheavals in a very long time.  Mr Ross and his conservative colleagues may not like the amount of time that Brexit will eat up over the coming years, but they’ll just need to lump it for that’s the reality of the political landscape in which we live.

The Case of Marine A

Yesterday the Court Martial Appeal Court (which, as the name suggests, hears appeals from Courts Martial) refused an application for bail by Alexander Blackman (more popularly known as ‘Marine A’) pending his appeal against his conviction for Murder.  There was, predictably, an almighty uproar by people and equally predictably, the uproar appears to be coming from people with scant knowledge of the facts (or a complete lack of interest in the facts).  Before looking at the decision of the Court Martial Appeal court, it might be worthwhile recapping, briefly, how we have arrived at this situation.

‘Marine A’ served with the Royal Marines and was deployed to Afghanistan.  On 15 September 2011 insurgents attacked a compound that was occupied by the Royal Marines.  A helicopter was called in to assist with the fire fight that had ensued.  One of the insurgents was located in open ground and the helicopter opened fire on that particular insurgent.  A unit was tasked to undertake an assessment of the damage from the battle and that unit was under the command of ‘Marine A’.

Each of the three armed forces in the UK has their own police force – The Royal Military Police (Army), the Royal Navy Police (the Navy) and the Royal Air Force Police (the RAF).  About 12 months later the “Military Police” (phrase used in the Court Martial Appeal Court’s judgment) were undertaking an investigation into unrelated matters but found video recordings of the incident in Afghanistan on 15 September 2011.  It is understood that in the video footage ‘Marine A’ is heard to admit that he had broken the Geneva Convention when killing an insurgent.  That discovery by the RMP resulted in ‘Marine A’ together with others being charged with Murder.  The matter was tried before a Court Martial and in November 2013 ‘Marine A’ was convicted of Murder.

The Court Martial is a military court which has its current basis in the Armed Forces Act 2006.  It hears cases against service personnel form all three of the services.  Proceedings are presided over by a Judge (who is called a “Judge Advocate”) and there is a Board consisting of between three and seven officers and warrant officers (who take the place of the jury); the size of the Board depends upon the seriousness of the charge(s).  The Court Martial may try any offence against service law (section 50(1), Armed Forces Act 2006), which includes all criminal offences under the law of England and Wales (see Section 42 of the Armed Forces Act 2006).  The Court Martial operates much like the Crown Court (although there are notable differences) and matters of law are determined by the Judge Advocate while matters of fact (including innocence and guilt) are a matter for the Board.  Matters are prosecuted before a Court Martial by the Service Prosecuting Authority.  The SPA an independent tri-service body which is staffed by qualified lawyers who are drawn on secondment from the Legal Branches of the Army, Navy and RAF (all of whom are commissioned officers in their respective service).  The SPA is independent from the chain of command and operates along similar lines to the Crown Prosecution Service.  The SPA is under the superintendence of the Attorney General of England and Wales to mark its complete independence from the Chain of Command.

Following upon ‘Marine A’s’ conviction for Murder he unsuccessfully appealed his conviction to the Court Martial Appeal Court.  Thereafter an application was made to the Criminal Cases Review Commission which has subsequently made a reference back to the Court Martial Appeal Court.  For completeness, the judges who sit in the Court Martial Appeal Court are those set out in Section 2 of the Courts-Martial (Appeals) Act 1968 and include the judges of the Court of Appeal of England and Wales, such of the Lords Commissioners of Justiciary as the Lord Justice General may from time to time nominate for the purpose, and such of the judges of Her Majesty’s Supreme Court of Judicature of Northern Ireland as the Lord Chief Justice of Northern Ireland may from time to time nominate for the purpose.

The Judgment of the Court Martial Appeal Court discloses very limited details about the nature of the appeal before it; however, it would appear that Blackman’s lawyers are arguing that new psychiatric evidence produced renders the conviction for murder unsafe.  In terms of a disposal the Appellant is seeking, it is that his conviction for murder be quashed and either substituted with a conviction for Manslaughter or a fresh trial ordered.  In essence, the Appellant is not arguing that he is wholly innocent – he is arguing that he was criminally responsible for the death of the insurgent but that his responsibility was diminished and therefore he is guilty of Manslaughter rather than Murder.  The Prosecution do not accept this and maintain that the conviction for Murder is the correct conviction.

In short, what we had is a person who served in the armed forces, who was investigated by members of the armed forces, prosecuted by members of the armed forces (acting independently from the Chain of Command) and thereafter convicted of murder by members of the armed forces seeking Bail pending an appeal in which he hopes his conviction for Murder will be substituted with a conviction for manslaughter.  When assessing the case of Marine A it is my view that we must do so with that short summary in mind.

In terms of Bail, the prosecution was neutral on the matter.  As we know, the Court Martial Appeal Court refused bail.  The test for bail, rightly and sensibly, for a person who stands convicted of a crime is entirely different to that of a person who is yet to stand trial.  The presumption of innocence does not apply following conviction.  The test that the Court Martial Appeal Court applied is set out in Paragraph 18 of its judgment.  It is a very high test, as would be expected.  It is exactly the same test that would be applied to someone convicted in the Crown Court of Murder who was seeking bail from the Court of Appeal pending an appeal.

The Court Martial Appeal court determined that Marine A’s case did not meet the high test for bail to be granted and so Bail was refused.  I’m not an English lawyer and it is English criminal law that is applied by the Armed Forces Act 2006; however, I would have thought that those acting for the Appellant would have advised him on his prospects of success in his application for Bail and I suspect that neither he nor his legal representatives were surprised when Bail was refused.

The Court Martial Appeal Court appears though to be moving at breakneck speed in hearing the appeal.  The Criminal Cases Review Commission made the reference earlier this month and the Court is currently looking to have a hearing fixed for January or February 2017.  In an attempt to speed matters up the Court has severed the Appellant’s grounds of appeal and will deal initially with the primary ground of appeal (that being the one arising out of the new psychiatric evidence).  If the Appellant is successful on that ground the remaining grounds are irrelevant, if he is unsuccessful the Court Martial Appeal Court will hold a further hearing on those grounds of appeal.

While it may have been disappointing for the family, friends and supporters of ‘Marine A’ that his application for Bail was refused; it is important that the decision is seen in its context.  Furthermore, even if Marine A is successful in his appeal there is no guarantee that he will be immediately released from prison.  If his conviction for Murder is quashed and replaced with one for Manslaughter the sentence will also need to be substituted; it may well be that Marine A will need to serve further time in custody.

Gas Distribution Companies and the EIRs

The Environmental Information Regulations 2004 provide for important rights of access to environmental information that is held by or on behalf of public authorities in the United Kingdom (except Scottish public authorities, to which the Environmental Information (Scotland) Regulations 2004) apply.  The Regulations were introduced to give effect to a European Directive on access to environmental information, the Directive and Regulations are ultimately based upon the Aarhus Convention on access to environmental information.

The Environmental Information Regulations 2004 have a much wider application than the Freedom of Information Act 2000 does by virtue of the much wider definition of public authority in the Convention (and as a consequence the Directive and Regulations).  The leading case on the question as to exactly who is a public authority is Fish Legal & Emily Shirley v the Information Commissioner and Others which is a decision of the Grand Chamber of the Court of Justice of the European Union.  This decision has been given domestic application by the Upper Tribunal in a number of appeals, including the Fish Legal case (the Upper Tribunal having been the source of the reference to the court of Justice of the European Union).

In light of this decision I considered that the utilities companies were likely to be caught by the definition of a public authority. I therefore wrote to Northern Gas Networks Limited in December 2015 requesting information from them in respect of gas escapes.  Northern Gas Networks Limited is one of a number of gas distribution companies in the United Kingdom responsible for the gas distribution network in a given geographical area; in the case of Northern Gas Networks, they have responsible for the gas distribution network in the North of England.  The gas distribution companies are responsible for the distribution (but not the supply of) gas to domestic and commercial premises.  They are responsible for the physical network (i.e. the pipes, gas meters etc).

The Gas Act 1986 gives the gas distribution companies a range of powers that are not ordinarily available to private individuals or businesses.  For example, the gas distribution companies have the power (subject to authority from the Secretary of State) to compulsorily purchase land that is required by them to maintain the gas distribution network.  The Gas Act also gives the gas distribution companies the power to enter land or premises to inspect gas equipment and fittings on a safety basis and for the purposes of performing other duties.  They also have the power to lay pipes within streets, including the power to break up streets.

The “Special Powers” test derives from the Fish Legal cases; they are rights which are not normally available to private bodies or individuals – even where they are qualified (for example, by needing a warrant from the court or the authority of the Secretary of State). Clearly, the powers available to gas distribution companies under the Gas Act are just that:  they are powers not normally available to private individuals.

Northern Gas Networks did not respond to the request for information, nor to representations made pursuant to Regulation 11 of the Environmental Information Regulations 2004.  I wrote to the Information Commissioner to make an application for a decision pursuant to section 50 of the Freedom of Information Act 2000 (which applies to the Environmental Information Regulations by virtue of Regulation 18).

Northern Gas Networks maintained that it was not a public authority for the purposes of the Environmental Information Regulations 2004; however, the Commissioner considered the matter in light of Fish Legal and decided that Northern Gas Networks is a public authority for the purposes of the Environmental Information Regulations 2004. The Commissioner’s decision can be read here.

It follows from this decision that the other gas distribution companies in the United Kingdom are also public authorities for the purposes of the Environmental Information Regulations 2004. Those companies are:  SGN (Scotland & South East England); National Grid (Midlands and North West England) and Wales & West Utilities (Wales and South West England).

Electricity Distribution

The electricity distribution system is split-up in a similar fashion with electricity distribution companies responsible for the distribution (but not the supply of) electricity around the network in the United Kingdom. Those companies have similar powers to the gas distribution companies in respect of the distribution of electricity and it is therefore likely that they would also be public authorities for the purposes of the Environmental Information Regulations 2004.

The electricity distribution companies are: SSE Power Distribution (North of Scotland and Southern England); SP Energy Networks (Central Scotland, Southern Scotland, East Midlands, West Midlands, South Wales & South West England); Northern Powergrid (North East England and Yorkshire); Electricity North West (North West England); UK Power Networks (Eastern England, London, South East England) and Northern Ireland Electricity (Northern Ireland).

Scotland

Although, as set out at the beginning of this post, Scotland has separate access to environmental information regulations it is my view that the UK Regulations would apply to both the gas and electricity distribution companies in Scotland. This is because the distribution of gas and electricity is a matter reserved to Westminster and continues to be the responsibility of the Secretary of State for Energy and Climate Change and regulation is the responsibility of OFGEM.

Appeal

The Decision Notice was only issued last week and it therefore follows that Northern Gas Networks could yet appeal the Commissioner’s decision to the First-Tier Tribunal (Information Rights).

International Right to Know Day 2015

On 28 September 2002 in Sofia, Bulgaria a group of Freedom of Information organisations from around the world proposed having a day to raise people’s awareness of their right of access to information, as well as to promote freedom of information as essential to good governance and democracy.  The day was to be called ‘International Right to Know Day’, and it is marked each year by freedom of information organisations and advocates to both celebrate freedom of information and to raise awareness of it.

Last week the Scottish Information Commissioner published her annual report in which it was reported that awareness of the right to access information is high among Scotland’s population.  The Commissioner’s report stated that 84% of people said that they are aware of FOI, the highest level recorded.  Scotland benefits from the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 in relation to information and environmental information held by UK public bodies.  It also benefits from the Freedom of Information (Scotland) Act 2002 and the Environmental Information (Scotland) Regulations 2004 in relation to information and environmental information held by public bodies in Scotland.

Earlier this month a Scottish Government consultation closed on extending the provisions of the Freedom of Information (Scotland) Act 2002 (and thereby also the Environmental Information (Scotland) Regulations 2004) to a number of bodies not already covered by the legislation.  Meanwhile, the UK Government announced in July that it had established a commission to look at the Freedom of Information Act and its operation; the terms of reference of that commission have broadly been interpreted as being about restricting information access rights.

The right to know is an important one that has seen lots of important information released over the years.  The MPs expenses scandal came about partly as a result of FOI and we also know about the matters and issues that HRH the Prince of Wales has lobbying Ministers about as a consequence of FOI.  On a local level people have been able to uncover in much more detail what has been going on in their local councils, police forces and NHS services.  If you are interested to see the sorts of information that have been released over the years then you can visit www.whatdotheyknow.com, a website that enables individuals to make Freedom of Information requests.  All requests made via the site are published online, including the authority’s response.  The site has been going since 2008 and hundreds of thousands of requests have been made using it since then; so there is highly likely to be something on there that interests you.  If there is anything you would like to know about what the Government or your local council/police force/NHS services are doing you could even use WhatDoTheyKnow to make a request and find out.

The right to know doesn’t just extend to public authorities in Scotland or the UK.  There are freedom of information rights in relation to the European Union and its institutions.  This right, in the UK at least, is probably a lot less well known than the domestic rights to access information.  With a referendum on our continued membership of the EU on the cards in 2017 it would seem like a good opportunity to get to know what the EU does and how it does it.  There is a website that uses the same software and principals as WhatDoTheyKnow, called AskTheEU, for information access requests to the EU.  It can be found at www.asktheeu.org.

When the Justice Select committee conducted its post-legislative scrutiny of the Freedom of Information Act 2000, it concluded that the Act “has been a significant enhancement of our democracy” which has “improved openness, transparency and accountability”. The committee also stated that they did “not believe that there has been any general harmful effect at all on the ability to conduct business in the public service” and in their view “the additional burdens are outweighed by the benefits.”

If you think that Freedom of Information is important and shouldn’t be restricted you can use www.writetothem.com to write to your MP asking them to protect the FOI Act.

Beyond Reasonable Doubt: An unfair advantage to the accused?

In the wake of the dismissal of the case against Shrien Dewani in South Africa, Dan Hodges has written a piece on the Telegraph website questioning the criminal standard of proof.  I will write this blog post from a Scottish perspective, but the general points will apply equally to most ‘western’ legal systems.

There are two burdens of proof recognised before the courts: the criminal standard, which is “beyond reasonable doubt” and the civil standard, “on the balance of probabilities”.  What we are concerned here with is the criminal standard of proof, and particularly whether it weighs the system too heavily in favour of the accused.

Before going further, it might be helpful to set out what beyond reasonable doubt means.  In his comment piece, Mr Hodges, asserts that in order for the prosecution to secure a conviction against an accused they “must prove beyond question the guilt of the accused.”  This is not the case, and overstates the standard of proof.  The criminal standard of proof does not require there to be no doubt at all, only that there is an absence of reasonable doubt.  What this means is that the accused is entitled to the benefit of any doubt which is based upon reason and commonsense following a careful and impartial consideration of the evidence (and the lack thereof) presented to the court.  The doubt, as Lord Justice-Clerk Cooper put it in Irving v Minister of Pensions, should be something more than “a strained or fanciful acceptance of remote possibilities”; Lord Justice-Clerk Thomson said in McKenzie v HM Advocate  that it is something “more than a merely speculative or academic doubt”.  The finder of fact (the jury or the sheriff/Justice of the Peace) doesn’t have to be convinced beyond doubt that the accused perpetrated the crime alleged, only to the point where he has no reasonable doubt.

There are a variety of reasons as to why there is such a high standard of proof in criminal cases.  One of those reasons is the consequence of a guilty verdict in a criminal trial.  As Jones and Christie put it in Criminal Law (4th Edition), “conviction certainly entails more than a mere finding that, e.g. “A killed B”.  This in itself is a legally neutral statement…The Prime function of the criminal law is that of articulating the circumstances under which it is justifiable to hold a person punishable for his conduct.” (para 1-13).  In other words, with the criminal law we are going beyond a situation where we are simply ascribing liability to concluding that a person’s conduct renders them liable for punishment.  That punishment can be severe, it could result in a person being deprived of their liberty for a lengthy period of time.  A finding of liability in a civil case does not generally result in the liable party being punished; there may be a requirement to compensate the party that they have wronged to try and place them back into the position they were in before the wrong occurred (or to place them in the position they would have been in had the wrong not occurred), but that is manifestly different from punishment.  The stakes are much higher and as such it has been the position that the standard of proof must also be higher as a consequence.

It seems unjust to punish someone, in the severe ways open to the criminal justice system, on the basis that it is merely more likely than not that they committed the crime alleged.  A system whereby an accused person could be convicted merely on the balance of probabilities would inevitably result in the entire criminal justice system being brought into serious disrepute as individuals would routinely be convicted where there are sensible and logical alternatives to their guilt based on the evidence which was heard in court.

It has long been the case that the justice system has preferred to see guilty men walk free than an innocent man be unjustly punished.  This is not some ‘liberal, leftard, hand-wringly nonsense’; it is a centuries old principle and can be found in times where liberal principles were about as far away from the justice system as was possible.  We’re going back to the times of gruesome public executions for the most minor of crimes, to where transportation was still a sanction open to judges and to where prison conditions were probably more horrible than even the most right-wing member of society would care to suggest today.  Moreover, is it’s a principal which is a recognised international standard and features in what most people would consider to be “decent” legal systems.  This principle is another reason for the high standard of proof in criminal trials and is linked closely to the idea that a finding of guilt in a criminal trial opens up legitimate punishment upon the offender.

We’re probably all familiar with the concept of an accused person being innocent until proved otherwise (even if, as a society, we don’t always hold to that with our quick condemnations upon those suspected or accused of crimes).  The burden is placed squarely upon the State for a number of reasons, not least an equality issue.  The State is vastly better resourced than an individual and it can call upon those resources when trying to prove that someone “did it”.  The State has professional investigators in the form of the police, and teams of specialist lawyers to prosecute the case in court in the form of the public prosecution service.  While those services, in the UK at least, are suffering from a considerable cut to their funding, those resources continue to vastly outstrip the resources of the accused who has only his (small) defence team to counter the might of the State.  Lowering the Standard of proof would inevitably lead to the accused having to prove things that he does not currently have to prove.  Of course, it is presently the case that an innocent accused facing an overwhelming case against them would be sensible to offer evidence as to why the State is wrong; however, in a system where the standard of proof was merely whether it was more likely than not that the accused had committed the crime it would almost always be the case that the accused would have to be disproving the States case (or, to put it another way, prove his own innocence).  It would eat away at the presumption of innocence and would result in a great inequality between the State and the accused.

Does the criminal standard of proof weight the system in favour of the accused?  I suggest no.  What it does, I suggest, is merely rebalance a system that without it would unfairly favour the State with its huge and specialist resources over the extremely limited resources of the accused.

Devolving Data Protection

The Data Protection Act 1998 (DPA) applies across the whole of the United Kingdom and is enforced centrally by the Information Commissioner’s Office in Wilmslow (which also has offices in Belfast, Cardiff and  Edinburgh).  Anyone who has been following Scottish politics recently will be aware that a Commission has been established to make proposals on further devolution to Scotland following the Scottish Independence Referendum in September.  It has been suggested by the Law Society of Scotland in their written evidence [pdf] to the Smith Commission that consideration should be given to devolving data protection to Scotland.

This was a proposal that caught my eye when I read the Law Society of Scotland’s evidence, and it is an interesting one. Is there any real reason as to why Data Protection ought not to be devolved?

The Law Society of Scotland narrate within their evidence the confusion that can arise with the Scottish Information Commissioner being approached in respect of enforcement action relating to Data Protection, a function that she does not presently undertake.  The Scottish Information Commissioner enforces the Freedom of Information (Scotland) Act 2002, the Environmental Information (Scotland) Regulations 2004 and the INSPIRE (Scotland) Regulations 2009.  In their evidence, the Society makes reference to the way in which Freedom of Information (Scotland) Act 2002 and the DPA interact.  They rightly point out that the Scottish Information Commissioner is required to make decisions in respect of whether it would breach the DPA to release personal data in response to a FOI request.

The interaction between DPA and FOI is a well known difficulty and there has been litigation surrounding it, such as in South Lanarkshire Council v the Scottish Information Commissioner (on which I have previously written here and here).  Understandably it must be difficult for the Scottish Information Commissioner to take decisions on disclosure in respect of personal data when her office is not also responsible for enforcing the DPA – it risks her taking a decision with which the Information Commissioner in Wilmslow might well disagree with (and consequently result in a Scottish public Authority breaching its obligations under the DPA).

The law relating to Data Protection comes from the EU, but that on its own would not prohibit its devolution. The INSPIRE (Scotland) Regulations 2009 and the Environmental Information (Scotland) Regulations 2004 both give effect to EU Directives in Scotland.  Ultimately, it is the UK Government that is accountable to the EU for the implementation of EU law within the United Kingdom.  That fact though doesn’t appear to have stopped the UK Government from devolving to Scotland the power to implement EU law into Scots law in some areas already.

There is a difference between the DPA and the legislation that the Scottish Information Commissioner currently enforces. The DPA applies to the private sector to the same extent as the public sector.  The legislation currently enforced by the Scottish Information Commissioner applies to public sector and bodies falling within certain definitions that provide functions of a public nature only.  There is a degree of difference between them; for example, the bodies caught by the Environmental Information (Scotland) Regulations is wider than the bodies caught by the Freedom of Information (Scotland) Act 2002.  What has this got to do with devolving Data Protection?  It might not be of an immediately obvious nature; however, the bodies covered by the Freedom of Information (Scotland) Act 2002, the Environmental Information (Scotland) Regulations 2004 and the INSPIRE (Scotland) Regulations 2009 are all largely based entirely within Scotland; there are almost no examples of where the Scottish law here applies to bodies carrying out functions elsewhere in the UK.  Is this difference (i.e. the cross jurisdictional aspect of Data Protection) a sufficient reason not to devolve Data Protection to Scotland?

In terms of FOI, public bodies which have functions across the whole of the UK, or are part of the UK Central Government, are covered by the UK equivalent and not the Scottish law. Some examples include: the BBC, the British Transport Police, the Scotland Office, the Office of the Advocate General for Scotland, the Home Office, the Department for Work and Pensions and HMRC.  In these cases the Freedom of Information Act 2000, the Environmental Information Regulations 2004 and the INSPIRE Regulations 2009 apply and it is the UK Information Commissioner in Wilmslow who enforces their compliance.

In terms of devolution, it is logical why the Freedom of Information Act 2000, the Environmental Information Regulations 2004 and the INSPIRE Regulations 2009 apply to UK wide bodies. It would undoubtedly present difficulties for those organisations if they had to comply with different requirements in different parts of the UK.  However, in terms of FOI, some bodies already have that difficulty.

It does not appear to be widely known, but some of the UKs biggest businesses are covered by FOI law to a very limited extent. The likes of Tesco, Sainsbury’s, Asda and Boots are all subject to FOI law in respect of their NHS Pharmaceutical and Optometry services.  These are the bodies that have the difficulty of complying with two separate FOI regimes.  In respect of their services contracted by the NHS in Scotland it is the Freedom of Information (Scotland) Act 2002 and the Environmental Information (Scotland) Regulations 2004 that apply (and the Scottish Information Commissioner is responsible for enforcement) while in respect of their services contracted by the NHS in England it is the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 that apply (and the UK Information Commissioner is responsible for enforcement).  A request to one of those bodies for information on a UK wide scale would require them to deal with the request under two separate access to information schemes (potentially four if the information was environmental in nature).  Outside of the world of access to information legislation there is a great deal of differences between the legal frameworks in which UK wide businesses operate across the UK.  A contemporary example might be statutory charges for carrier bags.  Wales, Northern Ireland and Scotland all have them while England does not.  As a consequence businesses operating across the UK have to adopt difference practices on carrier bags to ensure legal compliance in those parts of the UK that do require charges to be made for carrier bags.  This is a fairly minor example, but there are some which are much more substantial in nature.

In terms of devolving data protection to Scotland, if it were to be devolved at all, there are two options. The first would be to devolve it only in respect of data controllers domiciled in Scotland.  This would mean Scottish domiciled data controllers would have to comply with a Scottish Data Protection Act while data controllers domiciled elsewhere in the UK would have to comply with a UK Data Protection Act.  This is probably not a good option from the point of view of Data Subjects; some UK wide companies would be domiciled in Scotland and some would be domiciled elsewhere in the UK.  This could cause confusion as to which Information Commissioner they ought to be dealing with in relation to a data protection concern.  For example, in that situation customers of RBS might find themselves dealing with the Scottish Commissioner as RBS is a company registered in Scotland.  This is the sort of confusion that the Law Society of Scotland mentioned within their response as to why consideration ought to be given to devolving data protection to Scotland.  The other option is to simply devolve Data Protection and that would mean any UK-wide organisation operating in Scotland would have to comply with both the UK and the Scottish Data Protection Acts – it would be no different to multi-nationals who have to comply with the different Data Protection regimes across the world or the multitude of other areas where UK-wide businesses already have to comply with different laws north and south of the border.

Devolving Data Protection to Scotland wouldn’t end the UK Information Commissioner’s responsibilities in Scotland. He would still be responsible for dealing with Freedom of Information in respect of the many bodies covered by the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 which operate in Scotland.  His office would also still be responsible for enforcing the Privacy and Electronic Communications (EC Directive) Regulations 2003 (which overlap considerably with data protection) unless responsibility for implementing the E-Privacy Directive upon which they are based was similarly devolved to Scotland.

So, should Data Protection be devolved? Well, there is no good reason against it that I can see.  There would be a good opportunity for devolution in the form of the Data Protection Regulation currently working its way through the EU legislative process.  At that stage Data Protection law in the UK will have to change and if this were to be an area for devolution to Scotland that would seem like a sensible time to do it.  However, given the nature of EU Regulations as opposed to EU Directives, the practical effect of devolving Data Protection to the Scottish Parliament would be limited.  The question would become “what is the point?”.  The arguments in favour of further devolution to Scotland centre around the Scottish Parliament taking decisions on matters for Scotland which do not need to be reserved; however, the practical effect of the new Data Protection Regulation would be that there would be almost no scope for the Scottish Parliament to take decisions on data protection; there would be an EU Regulation which has direct effect in all EU member states, without the need to pass domestic legislation.  Any legislation, UK or Scottish, would simply be regurgitating the Regulation alongside some minor consequential and transitional matters.

The Law Society of Scotland argues that the new regulation means that there is less of a need for data protection to be a reserved matter; that would be true because from an EU compliance point of view there would be no risk to the UK Government. They also seem to place a lot of weight on the issue of confusion between the responsibilities of the two information commissioners; however, I’m not sure that would be resolved by devolving data protection – in fact there is real potential for it to be compounded rather than resolved.  The only real argument is the one concerning FOI decisions involving third party personal data, but so far that doesn’t appear to have been an issue.  Indeed, in the South Lanarkshire Council case mentioned above, the Supreme Court agreed with the approach of the Scottish Information Commissioner; although there is always scope for the Scottish Information Commissioner to get things wrong.  That said, the UK Information Commissioner could equally get things wrong and wrongly order the disclosure of personal data under FOI.

Should data protection be devolved?  There doesn’t seem to be strong case one way or the other.  In the grand scheme of things there are far more important issues in the devolution debate than whether the Scottish Parliament should get power devolved over an issue that won’t actually amount to much power at all.

An unfailing, positive belief in Young People

A certain tabloid ‘newspaper’ ran an article bemoaning the lack of young people who are working.  The article cited a number of reasons: lack of jobs, exam-pressure and of course, laziness.  Some of the readership of that certain newspaper, of course, lapped it up and posted some rather depressing comments about young people.  Only a few weeks ago we had the A Level results and prior to that the GCSE results.  Yes, the newspaper reported the success of young people; however, that was, as ever, accompanied by comments from certain quarters determined to undermine the results wittering on about how exams are “too easy” and such like.  With ever story on education, whether it be education in England, Scotland, Northern Ireland or Wales, comes those who do nothing but downplay the hard work and achievements of young people. All of this seem to fit a rhetoric that can clearly be seen: young people are good for nothing, lazy louts.

I struggle to recall a positive newspaper article about young people in the last few years.  Even on the rare occasion that there is one celebrating the success of a young person, people will jump on it and run down young people.  Up and down the country young people are dedicating their free time to their communities (more often than not for free), going abroad to help those less fortunate than themselves and working hard to achieve good exam results.  That is rarely seen or heard about in the news.  When a small number of teenagers cause a problem in a local community they get an extraordinary amount of press coverage at the expense of those young people who are not causing any problems.  A group of teenagers on the street is something to be feared apparently.

While the tabloids are lambasting young people for being outside causing a ‘nuisance’ by being noisy and congregating in the streets, they are also lambasting young people for being lazy sitting on the sofa watching TV and playing video games instead of being outside doing stuff.  Add to that the chronic underfunding of youth services in communities and you get something that you really couldn’t make up!

Yes, some young people cause problems.  Yes, some young people damage property and shout abuse at passers-by.  Yes, some young people engage in criminal activity.  However, so do some adults.  We don’t judge the entire adult population by the actions of a minority.

The chronic underfunding of youth services isn’t helping with any of it.  Many youth clubs and groups have closed and many more will.  These services are vital to young people.  They give them somewhere to meet their mates and have a laugh (they can’t congregate in the pub like adults can).  Youth clubs and centres get them out of the house and give them somewhere to go which means they’re not mucking around outside people’s houses (which might be annoying, but for the most part is utterly harmless).  With these youth centres can come help and support for young people who are in trouble: whether that be young people having a tough time at home or those who are going down the wrong path in life.  These youth service shouldn’t just be targeted towards those young people who are considered to be ‘problems’, but they should be available to all young people. 

We have to remember that young people are still developing; they’re still working out who they are and how they fit into the world around them.  Their bodies are going through drastic changes as they go through their secondary school careers.  Alongside that they’re undergoing what is, despite what some think, a stressful curriculum with constant testing.  The results of those and tests determine whether they can take the next step in life.  As they progress through school their attention has to turn to life beyond school (whilst still being on getting through school).  Career choices begin to be made: which subjects do I take? Do I go onto college or university or just get a job?  Being a teenager is stressful and the older we get the less able we are to remember just how stressful those teenage years were for us.

Yes, when they go out into the real world they’ll have to cope with many big decisions at a time; they’ll have to take personal responsibility and won’t have someone to walk then through each stage.  However, as I’ve already said young people are still learning: they’re not adults and they shouldn’t be expected to be able to function as adults.  They need support because it’s all alien to them.  We’re training them to be decent human beings.

I believe that as a society we need to have an unfailing, positive belief in our young people.  We need to believe that they have potential and that they can reach that potential.  We need to help them reach that potential and we need to be willing to invest in them: they are the future of this country after all.  Constantly running them down in the national and local press isn’t going to help them one bit.  We need to be building them up.  We need to celebrate with them when they succeed and comfort them through their failures.

Costs in the FTT: Snee v Information Commissioner & Leeds City Council

Under the Freedom of Information Act 2000 a decision by the Information Commissioner is capable of being appealed to the First Tier Tribunal (Information Rights) by either the public authority involved or the Complainant.  There is no cost in brining an appeal and parties are generally responsible for paying any legal costs that they incur (public authorities will often be represented as will the Commissioner; sometimes by Counsel).  Under The Tribunal Procedure (First-tier Tribunal) (General Regulatory Chamber) Rules 2009 the Tribunal has, on the application of a party, the power to award costs.  It can do so where the appellant has acted unreasonably in brining or pursuing the appeal.

Earlier this month the First Tier Tribunal issued a decision, Mark Snee v the Information Commissioner and Leeds City Council, in respect of an application for costs against an Appellant by Leeds City Council.  The Council were seeking their £20,000 costs in full, having  applied to be joined to the appeal and having been represented by Queens Counsel.  The Appellant in the case, Mr Snee, was represented by Counsel.  The Tribunal’s decision contains some useful information with regards to heir approach to such applications.

Mr Snee’s requests had been refused by the Council on the grounds that they were vexatious (section 14(1) of the Freedom of Information Act 2000).  The Commissioner and the Tribunal agreed that they were vexatious, and it was at that stage the City Council applied under Rule 10(1)(b) of the Tribunal Rules for costs.

One of the Council’s arguments, which was not accepted by the Tribunal, would have had a fundamental effect upon an individual’s right to appeal to the Tribunal.  It was argued that, because Mr Snee’s requests were vexatious he had acted unreasonably in bringing the case to the Tribunal.  The Tribunal did not agree.  It pointed out that the Commissioner had the opportunity to refuse to issue a decision notice where he found the complaint to be frivolous or vexatious, and the Tribunal had the power to Strike out an appeal upon the application of a party where it has no hope of succeeding.  The Tribunal stated that it was right to remember these protections against vexatious or hopeless appeals.  Automatically making appeals against a decision that requests are vexatious subject to the costs provisions where the appeal fails would have a significant impact upon the appeal rights of an individual.  The Tribunal considered that “it must be possible, depending on the circumstances, for the maker of a request regarded by everyone else as vexatious, to defend his or her position on that point without automatically being treated under the costs Rules as behaving unreasonably.”  In other words, it must be possible for an individual who makes a request which is considered to be vexatious to defend their position in the Tribunal.

In the Tribunal individuals who are appealing against the Commissioner’s decision in respect of their FOI request will often not have the benefit of legal advice.  Thus, what might appear to a fully trained lawyer to be “futile or wrongheaded”, the Tribunal considered that “it would be wrong to assume that the challenge is inevitably an unreasonable one for the citizen to bring.”  The comments had a much more general application than that and equally well apply to a range of other Tribunals within the First Tier Tribunal structure where Legal Aid is not available, or is available only in very limited circumstances.

It seems, from this decision, that the chances of an appellant facing a costs order for an Appeal against a decision of the Information Commissioner are unlikely; although it remains a possibility that costs will be awarded in exceptional circumstances; quite what those circumstances will be remains to be seen.  It seems more likely that an unreasonable appeal will be struck out during the early case management stages than for it to progress to a full hearing, thus preventing the generation of significant costs for all involved.

Happy New Year

It’s now the 1st of January in the UK and I would like to wish you a very Happy New Year!

Those who have visited this site will notice the new look for 2014.  Later this month I will have been putting out my thoughts and opinions onto the internet via this blog (in its various guises) for six years.  I’m sure that 2014 will bring with it interesting and topical issues around Law, FOI and Data Protection which will continue to vex or interest me sufficiently to put together some thoughts and opinions for publication here; I hope that you will come back and read them!

All the best to you and your family for 2014.