Privacy Issues
Cases
Lindqvist
[2004] 2 WLR 1385, [2004] 1 CMLR 20, [2004] All ER (EC) 561
“……Those questions were raised in criminal proceedings before that court against Mrs Lindqvist, who was charged with breach of the Swedish legislation on the protection of personal data for publishing on her internet site personal data on a number of people working with her on a voluntary basis in a parish of the Swedish Protestant Church.
……
The main proceedings and the questions referred
In addition to her job as a maintenance worker, Mrs Lindqvist worked as a catechist in the parish of Alseda (Sweden). She followed a data processing course on which she had inter alia to set up a home page on the internet. At the end of 1998, Mrs Lindqvist set up internet pages at home on her personal computer in order to allow parishioners preparing for their confirmation to obtain information they might need. At her request, the administrator of the Swedish Church’s website set up a link between those pages and that site.
The pages in question contained information about Mrs Lindqvist and 18 colleagues in the parish, sometimes including their full names and in other cases only their first names. Mrs Lindqvistalso described, in a mildly humorous manner, the jobs held by her colleagues and their hobbies. In many cases family circumstances and telephone numbers and other matters were mentioned. She also stated that one colleague had injured her foot and was on half-time on medical grounds.
Mrs Lindqvist had not informed her colleagues of the existence of those pages or obtained their consent, nor did she notify the Datainspektionen (supervisory authority for the protection of electronically transmitted data) of her activity. She removed the pages in question as soon as she became aware that they were not appreciated by some of her colleagues.
The public prosecutor brought a prosecution against Mrs Lindqvist charging her with breach of the PUL on the grounds that she had:
– processed personal data by automatic means without giving prior written notification to the Datainspektionen (Paragraph 36 of the PUL);
– processed sensitive personal data (injured foot and half-time on medical grounds) without authorisation (Paragraph 13 of the PUL);
– transferred processed personal data to a third country without authorisation (Paragraph 33 of the PUL).
Mrs Lindqvist accepted the facts but disputed that she was guilty of an offence. Mrs Lindqvist was fined by the Eksjö tingsrätt (District Court) (Sweden) and appealed against that sentence to the referring court.
The amount of the fine was SEK 4 000, which was arrived at by multiplying the sum of SEK 100, representing Mrs Lindqvist’s financial position, by a factor of 40, reflecting the severity of the offence. Mrs Lindqvist was also sentenced to pay SEK 300 to a Swedish fund to assist victims of crimes.
As it had doubts as to the interpretation of the Community law applicable in this area, inter alia Directive 95/46, the Göta hovrätt decided to stay proceedings and refer the following questions to the Court for a preliminary ruling:
(1) Is the mention of a person – by name or with name and telephone number – on an internet home page an action which falls within the scope of [Directive 95/46]? Does it constitute the processing of personal data wholly or partly by automatic means to list on a self-made internet home page a number of persons with comments and statements about their jobs and hobbies etc.?
(2) If the answer to the first question is no, can the act of setting up on an internet home page separate pages for about 15 people with links between the pages which make it possible to search by first name be considered to constitute the processing otherwise than by automatic means of personal data which form part of a filing system or are intended to form part of a filing system within the meaning of Article 3(1)?
If the answer to either of those questions is yes, the hovrätt also asks the following questions:
(3) Can the act of loading information of the type described about work colleagues onto a private home page which is none the less accessible to anyone who knows its address be regarded as outside the scope of [Directive 95/46] on the ground that it is covered by one of the exceptions in Article 3(2)?
(4) Is information on a home page stating that a named colleague has injured her foot and is on half-time on medical grounds personal data concerning health which, according to Article 8(1), may not be processed?
(5) [Directive 95/46] prohibits the transfer of personal data to third countries in certain cases. If a person in Sweden uses a computer to load personal data onto a home page stored on a server in Sweden – with the result that personal data become accessible to people in third countries – does that constitute a transfer of data to a third country within the meaning of the directive? Would the answer be the same even if, as far as known, no one from the third country had in fact accessed the data or if the server in question was actually physically in a third country?
(6) Can the provisions of [Directive 95/46], in a case such as the above, be regarded as bringing about a restriction which conflicts with the general principles of freedom of expression or other freedoms and rights, which are applicable within the EU and are enshrined in inter alia Article 10 of the European Convention on the Protection of Human Rights and Fundamental Freedoms?
Finally, the hovrätt asks the following question:
(7) Can a Member State, as regards the issues raised in the above questions, provide more extensive protection for personal data or give it a wider scope than the directive, even if none of the circumstances described in Article 13 exists?
The first question
By its first question, the referring court asks whether the act of referring, on an internet page, to various persons and identifying them by name or by other means, for instance by giving their telephone number or information regarding their working conditions and hobbies, constitutes the processing of personal data wholly or partly by automatic means within the meaning of Article 3(1) of Directive 95/46.
Observations submitted to the Court
Mrs Lindqvist submits that it is unreasonable to take the view that the mere mention by name of a person or of personal data in a document contained on an internet page constitutes automatic processing of data. On the other hand, reference to such data in a keyword in the meta tags of an internet page, which makes it possible to create an index and find that page using a search engine, might constitute such processing.
The Swedish Government submits that the term the processing of personal data wholly or partly by automatic means in Article 3(1) of Directive 95/46, covers all processing in computer format, in other words, in binary format. Consequently, as soon as personal data are processed by computer, whether using a word processing programme or in order to put them on an internet page, they have been the subject of processing within the meaning of Directive 95/46.
The Netherlands Government submits that personal data are loaded onto an internet page using a computer and a server, which are essential elements of automation, so that it must be considered that such data are subject to automatic processing.
The Commission submits that Directive 95/46 applies to all processing of personal data referred to in Article 3 thereof, regardless of the technical means used. Accordingly, making personal data available on the internet constitutes processing wholly or partly by automatic means, provided that there are no technical limitations which restrict the processing to a purely manual operation. Thus, by its very nature, an internet page falls within the scope of Directive 95/46.
Reply of the Court
The term personal data used in Article 3(1) of Directive 95/46 covers, according to the definition in Article 2(a) thereof, any information relating to an identified or identifiable natural person. The term undoubtedly covers the name of a person in conjunction with his telephone coordinates or information about his working conditions or hobbies.
According to the definition in Article 2(b) of Directive 95/46, the term processing of such data used in Article 3(1) covers any operation or set of operations which is performed upon personal data, whether or not by automatic means. That provision gives several examples of such operations, including disclosure by transmission, dissemination or otherwise making data available. It follows that the operation of loading personal data on an internet page must be considered to be such processing.
It remains to be determined whether such processing is wholly or partly by automatic means. In that connection, placing information on an internet page entails, under current technical and computer procedures, the operation of loading that page onto a server and the operations necessary to make that page accessible to people who are connected to the internet. Such operations are performed, at least in part, automatically.
The answer to the first question must therefore be that the act of referring, on an internet page, to various persons and identifying them by name or by other means, for instance by giving their telephone number or information regarding their working conditions and hobbies, constitutes the processing of personal data wholly or partly by automatic means within the meaning of Article 3(1) of Directive 95/46.
The second question
As the first question has been answered in the affirmative, there is no need to reply to the second question, which arises only in the event that the first question is answered in the negative.
The third question
By its third question, the national court essentially seeks to know whether processing of personal data such as that described in the first question is covered by one of the exceptions in Article 3(2) of Directive 95/46.
Observations submitted to the Court
Mrs Lindqvist submits that private individuals who make use of their freedom of expression to create internet pages in the course of a non-profit-making or leisure activity are not carrying out an economic activity and are thus not subject to Community law. If the Court were to hold otherwise, the question of the validity of Directive 95/46 would arise, as, in adopting it, the Community legislature would have exceeded the powers conferred on it by Article 100a of the EC Treaty (now, after amendment, Article 95 EC). The approximation of laws, which concerns the establishment and functioning of the common market, cannot serve as a legal basis for Community measures regulating the right of private individuals to freedom of expression on the internet.
The Swedish Government submits that, when Directive 95/46 was implemented in national law, the Swedish legislature took the view that processing of personal data by a natural person which consisted in publishing those data to an indeterminate number of people, for example through the internet, could not be described as a purely personal or household activity within the meaning of the second indent of Article 3(2) of Directive 95/46. However, that Government does not rule out that the exception provided for in the first indent of that paragraph might cover cases in which a natural person publishes personal data on an internet page solely in the exercise of his freedom of expression and without any connection with a professional or commercial activity.
According to the Netherlands Government, automatic processing of data such as that at issue in the main proceedings does not fall within any of the exceptions in Article 3(2) of Directive 95/46. As regards the exception in the second indent of that paragraph in particular, it observes that the creator of an internet page brings the data placed on it to the knowledge of a generally indeterminate group of people.
The Commission submits that an internet page such as that at issue in the main proceedings cannot be considered to fall outside the scope of Directive 95/46 by virtue of Article 3(2) thereof, but constitutes, given the purpose of the internet page at issue in the main proceedings, an artistic and literary creation within the meaning of Article 9 of that Directive.
It takes the view that the first indent of Article 3(2) of Directive 95/46 lends itself to two different interpretations. The first consists in limiting the scope of that provision to the areas cited as examples, in other words, to activities which essentially fall within what are generally called the second and third pillars. The other interpretation consists in excluding from the scope of Directive 95/46 the exercise of any activity which is not covered by Community law.
The Commission argues that Community law is not limited to economic activities connected with the four fundamental freedoms. Referring to the legal basis of Directive 95/46, to its objective, to Article 6 EU, to the Charter of fundamental rights of the European Union proclaimed in Nice on 18 December 2000 (OJ 2000 C 364, p. 1), and to the Council of Europe Convention of 28 January 1981 for the protection of individuals with regard to automatic processing of personal data, it concludes that that directive is intended to regulate the free movement of personal data in the exercise not only of an economic activity, but also of social activity in the course of the integration and functioning of the common market.
It adds that to exclude generally from the scope of Directive 95/46 internet pages which contain no element of commerce or of provision of services might entail serious problems of demarcation. A large number of internet pages containing personal data intended to disparage certain persons with a particular end in view might then be excluded from the scope of that directive.
Reply of the Court
Article 3(2) of Directive 95/46 provides for two exceptions to its scope.
The first exception concerns the processing of personal data in the course of an activity which falls outside the scope of Community law, such as those provided for by Titles V and VI of the Treaty on European Union, and in any case processing operations concerning public security, defence, State security (including the economic well-being of the State when the processing operation relates to State security matters) and the activities of the State in areas of criminal law.
As the activities of Mrs Lindqvist which are at issue in the main proceedings are essentially not economic but charitable and religious, it is necessary to consider whether they constitute the processing of personal data in the course of an activity which falls outside the scope of Community law within the meaning of the first indent of Article 3(2) of Directive 95/46.
The Court has held, on the subject of Directive 95/46, which is based on Article 100a of the Treaty, that recourse to that legal basis does not presuppose the existence of an actual link with free movement between Member States in every situation referred to by the measure founded on that basis (see Joined Cases C-465/00, C-138/01 and C-139/01 Österreichischer Rundfunk and Others [2003] ECR I-0000, paragraph 41, and the case-law cited therein).
A contrary interpretation could make the limits of the field of application of the directive particularly unsure and uncertain, which would be contrary to its essential objective of approximating the laws, regulations and administrative provisions of the Member States in order to eliminate obstacles to the functioning of the internal market deriving precisely from disparities between national legislations (Österreichischer Rundfunk and Others, cited above, paragraph 42).
Against that background, it would not be appropriate to interpret the expression activity which falls outside the scope of Community law as having a scope which would require it to be determined in each individual case whether the specific activity at issue directly affected freedom of movement between Member States.
The activities mentioned by way of example in the first indent of Article 3(2) of Directive 95/46 (in other words, the activities provided for by Titles V and VI of the Treaty on European Union and processing operations concerning public security, defence, State security and activities in areas of criminal law) are, in any event, activities of the State or of State authorities and unrelated to the fields of activity of individuals.
It must therefore be considered that the activities mentioned by way of example in the first indent of Article 3(2) of Directive 95/46 are intended to define the scope of the exception provided for there, with the result that that exception applies only to the activities which are expressly listed there or which can be classified in the same category (ejusdem generis).
Charitable or religious activities such as those carried out by Mrs Lindqvist cannot be considered equivalent to the activities listed in the first indent of Article 3(2) of Directive 95/46 and are thus not covered by that exception.
As regards the exception provided for in the second indent of Article 3(2) of Directive 95/46, the 12th recital in the preamble to that directive, which concerns that exception, cites, as examples of the processing of data carried out by a natural person in the exercise of activities which are exclusively personal or domestic, correspondence and the holding of records of addresses.
That exception must therefore be interpreted as relating only to activities which are carried out in the course of private or family life of individuals, which is clearly not the case with the processing of personal data consisting in publication on the internet so that those data are made accessible to an indefinite number of people.
The answer to the third question must therefore be that processing of personal data such as that described in the reply to the first question is not covered by any of the exceptions in Article 3(2) of Directive 95/46.
The fourth question
By its fourth question, the referring court seeks to know whether reference to the fact that an individual has injured her foot and is on half-time on medical grounds constitutes personal data concerning health within the meaning of Article 8(1) of Directive 95/46.
In the light of the purpose of the directive, the expression data concerning health used in Article 8(1) thereof must be given a wide interpretation so as to include information concerning all aspects, both physical and mental, of the health of an individual.
The answer to the fourth question must therefore be that reference to the fact that an individual has injured her foot and is on half-time on medical grounds constitutes personal data concerning health within the meaning of Article 8(1) of Directive 95/46.
The fifth question
By its fifth question the referring court seeks essentially to know whether there is any transfer [of data] to a third country within the meaning of Article 25 of Directive 95/46 where an individual in a Member State loads personal data onto an internet page which is stored on an internet site on which the page can be consulted and which is hosted by a natural or legal person (the hosting provider) who is established in that State or in another Member State, thereby making those data accessible to anyone who connects to the internet, including people in a third country. The referring court also asks whether the reply to that question would be the same if no one from the third country had in fact accessed the data or if the server where the page was stored was physically in a third country.
Observations submitted to the Court
The Commission and the Swedish Government consider that the loading, using a computer, of personal data onto an internet page, so that they become accessible to nationals of third countries, constitutes a transfer of data to third countries within the meaning of Directive 95/46. The answer would be the same if no one from the third country had in fact accessed the data or if the server where it was stored was physically in a third country.
The Netherlands Government points out that the term transfer is not defined by Directive 95/46. It takes the view, first, that that term must be understood to refer to the act of intentionally transferring personal data from the territory of a Member State to a third country and, second, that no distinction can be made between the different ways in which data are made accessible to third parties. It concludes that loading personal data onto an internet page using a computer cannot be considered to be a transfer of personal data to a third country within the meaning of Article 25 of Directive 95/46.
The United Kingdom Government submits that Article 25 of Directive 95/46 concerns the transfer of data to third countries and not their accessibility from third countries. The term transfer connotes the transmission of personal data from one place and person to another place and person. It is only in the event of such a transfer that Article 25 of Directive 95/46 requires Member States to ensure an adequate level of protection of personal data in a third country.
Reply of the Court
Directive 95/46 does not define the expression transfer to a third country in Article 25 or any other provision, including Article 2.
In order to determine whether loading personal data onto an internet page constitutes a transfer of those data to a third country within the meaning of Article 25 of Directive 95/46 merely because it makes them accessible to people in a third country, it is necessary to take account both of the technical nature of the operations thus carried out and of the purpose and structure of Chapter IV of that directive where Article 25 appears.
Information on the internet can be consulted by an indefinite number of people living in many places at almost any time. The ubiquitous nature of that information is a result inter alia of the fact that the technical means used in connection with the internet are relatively simple and becoming less and less expensive.
Under the procedures for use of the internet available to individuals like Mrs Lindqvist during the 1990s, the author of a page intended for publication on the internet transmits the data making up that page to his hosting provider. That provider manages the computer infrastructure needed to store those data and connect the server hosting the site to the internet. That allows the subsequent transmission of those data to anyone who connects to the internet and seeks access to it. The computers which constitute that infrastructure may be located, and indeed often are located, in one or more countries other than that where the hosting provider is established, without its clients being aware or being in a position to be aware of it.
It appears from the court file that, in order to obtain the information appearing on the internet pages on which Mrs Lindqvist had included information about her colleagues, an internet user would not only have to connect to the internet but also personally carry out the necessary actions to consult those pages. In other words, Mrs Lindqvist’s internet pages did not contain the technical means to send that information automatically to people who did not intentionally seek access to those pages.
It follows that, in circumstances such as those in the case in the main proceedings, personal data which appear on the computer of a person in a third country, coming from a person who has loaded them onto an internet site, were not directly transferred between those two people but through the computer infrastructure of the hosting provider where the page is stored.
It is in that light that it must be examined whether the Community legislature intended, for the purposes of the application of Chapter IV of Directive 95/46, to include within the expression transfer [of data] to a third country within the meaning of Article 25 of that directive activities such as those carried out by Mrs Lindqvist. It must be stressed that the fifth question asked by the referring court concerns only those activities and not those carried out by the hosting providers.
Chapter IV of Directive 95/46, in which Article 25 appears, sets up a special regime, with specific rules, intended to allow the Member States to monitor transfers of personal data to third countries. That Chapter sets up a complementary regime to the general regime set up by Chapter II of that directive concerning the lawfulness of processing of personal data.
The objective of Chapter IV is defined in the 56th to 60th recitals in the preamble to Directive 95/46, which state inter alia that, although the protection of individuals guaranteed in the Community by that Directive does not stand in the way of transfers of personal data to third countries which ensure an adequate level of protection, the adequacy of such protection must be assessed in the light of all the circumstances surrounding the transfer operation or set of transfer operations. Where a third country does not ensure an adequate level of protection the transfer of personal data to that country must be prohibited.
For its part, Article 25 of Directive 95/46 imposes a series of obligations on Member States and on the Commission for the purposes of monitoring transfers of personal data to third countries in the light of the level of protection afforded to such data in each of those countries.
In particular, Article 25(4) of Directive 95/46 provides that, where the Commission finds that a third country does not ensure an adequate level of protection, Member States are to take the measures necessary to prevent any transfer of personal data to the third country in question.
Chapter IV of Directive 95/46 contains no provision concerning use of the internet. In particular, it does not lay down criteria for deciding whether operations carried out by hosting providers should be deemed to occur in the place of establishment of the service or at its business address or in the place where the computer or computers constituting the service’s infrastructure are located.
Given, first, the state of development of the internet at the time Directive 95/46 was drawn up and, second, the absence, in Chapter IV, of criteria applicable to use of the internet, one cannot presume that the Community legislature intended the expression transfer [of data] to a third country to cover the loading, by an individual in Mrs Lindqvist’s position, of data onto an internet page, even if those data are thereby made accessible to persons in third countries with the technical means to access them.
If Article 25 of Directive 95/46 were interpreted to mean that there is transfer [of data] to a third country every time that personal data are loaded onto an internet page, that transfer would necessarily be a transfer to all the third countries where there are the technical means needed to access the internet. The special regime provided for by Chapter IV of the directive would thus necessarily become a regime of general application, as regards operations on the internet. Thus, if the Commission found, pursuant to Article 25(4) of Directive 95/46, that even one third country did not ensure adequate protection, the Member States would be obliged to prevent any personal data being placed on the internet.
Accordingly, it must be concluded that Article 25 of Directive 95/46 is to be interpreted as meaning that operations such as those carried out by Mrs Lindqvist do not as such constitute a transfer [of data] to a third country. It is thus unnecessary to investigate whether an individual from a third country has accessed the internet page concerned or whether the server of that hosting service is physically in a third country.
The reply to the fifth question must therefore be that there is no transfer [of data] to a third country within the meaning of Article 25 of Directive 95/46 where an individual in a Member State loads personal data onto an internet page which is stored with his hosting provider which is established in that State or in another Member State, thereby making those data accessible to anyone who connects to the internet, including people in a third country.
The sixth question
By its sixth question the referring court seeks to know whether the provisions of Directive 95/46, in a case such as that in the main proceedings, bring about a restriction which conflicts with the general principles of freedom of expression or other freedoms and rights, which are applicable within the European Union and are enshrined in inter alia Article 10 of the ECHR.
Observations submitted to the Court
Citing inter alia Case C-274/99 P Connolly v Commission [2001] ECR I-1611, Mrs Lindqvist submits that Directive 95/46 and the PUL, in so far as they lay down requirements of prior consent and prior notification of a supervisory authority and a principle of prohibiting processing of personal data of a sensitive nature, are contrary to the general principle of freedom of expression enshrined in Community law. More particularly, she argues that the definition of processing of personal data wholly or partly by automatic means does not fulfil the criteria of predictability and accuracy.
She argues further that merely mentioning a natural person by name, revealing their telephone details and working conditions and giving information about their state of health and hobbies, information which is in the public domain, well-known or trivial, does not constitute a significant breach of the right to respect for private life. Mrs Lindqvist considers that, in any event, the constraints imposed by Directive 95/46 are disproportionate to the objective of protecting the reputation and private life of others.
The Swedish Government considers that Directive 95/46 allows the interests at stake to be weighed against each other and freedom of expression and protection of private life to be thereby safeguarded. It adds that only the national court can assess, in the light of the facts of each individual case, whether the restriction on the exercise of the right to freedom of expression entailed by the application of the rules on the protection of the rights of others is proportionate.
The Netherlands Government points out that both freedom of expression and the right to respect for private life are among the general principles of law for which the Court ensures respect and that the ECHR does not establish any hierarchy between the various fundamental rights. It therefore considers that the national court must endeavour to balance the various fundamental rights at issue by taking account of the circumstances of the individual case.
The United Kingdom Government points out that its proposed reply to the fifth question, set out in paragraph 55 of this judgment, is wholly in accordance with fundamental rights and avoids any disproportionate restriction on freedom of expression. It adds that it is difficult to justify an interpretation which would mean that the publication of personal data in a particular form, that is to say, on an internet page, is subject to far greater restrictions than those applicable to publication in other forms, such as on paper.
The Commission also submits that Directive 95/46 does not entail any restriction contrary to the general principle of freedom of expression or other rights and freedoms applicable in the European Union corresponding inter alia to the right provided for in Article 10 of the ECHR.
Reply of the Court
According to the seventh recital in the preamble to Directive 95/46, the establishment and functioning of the common market are liable to be seriously affected by differences in national rules applicable to the processing of personal data. According to the third recital of that directive the harmonisation of those national rules must seek to ensure not only the free flow of such data between Member States but also the safeguarding of the fundamental rights of individuals. Those objectives may of course be inconsistent with one another.
On the one hand, the economic and social integration resulting from the establishment and functioning of the internal market will necessarily lead to a substantial increase in cross-border flows of personal data between all those involved in a private or public capacity in economic and social activity in the Member States, whether businesses or public authorities of the Member States. Those so involved will, to a certain extent, need to have access to personal data to perform their transactions or carry out their tasks within the area without internal frontiers which the internal market constitutes.
On the other hand, those affected by the processing of personal data understandably require those data to be effectively protected.
The mechanisms allowing those different rights and interests to be balanced are contained, first, in Directive 95/46 itself, in that it provides for rules which determine in what circumstances and to what extent the processing of personal data is lawful and what safeguards must be provided for. Second, they result from the adoption, by the Member States, of national provisions implementing that directive and their application by the national authorities.
As regards Directive 95/46 itself, its provisions are necessarily relatively general since it has to be applied to a large number of very different situations. Contrary to Mrs Lindqvist’s contentions, the directive quite properly includes rules with a degree of flexibility and, in many instances, leaves to the Member States the task of deciding the details or choosing between options.
It is true that, in many respects, the Member States have a margin for manoeuvre in implementing Directive 95/46. However, there is nothing to suggest that the regime it provides for lacks predictability or that its provisions are, as such, contrary to the general principles of Community law and, in particular, to the fundamental rights protected by the Community legal order.
Thus, it is, rather, at the stage of the application at national level of the legislation implementing Directive 95/46 in individual cases that a balance must be found between the rights and interests involved.
In that context, fundamental rights have a particular importance, as demonstrated by the case in the main proceedings, in which, in essence, Mrs Lindqvist’s freedom of expression in her work preparing people for Communion and her freedom to carry out activities contributing to religious life have to be weighed against the protection of the private life of the individuals about whom Mrs Lindqvist has placed data on her internet site.
Consequently, it is for the authorities and courts of the Member States not only to interpret their national law in a manner consistent with Directive 95/46 but also to make sure they do not rely on an interpretation of it which would be in conflict with the fundamental rights protected by the Community legal order or with the other general principles of Community law, such as inter alia the principle of proportionality.
Whilst it is true that the protection of private life requires the application of effective sanctions against people processing personal data in ways inconsistent with Directive 95/46, such sanctions must always respect the principle of proportionality. That is so a fortiori since the scope of Directive 95/46 is very wide and the obligations of those who process personal data are many and significant.
It is for the referring court to take account, in accordance with the principle of proportionality, of all the circumstances of the case before it, in particular the duration of the breach of the rules implementing Directive 95/46 and the importance, for the persons concerned, of the protection of the data disclosed.
The answer to the sixth question must therefore be that the provisions of Directive 95/46 do not, in themselves, bring about a restriction which conflicts with the general principles of freedom of expression or other freedoms and rights, which are applicable within the European Union and are enshrined inter alia in Article 10 of the ECHR. It is for the national authorities and courts responsible for applying the national legislation implementing Directive 95/46 to ensure a fair balance between the rights and interests in question, including the fundamental rights protected by the Community legal order.
……
On those grounds,
THE COURT,
in answer to the questions referred to it by the Göta hovrätt by order of 23 February 2001, hereby rules:
1. The act of referring, on an internet page, to various persons and identifying them by name or by other means, for instance by giving their telephone number or information regarding their working conditions and hobbies, constitutes the processing of personal data wholly or partly by automatic means within the meaning of Article 3(1) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
2. Such processing of personal data is not covered by any of the exceptions in Article 3(2) of Directive 95/46.
3. Reference to the fact that an individual has injured her foot and is on half-time on medical grounds constitutes personal data concerning health within the meaning of Article 8(1) of Directive 95/46.
4. There is no transfer [of data] to a third country within the meaning of Article 25 of Directive 95/46 where an individual in a Member State loads personal data onto an internet page which is stored on an internet site on which the page can be consulted and which is hosted by a natural or legal person who is established in that State or in another Member State, thereby making those data accessible to anyone who connects to the internet, including people in a third country.
5. The provisions of Directive 95/46 do not, in themselves, bring about a restriction which conflicts with the general principles of freedom of expression or other freedoms and rights, which are applicable within the European Union and are enshrined inter alia in Article 10 of the European Convention for the Protection of Human Rights and Fundamental Freedoms signed at Rome on 4 November 1950. It is for the national authorities and courts responsible for applying the national legislation implementing Directive 95/46 to ensure a fair balance between the rights and interests in question, including the fundamental rights protected by the Community legal order.
6. Measures taken by the Member States to ensure the protection of personal data must be consistent both with the provisions of Directive 95/46 and with its objective of maintaining a balance between freedom of movement of personal data and the protection of private life. However, nothing prevents a Member State from extending the scope of the national legislation implementing the provisions of Directive 95/46 to areas not included in the scope thereof provided that no other provision of Community law precludes it.”
Durant v Financial Services Authority
[2003] EWCA Civ 1746
Auld LJ
“Mr. Michael John Durant, the claimant and appellant, seeks disclosure of information that he claims to be personal data relating to him held by the Financial Services Authority (“the FSA”) under section 7 of the Data Protection Act 1998 (“the 1998 Act”). The FSA has provided him with some information in response to his requests for it, but he seeks further disclosure. The outcome of the appeal turns in part on the proper interpretation of certain provisions of the Act governing an individual’s right to disclosure of his personal data held by others within the provisions of the Act and in part on the propriety of the Judge’s findings of fact in the light of that interpretation.
…..
In interpreting the Act it is appropriate to look to the Directive for assistance. The Act should, if possible, be interpreted in a manner that is consistent with the Directive. Furthermore, because the Act has, in large measure, adopted the wording of the Directive, it is not appropriate to look for the precision in the use of language that is usually to be expected from the parliamentary draftsman. A purposive approach to making sense of the provisions is called for.”
The primary objective of the 1995 Directive is to protect individuals’ fundamental rights, notably the right to privacy and accuracy of their personal data held by others (“data controllers”) in computerised form or similarly organised manual filing systems (Recitals (1), (2), (3), (10) and (25)), whilst at the same time facilitating the free movement of such data between Member States of the European Union. There is inevitably a tension between those two primary objectives at an inter-state level, as Lord Hoffmann observed in R v. Brown [1996] AC 543, HL, at 557A-C. That tension is not so evident in the domestic setting for which the Act provides, in particular, in the right of access to personal data. However, the Act contains its own tension in the obligation that it also imposes on data controllers to respect the right of privacy of others whose names may figure in the personal data of an individual seeking access to it.
The starting point in this legislative trail (see Recital (11) to the 1995 Directive) is the Convention For The Protection Of Individuals With Regard To Automatic Processing Of Personal Data (1981) (Cmnd. 8341) (“the 1981 Convention”), about which Lord Hoffmann was talking in Brown. As its title indicates, it was concerned only with computerised data, and the Data Protection Act 1984 (“the 1984 Act”) to which it gave rise was similarly confined. The 1995 Directive, however, extended the scheme of protection to personal data held in manual files if they were of a similar level of sophistication to that provided by computerised records (Recital (15) Article 2(c)). Article 12, headed “Right of Access”, provides:
“Member States shall guarantee every data subject the right to obtain from the controller:
(a) without constraint at reasonable intervals and without excessive delay or expense:
confirmation as to whether or not data relating to him are being processed and information at least as to the purposes of the processing, the categories of data concerned, and the recipients or categories of recipients to whom the data are disclosed,
communication to him in an intelligible form of the data undergoing processing and of any available information as to their source,
knowledge of the logic involved in any automatic processing of data concerning him at least in the case of … automated decisions …
(b) as appropriate the rectification, erasure or blocking of data the processing of which does not comply with the provisions of this Directive, in particular because of the incomplete or inaccurate nature of the data;
(c) notification to third parties to whom the data have been disclosed of any rectification, erasure or blocking carried out in compliance with (b), unless this proves impossible or involves a disproportionate effort”.
The purpose of the 1998 Act was to provide for the regulation of the processing, including the obtaining, holding, use and disclosure by “data controllers” of “personal data” held or to be held electronically or, if held in manual files, as part of “a relevant filing system”, all as defined in section 1(1) of the Act.
Section 7(4)-(6) of the 1998 Act provides an individual with a right of access to “personal data”, entitling him to know whether a data controller is processing any of his personal data and, if so, to be told what it is, its source, why it is being processed and to whom the data are or may be disclosed. He is not entitled to information about his personal data which necessarily, that is, notwithstanding possible redaction, involves disclosure of information relating to another individual, either as a subject or the source of the information, without that other’s consent or unless it would be reasonable in all the circumstances for him to have it without that consent.
The core of a data subject’s entitlement to access to his personal data is to be found in sections 7(1) and 8(2), which, so far as material and subject to other provisions of section 7 to which I shall return, provide:
“(1) …an individual is entitled –
(a) to be informed by any data controller whether personal data of which that individual is the data subject are being processed by or on behalf of that data controller,
(b) if that is the case, to be given by the data controller a description of –
(i) the personal data of which that individual is the data subject,
(ii) the purposes for which they are being or are to be processed, and
(iii) the recipients or classes of recipients to whom they are or may be disclosed,
(c) to have communicated to him in an intelligible form –
(i) the information constituting any personal data of which that individual is the data subject, and (ii) any information available to the data controller as to the source of those data, and
(d) where the processing by automatic means of personal data of which that individual is the data subject for the purpose of evaluating matters relating to him such as, for example, his performance at work, his creditworthiness, his reliability or his conduct, has constituted or is likely to constitute the sole basis for any decision significantly affecting him, to be informed by the data controller of the logic involved in that decision-taking.”.
“8(2) The obligation imposed by section 7(1)(c)(i) must be complied with by supplying the data subject with a copy of the information in permanent form unless-
(a) the supply of such a copy is not possible or would involve disproportionate effort, or
(b) the data subject agrees otherwise;
and where any of the information referred to in section 7(1)(c) (i) is expressed in terms which are not intelligible without explanation the copy must be accompanied by an explanation of those terms.”
………………….
The issues
The appeal raises four important issues of law concerning the right of access to personal data provided by sections 7 and 8 of the 1998 Act:
1) The personal data issue – What makes “data”, whether held in computerised or manual files, “personal” within the meaning of the term “personal data” in section 1(1) of the 1998 Act so as to entitle a person identified by it to its disclosure under section 7(1) of the Act – more particularly in this context, to what, if any, extent, is information relating to the FSA’s investigation of Mr. Durant’scomplaint about Barclay’s Bank within that definition?
2) The relevant filing system issue – What is meant by a “relevant filing system” in the definition of “data” in section 1(1) of the 1998 Act, so as to render personal information recorded in a manual filing system “personal data” disclosable to its subject under section 7(1) – more particularly here, was the FSA’s manual filing such a system so as to require it to disclose to Mr. Durant from those files information that would, if it were in computerised form, constitute “personal data” within section 1(1)?
3) The redaction issue – Upon what basis should a data controller, when responding to a person’s request for disclosure of his personal data under section 7(1), consider it “reasonable in all the circumstances”, within the meaning of that term in section 7(4)(b), to comply with the request even though the personal data includes information about another and that other has not consented to such disclosure?
4) The discretion issue – By what principles should a court be guided in exercising its discretion under section 7(9) of the Act to order a data controller who has wrongly refused a request for information under section 7(1), to comply with the request?
“personal data”
The first question for a data controller when considering a person’s request for information under section 7 of the 1998 Act is whether the information sought is capable of being that person’s “personal data” within the definition of that term in section 1(1), regardless of whether it is held in computerised or manual form. If and to the extent that it is not, it is not disclosable under section 7(1) and the other issues in the appeal fall away. This issue in its simplest form in the context of this case is whether information – any information – relating to the investigation by the FSA of Mr. Durant’scomplaint about Barclays Bank is his “personal data” for this purpose, an issue in its own right to which neither the parties nor the Judge gave much attention below.
The starting point is again the 1981 Convention, Article 2.a of which defined “personal data” quite shortly as “any information relating to an identified or identifiable individual (‘data subject’)”. An Explanatory Report on the Convention issued by the Council of Europe in 1981, in para. 29, stated that the notion of “data subject” in that definition expressed “the idea that a person has a subjective right with regard to information about himself, even where this is gathered by others”. That notion was reflected and developed in the 1995 Directive, Article 2(a) of which defines “personal data” as
“… any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;”
Section 1(1) of the 1998 Act, in its turn, further developed the notion, albeit in an inclusive form. It states:
“‘personal data’ means data which relate to a living individual who can be identified –
(a) from those data, or
(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,
and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual;”
The submissions
There is no issue as to the identification of Mr. Durant for the purposes of paragraphs (a) and (b) in the definition in section 1(1) and of the criterion for entitlement to access in section 7(1)(b)(i), “the personal data of which that individual is the data subject” (see para. 8 above). The question is the meaning of the words “relate to” in the opening words of the definition, in particular to what extent, if any, the information should have the data subject as its focus, or main focus. Miss Houghton, on behalf of Mr. Durant, pitched Mr. Durant’s entitlement to information under section 7 in very broad terms, relying on what she described as the extremely wide and inclusive definition of “personal data” in section 1(1). She suggested that it covered any information retrieved as a result of a search under his name, anything on file which had his name on it or from which he could be identified or from which it was possible to discern a connection with him. On that basis, she submitted that Mr. Durant’s letters of complaint to the FSA and the documentation they generated were his personal data because he was the source of the material. She said that, here, the information in the manual files of which she sought disclosure (and that redacted in the computerised files) was likely to refer to the FSA’s conduct in responding to his complaint and that it was difficult to see how information retrievable as a result of a search under his name would not fall within the definition. She sought further support for that proposition in the absence of any statutory exclusion of or distinction based on business or official data. In response to any possible “floodgates” argument that might be advanced against the breadth of disclosure and the burden on data controllers to which her construction might lead, she drew attention to Part IV of the 1998 Act which, in implementation of Article 13 of the Directive (see para. 54 below), contains a wide range of exemptions from the obligation on data controllers to comply with, among other things, requests for personal data under section 7.
Mr. Sales disagreed. He said that whilst the key words in the definition, “relate to”, considered on their own, are capable of a range of interpretations, they could not sensibly have the broad interpretation for which Miss Houghton contended. He referred to two meanings given to the words “relate to” in the Shorter Oxford English Dictionary: the first, being “have reference to, concern”, implying, in this context, a more or less direct connection with an individual; and the second, much broader meaning, “have some connection with, be connected to”. He submitted that the former, narrower meaning is to be preferred, relying on the definition of personal data in the 1981 Convention and the 1995 Directive and on Lord Hoffmann’s dictum in relation to the 1984 Act in Brown, at 557E, that personal data was “data concerning a living individual”. He relied also on the express inclusion in the definition in section 1(1) of “any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of” him, namely that, absent those words, the information would not “relate to” the data subject. He made similar points by reference to section 7, namely that section 7(1)(c) distinguishes between the data and its source; and section 7(1)(d) distinguishes the purposes for which and how information relating an individual is used from his personal data (see paragraph 8 above). Under Miss Houghton’s broad construction of the definition, such express provisions would, he said, have been unnecessary.
Conclusions
The intention of the Directive, faithfully reproduced in the Act, is to enable an individual to obtain from a data controller’s filing system, whether computerised or manual, his personal data, that is, information about himself. It is not an entitlement to be provided with original or copy documents as such, but, as section 7(1)(c)(i) and 8(2) provide, with information constituting personal data in intelligible and permanent form. This may be in documentary form prepared for the purpose and/or where it is convenient in the form of copies of original documents redacted if necessary to remove matters that do not constitute personal data (and/or to protect the interests of other individuals under section 7(4) and (5) of the Act).
In conformity with the 1981 Convention and the Directive, the purpose of section 7, in entitling an individual to have access to information in the form of his “personal data” is to enable him to check whether the data controller’s processing of it unlawfully infringes his privacy and, if so, to take such steps as the Act provides, for example in sections 10 to 14, to protect it. It is not an automatic key to any information, readily accessible or not, of matters in which he may be named or involved. Nor is to assist him, for example, to obtain discovery of documents that may assist him in litigation or complaints against third parties. As a matter of practicality and given the focus of the Act on ready accessibility of the information – whether from a computerised or comparably sophisticated non-computerised system – it is likely in most cases that only information that names or directly refers to him will qualify. In this respect, a narrow interpretation of “personal data” goes hand in hand with a narrow meaning of “a relevant filing system”, and for the same reasons (see paragraphs 46-51 below). But ready accessibility, though important, is not the starting point.
It follows from what I have said that not all information retrieved from a computer search against an individual’s name or unique identifier is personal data within the Act. Mere mention of the data subject in a document held by a data controller does not necessarily amount to his personal data. Whether it does so in any particular instance depends on where it falls in a continuum of relevance or proximity to the data subject as distinct, say, from transactions or matters in which he may have been involved to a greater or lesser degree. It seems to me that there are two notions that may be of assistance. The first is whether the information is biographical in a significant sense, that is, going beyond the recording of the putative data subject’s involvement in a matter or an event that has no personal connotations, a life event in respect of which his privacy could not be said to be compromised. The second is one of focus. The information should have the putative data subject as its focus rather than some other person with whom he may have been involved or some transaction or event in which he may have figured or have had an interest, for example, as in this case, an investigation into some other person’s or body’s conduct that he may have instigated. In short, it is information that affects his privacy, whether in his personal or family life, business or professional capacity. A recent example is that considered by the European Court in Criminal Proceedings against Lindquist, Case C-101/01 (6th November 2003), in which the Court held, at para. 27, that “personal data” covered the name of a person or identification of him by some other means, for instance by giving his telephone number or information regarding his working conditions or hobbies.
This narrow meaning of personal data derives, not only from its provenance and form of reproduction in section 1(1), but also from the way in which it is applied in section 7. That section, picking up the definition of “data subject” in section 1(1), sets out the basic entitlement of an individual to access to personal data “of which …[he] is the data subject”. I agree with Mr. Sales that the inclusion in section 1(1) of expressions of opinion and indications of intention in respect of him supports an otherwise narrow construction. If the term had the broader construction for which Miss Houghton contended, such provision would have been otiose. A similar pointer to the focus of attention being on the data subject rather than on someone else with whom for some reason he is involved or had contact is in the special provision for “sensitive personal data” in section 2 of, and Schedules 1, para. 1(b) and 3 to, the 1998 Act, giving effect in large part to Articles 6 to 8 of the Directive.
…………..
“relevant filing system”
The issue concerns the right of access by an individual to his personal data held in manual files and the interpretation of the words “a relevant filing system” in the definition of “data” in section 1(1) of the Act, since there is only a right of access to personal data in manual files that is “structured” in a certain manner. I should set out first the provisions of the Directive and of the Act giving effect to them – there is no material difference between the two. The relevant provisions of the Directive are Article 2 (2)(c) and Recitals (15) and (27). Article 2 (c) provides that, for the purposes of the Directive,
“personal data filing system’ (‘filing system’) shall mean any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;”
And Recitals 15 and 27 read:
“(15) Whereas the processing of such data is covered by this Directive only if it is automated or if the data processed are contained or are intended to be contained in a filing system structured according to specific criteria relating to individuals, so as to permit easy access to the personal data in question;”
“(27) Whereas the protection of individuals must apply as much to automatic processing of data as to manual processing; whereas the scope of this protection must not in effect depend on the techniques used, otherwise this would create a serious risk of circumvention; whereas nonetheless, as regards manual processing, this Directive covers only filing systems, not unstructured files; whereas, in particular, the content of a filing system must be structured according to specific criteria relating to individuals allowing easy access to the personal data; whereas, in line with the definition in Article 2( c ), the different criteria for determining the constituents of a structured set of personal data, and different criteria governing access to such a set, may be laid down by each Member State; whereas files or sets of files as well as their cover pages, which are not structured according to specific criteria, shall under no circumstances fall within the scope of the Directive.”
The 1998 Act, in its definitions of “data” and “relevant filing system” in section 1(1), picks up the Directive’s theme that information held on manual files is only capable of being “data”, and hence “personal data”, if it forms part of a system so structured by reference to specific information about an individual as to make that information readily accessible. Section 1(1) defines data broadly by reference to whether it is or is intended to be in computerised form or in manual files. It provides, so far as material:
“(1) In this Act, unless the context otherwise requires –
‘data’ means information which –
(a) is being processed by means of equipment operating automatically in response to instructions given for that purpose,
(b) is recorded with the intention that it should be processed by means of such equipment,
(c) is recorded as part of a relevant filing system or with the intention that is should form part of a relevant filing system, …;”
“relevant filing system’ means any set of information relating to individuals to the extent that, although the information is not processed by means of equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is readily accessible.”
It is clear from those provisions that the intention is to provide, as near as possible, the same standard or sophistication of accessibility to personal data in manual filing systems as to computerised records. The Judge began his analysis of the issue on that note, observing that, although he was then concerned only with information held by the FSA on manual, not computerised, files, most of the provisions in the Act concerned computerised data. He said that the draftsman’s recourse to the notion of a “relevant filing system” for non-computerised data contemplated an arrangement of paper data in a form similar to that which a computer would use to process the same information. He rightly began by breaking down the definition in section 1(1) of the term “relevant filing system” into three constituents in order to see whether the material in issue in the case fell within it, namely whether: 1) the material was a set of information relating to an individual; 2) the material was structured either by reference to individuals or by reference to criteria relating to individuals; and 3) it was structured in such a way that specific information relating to a particular individual was readily accessible. He then said, at 8F-9A:
“The strict requirements of the definition can be understood if one remembers the context into which this rule is placed. Most of the provisions in this Act deal with computer information but if one is able to arrange material in a non-computer form but in a form which apes the processing of a computer then the information is likely to be caught by the definition. The Act says that the fact that the information is not processed by means of equipment operating automatically in response to instructions given for that purpose will not prevent the material coming within the definition of a relevant filing system if it is structured in the way anticipated by the statute, so I need to concentrate on the structure. ….
The Judge considered the four manual files in question maintained by the FSA, each of which he had inspected. He concluded that none of them contained “data” as defined in section 1(1), because none of them, for various reasons, constituted “a relevant filing system”. As to the MFGD Systems file, he held, at 9C-F, that it was not structured by reference to individuals or to criteria relating to individuals. As to the MFGD Complaints file, he held that it was not structured in such a way that specific information relating to a particular individual was readily accessible. He said, at 9G-10C:
“It does contain documents relating to the appellant’s complaint about the bank under a divider marked ‘Mr. Durant’ and it follows that the information concerning Mr. Durant could be obtained. However, I must remind myself that this is not the statutory criteria. It is not a question of whether the information could be obtained or even whether the information could be obtained easily. The question that I must pose is whether it is structured in such a way that specific information relating to a particular individual is readily accessible. It contains a variety of different documents stored by date order. There is no more detailed structuring than that. The documents are not organised in such a way that would enable one to isolate particular aspects of the information, save that it is all under the name Durant. It is in the file just by date order. It follows again that this does not in my judgment satisfy the requirement of structuring anticipated by the statutory provision.”
As to the BIG file, the Judge said, at 10D-F:
“… it relates to issues or cases concerning the bank, although a section of the file does contain documents relating to Mr. Durant. It is organised in sections with reference to the issues or cases themselves but those issues or cases are not necessarily identified by reference to an individual. I accept the submission of Mr. Mayhew that to the extent the file or any section of it is structured with reference to individuals it is not so structured that specific information relating to a particular individual is readily accessible and this includes the section identified by reference to Mr. Durant.”
And, as the Secretariat Documents – the sheaf of papers relating to Mr. Durant’s complaint about the FSA’s dealings with him, the Judge said, at 10G-11B:
“The file comprises a variety of documents that relate to Mr. Durant’s complaint. They are not organised by date or any other criterion and again it seems to me that no specific information is readily accessible by virtue of that fact.”
……
Conclusions
The parliamentary intention to which Mr. Sales referred, is, in my view, a clear recognition of two matters: first, that the protection given by the legislation is for the privacy of personal data, not documents, the latter mostly retrievable by a far cruder searching mechanism than the former; and second, of the practical reality of the task that the Act imposes on all data controllers of searching for specific and readily accessible information about individuals. The responsibility for such searches, depending on the nature and size of the data controller’s organisation, will often fall on administrative officers who may have no particular knowledge of or familiarity with a set of files or of the data subject to whose request for information they are attempting to respond. As Mr. Sales pointed out, if the statutory scheme is to have any sensible and practical effect, it can only be in the context of filing systems that enable identification of relevant information with a minimum of time and costs, through clear referencing mechanisms within any filing system potentially containing personal data the subject of a request for information. Anything less, which, for example, requires the searcher to leaf through files to see what and whether information qualifying as personal data of the person who has made the request is to be found there, would bear no resemblance to a computerised search. And, as Mr. Sales also pointed out, it could, in its length and other costs, have a disproportionate effect on the property rights of data controllers under Article 1 of the First Protocol to the ECHR, who are only allowed a limited time, 40 days, under section 7(8) and (10) of the Act to respond to requests, and are entitled to only a nominal fee in respect of doing so.
As to the 1998 Act, to constitute a “relevant filing system” a manual filing system must: 1) relate to individuals; 2) be a “set” or part of a “set” of information; 3) be structured by reference to individuals or criteria relating to individuals; and 4) be structured in such a way that specific information relating to a particular individual is readily accessible. That seems to me entirely consistent with the Directive, in particular in the latter’s emphatic emphasis in Article 2(c) and Recital (27) on a file so structured by reference to “specific criteria” about individuals as to provide “easy access” to “the personal data in question” When considered alongside the narrow meaning of personal data in this context and when read with Recital (15) indicating that the required “easy” access to such data must be on a par with that provided by a computerised system, the need for a restrictive interpretation of the definition “relevant filing system” is plain. It is not enough that a filing system leads a searcher to a file containing documents mentioning the data subject. To qualify under the Directive and the Act, it requires, as Mr. Sales put it, a file to which that search leads to be so structured and/or indexed as to enable easy location within it or any sub-files of specific information about the data subject that he has requested.
As both parties acknowledge, the Directive is an important aid to construction of the Act. Its primary focus, as that of the Act, is on computerised data (see Articles 3-9 in the context of its ready facilitation of the free movement of personal data, and 11 in its concern for the right to privacy). And it is only to the extent that manual filing systems are broadly equivalent to computerised systems in ready accessibility to relevant information capable of constituting “personal” data that they are within the system of data protection. Recital (11) deserves particular mention as to the primary focus of the Directive on computerised systems, in its statement of the Directive’s intention to “give substance to and amplify” rights set out in the 1981 Convention, which, as I have said, gave rise in this country to the 1984 Act, creating obligations only in relation to computerised data, though permitting Contracting States to extend it to manual data. Returning – and more specifically – to the Directive, the definition in section 1(1) of the Act of “a relevant filing system” accords with the Directive in its equally restrictive definition in Article 2(c) of “a personal data filing system” as a “structured set of personal data which are accessible according to specific criteria …”, and also with Recitals (15) and (27), which emphasise that it is intended to cover only files “structured according to specific criteria relating to individuals”.
It is plain from the constituents of the definition considered individually and together, and from the preface in it to them, “although the information is not processed by means of equipment operating automatically in response to instructions given for that purpose”, that Parliament intended to apply the Act to manual records only if they are of sufficient sophistication to provide the same or similar ready accessibility as a computerised filing system. That requires a filing system so referenced or indexed that it enables the data controller’s employee responsible to identify at the outset of his search with reasonable certainty and speed the file or files in which the specific data relating to the person requesting the information is located and to locate the relevant information about him within the file or files, without having to make a manual search of them. To leave it to the searcher to leaf through files, possibly at great length and cost, and fruitlessly, to see whether it or they contain information relating to the person requesting information and whether that information is data within the Act bears, as Mr. Sales said, no resemblance to a computerised search. It cannot have been intended by Parliament – and a filing system necessitating it cannot be “a relevant filing system” within the Act. The statutory scheme for the provision of information by a data controller can only operate with proportionality and as a matter of common-sense where those who are required to respond to requests for information have a filing system that enables them to identify in advance of searching individual files whether or not it is “a relevant filing system” for the purpose.
Before leaving this issue, I should mention that Jay and Hamilton, in a helpful, practical analysis of these provisions in their Data Protection – Law and Practice, 1999, have reached much the same conclusion. They say that there is some ambiguity in both the Directive and the Act as to the definition of a filing system for this purpose, and that whether a particular file or files will amount to such a system is necessarily fact sensitive. However, they conclude, at pp. 22-23, that the weight of authority, including the provenance of this aspect of the Directive in the German Federal Data Protection Act and the Government’s declared intention and treatment of the matter during the passage of the 1998 Bill through the House of Lords, leans towards a restrictive interpretation of the ambiguity:
“… files or systems which do not have any clear systematic internal indexing mechanism should not fall under the definition. So a file with a name on the front arranged in date order may not fall within the term, whereas a file with a name on but arranged in sections to cover health, education, earnings or family connections is more likely to be; the more readily accessible the particular information, the clearer it is that it will be covered. …the nature of the file, for example whether it is a personnel file or a customer file, is completely irrelevant.”
Accordingly, I conclude, as Mr. Sales submitted, that “a relevant filing system” for the purpose of the Act, is limited to a system:
1) in which the files forming part of it are structured or referenced in such a way as clearly to indicate at the outset of the search whether specific information capable of amounting to personal data of an individual requesting it under section 7 is held within the system and, if so, in which file or files it is held; and
2) which has, as part of its own structure or referencing mechanism, a sufficiently sophisticated and detailed means of readily indicating whether and where in an individual file or files specific criteria or information about the applicant can be readily located.
……………..
Redaction
This issue arose only in relation to computerised documents that the FSA provided to Mr. Durant; as I have said, it provided him with no documents from its manual files. There were two categories of redactions: 1) those – nearly all – that the FSA considered did not constitute his personal data; and 2) those – in the case of two documents only – where it considered it unreasonable to disclose the names of another individual.
………..
I have already mentioned, but only briefly, the protection given by section 7 of the 1998 Act to other individuals when a data subject seeks access under that provision to his personal data, for example where such data may identify another individual as the source of the information. In such a case both the data subject and the source of the information about him may have their own and contradictory interests to protect. The data subject may have a legitimate interest in learning what has been said about him and by whom in order to enable him to correct any inaccurate information given or opinions expressed. The other may have a justifiable interest in preserving the confidential basis upon which he supplied the information or expressed the opinion. Sections 7(4)-(6) and 8(7) – prompted by the European Court’s decision in Gaskin v. United Kingdom [1990] 1 FLR 167, ECtHR, at para. 49 – provide a machinery for balancing their respective interests, and do so compatibly with Articles 12 and 13.1(g) of the Directive, which, as Mr. Sales observed, mirrors the balance provided by Article 8.2 to 8.1 ECHR. Article 12, to which section 7 of the 1998 Act is intended to give effect, provides a right of access for every data subject to his personal data, which it describes as a “guarantee”. And Article 13 permits member states to adopt legislative measures to restrict such right when necessary to safeguard various specified interests, including, in paragraph 1(g), the protection of the rights and freedoms of others. The protection that the 1998 Act gives to other individuals is similarly qualified, reflecting, in this respect, the principle of proportionality in play between the interest of the data subject to access to his personal data and that of the other individual to protection of his privacy. Section 7(4) to (6) and 8(7) provide:
“7(4) Where a data controller cannot comply with the request [i.e. for information under section 7(1)] without disclosing information relating to another individual who can be identified from that information, he is not obliged to comply with the request unless –
(a) the other individual has consented to the disclosure of the information to the person making the request, or
(b) it is reasonable in all the circumstances to comply with the request without the consent of the other individual, or
(c) the information is contained in a health record and the other individual is a health professional who has compiled or contributed to the health record or has been involved in the care of the data subject in his capacity as a health professional [added by the Data Protection (Subject Access Modification) (Health) Order 2000, SI 2000/413].
(5) In subsection (4) the reference to information relating to another individual includes a reference to information identifying that individual as the source of the information sought by the request; and that subsection is not to be construed as excusing a data controller from communicating so much of the information sought by the request as can be communicated without disclosing the identity of the other individual concerned, whether by the omission of names or other identifying particulars or otherwise.
(6) In determining for the purposes of subsection (4)(b) whether it is reasonable in all the circumstances to comply with the request without the consent of the other individual concerned, regard shall be had, in particular, to –
(a) any duty of confidentiality owed to the other individual,
(b) any steps taken by the data controller with a view to seeking the consent of the other individual,
(c) whether the other individual is capable of giving consent, and
(d) any express refusal of consent by the other individual.”
“8(7) For the purposes of section 7(4) and (5) another individual can be identified from the information being disclosed if he can be identified from that information, or from that and any other information which, in the reasonable belief of the data controller, is likely to be in, or to come into, the possession of the data subject making the request.”
There are two basic points to make about the scheme of sections 7(4)-(6), and 8(7), for balancing the interests of the data subject seeking access to his personal data and those of another individual who may be identified in such data. The first is that the balancing exercise only arises if the information relating to the other person forms part of the “personal data” of the data subject, as defined in section 1(1) of the Act. The second is that the provisions appear to create a presumption or starting point that the information relating to that other, including his identity, should not be disclosed without his consent. The presumption may, however, be rebutted if the data controller considers that it is reasonable “in all the circumstances”, including those in section 7(6), to disclose it without such consent.
It is important to note that the question for a data controller posed by section 7(4)(b) is whether it is reasonable to comply with the request for information notwithstanding that it may disclose information about another, not whether it is reasonable to refuse to comply. The distinction may be of importance, depending on who is challenging the data controller’s decision, to the meaning of “reasonable” in this context and to the court’s role in examining it. The circumstances going to the reasonableness of such a decision, as I have just noted, include, but are not confined to, those set out in section 7(6), and none of them is determinative. It is important to note that section 7(4) leaves the data controller with a choice whether to seek consent; it does not oblige him to do so before deciding whether to disclose the personal data sought or, by redaction, to disclose only part of it. However, whether he has sought such consent and, if he has done so, it has been refused, are among the circumstances mentioned in the non-exhaustive list in section 7(6) going to the reasonableness of any decision under section 7(4)(b) to disclose, without consent. Thus far, the broad effect of the scheme is not in dispute, but I shall have to return to the test of reasonableness in section 7(4) and (6) after considering the respective submissions of Miss Houghton and Mr. Sales.
…………………
Conclusions
As to Miss Houghton’s first submission, on the nature of the court’s function on an application for access to personal data under section 7(9), and of this Court on an appeal from a refusal of such application, I consider that Mr. Sales’ approach is to be preferred. Parliament cannot have intended that courts in applications under section 7(9) should be able routinely to “second-guess” decisions of data controllers, who may be employees of bodies large or small, public or private or be self-employed. To so interpret the legislation would encourage litigation and appellate challenge by way of full rehearing on the merits and, in that manner, impose disproportionate burdens on them and their employers in their discharge of their many responsibilities under the Act. The Directive (see, in particular, Recitals (1) and (10)) and the Act were intended to give effect to the requirements of Article 8 ECHR. And the provision in Article 13 of the Directive for exemptions and restrictions, including that in paragraph 1(g), reflected in section 7(4) of the Act, for the rights of third parties, to the right of access to personal data provided by Article 12 and section 7(1), are of a piece with the similar structure of Article 8.1 and 8.2 ECHR. Miss Houghton’s reliance on Gaskin to suggest that the Directive provides a right overriding that of third parties in this context equivalent to a “guarantee”, not only ignores the domestic law under consideration in that case, but, on the European Court’s own jurisprudence, puts too hard an edge on the use of that word in Article 12 setting out a data subject’s right of access. It is plain from Article 13 that member states may pay regard to, among other matters, proportionality in adopting exemptions from and restrictions on the right. As the Court said about the Directive in Lindquist, at para. 83
“83. … its provisions are necessarily relatively general since it has to be applied to a large number of very different situations. …the Directive quite properly includes rules with a degree of flexibility and, in many instances, leaves to the Member States the task of deciding the details or choosing between options.” (see also para. 88 in relation to sanctions)
Under both international legal codes, it is for the Member State to justify, subject to a margin of national discretion, any provisions enabling refusal of disclosure in terms of necessity and proportionality, and similarly, data controllers should have those notions in mind when considering under section 7(4)-(6) whether to refuse access on that account. So also should courts on application by way review of any such decision under section 7(9). But it does not follow that the courts should assume, if and when such a question reaches them, the role of primary decision-maker on the merits.
It follows, as Mr. Sales submitted, that the right to privacy and other legitimate interests of individuals identified in or identifiable from a data subject’s personal data are highly relevant to, but not determinative of, the issue of reasonableness of a decision whether to disclose personal data containing information about someone else where that person’s consent has not been sought. The data controller and, if necessary, a court on an application under section 7(9), should also be entitled to ask what, if any, legitimate interest the data subject has in disclosure of the identity of another individual named in or identifiable from personal data to which he is otherwise entitled, subject to the discretion of the court under section 7(9). The Court of Appeal, in its turn, should have firmly in its mind its duty of “anxious scrutiny” in such matters, but should not be expected to conduct an exercise of detailed or other inspection of documents under section 15(2) of the 1998 Act unless the Judge’s reasoning or lack of it on the issue and the factual issues raised on the appeal demand it. Given: 1) the failure of the bulk of Mr. Durant’s claim because of his misconception of what he is entitled to by way of personal data, a misconception inherent in the nature of his requests for the redacted information; and 2), the plain evidence before the Judge and us as to the manual files in question, negating the existence of a “relevant filing system”, we have not felt it necessary to inspect in any detail the documentation put before us.
Miss Houghton’s second submission was that data controllers should consider this question of reasonableness of disclosure on a case by case basis, by which I think she meant on a document by document or third party individual by individual basis (see. eg. R (Lord) v. SSHD [2003] EWHC 2073 (Admin), per Munby J, at paras. 143-151). She maintained, initially at any rate, that there was no evidence that the FSA had done that in this case. There appear to be two categories of other individuals in respect of which Mr. Durant sought unredacted copies of the documents. The first consists of information about those whose identities he already knows. Miss Houghton submitted that there could be no good reason for such redaction and that he should have been provided with unredacted copies of the documents. The second category consists of those whom Mr. Durant believes to be employees of the FSA, but with whom he has had no contact. Miss Houghton submitted that there was no good reason to remove their names from the disclosed documents; public servants carrying out their ordinary functions should not be given anonymity as of right; their names should be disclosed unless there are special reasons for non-disclosure. However, as I have said, such information, essentially as to the identities of persons in the FSA with whom Mr. Durant may have had contact or who have in some way dealt with his complaint, cannot, in the circumstances, amount to his personal data. And, in any event, it is plain from the evidence now before us in the form of Mr. Davies’ second witness statement that there is no factual basis – quite the contrary – for Miss Houghton’s submission that the FSA did not consider the question of redaction on a document by document basis.
…………….
However, as I have indicated, on the facts of the case, the redaction issue is barely worth all the attention given to it in the arguments. It is clear from the Judge’s examination of the documents and the evidence to this Court of Mr. Davies that all the redactions, save arguably two, do not constitute “personal data” for the reasons I have given, and the Act does not, therefore, entitle Mr. Durant to that information. As to those two redactions, they were of the name of an FSA employee which, in itself, can have been of little or no legitimate value to Mr. Durant and who had understandably withheld his or her consent because Mr. Durant had abused him or her over the telephone.
…..”
Lord Justice Buxton:
“I respectfully agree with everything that has fallen from my Lord. I add only a very few words of my own, limited to the concept of “personal data”. I do so because that is the most important issue in the appeal, determinative of most of the complaints made by Mr. Durant, as it is likely to be determinative of most questions arising under the 1998 Act. I do so also because, despite its centrality, the issue did not receive the attention earlier in the case that it should have done; and, in particular, I am confident that had the issue been explored before him in the terms in which it was eventually attended to before us the single Lord Justice would have been most unlikely to have granted permission for this appeal to be pursued.
By section 1 of the 1998 Act, personal data is [processed or recorded] information that (i) relates to a living individual who (ii) can be identified from those data either taken alone or in conjunction with other information. Much of the argument on behalf of Mr. Durant went straight to limb (ii), without considering the implications of limb (i). Plainly, Mr. Durant could be identified “from”, or perhaps more accurately in conjunction with, the information sought by him that is summarised by my Lord in his para. 24; the reason for hesitation being only that in some cases it is Mr. Durant’sidentity that leads to the information, rather that the information leading to Mr. Durant. Equally plainly, however, the requirement that the information should “relate to” Mr. Durant imposes a limitation on that otherwise very wide claim.
The guiding principle is that the Act, following Directive 95/46, gives rights to data subjects in order to protect their privacy. That is made plain in recitals (2), (7) and (11) to the Directive, and in particular by recital (10), which tells us that:
“the object of the national laws on the processing of personal data is to protect fundamental rights and freedoms, notably the right to privacy, which is recognised both in Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms and in the general principle of Community law”
The notions suggested by my Lord in his para. 28 will, with respect, provide a clear guide in borderline cases. A recent example of such personal data is information about the occupation, hobbies and in one case medical condition of named, and therefore identifiable, individuals, such as the Court of Justice addressed in Case C-101/01, Lindqvist, 6 November 2003.
But the information sought by Mr. Durant was by no stretch of the imagination a borderline case. On the ordinary meaning of the expression, relating to him, Mr. Durant’s letters of complaint to the FSA, and the FSA’s investigation of that complaint, did not relate to Mr. Durant, but to his complaint. The 1998 Act would only be engaged if, in the course of investigating the complaint, the FSA expressed an opinion about Mr. Durant personally, as opposed to an opinion about his complaint; a contingency for which, nonetheless, the draftsman of the Act thought it necessary to make specific provision. And on the purposive construction of the expression, as investigated in para. 78 above, access to that material could not possibly be necessary for or even relevant to any protection by Mr. Durant of his privacy. The excessive nature of his demands is perhaps best illustrated by the claim mentioned by my Lord in his para. 62, that Mr. Durant should be told the identity of all those at the FSA who had handled his complaint. In the formal FSA complaints process in which Mr. Durant engaged before bringing the present proceedings (see para. 10 above) that information may or may not have been relevant, though there is no indication that Mr. Durant or those who may have been advising him then sought it. It has nothing whatsoever to do with Mr. Durant’sprivacy, and proceedings under the 1998 Act cannot be used now, or at all, to extract it.
In short, these proceedings were misconceived. In future, those contemplating such proceedings and those advising them must carefully scrutinise the guidance given in my Lord’s judgment before going any further. That process should prevent the wholly unjustifiable burden and expense that has been imposed on the data controller in this case.”
Case study 2:
Data Controller breaches several provisions in its processing of Sensitive Personal Data
I received a complaint in May 2006 from a data subject regarding the use by her former employer, Baxter Healthcare S.A., of two medical reports relating to her. The data subject had been involved in an industrial accident at work in April 2002 which subsequently resulted in a prolonged absence from the workplace. During this absence, the data subject pursued a personal injuries claim against Baxter Healthcare. As part of this process, at the request of the solicitor acting on behalf of Baxter Healthcare’s insurers, she attended a consultant neurologist on two occasions for medical evaluation in 2003 and 2004. Early in 2005, the data subject became aware that the medical reports compiled as a result of those evaluations were in the possession of Baxter Healthcare. Through her solicitor, the data subject made an access request to Baxter Healthcare for copies of the medical reports. She was advised in writing that, as these reports were obtained in the context of her personal injury proceedings, her access request should be addressed to the solicitors,
P. O’Connor & Son, acting for the insurers. Shortly afterwards, the data subject’s contract of employment was terminated. The decision by Baxter Healthcare to terminate the employment was stated to be on the basis of the medical evidence available to the company, including the medical reports compiled in 2003 and 2004 in the context of the data subject’s personal injury claim. Following her dismissal, the data subject brought a claim to the Labour Relations Commission against Baxter Healthcare under the Unfair Dismissals Act 1977 to 2001. A hearing in relation to this case took place in April 2006 and the data subject alleged that, in the course of the hearing, copies of the medical reports were furnished by Baxter Healthcare to herself, to the Rights Commissioner and to all present. These medical reports had not been previously provided to her in response to her access request.
My Office conducted a detailed and extensive investigation of this complaint. This focused on 2 primary data protection issues, namely the use of the medical reports obtained to defend an insurance claim to support the dismissal of the data subject and the disclosure of those same medical reports at a labour relations hearing. The company’s solicitor stated that the medical reports of the consultant neurologist were obtained for the legitimate purpose of defending personal injury proceedings instituted by the data subject and that the medical reports were also employed and required for the legitimate purpose of defending separate legal proceedings against Baxter Healthcare under the Unfair Dismissals Acts 1977 to 2001. It submitted that Section 2(1)(c)(i) of the Acts specifically envisages that the data may be obtained and used for more than one purpose, provided that both purposes are legitimate. It went on to state that Section 2(1)(c) (ii) of the Acts only prohibits further processing insofar as that processing is incompatible with the original purpose or purposes. It argued that the use of the reports to defend legal proceedings against Baxter Healthcare under the Unfair Dismissals Act could not be said to be incompatible with the original purpose as the original purpose was to defend legal proceedings instituted by the data subject and the subsequent use was to also defend legal proceedings, albeit separate proceedings by the data subject.
The data subject sought a decision on her complaint under Section 10(1)(b(ii) of the Acts in June 2007. In my analysis of the data protection issues arising from this complaint, I found that the medical reports in question constitute ‘sensitive personal data’ within the meaning of the Acts. The medical reports were commissioned on behalf of Baxter Healthcare’s insurers, by its solicitors, for the purpose of the defence of the High Court personal injury claim instituted by the data subject. The reports were, however, used for three purposes:
They were used for the purpose for which they were generated in the first place, i.e. for the defence by Baxter Healthcare’s insurers of the High Court personal injury claim instituted by the data subject.
They were used in the decision taken by Baxter Healthcare to terminate the employment of the data subject.
They were used to defend legal proceedings taken by the data subject against Baxter Healthcare under the Unfair Dismissals Act at a hearing in April 2006.
No data protection issue arose in relation to the first use of the medical reports by Baxter Healthcare’s insurers in the context of its defence of the personal injury claim brought by the data subject.
With regard to the second use by Baxter Healthcare of the medical reports in the decision to terminate the data subject’s employment, this was done without the data subject’s consent. The general requirements that must be complied with by a data controller under the Acts in relation to the personal data of a data subject include the following:
the data shall have been obtained only for one or more specified, explicit and legitimate purposes
the data shall not be further processed in a manner incompatible with that purpose or those purposes
the data subject is informed of the purposes or purposes for which the data are intended to be processed
The consent of the data subject is the default position, as it were, for the fair processing and obtaining of personal data. Where it is absent, the data controller may not process personal data unless it can find another basis in the Acts. The Acts provide for the following exemptions which were potentially applicable in the present case:
the processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the fundamental rights and freedoms or legitimate interests of the data subject (Section 2A (1)(d));
and (because sensitive data is involved)
the processing is required for the purpose of obtaining legal advice or for the purposes of, or in connection with, legal proceedings or prospective legal proceedings or is otherwise necessary for the purpose of establishing, exercising or defending legal rights (Section 2B (b)( vii)).
All of these conditions must be met.
In my analysis of this complaint, I considered that the purpose for which the medical reports were originally obtained (the defence by Baxter’s insurers of the High Court personal injury claim instituted by the data subject) was not compatible with their further use to support the data controller’s decision to dismiss the data subject. I considered that, in the absence of the data subject’s consent, this processing of the data subject’s sensitive personal data constituted a breach of the Acts.
With regard to the third use by Baxter Healthcare of the medical reports to defend legal proceedings under the Unfair Dismissals Act, the same considerations arose in relation to the further use of the sensitive personal data at a hearing before a Rights Commissioner in April 2006, with the aggravating factor that the sensitive personal data was further disclosed to those involved in the hearing.
However, I had to consider if the processing of personal data in this case might benefit from the exemption in Section 8(f) of the Acts which provides that: “Any restrictions in this Act on the processing of personal data do not apply if the processing is …required…for the purposes of, or in the course of, legal proceedings in which the person making the disclosure is a party or a witness.”
I formed the opinion that this exemption cannot apply to sensitive personal data which has already been improperly processed to support the decision (dismissal) which was the subject matter of the legal process. I concluded that the use of the medical records to defend the Unfair Dismissals claim constituted a further breach of the Acts.
For completeness, my Decision in this case also found that Baxter had failed to comply fully with an access request made by the data subject.
This case demonstrates the care which data controllers must exercise in the processing of all personal data, including sensitive personal data, in its possession. It is unacceptable for a data controller to seek to take advantage of personal data which may be in its possession and to use it for some purpose unrelated to the purpose for which it was originally obtained.
Stone v South East Coast Strategic Health Authority & Ors
[2006] EWHC 1668
“Article 8 of the Convention is in these terms:
“Article 8. Right to respect for private and family life.
1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals or for the protection of the rights and freedoms of other.”
Article 10 of the Convention is in these terms:
“Article 10. Freedom of expression.
1. Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers. This Article shall not prevent States from requiring the licensing of broadcasting, television or cinema enterprises.
2. The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary.”
Were this to be a claim based on ordinary “reasonableness” grounds it would manifestly be unfounded. The Defendants (and the Panel) have plainly considered the matter with great care. They applied the correct principles; they gave Mr Stone the opportunity to make representations and considered them; they took into account the relevant factors and did not have regard to irrelevant factors; and a conclusion to publish in full could not possibly be styled as perverse or irrational.
But that, of course, is not the test in a context such as the present. The focus is not on the decision making process but on the substance of the decision reached. The questions that have to be asked are whether Mr Stone’s rights under Article 8 of the Convention have been breached; whether the decision to publish the report is an interference with his right to privacy which is not justified under Article 8(2). Reference may be made to R (SB) v Governors of Denbigh High School [2006] 2 WLR 719 at paragraphs 29-30 [2006] UKHL 15 (Lord Bingham) and paragraph 68 (Lord Hoffmann). That, of course, was a case relating to Article 9 of the Convention, but the reasoning and approach is equally applicable in the present case by reference to Article 8.
For this purpose, it is also well established that the Court is required to adopt an intensity of review conditioned by the requirement that the proposed limitation of the Convention right be necessary in a democratic society and that such interference is really proportionate to a legitimate aim being pursued: see R (Daly) v Secretary of State for Home Department [2001] 2 AC 532 at p547E-540D (per Lord Steyn).
In the present case it seems to me that the review of the court must be of a very high intensity. As has been emphasised in the European Court of Human Rights, the protection of personal data, and the need for appropriate safeguards, is of fundamental importance to a person’s enjoyment of the right to respect for private and family life provided by Article 8: and that is particularly so in the case of medical data: see Z v Finland (1997) 25 EHRR 371; MS v Sweden (1997) 28 EHRR 313. Moreover it seems to me of importance that in the present case Mr Stone is not seeking simply to assert his private rights and private interest (although he is doing that): he is also himself asserting a matter of public interest. That consists not only of the upholding of the general principle of a right to privacy but also the upholding of a wider matter of public interest: viz. that a person can freely and frankly discuss sensitive matters with his or her doctor, probation officer and social worker etc. and, further, can cooperate with an inquiry of the present kind without being deterred by the risk of subsequent disclosure.
In the case of Campbell v MGN Limited [2004] 2 AC 457 [2004] UKHL 22 which involved the internationally famous model Naomi Campbell (and which raised issues under Article 8 and Article 10) Lord Hope of Craighead said this at paragraph 113:
“But decisions about the publication of material that is private to the individual raise issues that are not simply about presentation and editing. Any interference with the public interest in disclosure has to be balanced against the interference with the right of the individual to respect for their private life. The decisions that are then taken are open to review by the court. The tests which the court must apply are the familiar ones. They are whether publication of the material pursues a legitimate aim and whether the benefits that will be achieved by its publication are proportionate to the harm that may be done by the interference with the right to privacy. The jurisprudence of the European Court of Human Rights explains how these principles are to be understood and applied in the context of the facts of each case. Any restriction of the right to freedom of expression must be subjected to very close scrutiny. But so too must any restriction of the right to respect for private life. Neither article 8 nor article 10 has any pre-eminence over the other in the conduct of this exercise. As Resolution 1165 of the Parliamentary Assembly of the Council of Europe (1998), para 11, pointed out, they are neither absolute nor in any hierarchical order, since they are of equal value in a democratic society.”
The same judge had also said in R v Shayler [2003] 1 AC 247, [2002] UKHL 11 in paragraph 61 (in dealing with the application of proportionality principles):
“…it is not enough to assert that the decision that was taken was a reasonable one. A close and penetrating examination of the factual justification is needed if the fundamental rights enshrined in the Convention are to remain practical and effective for everyone who wishes to exercise them.”
I propose to apply that approach. It seems to me that a compelling case needs to exist to justify publication of this report in its present form.
Article 8 is not the only Convention right that has to be considered. As Campbell v MGN Ltd makes clear, Article 10 also has to be considered and given due weight. In the present case, it is now (albeit it was not in the original grounds) accepted on behalf of Mr Stone that – even though the three Defendants, as public bodies, cannot themselves directly invoke the provisions of Article 10 – such Article comes into play: if only because of the general corresponding right of the public to be free to receive information where it is sought to be published.
The actual methodology to be employed in such cases has to be related to its own facts and own circumstances, a “close and penetrating examination” being adopted. But what is of course clear is that in all such cases a balancing exercise has to be undertaken. And in a case such as the present an ultimate balance has to be struck not only by weighing the considerations for and against a restriction on the right to privacy by reference to Article 8 itself but also by weighing the considerations for and against a restriction on publication by reference to Article 10. An example of this can also be found in the House of Lords decision in re S (a Child) [2005] AC 593 [2005] UKHL 47. That was a decision in a factual context very different from the present – albeit raising issues under Articles 8 and 10. But, if I may respectfully say so, the actual approach adopted by Lord Steyn is very informative. Also very informative are his general comments – which I propose to follow in this case – at paragraph 17 of his opinion:
“The interplay between articles 8 and 10 has been illuminated by the opinions in the House of Lords in Campbell v MGN Ltd [2004] 2 AC 457. For present purposes the decision of the House on the facts of Campbell and the differences between the majority and the minority are not material. What does, however, emerge clearly from the opinions are four propositions. First, neither article has as such precedence over the other. Secondly, where the values under the two articles are in conflict, an intense focus on the comparative importance of the specific rights being claimed in the individual case is necessary. Thirdly, the justifications for interfering with or restricting each right must be taken into account. Finally, the proportionality test must be applied to each. For convenience I will call this the ultimate balancing test. This is how I will approach the present case.””
…….
(b) The balancing exercise
In my judgment, the following points are particularly relevant in the balancing exercise for the purposes of Article 8.
So far as Mr Stone is concerned, much the most weighty point in his favour, as it seems to me, is his very entitlement to claim a right of privacy: in respect moreover of an aspect of private information (medical information) which – as the jurisprudence from Europe shows – is regarded as a vital and central element of that which should be protected under Article 8. Further, that is reinforced by other and wider considerations of the public interest: first, that persons may talk freely with their doctors, probation officers and other such persons without being deterred by risk of subsequent disclosure (although it has to be said such a risk in any case exists under English common law rules relating to confidentiality, where disclosure is necessary in the public interest); second, that such persons may give access to such information for the purposes of an inquiry without being deterred from doing so through fear of such matters later being released into the public domain.
But it seems to me that the force of those points is significantly outweighed by a number of other considerations (albeit some of them overlap):
45.1. First, there is the concession on behalf of Mr Stone that there should be some publication (to the public) of the report and that the public should be able to know what went wrong and should be able to form an intelligent understanding of the conclusions reached: that is to acknowledge that there is indeed a public interest in that regard. But, as I have indicated in my conclusions on the proposed redaction exercise, a system of expurgation which both involves removal of actual reference to the contents of medical notes and (in some respects) involves the editing of some of the comments and conclusions of the inquiry is not viable: the proposal made in that regard on behalf of Mr Stone’s advisers thus wholly devalues the proffered concession. In effect, such exercise – while of course limiting the intrusion into the privacy of Mr Stone – would turn the report into a report which is not, in truth, the report of the inquiry having regard to its terms of reference: and could indeed mislead. It was precisely for those reasons that the Defendants informed me at trial that, if that were to be the conclusion, then they would not publish the report at all. I did not regard that as an in terrorem argument: rather it reflected a realistic and understandable viewpoint.
45.2. Second, there is a true public interest in the public at large knowing of the actual care and treatment supplied (or, as the case may be, not supplied) to Mr Stone: and knowing, and being able to reach an informed assessment of, the failures identified and steps that may be recommended to be taken to address identified deficiencies. This is not simply in the context of the murder of Lin and Megan Russell by Mr Stone in circumstances of such great publicity. It also has a bearing for the future. As Mr Badenoch pointed out, it seems, regrettably, all too likely that in the future – and as has happened in the interim – there will be other instances where persons receiving psychiatric treatment or care in the community will commit acts of murder or extreme violence. The existence of potentially dangerous persons at liberty in the community affects the entire community. That community has a reasonable and justified expectation that an inquiry undertaken after such a high profile case as the present will be publicised in full, so that the public is not left in the dark (or in the shade) about how it happened or left to speculate about the lessons that have been or should be learned and about the recommendations made, with a view to implementation, to reduce the risk of such occurrences in the future.
45.3. Third, and following on from the second point, such objectives are not met simply by releasing a full version of the report to relevant health professionals.
45.4. Fourth, where individuals or agencies involved in Mr Stone’s treatment are (or are not) to be criticised the public can legitimately expect to know the full reasons for that.
45.5. Fifth, the information to be disclosed is to be disclosed solely with the aim of providing an informed view as to what went wrong in this case with a view to important lessons being learned for the future, both for the assistance of other people in the position of Mr Stone and for the protection and reassurance of the public. The actual details of the case are crucial for an informed assessment of the Panel’s conclusions and comments and for forming a view on that. (This would still be so, as I see it, even in circumstances where any established failures are not found to be causative of the subsequent criminality). The position is quite different from that pertaining in the cases of Campbell or of Z v Finland, where there was no corresponding public interest of the present kind.
45.6. Sixth, it is, I think, of importance as a justification for restricting Mr Stone’s right to privacy in this context that this inquiry, and all this publicity, have arisen out of Mr Stone’s own acts – acts found to have been criminal. He has, as it were, put himself in the public domain by reason of those criminal acts, which inevitably created great publicity. Of course that is not to say that a convicted murderer forfeits all his rights under Article 8; of course he does not. But here the information sought to be disclosed relates – and relates solely – to the investigation foreseeably arising out of the very murders which he himself committed.
45.7. Seventh, I also think it a point of considerable importance as a justification for restricting Mr Stone’s right to privacy in this context that a great deal of information relating to the background, treatment and mental health of Mr Stone has already been put in the public domain, and at a significant level of detail (see the numerous newspaper articles mentioned above and the StoneChronology prepared by Professor Gaber). The essential nature of his observed mental and personality disorders is already known. When so much has already been divulged, it seems to me highly material to a decision whether to permit disclosure of more such information. Indeed I think it also noteworthy that the Panel make clear that they also wish to correct certain errors and inaccuracies in previous public reporting. I agree with Mr Clayton that previous publication of private information in the public domain does not mean that an individual necessarily loses his right to privacy in respect of a proposal to put yet more such material in the public domain (cf. Editions Plon v France 18th May 2004, unrep. decision of the European Court of Human Rights, Second Section). But, as it seems to me, it must be relevant to the balancing exercise and to the issue of proportionality: and here the previous disclosure in the public domain has already been very extensive indeed. That must tell against the asserted detrimental impact of publication of further, albeit more detailed, information.
45.8. Eighth, Josie Russell and Dr Russell – the victims (directly or indirectly) of these crimes – support publication. So do – quite apart from the Panel itself and all the Defendants – the Secretary of State and relevant Mental Health authorities.
Mr Stone has raised a concern that publicising this report in full will give rise to risks as to his own personal safety. But the evidence shows that that has been assessed by the prison service, who conclude that there is no such increased risk.
As to the point made by Mr Clayton that others will be deterred in the future from cooperating with inquiries of this kind, that is a legitimate point of principle and cannot be ruled out as a possibility. The evidence, however, in this case indicates that in the past other offenders have cooperated fully and have consented to providing information to inquiries in the knowledge that a report is to be published. There is also no actual evidence that access to the relevant information has in fact been restricted in such cases because of concerns as to subsequent publication.
……
There are a number of other points I should mention:
48.1. I gained the distinct impression that Mr Stone – who, as I have said, continues to assert his innocence – was concerned that publication of this information would incline the public against his assertions. I cannot attach any significant weight to that. First, Mr Stone already has been convicted; in the eyes of the public he is entitled to be considered guilty. Second, and in any case, such publication of these details is unlikely, realistically, to be significantly more damaging to him with regard to his criminality than the previous publicity he has experienced.
48.2. Mr Stone is also concerned as to how the press will publicise the matter: he fears adverse sensationalism. But, broadly speaking, and within the parameters of the law of defamation, it is a matter for the Press as to how it reports matters. Besides, it is not to be presumed that further press publicity will necessarily be unfairly hostile in the way Mr Stone fears. There were indications from a number of the press articles following his conviction that a thoughtful line was being taken as to the need for lessons to be learned. It is not fanciful to think, in fact, that some readers of the report perhaps may be inclined, having access to the full facts, to take a more sympathetic view of Mr Stone than, in the absence of full information, they hitherto may have been inclined to take.
48.3. Publication of the report in full can, in my view, only assist the legitimate and ongoing public debate with regard to treatment of the mentally ill and of those with disturbed personalities in the community: which has already resulted, among other things, in extensive proposed revisions to the Mental Health legislation.
For all these reasons (which in many ways reflect the reasons given by the Panel itself as set out in paragraph 18 above and the reasons given by the Defendants, and with which I agree) I think that a compelling case in favour of publication in full is made out, balancing the relevant considerations under Article 8 alone. It seems to me, by reference to that Article, that such a decision is proportionate and justified as being necessary in the public interest.
Turning then to Article 10 – which is conceded to be engaged and relevant – and balancing the considerations there, as I see it that can only operate to confirm such a viewpoint. The considerations set out above – not least the fact that in essence much of the information is (albeit without the detail of the report) already in the public domain – seem to me to tell strongly against an interference with the operation of Article 10 being justified.
Mr Clayton made the point that this is not a case of publication by the press, the freedom of which the courts, generally speaking, seek to uphold. That is true. But the reality is that, for much of the public, access to the report will depend on informed comment by the media. It surely is desirable for the press and other media to have access to the full report – the more so when one of the purposes of the report is to correct previous publicised inaccuracies – so that their summaries and their comments for public consumption are based on knowledge of the full facts and details as set out in the report. It is moreover, in my view, important that the conduct of the public authorities in a context such as the present are seen to be subject to public scrutiny, with consequential legitimate and informed public debate on the conclusions to be drawn and lessons to be learned.
For these reasons, and on the ultimate balancing test, I am of the clear view that the decision to publish the report in full was entirely justified.
The Data Protection Act 1998
I turn to the argument based on the Data Protection Act 1998. This was rather shortly addressed in the written submissions but was greatly expanded in oral argument. If the argument is correct, it would of course mean that there could be no publication as the Defendants seek. Indeed, publication would also then not be “in accordance with law” for the purposes of Article 8.
However I consider that the Claimant’s argument is unjustifiably restrictive and is not correct.
…….
Article 8 (in the relevant respects) provides as follows:
……
The publishing of the report would, I consider, be within the ambit of “medical purposes”, for the purposes of paragraph 8, as relating to “the management of healthcare services”. It would also, essentially for the reasons I have already given, be “necessary” for such medical purposes. Furthermore the processing would be by the Defendants, who are within the class of persons owing a duty of confidentiality equivalent to that which would arise if they were health professionals. Accordingly, the processing would fall within the ambit of paragraph 8.
I was attracted by Mr Clayton’s argument that such paragraph was intended to relate to (for example) an exchange of professional views on a medical case between two separate medical departments: the safeguard being that each is under a duty of confidentiality. But as against that paragraph 8 focuses on the processing and the person undertaking the processing: it does not focus on the recipient of the information. Further, a safeguard is built in, in that the duty of confidentiality owed is such that, under English law, there in any event could be no processing or disclosure unless it had first been concluded that (assuming the absence of express consent) the public interest so required.
Overall, therefore, I preferred the submissions of Mr Havers and Miss Laing on the availability of paragraph 8 of Schedule 3 here to sanction the publication of the report, in addition to paragraph 7 of Schedule 3.
Conclusion
The public interest requires publication of the report in full. The decision to publish was justified and proportionate, and does not constitute an unwarranted interference with Article 8 of the Convention. Further, no breach of the Data Protection Act 1998 is involved.
Accordingly, this claim fails and I refuse to grant Mr Stone any of the relief that he seeks.”
Niemietz v Germany
[1992] ECHR 80
“……
The search of the law office, the need for which the investigating authorities had first tried to obviate by questioning a witness, was effected by representatives of the Freiburg public prosecutor’s office and the police on 13 November 1986. According to a police officer’s report drawn up on the following day, the premises were entered at about 9.00 a.m. and inspected in the presence of two office assistants. The actual search began at about 9.15 a.m., when the applicant’s colleague arrived, and lasted until about 10.30 a.m. The applicant himself arrived at 9.30 a.m. He declined to give any information as to the identity of Klaus Wegner, on the ground that he might thereby expose himself to the risk of criminal prosecution.
Those conducting the search examined four filing cabinets with data concerning clients, three files marked respectively “BL”, “C.W. -Freiburg District Court …” and “G. – Hamburg Regional Court” and three defence files marked respectively “K.W. – Karlsruhe District Court …”, “Niemietz et al. – Freiburg District Court …” and “D. – Freiburg District Court”. According to the applicant, the office’s client index was also looked at and one of the files in question was its “Wegner defence file”. Those searching neither found the documents they were seeking nor seized any materials. In the proceedings before the Commission, the applicant stated that he had been able to put aside in time documents pointing to the identity of Klaus Wegner and had subsequently destroyed them.
The homes of Ms D. and Ms G. were also searched; documents were found that gave rise to a suspicion that the letter to Judge Miosga had been sent by Ms D. under an assumed name.
On 10 December 1986 the Chairman of the Freiburg Bar Association, who had been informed about the search by the applicant’s colleague, addressed a formal protest to the President of the Munich District Court. The Chairman sent copies to the Bavarian Minister of Justice and the Munich Bar Association and invited the latter to associate itself with the protest.
In a reply of 27 January 1987, the President of the Munich District Court stated that the search was proportionate because the letter in question constituted a serious interference with a pending case; hence no legal action on the protest was necessary.
………..
III. CASE-LAW OF THE COURT OF JUSTICE OF THE EUROPEAN COMMUNITIES
In its judgment of 21 September 1989 in Joined Cases 46/87 and 227/88 Hoechst v. Commission [1989] European Court Reports (“ECR”) 2859 at 2924, the Court of Justice of the European Communities stated as follows:
“Since the applicant has also relied on the requirements stemming from the fundamental right to the inviolability of the home, it should be observed that, although the existence of such a right must be recognized in the Community legal order as a principle common to the laws of the Member States in regard to the private dwellings of natural persons, the same is not true in regard to undertakings, because there are not inconsiderable divergences between the legal systems of the Member States in regard to the nature and degree of protection afforded to business premises against intervention by the public authorities.
No other inference is to be drawn from Article 8(1) (art. 8-1) of the European Convention on Human Rights which provides that: ‘Everyone has the right to respect for his private and family life, his home and his correspondence’. The protective scope of that article is concerned with the development of man’s personal freedom and may not therefore be extended to business premises. Furthermore, it should be noted that there is no case-law of the European Court of Human Rights on that subject.
None the less, in all the legal systems of the Member States, any intervention by the public authorities in the sphere of private activities of any person, whether natural or legal, must have a legal basis and be justified on the grounds laid down by law, and, consequently, those systems provide, albeit in different forms, protection against arbitrary or disproportionate intervention. The need for such protection must be recognized as a general principle of Community law. In that regard, it should be pointed out that the Court has held that it has the power to determine whether measures of investigation taken by the Commission under the ECSC Treaty are excessive (judgment of 14 December 1962 in Joined Cases 5 to 11 and 13 to 15/62 San Michele and Others v. Commission [1962] ECR 449).”
This statement was affirmed in the same court’s judgments of 17 October 1989 in Case 85/87 Dow Benelux v. Commission [1989] ECR 3137 at 3157 and Joined Cases 97 to 99/87 Dow Chemical Ibérica and Others v. Commission [1989] ECR 3165 at 3185-6.
…..
AS TO THE LAW
I. ALLEGED VIOLATION OF ARTICLE 8 (art. 8) OF THE CONVENTION
Mr Niemietz alleged that the search of his law office had given rise to a breach of Article 8 (art. 8) of the Convention, which reads as follows:
“1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2.. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.”
This submission was accepted by the Commission, on the basis that the search constituted an unjustified interference with the applicant’s private life and home.
A. Was there an “interference”?
In contesting the Commission’s conclusion, the Government maintained that Article 8 (art. 8) did not afford protection against the search of a lawyer’s office. In their view, the Convention drew a clear distinction between private life and home, on the one hand, and professional and business life and premises, on the other.
In arriving at its opinion that there had been an interference with Mr Niemietz’s “private life” and “home”, the Commission attached particular significance to the confidential relationship that exists between lawyer and client. The Court shares the Government’s doubts as to whether this factor can serve as a workable criterion for the purposes of delimiting the scope of the protection afforded by Article 8 (art. 8). Virtually all professional and business activities may involve, to a greater or lesser degree, matters that are confidential, with the result that, if that criterion were adopted, disputes would frequently arise as to where the line should be drawn.
The Court does not consider it possible or necessary to attempt an exhaustive definition of the notion of “private life”. However, it would be too restrictive to limit the notion to an “inner circle” in which the individual may live his own personal life as he chooses and to exclude therefrom entirely the outside world not encompassed within that circle. Respect for private life must also comprise to a certain degree the right to establish and develop relationships with other human beings.
There appears, furthermore, to be no reason of principle why this understanding of the notion of “private life” should be taken to exclude activities of a professional or business nature since it is, after all, in the course of their working lives that the majority of people have a significant, if not the greatest, opportunity of developing relationships with the outside world. This view is supported by the fact that, as was rightly pointed out by the Commission, it is not always possible to distinguish clearly which of an individual’s activities form part of his professional or business life and which do not. Thus, especially in the case of a person exercising a liberal profession, his work in that context may form part and parcel of his life to such a degree that it becomes impossible to know in what capacity he is acting at a given moment of time.
To deny the protection of Article 8 (art. 8) on the ground that the measure complained of related only to professional activities – as the Government suggested should be done in the present case – could moreover lead to an inequality of treatment, in that such protection would remain available to a person whose professional and non-professional activities were so intermingled that there was no means of distinguishing between them. In fact, the Court has not heretofore drawn such distinctions: it concluded that there had been an interference with private life even where telephone tapping covered both business and private calls (see the Huvig v. France judgment of 24 April 1990, Series A no. 176-B, p. 41, para. 8, and p. 52, para. 25); and, where a search was directed solely against business activities, it did not rely on that fact as a ground for excluding the applicability of Article 8 (art. 8) under the head of “private life” (see the Chappell v. the United Kingdom judgment of 30 March 1989, Series A no. 152-A, pp. 12-13, para. 26, and pp. 21-22, para. 51.)
As regards the word “home”, appearing in the English text of Article 8 (art. 8), the Court observes that in certain Contracting States, notably Germany (see paragraph 18 above), it has been accepted as extending to business premises. Such an interpretation is, moreover, fully consonant with the French text, since the word “domicile” has a broader connotation than the word “home” and may extend, for example, to a professional person’s office.
In this context also, it may not always be possible to draw precise distinctions, since activities which are related to a profession or business may well be conducted from a person’s private residence and activities which are not so related may well be carried on in an office or commercial premises. A narrow interpretation of the words “home” and “domicile” could therefore give rise to the same risk of inequality of treatment as a narrow interpretation of the notion of “private life” (see paragraph 29 above).
More generally, to interpret the words “private life” and “home” as including certain professional or business activities or premises would be consonant with the essential object and purpose of Article 8 (art. 8), namely to protect the individual against arbitrary interference by the public authorities (see, for example, the Marckx v. Belgium judgment of 13 June 1979, Series A no. 31, p. 15, para. 31). Such an interpretation would not unduly hamper the Contracting States, for they would retain their entitlement to “interfere” to the extent permitted by paragraph 2 of Article 8 (art. 8-2); that entitlement might well be more far-reaching where professional or business activities or premises were involved than would otherwise be the case.
To the above-mentioned general considerations, which militate against the view that Article 8 (art. 8) is not applicable, must be added a further factor pertaining to the particular circumstances of the case. The warrant issued by the Munich District Court ordered a search for, and seizure of, “documents” – without qualification or limitation – revealing the identity of Klaus Wegner (see paragraph 10 above). Furthermore, those conducting the search examined four cabinets with data concerning clients as well as six individual files (see paragraph 11 above); their operations must perforce have covered “correspondence” and materials that can properly be regarded as such for the purposes of Article 8 (art. 8). In this connection, it is sufficient to note that that provision does not use, as it does for the word “life”, any adjective to qualify the word “correspondence”. And, indeed, the Court has already held that, in the context of correspondence in the form of telephone calls, no such qualification is to be made (see the above-mentioned Huvig judgment, Series A no. 176-B, p. 41, para. 8, and p. 52, para. 25). Again, in a number of cases relating to correspondence with a lawyer (see, for example, the Schönenberger and Durmaz v. Switzerland judgment of 20 June 1988, Series A no. 137, and the Campbell v. the United Kingdom judgment of 25 March 1992, Series A no. 233), the Court did not even advert to the possibility that Article 8 (art. 8) might be inapplicable on the ground that the correspondence was of a professional nature.
Taken together, the foregoing reasons lead the Court to find that the search of the applicant’s office constituted an interference with his rights under Article 8 (art. 8).
B. Was the interference “in accordance with the law”?
The applicant submitted that the interference in question was not “in accordance with the law”, since it was based on suspicions rather than facts and so did not meet the conditions laid down by Article 103 of the Code of Criminal Procedure (see paragraph 19 above) and since it was intended to circumvent the legal provisions safeguarding professional secrecy.
The Court agrees with the Commission and the Government that that submission must be rejected. It notes that both the Munich I Regional Court and the Federal Constitutional Court considered that the search was lawful in terms of Article 103 of the aforesaid Code (see paragraphs 15-16 and 19 above) and sees no reason to differ from the views which those courts expressed.
C. Did the interference have a legitimate aim or aims?
Like the Commission, the Court finds that, as was not contested by the applicant, the interference pursued aims that were legitimate under paragraph 2 of Article 8 (art. 8-2), namely the prevention of crime and the protection of the rights of others, that is the honour of Judge Miosga.
D. Was the interference “necessary in a democratic society”?
As to whether the interference was “necessary in a democratic society”, the Court inclines to the view that the reasons given therefor by the Munich District Court (see paragraph 10 above) can be regarded as relevant in terms of the legitimate aims pursued. It does not, however, consider it essential to pursue this point since it has formed the opinion that, as was contended by the applicant and as was found by the Commission, the measure complained of was not proportionate to those aims.
It is true that the offence in connection with which the search was effected, involving as it did not only an insult to but also an attempt to bring pressure on a judge, cannot be classified as no more than minor. On the other hand, the warrant was drawn in broad terms, in that it ordered a search for and seizure of “documents”, without any limitation, revealing the identity of the author of the offensive letter; this point is of special significance where, as in Germany, the search of a lawyer’s office is not accompanied by any special procedural safeguards, such as the presence of an independent observer. More importantly, having regard to the materials that were in fact inspected, the search impinged on professional secrecy to an extent that appears disproportionate in the circumstances; it has, in this connection, to be recalled that, where a lawyer is involved, an encroachment on professional secrecy may have repercussions on the proper administration of justice and hence on the rights guaranteed by Article 6 (art. 6) of the Convention. In addition, the attendant publicity must have been capable of affecting adversely the applicant’s professional reputation, in the eyes both of his existing clients and of the public at large.
E. Conclusion
The Court thus concludes that there was a breach of Article 8 (art. 8).
II. ALLEGED VIOLATION OF ARTICLE 1 OF PROTOCOL No. 1 (P1-1)
Mr Niemietz also argued that, by impairing his reputation as a lawyer, the search constituted a violation of Article 1 of Protocol No. 1 (P1-1), which provides:
“Every natural or legal person is entitled to the peaceful enjoyment of his possessions. No one shall be deprived of his possessions except in the public interest and subject to the conditions provided for by law and by the general principles of international law.
The preceding provisions shall not, however, in any way impair the right of a State to enforce such laws as it deems necessary to control the use of property in accordance with the general interest or to secure the payment of taxes or other contributions or penalties.”
Having already taken into consideration, in the context of Article 8 (art. 8), the potential effects of the search on the applicant’s professional reputation (see paragraph 37 above), the Court agrees with the Commission that no separate issue arises under Article 1 of Protocol No. 1 (P1-1).”
Halford v. United Kingdom
[1997] ECHR 32
“AS TO THE LAW
I. ALLEGED VIOLATIONS OF ARTICLE 8 OF THE CONVENTION (art. 8)
Ms Halford alleged that the interception of her telephone calls amounted to violations of Article 8 of the Convention (art. 8), which provides:
“1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.”
The Commission agreed that there had been a violation so far as the interception of calls from her office telephones was concerned. The Government denied that there had been any violation.
A. The office telephones
1. Applicability of Article 8 (art. 8) to the complaint relating to the office telephones
The applicant argued, and the Commission agreed, that the calls made on the telephones in Ms Halford’s office at Merseyside police headquarters fell within the scope of “private life” and “correspondence” in Article 8 para. 1 (art. 8-1), since the Court in its case-law had adopted a broad construction of these expressions (see, for example, the Klass and Others v. Germany judgment of 6 September 1978, Series A no. 28, p. 21, para. 41; the Huvig v. France judgment of 24 April 1990, Series A no. 176-B, p. 41, para. 8, and p. 52, para. 25; the Niemietz v. Germany judgment of 16 December 1992, Series A no. 251-B; and the A. v. France judgment of 23 November 1993, Series A no. 277-B).
The Government submitted that telephone calls made by Ms Halford from her workplace fell outside the protection of Article 8 (art. 8), because she could have had no reasonable expectation of privacy in relation to them. At the hearing before the Court, counsel for the Government expressed the view that an employer should in principle, without the prior knowledge of the employee, be able to monitor calls made by the latter on telephones provided by the employer.
In the Court’s view, it is clear from its case-law that telephone calls made from business premises as well as from the home may be covered by the notions of “private life” and “correspondence” within the meaning of Article 8 para. 1 (art. 8-1) (see the above-mentioned Klass and Others judgment, loc. cit.; the Malone v. the United Kingdom judgment of 2 August 1984, Series A no. 82, p. 30, para. 64; the above-mentioned Huvig judgment, loc. cit.; and, mutatis mutandis, the above-mentioned Niemietz judgment, pp. 33-35, paras. 29-33).
There is no evidence of any warning having been given to Ms Halford, as a user of the internal telecommunications system operated at the Merseyside police headquarters, that calls made on that system would be liable to interception. She would, the Court considers, have had a reasonable expectation of privacy for such calls, which expectation was moreover reinforced by a number of factors. As Assistant Chief Constable she had sole use of her office where there were two telephones, one of which was specifically designated for her private use. Furthermore, she had been given the assurance, in response to a memorandum, that she could use her office telephones for the purposes of her sex-discrimination case (see paragraph 16 above).
For all of the above reasons, the Court concludes that the conversations held by Ms Halford on her office telephones fell within the scope of the notions of “private life” and “correspondence” and that Article 8 (art. 8) is therefore applicable to this part of the complaint.
2. Existence of an interference
The Government conceded that the applicant had adduced sufficient material to establish a reasonable likelihood that calls made from her office telephones had been intercepted. The Commission also considered that an examination of the application revealed such a reasonable likelihood.
The Court agrees. The evidence justifies the conclusion that there was a reasonable likelihood that calls made by Ms Halford from her office were intercepted by the Merseyside police with the primary aim of gathering material to assist in the defence of the sex-discrimination proceedings brought against them (see paragraph 17 above). This interception constituted an “interference by a public authority”, within the meaning of Article 8 para. 2 (art. 8-2), with the exercise of Ms Halford’s right to respect for her private life and correspondence.
3. Whether the interference was “in accordance with the law”
Article 8 para. 2 (art. 8-2) further provides that any interference by a public authority with an individual’s right to respect for private life and correspondence must be “in accordance with the law”.
According to the Court’s well-established case-law, this expression does not only necessitate compliance with domestic law, but also relates to the quality of that law, requiring it to be compatible with the rule of law. In the context of secret measures of surveillance or interception of communications by public authorities, because of the lack of public scrutiny and the risk of misuse of power, the domestic law must provide some protection to the individual against arbitrary interference with Article 8 rights (art. 8). Thus, the domestic law must be sufficiently clear in its terms to give citizens an adequate indication as to the circumstances in and conditions on which public authorities are empowered to resort to any such secret measures (see the above-mentioned Malone judgment, p. 32, para. 67; and, mutatis mutandis, the Leander v. Sweden judgment of 26 March 1987, Series A no. 116, p. 23, paras. 50-51).
In the present case, the Government accepted that if, contrary to their submission, the Court were to conclude that there had been an interference with the applicant’s rights under Article 8 (art. 8) in relation to her office telephones, such interference was not “in accordance with the law” since domestic law did not provide any regulation of interceptions of calls made on telecommunications systems outside the public network.
The Court notes that the 1985 Act does not apply to internal communications systems operated by public authorities, such as that at Merseyside police headquarters, and that there is no other provision in domestic law to regulate interceptions of telephone calls made on such systems (see paragraphs 36-37 above). It cannot therefore be said that the interference was “in accordance with the law” for the purposes of Article 8 para. 2 of the Convention (art. 8-2), since the domestic law did not provide adequate protection to Ms Halford against interferences by the police with her right to respect for her private life and correspondence.
It follows that there has been a violation of Article 8 (art. 8) in relation to the interception of calls made on Ms Halford’s office telephones.
B. The home telephone
1. Applicability of Article 8 (art. 8) to the complaint relating to the home telephone
It is clear from the Court’s case-law (see the citations at paragraph 44 above) that telephone conversations made from the home are covered by the notions of “private life” and “correspondence” under Article 8 of the Convention (art. 8). Indeed, this was not disputed by the Government.
Article 8 (art. 8) is, therefore, applicable to this part of Ms Halford’s complaint.
2. Existence of an interference
The applicant alleged that calls made from her telephone at home also were intercepted by the Merseyside police for the purposes of defending the sex discrimination proceedings. She referred to the evidence of interception which she had adduced before the Commission, and to the further specification made to the Court (see paragraph 17 above). In addition she submitted that, contrary to the Commission’s approach, she should not be required to establish that there was a “reasonable likelihood” that calls made on her home telephone were intercepted. Such a requirement would be inconsistent with the Court’s pronouncement in the above-mentioned Klass and Others case that the menace of surveillance could in itself constitute an interference with Article 8 rights (art. 8). In the alternative, she contended that if the Court did require her to show some indication that she had been affected, the evidence brought by her was satisfactory; given the secrecy of the alleged measures it would undermine the effectiveness of the protection afforded by the Convention if the threshold of proof were set too high.
The Government explained that they could not disclose whether or not there had been any interception of calls made from the telephone in Ms Halford’s home, since the finding which the Interception of Communications Tribunal was empowered to make under the 1985 Act was deliberately required to be couched in terms which did not reveal whether there had been an interception on a public telecommunications system properly authorised under the Act or whether there had in fact been no interception. They could, however, confirm that the Tribunal was satisfied that there had been no contravention of sections 2 to 5 of the 1985 Act in Ms Halford’s case (see paragraphs 19 and 32 above).
The Commission, applying its case-law, required the applicant to establish that there was a “reasonable likelihood” that calls made on her home telephone had been intercepted (see, for example, the report of the Commission on application no. 12175/86, Hewitt and Harman v. the United Kingdom, 9 May 1989, Decisions and Reports 67, pp. 98-99, paras. 29-32). Having reviewed all the evidence, it did not find such a likelihood established.
The Court recalls that in the above-mentioned Klass and Others case it was called upon to decide, inter alia, whether legislation which empowered the authorities secretly to monitor the correspondence and telephone conversations of the applicants, who were unable to establish whether such measures had in fact been applied to them, amounted to an interference with their Article 8 rights (art. 8). The Court held in that case that “in the mere existence of the legislation itself there is involved, for all those to whom the legislation could be applied, a menace of surveillance; this menace necessarily strikes at freedom of communication between users of the postal and telecommunication services and thereby constitutes an ‘interference by a public authority’ with the exercise of the applicants’ right to respect for private and family life and for correspondence” (p. 21, para. 41).
The Court further recalls that in its above-mentioned Malone judgment, in addition to finding that one telephone conversation to which the applicant had been a party had been intercepted at the request of the police under a warrant issued by the Home Secretary, it observed that “the existence in England and Wales of laws and practices which permit and establish a system for effecting secret surveillance of communications amounted in itself to an ‘interference’” (pp. 30-31, para. 64).
However, the essence of Ms Halford’s complaint, unlike that of the applicants in the Klass and Others case (cited above, p. 20, para. 38), was not that her Article 8 rights (art. 8) were menaced by the very existence of admitted law and practice permitting secret surveillance, but instead that measures of surveillance were actually applied to her. Furthermore, she alleged that the Merseyside police intercepted her calls unlawfully, for a purpose unauthorised by the 1985 Act (see paragraphs 26 and 53 above).
In these circumstances, since the applicant’s complaint concerns specific measures of telephone interception which fell outside the law, the Court must be satisfied that there was a reasonable likelihood that some such measure was applied to her.
In this respect the Court notes, first, that the Commission, which under the Convention system is the organ primarily charged with the establishment and verification of the facts (see, for example, the Aksoy v. Turkey judgment of 18 December 1996, Reports of Judgments and Decisions 1996-VI, p. 2272, para. 38), considered that the evidence presented to it did not indicate a reasonable likelihood that calls made on the applicant’s home telephone were being intercepted (see the report of the Commission, paragraph 65).
The Court observes that the only item of evidence which tends to suggest that calls made from Ms Halford’s home telephone, in addition to those made from her office, were being intercepted, is the information concerning the discovery of the Merseyside police checking transcripts of conversations. Before the Court, the applicant provided more specific details regarding this discovery, namely that it was made on a date after she had been suspended from duty (see paragraph 17 above). However, the Court notes that this information might be unreliable since its source has not been named. Furthermore, even if it is assumed to be true, the fact that the police were discovered checking transcripts of the applicant’s telephone conversations on a date after she had been suspended does not necessarily lead to the conclusion that these were transcripts of conversations made from her home.
The Court, having considered all the evidence, does not find it established that there was an interference with Ms Halford’s rights to respect for her private life and correspondence in relation to her home telephone.
In view of this conclusion, the Court does not find a violation of Article 8 of the Convention (art. 8) with regard to telephone calls made from Ms Halford’s home.
Osterreichischer Rundfunk & Ors
[2003] EUECJ C-465/00
“Community legislation
Recitals 5 to 9 in the preamble to Directive 95/46 show that it was adopted on the basis of Article 100a of the EC Treaty (now, after amendment, Article 95 EC) to encourage the free movement of personal data through the harmonisation of the laws, regulations and administrative provisions of the Member States on the protection of individuals with regard to the processing of such data.
According to Article 1 of Directive 95/46:
1. In accordance with this Directive, Member States shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data.
2. Member States shall neither restrict nor prohibit the free flow of personal data between Member States for reasons connected with the protection afforded under paragraph 1.
In this connection, recitals 2 and 3 of Directive 95/46 read as follows:
(2) Whereas data-processing systems are designed to serve man; whereas they must, whatever the nationality or residence of natural persons, respect their fundamental rights and freedoms, notably the right to privacy, and contribute to economic and social progress, trade expansion and the well-being of individuals;
(3) Whereas the establishment and functioning of an internal market in which, in accordance with Article 7a of the Treaty, the free movement of goods, persons, services and capital is ensured require not only that personal data should be able to flow freely from one Member State to another, but also that the fundamental rights of individuals should be safeguarded.
Recital 10 of Directive 95/46 adds:
(10) Whereas the object of the national laws on the processing of personal data is to protect fundamental rights and freedoms, notably the right to privacy, which is recognised both in Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms and in the general principles of Community law; …
Under Article 6(1) of Directive 95/46, personal data (that is, in accordance with Article 2(a), any information relating to an identified or identifiable natural person) must be:
(a) processed fairly and lawfully;
(b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes …
(c) adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed;
…
Article 2(b) of Directive 95/46 defines processing of personal data as:
any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
Under Article 7 of Directive 95/46, personal data may be processed only if one of the six conditions it sets out is satisfied, and in particular if:
(c) processing is necessary for compliance with a legal obligation to which the controller is subject; or
…
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller … to whom the data are disclosed.
According to recital 72 of Directive 95/46, the directive allows for the principle of public access to official documents to be taken into account when implementing the principles set out in the directive.
As regards the scope of Directive 95/46, Article 3(1) provides that it is to apply to the processing of personal data wholly or partly by automatic means, and to the processing otherwise than by automatic means of personal data which form part of a filing system or are intended to form part of a filing system. However, under Article 3(2), the directive shall not apply to the processing of personal data:
– in the course of an activity which falls outside the scope of Community law, such as those provided for by Titles V and VI of the Treaty on European Union and in any case to processing operations concerning public security, defence, State security (including the economic well-being of the State when the processing operation relates to State security matters) and the activities of the State in areas of criminal law;
– by a natural person in the course of a purely personal or household activity.
In addition, Article 13 of Directive 95/46 authorises Member States to derogate from certain of its provisions, in particular Article 6(1), where this is necessary to safeguard inter alia an important economic or financial interest of a Member State or of the European Union, including monetary, budgetary and taxation matters (Article 13(1)(e)) or a monitoring, inspection or regulatory function connected, even occasionally, with the exercise of official authority in certain cases referred to, including that in subparagraph (e) (Article 13(1)(f)).
The main proceedings and the questions referred for preliminary rulings
…………….
In those circumstances, the Verfassungsgerichtshof decided to stay proceedings and refer the following two questions to the Court for a preliminary ruling:
1. Are the provisions of Community law, in particular those on data protection, to be interpreted as precluding national legislation which requires a State body to collect and transmit data on income for the purpose of publishing the names and income of employees of:
(a) a regional or local authority,
(b) a broadcasting organisation governed by public law,
(c) a national central bank,
(d) a statutory representative body,
(e) a partially State-controlled undertaking which is operated for profit?
2. If the answer to at least part of the above question is in the affirmative:
Are the provisions precluding such national legislation directly applicable, in the sense that the persons obliged to make disclosure may rely on them to prevent the application of contrary national provisions?
…….
Findings of the Court
Directive 95/46, adopted on the basis of Article 100a of the Treaty, is intended to ensure the free movement of personal data between Member States through the harmonisation of national provisions on the protection of individuals with regard to the processing of such data. Article 1, which defines the object of the directive, provides in paragraph 2 that Member States may neither restrict nor prohibit the free flow of personal data between Member States for reasons connected with the protection of the fundamental rights and freedoms of natural persons, in particular their private life, with respect to the processing of that data.
Since any personal data can move between Member States, Directive 95/46 requires in principle compliance with the rules for protection of such data with respect to any processing of data as defined by Article 3.
It may be added that recourse to Article 100a of the Treaty as legal basis does not presuppose the existence of an actual link with free movement between Member States in every situation referred to by the measure founded on that basis. As the Court has previously held (see Case C-376/98 Germany v Parliament and Council [2000] ECR I-8419, paragraph 85, and Case C-491/01 British American Tobacco (Investments) and Imperial Tobacco [2002] ECR I-0000, paragraph 60), to justify recourse to Article 100a of the Treaty as the legal basis, what matters is that the measure adopted on that basis must actually be intended to improve the conditions for the establishment and functioning of the internal market. In the present case, that fundamental attribute was never in dispute before the Court with respect to the provisions of Directive 95/46, in particular those in the light of which the national court raises the question of the compatibility of the national legislation in question with Community law.
In those circumstances, the applicability of Directive 95/46 cannot depend on whether the specific situations at issue in the main proceedings have a sufficient link with the exercise of the fundamental freedoms guaranteed by the Treaty, in particular, in those cases, the freedom of movement of workers. A contrary interpretation could make the limits of the field of application of the directive particularly unsure and uncertain, which would be contrary to its essential objective of approximating the laws, regulations and administrative provisions of the Member States in order to eliminate obstacles to the functioning of the internal market deriving precisely from disparities between national legislations.
Moreover, the applicability of Directive 95/46 to situations where there is no direct link with the exercise of the fundamental freedoms of movement guaranteed by the Treaty is confirmed by the wording of Article 3(1) of the directive, which defines its scope in very broad terms, not making the application of the rules on protection depend on whether the processing has an actual connection with freedom of movement between Member States. That is also confirmed by the exceptions in Article 3(2), in particular those concerning the processing of personal data in the course of an activity … provided for by Titles V and VI of the Treaty on European Union or in the course of a purely personal or household activity. Those exceptions would not, at the very least, be worded in that way if the directive were applicable exclusively to situations where there is a sufficient link with the exercise of freedoms of movement.
The same observation may be made with regard to the exceptions in Article 8(2) of Directive 95/46, which concern the processing of specific categories of data, in particular those in Article 8(2)(d), which refers to processing carried out by a foundation, association or any other non-profit-seeking body with a political, philosophical, religious or trade-union aim.
Finally, the processing of personal data at issue in the main proceedings does not fall within the exception in the first indent of Article 3(2) of Directive 95/46. That processing does not concern the exercise of an activity which falls outside the scope of Community law, such as those provided for by Titles V and VI of the Treaty on European Union. Nor is it a processing operation concerning public security, defence, State security or the activities of the State in areas of criminal law.
The purposes set out in Articles 7(c) and (e) and 13(e) and (f) of Directive 95/46 show, moreover, that it is intended to cover instances of data processing such as those at issue in the main proceedings.
It must therefore be considered that Directive 95/46 is applicable to the processing of personal data provided for by legislation such as that at issue in the main proceedings.
The first question
By their first question, the national courts essentially ask whether Directive 95/46 is to be interpreted as precluding national legislation such as that at issue in the main proceedings which requires a State control body to collect and communicate, for purposes of publication, data on the income of persons employed by the bodies subject to that control, where that income exceeds a certain threshold.
…..
Findings of the Court
It should be noted, to begin with, that the data at issue in the main proceedings, which relate both to the monies paid by certain bodies and the recipients, constitute personal data within the meaning of Article 2(a) of Directive 95/46, being information relating to an identified or identifiable natural person. Their recording and use by the body concerned, and their transmission to the Rechnungshofand inclusion by the latter in a report intended to be communicated to various political institutions and widely diffused, constitute processing of personal data within the meaning of Article 2(b) of the directive.
Under Directive 95/46, subject to the exceptions permitted under Article 13, all processing of personal data must comply, first, with the principles relating to data quality set out in Article 6 of the directive and, second, with one of the criteria for making data processing legitimate listed in Article 7.
More specifically, the data must be collected for specified, explicit and legitimate purposes (Article 6(1)(b) of Directive 95/46) and must be adequate, relevant and not excessive in relation to those purposes (Article 6(1)(c)). In addition, under Article 7(c) and (e) of the directive respectively, the processing of personal data is permissible only if it is necessary for compliance with a legal obligation to which the controller is subject or is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller … to whom the data are disclosed.
However, under Article 13(e) and (f) of the directive, the Member States may derogate inter alia from Article 6(1) where this is necessary to safeguard respectively an important economic or financial interest of a Member State or of the European Union, including monetary, budgetary and taxation matters or a monitoring, inspection or regulatory function connected, even occasionally, with the exercise of official authority in particular cases including that referred to in subparagraph (e).
It should also be noted that the provisions of Directive 95/46, in so far as they govern the processing of personal data liable to infringe fundamental freedoms, in particular the right to privacy, must necessarily be interpreted in the light of fundamental rights, which, according to settled case-law, form an integral part of the general principles of law whose observance the Court ensures (see, inter alia, Case C-274/99 P Connolly v Commission [2001] ECR I-1611, paragraph 37).
Those principles have been expressly restated in Article 6(2) EU, which states that [t]he Union shall respect fundamental rights, as guaranteed by the [Convention] and as they result from the constitutional traditions common to the Member States, as general principles of Community law.
Directive 95/46 itself, while having as its principal aim to ensure the free movement of personal data, provides in Article 1(1) that Member States shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data. Several recitals in its preamble, in particular recitals 10 and 11, also express that requirement.
In this respect, it is to be noted that Article 8 of the Convention, while stating in paragraph 1 the principle that the public authorities must not interfere with the right to respect for private life, accepts in paragraph 2 that such an interference is possible where it is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
So, for the purpose of applying Directive 95/46, in particular Articles 6(1)(c), 7(c) and (e) and 13, it must be ascertained, first, whether legislation such as that at issue in the main proceedings provides for an interference with private life, and if so, whether that interference is justified from the point of view of Article 8 of the Convention.
Existence of an interference with private life
First of all, the collection of data by name relating to an individual’s professional income, with a view to communicating it to third parties, falls within the scope of Article 8 of the Convention. The European Court of Human Rights has held in this respect that the expression private life must not be interpreted restrictively and that there is no reason of principle to justify excluding activities of a professional … nature from the notion of private life (see, inter alia, Amann v. Switzerland [GC], no. 27798/95, § 65, ECHR 2000-II and Rotaru v. Romania [GC], no. 28341/95, § 43, ECHR 2000-V).
It necessarily follows that, while the mere recording by an employer of data by name relating to the remuneration paid to his employees cannot as such constitute an interference with private life, the communication of that data to third parties, in the present case a public authority, infringes the right of the persons concerned to respect for private life, whatever the subsequent use of the information thus communicated, and constitutes an interference within the meaning of Article 8 of the Convention.
To establish the existence of such an interference, it does not matter whether the information communicated is of a sensitive character or whether the persons concerned have been inconvenienced in any way (see, to that effect, Amann v. Switzerland, § 70). It suffices to find that data relating to the remuneration received by an employee or pensioner have been communicated by the employer to a third party.
Justification of the interference
An interference such as that mentioned in paragraph 74 above violates Article 8 of the Convention unless it is in accordance with the law, pursues one or more of the legitimate aims specified in Article 8(2), and is necessary in a democratic society for achieving that aim or aims.
………………..
However, that question need not arise until it has been determined whether such an interpretation of the national provision at issue is consistent with Article 8 of the Convention, as regards its required proportionality to the aims pursued. That question will be examined below.
It appears from the order for reference in Case C-465/00 that the objective of Paragraph 8 of the BezBegrBVG is to exert pressure on the public bodies concerned to keep salaries within reasonable limits. The Austrian Government observes, more generally, that the interference provided for by that provision is intended to guarantee the thrifty and appropriate use of public funds by the administration. Such an objective constitutes a legitimate aim within the meaning both of Article 8(2) of the Convention, which mentions the economic well-being of the country, and Article 6(1)(b) of Directive 95/46, which refers to specified, explicit and legitimate purposes.
It must next be ascertained whether the interference in question is necessary in a democratic society to achieve the legitimate aim pursued.
According to the European Court of Human Rights, the adjective necessary in Article 8(2) of the Convention implies that a pressing social need is involved and that the measure employed is proportionate to the legitimate aim pursued (see, inter alia, the Gillow v. the United Kingdom judgment of 24 November 1986, Series A no. 109, § 55). The national authorities also enjoy a margin of appreciation, the scope of which will depend not only on the nature of the legitimate aim pursued but also on the particular nature of the interference involved (see the Leander v. Sweden judgment of 26 March 1987, Series A no. 116, § 59).
The interest of the Republic of Austria in ensuring the best use of public funds, and in particular keeping salaries within reasonable limits, must be balanced against the seriousness of the interference with the right of the persons concerned to respect for their private life.
On the one hand, in order to monitor the proper use of public funds, the Rechnungshof and the various parliamentary bodies undoubtedly need to know the amount of expenditure on human resources in the various public bodies. In addition, in a democratic society, taxpayers and public opinion generally have the right to be kept informed of the use of public revenues, in particular as regards expenditure on staff. Such information, put together in the Report, may make a contribution to the public debate on a question of general interest, and thus serves the public interest.
The question nevertheless arises whether stating the names of the persons concerned in relation to the income received is proportionate to the legitimate aim pursued and whether the reasons relied on before the Court to justify such disclosure appear relevant and sufficient.
It is plain that, according to the interpretation adopted by the national courts, Paragraph 8 of the BezBegrBVG requires disclosure of the names of the persons concerned, in relation to income above a certain level, with respect not only to persons filling posts remunerated by salaries on a published scale, but to all persons remunerated by bodies subject to control by the Rechnungshof. Moreover, such information is not only communicated to the Rechnungshof and via the latter to the various parliamentary bodies, but is also made widely available to the public.
It is for the national courts to ascertain whether such publicity is both necessary and proportionate to the aim of keeping salaries within reasonable limits, and in particular to examine whether such an objective could not have been attained equally effectively by transmitting the information as to names to the monitoring bodies alone. Similarly, the question arises whether it would not have been sufficient to inform the general public only of the remuneration and other financial benefits to which persons employed by the public bodies concerned have a contractual or statutory right, but not of the sums which each of them actually received during the year in question, which may depend to a varying extent on their personal and family situation.
With respect, on the other hand, to the seriousness of the interference with the right of the persons concerned to respect for their private life, it is not impossible that they may suffer harm as a result of the negative effects of the publicity attached to their income from employment, in particular on their prospects of being given employment by other undertakings, whether in Austria or elsewhere, which are not subject to control by the Rechnungshof.
It must be concluded that the interference resulting from the application of national legislation such as that at issue in the main proceedings may be justified under Article 8(2) of the Convention only in so far as the wide disclosure not merely of the amounts of the annual income above a certain threshold of persons employed by the bodies subject to control by the Rechnungshof but also of the names of the recipients of that income is both necessary for and appropriate to the aim of keeping salaries within reasonable limits, that being a matter for the national courts to examine.”
Amwell View School v Dogherty
[2007] IRLR 198,
“The second substantial point taken in the grounds of appeal related to “human rights”. Ms Sethi submitted that to admit the disputed evidence would involve the Tribunal itself infringing the human rights of the governors who were members of the relevant panels. That, she argued, would be inconsistent with the duty imposed on a Tribunal (or any other public body) by section 6 of the Human Rights Act 1998 not to act incompatibly with convention rights.
The rights that Ms Sethi sought to invoke were the rights as enjoyed by the individual governors under Article 8 of the European Convention on Human Rights. That provides:
ARTICLE 8
RIGHT TO RESPECT FOR PRIVATE AND FAMILY LIFE
1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
Ms Sethi reminded us that the European Court of Human Rights had found Article 8 to be infringed in cases where public authorities had recorded or intercepted private conversations and sought to rely on those recordings in evidence. We were referred to Taylor-Sabori v United Kingdom (Application 47114/99, 22 October 2002) which has recently been followed and applied in Elahi v United Kingdom (Application 30034/04, 20 June 2006). She submitted that an order allowing into the public domain, at a Tribunal hearing, the transcriptions of remarks of the panel members made at the disciplinary and appeal hearings (and most particularly during the “deliberations”) would involve an infringement of their rights “to respect for … private and family life”. This extraordinarily broad submission was not supported by any authority.
We reject entirely the proposition that what occurred could possibly amount to the interference with any aspect of the right to “respect for… family life” enjoyed by any member of the panels of governors. The integrity of the relationship between a governor and a member of his or her family is not touched at all by admission of the evidence in question in this case.
In relation to the right to “respect for … private life”, it was submitted that there would be an interference with the governors’ private lives because their privacy would be invaded if their remarks made during “private deliberations” or their observations made during the “open hearings” (which were conducted in the absence of the public) should reach the public domain.
In our judgment, that not a correct analysis of the legal position. Each of the panel members had put themselves forward to carry out an aspect of the important voluntary work undertaken by many individual members of the public in the governance of schools. To that extent they were putting themselves, and the contributions that they made during the course of that work, into the “public” domain whilst acting in that role. It is difficult to consider them as retaining a right to personal privacy in relation to their participation (by words or conduct) in that socially-important public or quasi-public function. In our judgment, the privacy element of the right to “respect for …private life” of such a school governor is not engaged at all in the present circumstances.
Even if we are wrong as to that as a matter of principle, there is no actual evidence of any likely or potential interference with the private life of any governor who was a member of either of the two panels in question in this case. Rather, we are invited to accept the general proposition that the governors may be caused upset or disquiet if their remarks reach the public domain. We decline that invitation. This scenario is quite distinguishable from the facts of XXX v YYY (see above) which was relied upon by Ms Sethi and in which this Appeal Tribunal (Mitting J presiding, 9 April 2003) was dealing with the likely impact of public disclosure of certain evidence – in the form of images on a videotape – on the privacy of a child. There, this Tribunal was able to clearly hold at [17]:
“The public description or publication of such images would be severely embarrassing to him as he grows older. A more obvious infringement of his right to respect for his private life is hard to envisage.”
Nothing of that nature emerges in this case.
Even if we had been satisfied that there was an arguable infringement of Article 8(1) of the Convention, we would next have had to direct ourselves to Article 8(2). That contains a broad range of circumstances in which there may be justifiable interference with the Article 8(1) rights. As the European Court of Human Rights has repeatedly held, the provisions of Article 8(2) facilitate a balance between the protection of an individual’s Article 8 rights and the protection of the convention rights and freedoms of others. Certainly, the first step in applying Article 8(2) is that any interference must be “in accordance with the law”. As to that, we need only set out the following passage from Jones v University of Warwick [2003] EWCA Civ 151, [2003] 1 WLR 954 at [27]:
As the Strasbourg jurisprudence makes clear, the Convention does not decide what is to be the consequence of evidence being obtained in breach of Article 8 (see Schenk v Switzerland [1988] 13 EHRR 242 and PG and JH v United Kingdom application no. 44787/98 (25/9/2001 paragraph 76). This is a matter, at least initially, for the domestic courts. Once the court has decided the order, which it should make in order to deal with the case justly, in accordance with the overriding objectives set out in Part 1.1 of the CPR in the exercise of its discretion under Part 32.1, then it is required or it is necessary for the court to make that order. Accordingly, if the court could be said to have breached Article 8.1 by making the order which it has decided the law requires, it would be acting within Article 8.2 in doing so.
In the instant case, the Tribunal had satisfied itself that the evidence – which it had decided was relevant – should be admitted. As Jones itself demonstrates, and as the decision of this Employment Appeal Tribunal in McGowan v Scottish Water (Lord Johnston presiding, 23 September 2004) relied upon by Mr Thorogood exemplifies, a court or tribunal may properly admit relevant evidence even where it has been gathered in breach of an Article 8 right to “privacy” where to do so is adjudged to be necessary in order to secure a “fair” hearing as required by both the common law and Article 6 of the convention. We are not satisfied that the possibility of an infringement of the panel members’ rights under Article 8 would justify an exclusion of the relevant evidence on the facts of this case.
We should record that no argument was advanced to us, or to the Tribunal below, that the admission of the evidence in question during a public hearing might infringe the rights to privacy (whether under Article 8 or otherwise) of the children referred to in the transcripts, the parents of those children, or of the school staff and other witnesses who gave evidence before the panels. If, at the substantive hearing of the present claim, the Tribunal are persuaded that such an infringement may occur they have available their powers under Schedule 1 paragraph 16(1)(b) of the Employment Tribunals (Constitution & Rules of Procedure) Regulations 2004 to take certain evidence in private.
No doubt mindful of the fact that another alternative would be for the parties to agree, in advance, that references in all the evidence to children and their parents be anonymised, the Tribunal expressly stated in their reasons (albeit in the course of encouraging alternative resolution of the claim):
“Both parties are reminded that the hearing may well be covered by publicity,
both as to the evidence given during the hearing and the judgment at the end.””
COPLAND v. THE UNITED KINGDOM
– 62617/00 [2007] ECHR 253
“I. THE CIRCUMSTANCES OF THE CASE
The applicant was born in 1950 and lives in Llanelli, Wales.
In 1991 the applicant was employed by Carmarthenshire College (“the College”). The College is a statutory body administered by the State and possessing powers under sections 18 and 19 of the Further and Higher Education Act 1992 relating to the provision of further and higher education.
In 1995 the applicant became the personal assistant to the College Principal (“CP”) and from the end of 1995 she was required to work closely with the newly appointed Deputy Principal (“DP”).
In about July 1998, whilst on annual leave, the applicant visited another campus of the College with a male director. She subsequently became aware that the DP had contacted that campus to enquire about her visit and understood that he was suggesting an improper relationship between her and the director.
During her employment, the applicant’s telephone, e-mail and internet usage were subjected to monitoring at the DP’s instigation. According to the Government, this monitoring took place in order to ascertain whether the applicant was making excessive use of College facilities for personal purposes. The Government stated that the monitoring of telephone usage consisted of analysis of the college telephone bills showing telephone numbers called, the dates and times of the calls and their length and cost. The applicant also believed that there had been detailed and comprehensive logging of the length of calls, the number of calls received and made and the telephone numbers of individuals calling her. She stated that on at least one occasion the DP became aware of the name of an individual with whom she had exchanged incoming and outgoing telephone calls. The Government submitted that the monitoring of telephone usage took place for a few months up to about 22 November 1999. The applicant contended that her telephone usage was monitored over a period of about 18 months until November 1999.
The applicant’s internet usage was also monitored by the DP. The Government accepted that this monitoring took the form of analysing the web sites visited,the times and dates of the visits to the web sites and their duration and that this monitoring took place from October to November 1999. The applicant did not comment on the manner in which her internet usage was monitored but submitted that it took place over a much longer period of time than the Government admit.
In November 1999 the applicant became aware that enquiries were being made into her use of e-mail at work when her step-daughter was contacted by the College and asked to supply information about e-mails that she had sent to the College. The applicant wrote to the CP to ask whether there was a general investigation taking place or whether her e-mails only were being investigated. By an e-mail dated 24 November 1999 the CP advised the applicant that, whilst all e-mail activity was logged, the information department of the College was investigating only her e-mails, following a request by the DP.
…….
II. RELEVANT DOMESTIC LAW
A. Law of privacy
At the relevant time there was no general right to privacy in English law.
Since the implementation of the Human Rights Act 1998 on 2 October 2000, the courts have been required to read and give effect to primary legislation in a manner which is compatible with Convention rights so far as possible. The Act also made it unlawful for any public authority, including a court, to act in a manner which is incompatible with a Convention right unless required to do so by primary legislation, thus providing for the development of the common law in accordance with Convention rights. In the case of Douglas v Hello! Ltd ([2001] 1 WLR 992), Sedley LJ indicated that he was prepared to find that there was a qualified right to privacy under English law, but the Court of Appeal did not rule on the point.
The Regulation of Investigatory Powers Act 2000 (“the 2000 Act”) provided for the regulation of, inter alia, interception of communications. The Telecommunications (Lawful Business Practice) Regulations 2000 were promulgated under the 2000 Act and came into force on 24 October 2000. The Regulations set out the circumstances in which employers could record or monitor employees’ communications (such as e-mail or telephone) without the consent of either the employee or the other party to the communication. Employers were required to take reasonable steps to inform employees that their communications might be intercepted.
B. Contractual damages for breach of trust and confidence by employer
The House of Lords in Malik v Bank of Credit and Commerce International SA [1997] IRLR 462 confirmed that, as a matter of law, a general term is implied into each employment contract that an employer will not “without reasonable and proper cause, conduct itself in a manner calculated and likely to destroy or seriously damage the relationship of confidence and trust between employer and employee”. In Malik, the House of Lords was concerned with the award of so-called “stigma compensation” where an ex-employee is unable to find further employment due to association with a dishonest former employer. In considering the damages that could be awarded for breach of the obligation of trust and confidence, the House were solely concerned with the payment of compensation for financial loss resulting from handicap in the labour market. Lord Nicholls expressly noted that, “(f)or the present purposes I am not concerned with the exclusion of damages for injured feelings, the present case is concerned only with financial loss.”
In limiting the scope of the implied term of trust and confidence in Malik, Lord Steyn stated as follows:
“the implied mutual obligation of trust and confidence applies only where there is ‘no reasonable and proper cause’ for the employer’s conduct, and then only if the conduct is calculated to destroy or seriously damage the relationship of trust and confidence. That circumscribes the potential reach and scope of the implied obligation.”
C. Tort of misfeasance in public office
The tort of misfeasance in public office arises when a public official has either (a) exercised his power specifically intending to injure the plaintiff, or (b) acted in the knowledge of, or with reckless indifference to, the illegality of his act and in the knowledge or with reckless indifference to the probability of causing injury to the claimant or a class of people of which the claimant is a member (Three Rivers D.C. v. Bank of England (No.3) (HL) [2000] WLR 1220).
D. Data Protection Act 1984
At the time of the acts complained of by the applicant, the Data Protection Act 1984 (“the 1984 Act”) regulated the manner in which people and organisations that held data, known as “data holders”, processed or used that data. It provided certain actionable remedies to individuals in the event of misuse of their personal data. The 1984 Act has now been replaced by the Data Protection Act 1998.
Section 1 of the 1984 Act defined its terms as follows:
“(2) ‘Data’ means information recorded in a form in which it can be processed by equipment operating automatically in response to instructions given for that purpose.
(3) ‘Personal data’ means data consisting of information which relates to a living individual who can be identified from that information (or from that and other information in the possession of the data user…)
(4) ‘Data subject’ means an individual who is the subject of personal data.
(5) ‘Data user’ means a person who holds data, and a person ‘holds’ data if –
(a) the data form part of a collection of data processed or intended to be processed by or on behalf of that person as mentioned in subsection (2) above; and
(b) that person… controls the contents and use of the data comprised in the collection; and
(c) the data are in the form in which they have been or are intended to be processed as mentioned in paragraph (a)…
(7) ‘Processing’ in relation to data means amending, augmenting, deleting or re-arranging the data or extracting the information constituting the data and, in the case of personal data, means performing any of these operations by reference to the data subject.
(9) ‘Disclosing’ in relation to data, includes disclosing information extracted from the data …”
26. The “data protection principles” to be respected by data holders were set out in Part 1 to Schedule 1 of the Act as follows:
“1. The information to be contained in personal data shall be obtained, and personal data shall be processed, fairly and lawfully.
2. Personal data shall be held only for one or more specified and lawful purposes …
4. Personal data held for any purpose shall be adequate, relevant and not excessive in relation to that purpose or those purposes.”
27. Section 23 of the 1984 Act provided rights to compensation for the data subject in the event of unauthorised disclosure of personal data:
“ (1) An individual who is the subject of personal data held by a data user…and who suffers damage by reason of –
(c) …the disclosure of the data or, access having been obtained to the data, without such authority as aforesaid,
shall be entitled to compensation from the data user…for that damage and for any distress which the individual has suffered by reason of the…disclosure or access.”
…….
The 1984 Act also created the position of Data Protection Registrar, under a duty to promote the observance of the data protection principles by data users. In section 10 it created a criminal offence as follows:
“(1) If the Registrar is satisfied that a registered person has contravened or is contravening any of the data protection principles he may serve him with a notice (‘an enforcement notice’) requiring him to take … such steps as are so specified for complying with the principle or principles in question.
(2) In deciding whether to serve an enforcement notice, the Registrar shall consider whether the contravention has caused or is likely to cause any person damage or distress.
…
(9) Any person who fails to comply with an enforcement notice shall be guilty of an offence… “
THE LAW
I. ALLEGED VIOLATION OF ARTICLE 8 OF THE CONVENTION
The applicant alleged that the monitoring activity that took place amounted to an interference with her right to respect for private life and correspondence under Article 8, which reads as follows:
“1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.”
……
B. The Court’s assessment
The Court notes the Government’s acceptance that the College is a public body for whose acts it is responsible for the purposes of the Convention. Thus, it considers that in the present case the question to be analysed under Article 8 relates to the negative obligation on the State not to interfere with the private life and correspondence of the applicant and that no separate issue arises in relation to home or family life.
The Court further observes that the parties disagree as to the nature of this monitoring and the period of time over which it took place. However, the Court does not consider it necessary to enter into this dispute as an issue arises under Article 8 even on the facts as admitted by the Government.
1. Scope of private life
According to the Court’s case-law, telephone calls from business premises are prima facie covered by the notions of “private life” and “correspondence” for the purposes of Article 8 § 1 (see Halford, cited above, § 44 and Amann v. Switzerland [GC], no. 27798/95, § 43, ECHR 2000 II). It follows logically that e-mails sent from work should be similarly protected under Article 8, as should information derived from the monitoring of personal internet usage.
The applicant in the present case had been given no warning that her calls would be liable to monitoring, therefore she had a reasonable expectation as to the privacy of calls made from her work telephone (see Halford, § 45). The same expectation should apply in relation to the applicant’s e-mail and internet usage.
2. Whether there was any interference with the rights guaranteed under Article 8.
The Court recalls that the use of information relating to the date and length of telephone conversations and in particular the numbers dialled can give rise to an issue under Article 8 as such information constitutes an “integral element of the communications made by telephone” (see Malone v. the United Kingdom, judgment of 2 August 1984, Series A no. 82, § 84). The mere fact that these data may have been legitimately obtained by the College, in the form of telephone bills, is no bar to finding an interference with rights guaranteed under Article 8 (ibid). Moreover, storing of personal data relating to the private life of an individual also falls within the application of Article 8 § 1 (see Amann, cited above, § 65). Thus, it is irrelevant that the data held by the college were not disclosed or used against the applicant in disciplinary or other proceedings.
Accordingly, the Court considers that the collection and storage of personal information relating to the applicant’s telephone, as well as to her e-mail and internet usage, without her knowledge, amounted to an interference with her right to respect for her private life and correspondence within the meaning of Article 8.
3. Whether the interference was “in accordance with the law”
45. The Court recalls that it is well established in the case-law that the term “in accordance with the law” implies – and this follows from the object and purpose of Article 8 – that there must be a measure of legal protection in domestic law against arbitrary interferences by public authorities with the rights safeguarded by Article 8 § 1. This is all the more so in areas such as the monitoring in question, in view of the lack of public scrutiny and the risk of misuse of power (see Halford, cited above, § 49).
46. This expression not only requires compliance with domestic law, but also relates to the quality of that law, requiring it to be compatible with the rule of law (see, inter alia, Khan v. the United Kingdom, judgment of 12 May 2000, Reports of Judgments and Decisions 2000-V, § 26; P.G. and J.H. v. the United Kingdom, cited above, § 44). In order to fulfil the requirement of foreseeability, the law must be sufficiently clear in its terms to give individuals an adequate indication as to the circumstances in which and the conditions on which the authorities are empowered to resort to any such measures (see Halford, cited above, § 49 and Malone, cited above, § 67).
The Court is not convinced by the Government’s submission that the College was authorised under its statutory powers to do “anything necessary or expedient” for the purposes of providing higher and further education, and finds the argument unpersuasive. Moreover, the Government do not seek to argue that any provisions existed at the relevant time, either in general domestic law or in the governing instruments of the College, regulating the circumstances in which employers could monitor the use of telephone, e-mail and the internet by employees. Furthermore, it is clear that the Telecommunications (Lawful Business Practice) Regulations 2000 (adopted under the Regulation of Investigatory Powers Act 2000) which make such provision were not in force at the relevant time.
48. Accordingly, as there was no domestic law regulating monitoring at the relevant time, the interference in this case was not “in accordance with the law” as required by Article 8 § 2 of the Convention. The Court would not exclude that the monitoring of an employee’s use of a telephone, e-mail or internet at the place of work may be considered “necessary in a democratic society” in certain situations in pursuit of a legitimate aim. However, having regard to its above conclusion, it is not necessary to pronounce on that matter in the instant case.
49. There has therefore been a violation of Article 8 in this regard.
II. ALLEGED VIOLATION OF ARTICLE 13 IN CONJUNCTION WITH ARTICLE 8 OF THE CONVENTION
The applicant submitted that no effective domestic remedy existed for the breaches of Article 8 of which she complained and that, consequently, there had also been a violation of Article 13 which provides as follows:
“Everyone whose rights and freedoms as set forth in [the] Convention are violated shall have an effective remedy before a national authority notwithstanding that the violationhas been committed by persons acting in an official capacity.”
Having regard to its decision on Article 8 (see paragraph 48 above), the Court does not consider it necessary to examine the applicant’s complaint also under Article 13.
………………
……
FOR THESE REASONS, THE COURT UNANIMOUSLY
Holds that there has been a violation of Article 8 of the Convention;
Holds that it is not necessary to examine the case under Article 13 of the Convention.
Holds
(a) that the respondent State is to pay the applicant, within three months from the date on which the judgment becomes final in accordance with Article 44 § 2 of the Convention, the following amounts, to be converted into pounds sterling at the rate applicable at the time of settlement:
(i) EUR 3,000 (three thousand euros) in respect of non-pecuniary damage;
(ii) EUR 6,000 (six thousand euros) in respect of costs and expenses;
(iii) any tax that may be chargeable on the above amounts;
(b) that from the expiry of the above-mentioned three months until settlement simple interest shall be payable on the above amount at a rate equal to the marginal lending rate of the European Central Bank during the default period plus three percentage points;
LEANDER v. SWEDEN
[1987] ECHR 4
“
AS TO THE LAW
I. ALLEGED VIOLATION OF ARTICLE 8 (art. 8)
47. The applicant claimed that the personnel control procedure, as applied in his case, gave rise to a breach of Article 8 (art. 8), which reads:
“1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.”
He contended that nothing in his personal or political background (see paragraph 17 above) could be regarded as of such a nature as to make it necessary in a democratic society to register him in the Security Department’s register, to classify him as a “security risk” and accordingly to exclude him from the employment in question. He argued in addition that the Personnel Control Ordinance could not be considered as a “law” for the purposes of paragraph 2 of Article 8 (art. 8-2).
He did not, however, challenge the need for a personnel control system. Neither did he call in question the Government’s power, within the limits set by Articles 8 and 10 (art. 8, art. 10) of the Convention, to bar sympathizers of certain extreme political ideologies from security-sensitive positions and to file information on such persons in the register kept by the Security Department of the National Police Board.
A. Whether there was any interference with an Article 8 (art. 8) right
48. It is uncontested that the secret police-register contained information relating to Mr. Leander’s private life.
Both the storing and the release of such information, which were coupled with a refusal to allow Mr. Leander an opportunity to refute it, amounted to an interference with his right to respect for private life as guaranteed by Article 8 § 1 (art. 8-1).
B. Whether the interference was justified
1. Legitimate aim
49. The aim of the Swedish personnel control system is clearly a legitimate one for the purposes of Article 8 (art. 8), namely the protection of national security.
The main issues of contention were whether the interference was “in accordance with the law” and “necessary in a democratic society”.
2. “In accordance with the law”
(a) General principles
50. The expression “in accordance with the law” in paragraph 2 of Article 8 (art. 8-2) requires, to begin with, that the interference must have some basis in domestic law. Compliance with domestic law, however, does not suffice: the law in question must be accessible to the individual concerned and its consequences for him must also be foreseeable (see, mutatis mutandis, the Malone judgment of 2 August 1984, Series A no. 82, pp. 31-32, § 66).
51. However, the requirement of foreseeability in the special context of secret controls of staff in sectors affecting national security cannot be the same as in many other fields. Thus, it cannot mean that an individual should be enabled to foresee precisely what checks will be made in his regard by the Swedish special police service in its efforts to protect national security. Nevertheless, in a system applicable to citizens generally, as under the Personnel Control Ordinance, the law has to be sufficiently clear in its terms to give them an adequate indication as to the circumstances in which and the conditions on which the public authorities are empowered to resort to this kind of secret and potentially dangerous interference with private life (ibid., p. 32, § 67).
In assessing whether the criterion of foreseeability is satisfied, account may be taken also of instructions or administrative practices which do not have the status of substantive law, in so far as those concerned are made sufficiently aware of their contents (see the Silver and Others judgment of 25 March 1983, Series A no. 61, pp. 33-34, §§ 88-89).
In addition, where the implementation of the law consists of secret measures, not open to scrutiny by the individuals concerned or by the public at large, the law itself, as opposed to the accompanying administrative practice, must indicate the scope of any discretion conferred on the competent authority with sufficient clarity, having regard to the legitimate aim of the measure in question, to give the individual adequate protection against arbitrary interference (see the above-mentioned Malone judgment, Series A no. 82, pp. 32-33, § 68).
…………4. Conclusion
68. Accordingly, there has been no breach of Article 8 (art. 8).
II. ALLEGED VIOLATION OF ARTICLE 10 (art. 10)
69. The applicant further maintained that the same facts as constituted the alleged violation of Article 8 (art. 8) also gave rise to a breach of Article 10 (art. 10), which reads:
“1. Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers. This Article shall not prevent States from requiring the licensing of broadcasting, television or cinema enterprises.
2. The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary.”
70. The Commission found that the applicant’s claims did not raise any separate issues under Article 10 (art. 10) in so far as either freedom to express opinions or freedom to receive information was concerned. The Government agreed with this conclusion.
A. Freedom to express opinions
71. The right of recruitment to the public service is not in itself recognised by the Convention, but it does not follow that in other respects civil servants, including probationary civil servants, fall outside the scope of the Convention and notably of the protection afforded by Article 10 (art. 10) (see the Glasenapp and the Kosiek judgments of 28 August 1986, Series A no. 104, p. 26, §§ 49-50, and Series A no. 105, p. 20, §§ 35-36).
72. It has first to be determined whether or not the personnel control procedure to which the applicant was subjected amounted to an interference with the exercise of freedom of expression – in the form, for example, of a “formality, condition, restriction or penalty” – or whether the disputed measures lay within the sphere of the right of access to the public service. In order to answer this question, the scope of the measures must be determined by putting them in the context of the facts of the case and the relevant legislation (ibid.).
It appears clearly from the provisions of the Ordinance that its purpose is to ensure that persons holding posts of importance for national security have the necessary personal qualifications (see paragraph 24 above). This being so, access to the public service lies at the heart of the issue submitted to the Court: in declaring that the applicant could not be accepted for reasons of national security for appointment to the post in question, the Supreme Commander of the Armed Forces and the Commander-in-Chief of the Navy took into account the relevant information merely in order to satisfy themselves as to whether or not Mr. Leander possessed one of the necessary personal qualifications for this post.
73. Accordingly, there has been no interference with Mr. Leander’s freedom to express opinions, as protected by Article 10 (art. 10).
B. Freedom to receive information
74. The Court observes that the right to freedom to receive information basically prohibits a Government from restricting a person from receiving information that others wish or may be willing to impart to him. Article 10 (art. 10) does not, in circumstances such as those of the present case, confer on the individual a right of access to a register containing information on his personal position, nor does it embody an obligation on the Government to impart such information to the individual.
75. There has thus been no interference with Mr. Leander’s freedom to receive information, as protected by Article 10 (art. 10).”
Jones v University of Warwick
[2003] EWCA Civ 151 [2003] 1 WLR 954
The Lord Chief Justice: This is the judgment of the Court.
The issue which this appeal raises is whether, and if so when, a defendant to a personal injury claim is entitled to use as evidence a video of the claimant which was obtained by filming the claimant in her home without her knowledge after the person taking the film had obtained access to the claimant’s home by deception.
As Mr Robert Weir, who appears on behalf of the claimant contends, the issue on the appeal requires this court to consider two competing public interests: the interests of the public that in litigation, the truth should be revealed and the interests of the public that the courts should not acquiesce in, let alone encourage, a party to use unlawful means to obtain evidence.
…………..
Fortunately, in both criminal and civil proceedings, courts can now adopt a less rigid approach to that adopted hitherto which gives recognition to the fact that there are conflicting public interests which have to be reconciled as far as this is possible. The approach adopted in R v Karuna [1955] AC 197 and R v Sang [1980] AC 402 and R v Khan (Sultan) [1997] AC558 which was applied by the Judge has to be modified as a result of the changes that have taken place in the law. The position in criminal proceedings is that now when evidence is wrongly obtained the court will consider whether it adversely affects the fairness of the proceedings and, if it does, may exclude the evidence (section 78 of the Police and Criminal Evidence Act 1984). In an extreme case, the court will even consider whether there has been an abuse of process of a gravity which requires the prosecution to be brought to a halt (see R v William Loveridge & Others [2001] 2 CAR 29 and R v Mason & Others [2002] 2 CAR 38 (paragraph 50, 68 and 76). In civil proceedings, as Potter LJ recognised this in Rall v Hume [2001] 3 All ER 248, he commenced by saying:
“In principle the starting point in any application of this kind must be that where video evidence is available which, according to the defendant undermines the case of the claimant to an extent that would substantially reduce the award of damages to which she is entitled, it will usually be in the overall interests of justice to require that the defendants should be permitted to cross-examine the claimant and her medical advisors upon it.” (emphasis added)
But Potter LJ then added that this does not apply if the conduct of the defendant amounts “to trial by ambush”. The discretion on the court is not, however, confined to cases where the defendants have failed to make proper disclosure. A judge’s responsibility today in the course of properly managing litigation requires him, when exercising his discretion in accordance with the overriding objective contained in CPR Part 1, to consider the effect of his decision upon litigation generally. An example of the wider approach is that the judges are required to ensure that a case only uses its appropriate share of the resources of the court (CPR Part 1.1(2)(e)). Proactive management of civil proceedings, which is at the heart of the CPR, is not only concerned with an individual piece of litigation which is before the Court, it is also concerned with litigation as a whole. So the fact that in this case the defendant’s insurers, as was accepted by Mr Owen, have been responsible for the trespass involved in entering the claimant’s house and infringing her privacy contrary to Article 8(1) is a relevant circumstance for the court to weigh in the balance when coming to a decision as to how it should properly exercise its discretion in making orders as to the management of the proceedings.
Mr Weir argues that unless it was necessary for the insurers to take the actions they did, the evidence must inevitably, at least in a case such as this, be held inadmissible. He submits that otherwise the court would be contravening the duty that it is under, pursuant to section 6 of the Human Rights Act, not to contravene Article 8. While the court should not ignore the contravention of Article 8, to adopt Mr Weir’s approach would fail to recognise that the contravention would still remain that of the insurer’s enquiry agent and not that of the court. The court’s obligation under section 6 of the Human Rights Act is to “not itself act in a way which is incompatible with a convention right” (see Venables v News Group Newspapers Ltd [2001] 2 WLR 1038 at P. 1048/9 paras. 24-27).
As the Strasbourg jurisprudence makes clear, the Convention does not decide what is to be the consequence of evidence being obtained in breach of Article 8 (see Schenk v Switzerland [1988] 13 EHRR 242 and PG and JH v United Kingdom application no. 44787/98 (25/9/2001 paragraph 76). This is a matter, at least initially, for the domestic courts. Once the court has decided the order, which it should make in order to deal with the case justly, in accordance with the overriding objectives set out in Part 1.1 of the CPR in the exercise of its discretion under Part 32.1, then it is required or it is necessary for the court to make that order. Accordingly if the court could be said to have breached Article 8.1 by making the order which it has decided the law requires, it would be acting within Article 8.2 in doing so.
That leaves the issue as to how the court should exercise its discretion in the difficult situation confronting the district judge and Judge Harris. The court must try to give effect to what are here the two conflicting public interests. The weight to be attached to each will vary according to the circumstances. The significance of the evidence will differ as will the gravity of the breach of Article 8, according to the facts of the particular case. The decision will depend on all the circumstances. Here, the court cannot ignore the reality of the situation. This is not a case where the conduct of the defendant’s insurers is so outrageous that the defence should be struck out. The case, therefore, has to be tried. It would be artificial and undesirable for the actual evidence, which is relevant and admissible, not to be placed before the judge who has the task of trying the case. We accept Mr Owen’s submission that to exclude the use of the evidence would create a wholly undesirable situation. Fresh medical experts would have to be instructed on both sides. Evidence which is relevant would have to be concealed from them, perhaps resulting in a misdiagnosis; and it would not be possible to cross-examine the claimant appropriately. For these reasons we do not consider it would be right to interfere with the Judge’s decision not to exclude the evidence.
Mr Weir’s submission that we should determine the issue on the basis of the facts as they were before the district judge is not realistic. Nonetheless, it is right that we should make clear that we do not accept that the criticism of the claimant’s legal advisers for deciding not to reveal the contents of the video films in issue to their medical experts is justified. It was sensible to defer doing so until it was known whether the evidence could be used. While not excluding the evidence it is appropriate to make clear that the conduct of the insurers was improper and not justified. We disagree with the indication by Judge Harris to the contrary. The fact that the insurers may have been motivated by a desire to achieve what they considered would be a just result does not justify either the commission of trespass or the contravention of the claimant’s privacy which took place. We come to this conclusion irrespective of whether Mr Weir is right in contending that in this particular case the evidence could be obtained by other means.
Excluding the evidence is not, moreover, the only weapon in the court’s armoury. The court has other steps it can take to discourage conduct of the type of which complaint is made. In particular it can reflect its disapproval in the orders for costs which it makes. In this appeal, we therefore propose, because the conduct of the insurers gave rise to the litigation over admissibility of the evidence which has followed upon their conduct, to order the defendants to pay the costs of these proceedings to resolve this issue before the district judge, Judge Harris and this court even though we otherwise dismiss the appeal. This is subject to Mr Owen having an opportunity to persuade us to do otherwise. In addition, we would indicate to the trial judge that when he comes to deal with the question of costs he should take into account the defendant’s conduct which is the subject of this appeal when deciding the appropriate order for costs. He may consider the costs of the inquiry agent should not be recovered. If he concludes, as the complainant now contends, that there is an innocent explanation for what is shown as to the claimant’s control of her movements then this is a matter which should be reflected in costs, perhaps by ordering the defendants to pay the costs throughout on an indemnity basis. In giving effect to the overriding objective, and taking into account the wider interests of the administration of justice, the court must while doing justice between the parties, also deter improper conduct of a party while conducting litigation. We do not pretend that this is a perfect reconciliation of the conflicting public interests. It is not; but at least the solution does not ignore the insurer’s conduct.”
Laurence PAY v the United Kingdom
Delaney -v- Central Bank of Ireland
In the Matter of the Data Protection Acts, 1988 and 2003 and In the Matter of An Appeal Under Section 26 of the Data Protection Acts, 1988 and 2003
The Data Protection Commissioner v Cormac Doolin and Our Lady’s Hospice and Care Services
2020/123
Court of Appeal [Unapproved]
24 May 2022
unreported
[2022] IECA 117
Noonan J.
May 24, 2022
JUDGMENT
1. This appeal concerns the alleged misuse of data collected by a security camera on an employer’s premises for the purpose of disciplinary action against an employee. At the outset, it is worth noting that this is the third appeal brought in these proceedings from a decision of the appellant, the Data Protection Commissioner (“the DPC”) which concerns the use of data relating to the respondent in this appeal, Mr. Doolin. The DPC’s original decision, which was adverse to Mr. Doolin, was appealed by him to the Circuit Court, which dismissed the appeal. Mr. Doolin appealed to the High Court, which allowed the appeal. The DPC appeals to this Court against the judgment of the High Court. Following this judgment, there is the potential for a further appeal to the Supreme Court. Needless to say, the costs involved in all these appeals are very substantial and entirely disproportionate to the issue concerned, where there is no obvious necessity for such a multiplicity of appeals.
2. The resultant delays in the final determination of an issue that arose as far back as 2015 is unfair to the parties, particularly Mr. Doolin. This is not to mention the amount of scarce court time absorbed by this litigation. The situation arising in this case is by no means unique as there are other similar statutory provisions providing for such layers of appeal. It is to be hoped that the legislature will address this issue soon.
The Facts
3. Mr. Doolin was, at the relevant time, employed as a craftsman’s mate at Our Lady’s Hospice in Harold’s Cross by the Notice Party (“OLHCS”). On the 19th November, 2015, graffiti was discovered carved into a table in the staff tea room in a building at the Hospice, known as Anna Gaynor House, which read: “Kill all whites, ISIS is my life”. This discovery, coming as it did less than a week after the terror attacks at the Bataclan and elsewhere in Paris on the 13th November, 2015, caused considerable concern to OLHCS who contacted the Gardaí
4. The tea room in question was accessible by the use of fobs issued to staff members, including Mr. Doolin, and the area outside the door was monitored by a CCTV camera. The Gardaí advised OLHCS to review the footage from this camera for a three-day period from the 17th to the 19th November, 2015 so as to identify all persons entering the tea room during that period. A viewing of the footage showed Mr. Doolin entering the room on a number of occasions, although there is no suggestion that Mr. Doolin had any involvement in the graffiti incident.
5. However, the information gathered from the CCTV footage suggested that Mr. Doolin accessed the room for the purpose of taking unauthorised breaks, and this subsequently became the subject of a disciplinary process against Mr. Doolin which resulted in a sanction. Arising from this, Mr. Doolin made a complaint to the DPC claiming that the use of the data from the CCTV constituted a breach of the Data Protection Act, 1988.
6. The footage was viewed on one occasion only on the 20th November, 2015 by two members of OLHCS management, Mr. Paul Gahan, Human Recourses Manager, and Mr. Tommy Beatty, Capital Projects Manager.
7. On the 26th November, 2015, OLHCS wrote to Mr. Doolin in a letter captioned “Re: Investigation into Offensive Graffiti”. The letter indicated that a formal investigation was being commenced into two matters, the graffiti and the use of unauthorised breaks.
8. The documents disclosed show that Mr. Gahan sent an email at 10.06am on the 26th November, 2015 asking a Deirdre Congdon that the letter being sent to persons under investigation should refer to two investigations, suggesting the earlier letter preceded it. A further letter was sent the next day, the 27th November, 2015, this time captioned “Re: Formal Investigations” in the plural. The letter was otherwise in similar terms save that, instead of referring to the use of unauthorised breaks, it now referred to accessing the room at unauthorised times.
9. On the 1st December, 2015, a formal investigation meeting was held with Mr. Doolin who was interviewed by Mr. Gahan and Mr. Beatty. Although some controversy subsequently emerged about the availability of the minutes of that meeting, that is no longer live in this appeal. The interview with Mr. Doolin appears to have been almost exclusively focused on the taking of unauthorised breaks. He was shown an image of the graffiti and asked if he had seen it on the table, but he said he did not notice anything on the table. Beyond that, the interview was concerned with when and why Mr. Doolin accessed the room. Mr. Beatty put the following question to him: –
“The Gardaí asked us to look at the CCTV for the days previous to identify if there was a pattern. It came to light that you had accessed the room for 55 minutes on the day in question, the day previous 46 minutes and 50 minutes on the Tuesday. Why were you in the room?”
10. This question appears to demonstrate that Mr. Beatty and Mr. Gahan obtained information from the CCTV as to the days on which Mr. Doolin was in the room and for how long he was there. Mr. Doolin was asked if he wanted to see the CCTV footage and he declined but he agreed that he had taken the breaks in question without telling his manager.
11. On the next day, the 2nd December, 2015, Mr. Gahan wrote to Mr. Doolin sending him a copy of the typed minutes of the interview. The letter was, perhaps surprisingly, captioned “Re: Investigation into Offensive Graffiti” reflecting the first letter of the 26th November, 2015 which Mr. Gahan sought to have amended, as noted above.
12. The investigation panel completed its report entitled “Final Investigation Outcome Report” on the 15th January, 2016. The description of the investigation on the title page is:
“Investigation into staff member (Cormac Doolin) accessing the Anna Gaynor House tea room at unauthorised times.”
13. The report notes that CCTV footage and fob access to the room in question were examined. It appears that the fob access is recorded so that times of entry were available to the investigation panel. As the title to the report makes clear, it was concerned solely with access by Mr. Doolin to the room at unauthorised times and not with any investigation of Mr. Doolin in connection with the graffiti.
14. In that regard, the report expressly refers to the panel having reviewed the CCTV footage and produces a table in the body of the report showing that Mr. Doolin accessed the room on one occasion on each of the 17th, 18th and 19th November, 2015. In respect of each occasion, the date is given, the time of the access, the time leaving the room and the duration of the stay in the room. With regard to the times given, the report observes:
“Times of Unauthorised Access
The panel noted that CCTV footage timings are running approximately 16 minutes fast.”
15. This appears to be a reference to the fact that the panel was able to identify accurate timings from the fob records to establish that the timings on the CCTV were 16 minutes ahead of real time. The outcome of the report was:
“Outcome
Following a comprehensive consideration of the information obtained during this investigation the panel have established on the balance of probabilities that unauthorised breaks were taken by Mr. Cormac Doolin on the afternoons of Tuesday 17th, Wednesday 18th and Thursday 19th November 2015.”
16. The investigation outcome thus makes clear that it was solely concerned with the taking of unauthorised breaks and in fact makes no reference to any findings in connection with the graffiti. Mr. Doolin subsequently received a disciplinary sanction.
17. It is also relevant to note that in September 2012, OLHCS published its Policy on Closed Circuit Television. The introduction states as follows:
“The use of Closed Circuit Television (CCTV) in OLH&CS is part of the operational system for security. The appropriateness of using CCTV on OLH&CS premises was assessed as part of the commissioning process and was informed by historical experience on the hospice campus. The purpose of the system is to prevent crime and promote staff security and public safety.
OLH&CS ensures that its use of CCTV is carefully governed is (sic) in line with the Data Protection Act 1998 & 2003 and other relevant legislation.” (my emphasis)
18. A sign was placed beside each camera which read:
“Images are recorded for the purposes of health and safety and crime prevention.”
The Relevant Legislation
19. This case is primarily concerned with the provisions of Section 2(1)(c)(ii) of the Data Protection Act 1988 as amended by the Data Protection Act 2003. These have now been replaced by the Data Protection Act 2018 which gives effect to Regulation (EU) 2016/679 (General Data Protection Regulation) which contains similar provisions, so the issue arising here continues to have relevance.
20. Section 2 of the 1988 Act, as amended and insofar as relevant here, provides as follows:
“(1) A data controller shall, as respects personal data kept by him or her, comply with the following provisions:
(a) the data or, as the case may be, the information constituting the data shall have been obtained, and the data shall be processed, fairly,
(b) the data shall be accurate and complete and, where necessary, kept up to date,
(c) the data —
(i) shall have been obtained only for one or more specified, explicit and legitimate purposes,
(ii) shall not be further processed in a manner incompatible with that purpose or those purposes,
(iii) shall be adequate, relevant and not excessive in relation to the purpose or purposes …”
21. Section 1 of the 1988 Act provides various relevant definitions including that of “data”, which equates to information in a form in which it can be processed.
22. Central to this appeal is the definition of “processing” which is as follows:
“‘Processing’ of or in relation to information or data, means performing any operation or set of operations on the information or data, whether or not by automatic means, including-
(a) obtaining, recording or keeping the information or data,
(b) collecting, organising, storing, altering or adapting the information or data,
(c) retrieving, consulting or using the information or data,
(d) disclosing the information or data by transmitting, disseminating or otherwise making it available, or
(e) aligning, combining, blocking, erasing or destroying the information or data;”
23. Section 2D of the 1988 Act, as inserted by the 2003 Act, upon which some reliance is placed by Mr. Doolin, provides in relevant part:
“(1) Personal data shall not be treated, for the purposes of section 2(1)(a) of this Act, as processed fairly unless —
(a) in the case of data obtained from the data subject, the data controller ensures, so far as practicable, that the data subject has, is provided with, or has made readily available to him or her, at least the information specified in subsection (2) of this section …
(2) The information referred to in subsection (1)(a) of this section is:
…
(c) the purpose or purposes for which the data are intended to be processed.”
The DPC
24. Following upon the events described above, on the 17th June, 2016 Mr. Doolin made a complaint to the DPC (the functions of the DPC have now been transferred to the Data Protection Commission by virtue of the Act of 2018). The decision of the DPC was issued on the 27th July, 2018. It summarises the complaint in the following terms:
“You submitted a complaint dated 17 June 2016 to this office alleging that your employer, OLH&CS, used CCTV footage of you to sanction you for taking unauthorised breaks… You acknowledged that OLH&CS had a legitimate reason to view the CCTV footage in order to investigate the graffiti incident in line with its CCTV policy. However, you expressed objection to the CCTV subsequently being used for the monitoring of staff and for disciplinary proceedings, as this was not a stated purpose in OLH&CS’s CCTV policy and not in line with Section 2(1)(c) of the Acts.”
25. At para. 2, the DPC notes that:
“The data in question was personal data relating to you (consisting of your image held on CCTV footage) as you can be identified from it and the data relates to you as an individual.”
This observation is important as it reflects the view of the DPC that the data relating to Mr. Doolin which were the subject of the complaint were confined to his image on the CCTV, a point to which I will return.
26. The decision goes on to note (at para. 5) that the DPC was advised by OLHCS that the disciplinary action that was taken against Mr. Doolin was on the basis of admissions made by him and not on foot of the CCTV footage, which was not downloaded following the single viewing.
27. The DPC considered that the purpose for which the CCTV was viewed, in furtherance of the investigation into the graffiti incident, was a legitimate purpose (at para. 24):
“This Office is satisfied that the processing of your personal data in the form of a limited viewing of the relevant CCTV footage, without downloading or further processing of any kind was necessary for this purpose and did not go beyond the stated purpose.” (my emphasis)
28. It is also notable from the decision that the DPC consistently refers to “an investigation” having been undertaken by OLHCS, rather than “investigations”.
29. At para. 26, the DPC reached her conclusions in the following terms:
“I also considered whether the requirements of Section 2(1)(c)(ii) of the Acts had been met by OLH&CS. This requires that personal data must not be processed for purposes other than the purpose for which it was originally collected. In this case, I am satisfied that your images captured on CCTV were processed in connection with the investigation of a security incident when they were initially viewed by the investigation team for that purpose alone. The information gathered from that viewing may subsequently have been used for another purpose, i.e. disciplinary proceedings against you, but this in my view does not constitute a different purpose, because the CCTV images were not further processed for that second purpose. If the images were further processed for that second purpose, for example by downloading and use in the disciplinary proceedings against you, it might constitute further processing for a different purpose, but that did not happen in your case and no further processing of your images occurred for the second purpose.
27. Accordingly, I find that the limited viewing of your personal images took place exclusively for the security purpose for which the images were originally collected and that no contravention of Section 2(1)(c)(ii) occurred.”
30. The DPC accordingly found that no breach of the Data Protection Acts had occurred. As can been seen from the foregoing comments, the DPC considered that Mr. Doolin’s data were confined to the CCTV images and beyond the first and only viewing of those, no further processing occurred. This is strongly disputed by Mr. Doolin for reasons which will become apparent.
The Circuit Court
31. As noted in the DPC’s decision, an appeal from her determination lay to the Circuit Court under s. 26 of the Act. That appeal was heard by the Circuit Court (Her Honour Judge Linnane) on the 1st May, 2019.
32. The matter proceeded in the normal way on affidavit. Mr. Doolin’s grounding affidavits were responded to by Mr. John V. O’Dwyer, Deputy Commissioner in the Office of the DPC. Mr. O’Dwyer’s first affidavit was sworn on the 7th February, 2018. At para. 8, he refers to the minutes of the interview with Mr. Doolin on the 1st December, 2015 and avers:
“8. … It is clear from the minutes that the investigation meeting was concerned with the security issues presented by the graffiti incident and that the issue of the taking of unauthorised breaks at unauthorised locations arose and was addressed in this context. Having regard to the purpose and stage of the investigation, it would appear that the issues were clearly and closely related. Contrary to what the Appellant has asserted at paragraph 5 of the Grounding Affidavit, there was no ‘unlawful further processing of the CCTV footage’. Insofar as the CCTV footage formed the basis for the investigation meeting, it was on foot of its processing for security purposes, to include those relating to the investigation of the graffiti incident, the appropriateness of which the Appellant has acknowledged.”
33. These averments by Mr. O’Dwyer are, in reality, comments based on his interpretation of the minutes of the meeting of the 1st December, 2015. It seems to me that this court is equally well-equipped to interpret those minutes and, with respect to Mr. O’Dwyer, it is not at all clear to me that the meeting was solely concerned with security issues or issues relating to security. As I have noted already, while the graffiti incident was mentioned, the primary focus of the meeting appears to have revolved around the taking of unauthorised breaks by Mr. Doolin. How this is said to be a security issue or related to a security issue is not explained by Mr. O’Dwyer, nor has it ever been explained by OLHCS. It is certainly not explained in the Panel Report following this meeting in which the graffiti incident barely merits a mention. However, Mr. O’Dwyer repeats the same assertions at para. 11 which again are really little more than a statement of his opinion on the matter.
34. As noted, one central feature of this case is that it has never been explained by OLHCS, or indeed the DPC, how the taking of unauthorised breaks is said to amount to a security issue. It will be recalled that the OLCHS’s policy document on CCTV specified that its purpose was to prevent crime and promote staff security and public safety. The word “security” in its natural and ordinary meaning, may be taken to refer to a danger or threat to the safety of persons and/or property. It has never been explained how it is said that the taking of unauthorised breaks by Mr. Doolin presented a danger or threat to the safety of persons at the Hospice, be they staff or visitors, or the property of the Hospice or any person present there.
35. There may of course be circumstances in which one might infer a security risk arising from the taking of unauthorised breaks by, say, a security guard who left the property unsupervised for a period of time. None of that arises in Mr. Doolin’s case so it is far from clear or obvious, in the absence of explanation, how the taking of unauthorised breaks by him could constitute a security issue or be related to such an issue.
36. In an affidavit replying to Mr. O’Dwyer’s first affidavit, Mr. Doolin makes a number of observations including the fact that, during the course of the investigation into the graffiti incident, OLHCS amended its CCTV policy by the amendment of the introductory paragraph in the following terms:
“The purpose of the system is to prevent crime and promote staff security and public safety. If, in the event of viewing CCTV for the specified purpose, a disciplinary action is observed, the CCTV can be used for the purpose of a disciplinary investigation. However, CCTV will not be viewed solely for the purpose of monitoring staff.”
37. The sole affidavit sworn on behalf of the notice party was sworn by Ms. Pat Pierce, its Data Protection Officer, who says that sanctions were imposed on Mr. Doolin as a result of his admissions made at the meeting of the 1st December, 2015. As already averred by Mr. O’Dwyer, Ms. Pierce reiterates that Mr. Doolin’s data were processed/reviewed on one occasion only arising out of the single viewing.
38. Mr. O’Dwyer swore a third affidavit on the 21st March, 2019. In paragraph 5 of this affidavit, Mr. O’Dwyer avers as follows:
“On the basis of the evidence before the court, I say that it is clear beyond doubt that the processing of the CCTV footage by OLHCS was for security purposes, arising directly from and relating to the investigation of the graffiti incident. It is clear that, in the particular circumstances of this case, the taking of unauthorised breaks at an unauthorised location, the site of the graffiti incident, was a serious and bona fide security issue and that the investigation by OLHCS, and the disciplinary action which resulted therefrom, arose directly out of and was directly connected to this security issue, albeit that the sanction applied in the context of the disciplinary action relied on admissions made by the applicant himself.”
39. As is subsequently pointed out in the judgment of the High Court, this averment by Mr. O’Dwyer is, to say the least, somewhat surprising. He appears to go considerably further than in his previous affidavits, and indeed than Ms. Pierce, the notice party’s own Data Protection Officer, in suggesting that the taking of unauthorised breaks at an unauthorised location was a serious and bona fide security issue. What is more, Mr. O’Dwyer feels able to express this conclusion “on the basis of the evidence before the Court”. However, as in his previous affidavits, I cannot see any justification for this statement that is to be found in the evidence before the Circuit Court. A similar conclusion was reached by the High Court as will become apparent.
40. Following the hearing, Judge Linnane gave an ex tempore ruling. She appears to have accepted that OLHCS carried out one investigation only (at Transcript, p. 93):
“It’s clear to me, as I say, that the processing of the footage was for that purpose, namely security, arising directly from and relating to the investigation of the graffiti incident.”
41. She relied for that conclusion on the averment of Mr. O’Dwyer to which I have referred and apparently also for the following statement (at Transcript, p. 94 and 95):
“Clearly, it was a security issue, Mr. Doolin being in an unauthorised place taking unauthorised breaks. In effect, he admitted a breach of security, i.e. by taking the unauthorised breaks. The disciplinary action was taken on his admissions …
I accept in the circumstances [counsel for the DPC’s] submission that the disciplinary action by his employer against Mr. Doolin was taken for security purposes. In fact I also accept, as has been argued, that there was one investigation, i.e. the graffiti incident, not two investigations, as argued by Mr. Doolin’s counsel. In all the circumstances, taking into account the facts of this case, I’m satisfied that Mr. Doolin has not established that he has satisfied the test for having this decision of the Data Protection Commission overturned. Accordingly, I am dismissing his appeal.”
The High Court
42. Mr. Doolin appealed to the High Court on a point of law as provided for in s. 26(3)(b) of the 1988 Act.
43. The High Court judge set out the background and chronology to the matter, noting as follows with regard to the Panel Report (at para. 12):
“The following observations may be made about the Panel Report. The Report is solely in respect of the investigation relating to staff members accessing the room at unauthorised times. It clearly relies inter alia directly on the CCTV footage, identifying as it does the precise times of entry and exit. Accordingly, it wholly undermines the claim of OLHCS that the investigation into unauthorised access was solely made on the basis of admissions. Finally, there is no reference at all to unauthorised access to the staff room being a security issue contrary to the averments of Mr. O’Dwyer of the DPC discussed below.”
44. The judge then set out the legal framework and in particular, the purpose limitation principle appearing in s. 2(1)(c)(ii) of the Act which transposes Art. 6(1)(b) of Directive 95/46/EC (“the “Data Protection Directive”). She also made extensive reference to the opinion of the Working Party 29 Group to which I will refer further, concerning the concept of purpose limitation.
45. The judge referred to four key factors identified by the Working Party to be considered during the compatibility assessment, the judge recognising that processing for a different purpose is not automatically incompatible but must be assessed on a case-by-case basis. The judge then referred to the decision of the DPC noting (at para. 32):
“It is clear from the Decision that the exclusive basis upon which it was found that no further processing had occurred was that the CCTV images had not been viewed in the disciplinary proceedings against the appellant. The Decision did not engage with what the Appellant had clearly stated in his email of 10 December 2017, i.e. that it was not CCTV footage that was used to sanction him but rather data retrieved and processed from the CCTV footage.”
46. The judge referred to Mr. O’Dwyer’s third affidavit, mentioned above, in the following terms (at para. 39):
“On 21st March 2019, the defence of the proceedings by the DPC took an unexpected turn. Mr. O’Dwyer swore a third affidavit on 21st March 2019 at which stage he identified a new basis for the further processing by OLHCS not identified by OLHCS either in the summary given by the DPC of the submissions made to it by OLHCS, in the Affidavit of Mr. (sic) Pierce, in the Panel Report or in any of the material exhibited to this appeal.”
47. In dealing with the evidential basis for the decision of the Circuit Court, the High Court was critical of the fact that the primary defence of the DPC now advanced was that the further use of the information gathered from the CCTV was in fact used for its original purpose i.e. security. She said that this marked a significant departure from the approach adopted in the Decision itself where the sole justification for rejecting the complaint was that although the material may in fact have been used for a different purpose, it was not further processed for that second purpose. She found that conclusion to be erroneous as a matter of law and considered that there had been a surprising shift in the approach of the DPC during the life of the proceedings.
48. The Court said (at para. 42):
“The DPC has gone from finding no breach because there was no further processing of the CCTV footage to asserting in these proceedings no breach because any further processing was done for the purpose for which the material was collected i.e. security.”
49. She described this new argument as “remarkable” because there was no evidence at all to support that argument, which became the sole basis for the rejection by the Circuit Court of the appeal.
50. In commenting on what she perceived as this inconsistency, the judge was of the view that the Circuit Court did not appear to have examined the underlying documents, including the Panel Report, the submissions of OLHCS to the DPC or the absence of any averment relating to security in the affidavit of Ms. Pierce of the 8th March, 2019. She continued (at para. 46): –
“A consideration of this material discloses that, as far as I can ascertain, at no point in time did OLHCS ever justify the further processing of the material gleaned from the CCTV footage in the disciplinary proceedings on the basis of security concerns. Rather, it (a) made the point that the CCTV footage itself was only viewed for security purposes and (b) that the disciplinary proceedings did not employ material derived from the footage but were based exclusively on admissions made by the Appellant at the interview on 1 December 2015. The idea that the use of the information obtained from the CCTV footage in the context of the disciplinary proceedings was for security purposes rather than for disciplinary purposes does not find a basis in any of the material before me. There is simply no evidence at all to this effect. Perhaps most significantly, as noted in my review of the exhibited material above, the Panel Report makes no reference whatsoever to unauthorised access to the tea room or unauthorised breaks being a security issue.”
51. Although the judge felt that the issue of whether there were one or two investigations was not particularly relevant, it appeared on balance that there were in fact two. At para. 50, the judge said:
“… [T]he evidence indicates that the use of the information from the CCTV footage in the context of the disciplinary hearing was used for an entirely different purpose to that for which it was collected.”
52. The judge said that had the CCTV material been intended to be used for disciplinary purposes as well as the other purpose identified, that would require to be identified, as was subsequently done on the policy amendment. Her review of the decision led her to conclude as follows:
“52. In summary the CCTV footage was collected for the express and exclusive purpose of security and was used (permissibly) for that purpose but was also used for a distinct and separate purpose, i.e. disciplinary proceedings into unauthorised breaks by an employee.
53. In the premises, it seems to me that there was no evidence upon which the Circuit Court could safely conclude that the further processing in the context of the disciplinary hearing was for security purposes, since the sole basis for this finding i.e. the averments of Mr. O’Dwyer in his third affidavit, were not themselves grounded on any material put forward by OLHCS.
54. I am therefore overturning the decision of the Circuit Court on the basis that there was no evidence for the conclusion that the disciplinary action, in which information derived from the CCTV footage was used, was carried out for security purposes.”
53. Separately, the judge was of the view that Mr. O’Dwyer’s averment to the effect that the sanction applied in the context of the disciplinary action relied on admissions made by the appellant himself was difficult to understand in circumstances where the Panel Report made no reference to admissions but rather expressly referred to a consideration of the CCTV footage and the information concerning the entry and exit dates and times which came from that footage and the fob access.
54. In dealing with the alleged breach of s. 26(1)(c)(ii), the High Court said that it was indisputable that the information contained in the CCTV footage was used for a different purpose than the one for which the data were originally collected. The fact that it was not downloaded does not mean that no further processing took place. She therefore considered contrary to the DPC’s findings, the CCTV images were further processed.
55. She accordingly allowed the appeal.
The Appeal to This Court
56. The first point that arises for consideration is whether an appeal to this court is available at all.
57. Mr. Doolin argues that it is not, by virtue of s. 39 of the Courts of Justice Act, 1936 which regulates appeals from the Circuit Court to the High Court and provides that such appeals shall be final and conclusive and not appealable. Certain well-known authorities are relied on in that regard – see Kinahan v Baila (Unreported, Supreme Court, 18th July 1985), Pepper Finance Corporation v Cannon[2020] IESC 2 and Bank of Ireland v Gormley[2020] IECA 102. Although Mr. Doolin objected to the DPC’s appeal on this basis both in his respondent’s notice and written submissions, it was however conceded at the hearing of the appeal by counsel for Mr. Doolin that reliance was no longer being placed on this point.
58. I think that concession was made properly. Prima facie, the position is that all judgments of the High Court are appealable to this Court by virtue of Art. 34.4.1 of the Constitution. Of particular significance also are the provisions of s. 26(3) of the 1988 Act itself which provides as follows:
“(a) Subject to paragraph (b) of this subsection, a decision of the [Circuit Court] under this section shall be final.
(b) An appeal may be brought to the High Court on a point of law against such a decision; and references in this Act to the determination of an appeal shall be construed as including references to the determination of any such appeal to the High Court and of any appeal from the decision of that Court.” (my emphasis)
59. Accordingly, the statute itself appears to expressly recognise that an appeal does indeed lie to this Court from the High Court.
60. There was little dispute between the parties as to the correct legal principles to be applied to a statutory appeal of this kind. The High Court relied on Deely v Information Commissioner[2001] 3 IR 439 where McKechnie J., then a judge of the High Court, said the following regarding appeals to that court on a point of law (at 452):
“There is no doubt but that when a court is considering only a point of law, whether by way of a restricted appeal or via a case stated, the distinction in my view being irrelevant, it is, in accordance with established principles, confined as to its remit, in the manner following:-
(a) it cannot set aside findings of primary fact unless there is no evidence to support such findings;
(b) it ought not to set aside inferences drawn from such facts unless such inferences were ones which no reasonable decision making body could draw;
(c) it can however, reverse such inferences, if the same were based on the interpretation of documents and should do so if incorrect; and finally;
(d) if the conclusion reached by such bodies shows that they have taken an erroneous view of the law, then that also is a ground for setting aside the resulting decision.”
61. This approach was subsequently approved by the Supreme Court in Sheedy v Information Commissioner & Ors.[2005] 2 IR 272.
62. The form that such an appeal should take was discussed by the Supreme Court in Orange Limited v Director of Telecoms (No. 2)[2000] 4 IR 159 where Keane C.J. said (at 184-5):
“In short, the appeal provided for under this legislation was not intended to take the form of a re-examination from the beginning of the merits of the decision appealed from culminating, it may be, in the substitution by the High Court of its adjudication for that of the first defendant. It is accepted that, at the other end of the spectrum, the High Court is not solely confined to the issues which might arise if the decision of the first defendant was being challenged by way of judicial review. In the case of this legislation at least, an applicant will succeed in having the decision appealed from set aside where it establishes to the High Court as a matter of probability that, taking the adjudicative process as a whole, the decision reached was vitiated by a serious and significant error or a series of such errors. In arriving at a conclusion on that issue, the High Court will necessarily have regard to the degree of expertise and specialised knowledge available to the first defendant.”
63. In the context of appeals to the Circuit Court against decisions of the DPC, the Supreme Court held in Nowak v The Data Protection Commissioner[2016] 2 IR 585 that the standard of review identified by Keane C.J. in Orange was the appropriate standard to apply.
64. In the course of oral submissions in this court, counsel for the DPC said that his case rested upon three fundamental propositions:
(a) The CCTV footage was viewed on one occasion only for the purpose specified in the Hospice CCTV Policy, namely security, and was not further processed thereafter. Accordingly, no breach of the 1988 Act occurred.
(b) Alternatively, if the CCTV footage was further processed by OLHCS, it was so processed for the purpose of the Hospice policy, namely for a security purpose.
(c) In the further alternative, if the court came to the conclusion that the CCTV footage was further processed and such processing was not for a security purpose, then it was for a purpose that was not incompatible with the security purpose.
The Article 29 Working Party
65. Article 29 of the Data Protection Directive of 1995 is entitled “Working Party on the Protection of Individuals with regard to the Processing of Personal Data”.Article 29.1 provides:
“1. A Working Party on the Protection of Individuals with regard to the Processing of Personal Data, hereinafter referred to as “the Working Party”, is hereby set up.
It shall have advisory status and act independently.”
66. The Working Party is in fact an expert group comprising data regulation experts from different Member States. Since the advent of GDPR, the same group has now been rebranded as the European Data Protection Board. Its function is set out in Art. 30 as including advising the European Commission on issues related to data protection. It prepares an annual report on data protection in the EU and third countries which is transmitted to the Commission, the European Parliament and the Council of Europe and is published. Its views and opinions have no particular legal status but are clearly influential and persuasive in the context of interpreting the Directive.
67. As the High Court judge pointed out, the issue arising in this case has not been to date the subject of any decision of the Court of Justice of the European Union or of our national courts. Accordingly, the High Court considered, and I agree, that regard can be had to the views of the Working Party as an aid to the interpretation of the Directive and national legislation which implements it, such as the 1988 Act.
68. On the 2nd April, 2013, the Working Party issued an opinion on purpose limitation which is quoted in some detail by the High Court judge. It is a lengthy document but helpfully contains an executive summary which states (at p. 3):
“Purpose limitation protects data subjects by setting limits on how data controllers are able to use their data while also offering some degree of flexibility for data controllers. The concept of purpose limitation has two main building blocks: personal data must be collected for ‘specified, explicit and legitimate’ purposes (purpose specification) and not be ‘further processed in a way incompatible’ with those purposes (compatible use).
Further processing for a different purpose does not necessarily mean that it is incompatible: compatibility needs to be assessed on a case-by-case basis. A substantive compatibility assessment requires an assessment of all relevant circumstances. In particular, account should be taken of the following key factors:
— the relationship between the purposes for which the personal data have been collected and the purposes of further processing;
— the context in which the personal data have been collected and the reasonable expectations of the data subjects as to their further use;
— the nature of the personal data and the impact of the further processing on the data subjects;
— the safeguards adopted by the controller to ensure fair processing and to prevent any undue impact on the data subjects.
Processing of personal data in a way incompatible with the purpose as specified at collection is against the law and therefore prohibited.”
69. The High Court cited a passage dealing with the general framework for compatibility assessment which need not be reproduced.
70. As appears above, one of the key factors to be considered in the compatibility assessment is the expectation of the data subjects as to the further use of their data. In this regard, the Working Group observes (at p. 24):
“The second factor focuses on the specific context in which the data were collected and the reasonable expectations of the data subjects as to their further use based on that context. In other words, the issue here is what a reasonable person in the data subject’s situation would expect his or her data to be used for based on the context of the collection.”
71. Annex 4 to the opinion gives a number of illustrative examples of this factor, the first of which appears at p. 56 as follows:
“Example One: Chatty Receptionist Caught on CCTV
A company installed a CCTV camera to monitor the main entrance to its building. A sign informs people that CCTV is in operation for security purposes. CCTV recordings show that the receptionist is frequently away from her desk and engages in lengthy conversations while smoking near the entrance area covered by the CCTV cameras. The recordings, combined with other evidence (such as complaints), show that she often fails to take telephone calls, which is one of her duties.
Apart from any other CCTV concerns that may be raised by this case, in terms of the compatibility assessment it can be accepted that a reasonable data subject would assume from the notice that the cameras are there for security purposes only. Monitoring whether or not an employee is appropriately carrying out her duties, such as answering phone calls, is an unrelated purpose which could not be reasonably be expected by the data subject. This gives a strong indication that the further use is incompatible. Other factors, such as the potential negative impact on the employee (for example, a possible disciplinary action), the nature of the data (video-footage), the nature of the relationship (employment context, suggesting imbalance in power and limited choice), and the lack of safeguards (such as, for example, notice about further purposes beyond security) may also contribute to and confirm this assessment.”
Were Mr. Doolin’s data processed more than once?
72. The first issue arising is whether Mr. Doolin’s data were processed more than once. The DPC was of the view that they were not. In my opinion, there is a manifest error in that conclusion, which is serious and significant.
73. The DPC found that the data in question were confined to the image of Mr. Doolin on the CCTV footage. However, that footage disclosed information, or data, concerning Mr. Doolin beyond merely his image. As the Panel Report records, it also disclosed where Mr. Doolin was and when he was there. It disclosed, whether by itself or in combination with the fob access records, the dates and times when Mr. Doolin entered the staff tea room, the dates and times when he left the staff tea room and the duration of his stay in the room. These are all specific pieces of information, or data, personal to Mr. Doolin above and beyond merely his image.
74. Further, specific reliance was placed on these pieces of information or data to support the disciplinary process pursued by OLHCS against Mr. Doolin.
75. The definition of “processing” appearing in s. 1 of the Act identifies five separate operations, or sets of operations, that are to be regarded as “processing”. The first, (a), includes obtaining or recording the information or data. Thus, the first processing of Mr. Doolin’s data took place when the data were obtained by being recorded on the CCTV footage. The DPC found in her decision, and argued again in this court, that this was not to be regarded as processing and that the first processing occurred with the viewing of the CCTV footage.
76. That does not appear to me to be consistent with the language of the 1988 Act which in the definition of “processing” at (a) expressly provides that obtaining data is processing. This is also consistent with the language of s. 2(1)(c) which provides at (i) that the data shall have been obtained for specified purposes and at (ii) that it shall not be further processed in a manner incompatible with that purpose or purposes. Clearly “further” processing can only occur after prior processing which suggests that the obtaining of the data must be regarded as a prior or first processing.
77. A second processing took place when those data were retrieved and consulted by being viewed by Mr. Gahan and Mr. Beatty (subparagraph (c) of the definition of “processing”). The third processing occurred when the data relating to the dates and times of access/egress by Mr. Doolin to and from the staff tea room were used by being tabulated in the Panel Report for the purpose of supporting a disciplinary sanction against him, (also subparagraph (c)).
78. It is thus clear to my mind that the proposition that his data were processed on one occasion only, by one viewing of the CCTV footage, cannot be correct, as the High Court found.
79. The next issue that thus arises is whether the data were further processed for the specified purpose, namely security.
Were Mr. Doolin’s data processed for the specified purpose?
80. As the High Court held, it seems to me that the critical error in the DPC’s Decision at the outset was in determining that the personal data in issue were confined to Mr. Doolin’s image. This inevitably led to further error, in particular with regard to whether there was further processing or not. Further, the DPC appears to have considered that there was one investigation only into the security issue and therefore the outcome of that investigation must be regarded as security related and thus satisfied the purpose specification.
81. Here again, I agree with the conclusion of the High Court that there were plainly two investigations or at minimum, one investigation into two different matters. The suggestion that the disciplinary investigation arose out of admissions made by Mr. Doolin at the interview on the 1st December, 2015 is manifestly incorrect as the evidence clearly demonstrates that the investigation commenced before that date and thus could not have originated from the admissions.
82. Because there were two investigations, it cannot be said that the investigation, singular, was for the purpose of security and by definition, its outcome must be for the same purpose. As I have pointed out already, the title of the Panel Report does not even purport to refer to security but in terms, describes the report as an “investigation into staff member (Cormac Doolin) accessing the Anna Gaynor House Tea Room at unauthorised times.”
83. It is clear to me therefore that the processing of Mr. Doolin’s data was not for a security purpose as the DPC contends. It was manifestly for a different purpose as the High Court judge found, but of course that is not the end of the inquiry. It is necessary thereafter to carry out a compatibility assessment and, in this regard, the DPC is critical of the High Court for failing to take this additional necessary step.
Were Mr. Doolin’s data processed for a purpose that was not incompatible?
84. It will be recalled that the High Court held that the evidence indicated that the use of the information from the CCTV footage was used for an entirely different purpose to that for which it was collected. The DPC is correct in arguing that the mere fact that the data were used for a different purpose does not mean that the use was unlawful. It is only where the further processing occurs in a manner incompatible with the stated purpose that an illegality arises.
85. It does seem to me from the fact that the judge said at several places in her judgment that Mr. Doolin’s data were used for an entirely different purpose to the specified purpose, it might reasonably be inferred that the judge implicitly considered the use of the data to have been incompatible with the specified purpose. This would also appear to follow from the fact that the judge made explicit reference to the Working Party opinion on the issue of compatibility so that it could not be said that the judge overlooked the issue. In fairness to the judge, it should also be remembered that neither the DPC nor the Circuit Court carried out any compatibility analysis and in fact never reached that point as a result of the erroneous finding that Mr. Doolin’s data were not processed further following the single viewing of the CCTV.
86. Even were it correct to say that the failure of the High Court to carry out a compatibility analysis was erroneous, on one view of matters the case should be remitted to the High Court to enable that analysis to be conducted. However, both parties urged on this court that rather than remitting the matter, the court should determine the issue itself. I think this is the sensible course, particularly in light of the comments I have made at the outset concerning the cost and delay that have been incurred in these proceedings to date.
87. It was urged on the court by the DPC that there could be no doubt but that the initial viewing of the CCTV was for a legitimate security purpose, namely that of identifying the perpetrator of the graffiti as advised by An Garda Siochána. The DPC argues that there is no analogy arising between the facts here and those of the example given by the Working Party, despite the obvious similarities. The critical distinction, it is said, is that in the Working Party example, the employer had no valid reason to view the CCTV and did so for the improper purpose of monitoring an employee. That does not arise here as the viewing was clearly legitimate.
88. Further, it was said that every employee entering the room for a defined period of time had to be regarded as a suspect for the graffiti incident, including Mr. Doolin, and accordingly the unauthorised access had a clear security dimension and was integral to the investigation of the graffiti. It must follow, it was argued, that even if the disciplinary process was not expressly for a security purpose, it was for a related purpose and thus not incompatible with the specified purpose.
89. Counsel for the DPC suggested that on the logic of Mr. Doolin’s argument, if he had been detected on the CCTV actually carving the graffiti into the table, while he might be amenable to criminal sanction, he could not be disciplined for the same thing. While there may be a superficial attraction to that argument, I think, on analysis, it is misconceived. In such a scenario, the employee would face the disciplinary process for doing the very thing which gave rise to the security issue in the first place. In that event it could not be argued that the CCTV was being used for an unspecified purpose or one that was incompatible.
90. That appears to me however to be a world away from this case. The fact that the viewing of the CCTV here was for the purpose of attempting to detect the perpetrator of the offensive graffiti and damage to Hospice property is entirely irrelevant to the incidental observation of Mr. Doolin taking unauthorised breaks. As I have already said, and as the High Court found, there was absolutely no evidence that the taking of such breaks represented a security issue in itself.
91. The logical conclusion of that argument is that, if, for example, another employee was picked up on the camera smoking a cigarette in the corridor outside the tea room, contrary to Hospice rules, the CCTV could equally be availed of to discipline that person. In that scenario, the purpose of the original viewing remains legitimate and on the DPC’s argument, it would follow that the processing of the data relating to the employee caught smoking must be regarded as related to, and not incompatible with, the security purpose. That, in my view, cannot be correct.
Conclusions
92. Central to the analysis, as the Directive and the 1988 Act make clear, is the concept of notification of the purpose to the data subject. There is no dispute here but that the security purpose, being the only specified purpose, was clearly identified in both the OLHCS CCTV policy and the notices beside the cameras themselves. Section 2D of the Act, cited above, makes clear that personal data shall not be treated as processed fairly unless the data subject is made aware, at or before the time when the data is obtained, of the purpose for which the data are intended to be processed.
93. The Working Party opinion identifies, as one of the key factors in the compatibility assessment, the reasonable expectations of the data subject as to the further use of their data. It seems to me that it could not reasonably be said in the present case that Mr. Doolin had either been notified that the CCTV could be used for disciplinary purposes or that there was any basis upon which he ought reasonably to have expected such use. It seems to me the contrary is much more likely to be the case.
94. Insofar, therefore, as it may be correct to say that the High Court overlooked the compatibility analysis, in my judgment it is clear in the present case that Mr. Doolin’s data were indeed used for a purpose other than, and incompatible with, the specified purpose. It follows therefore that such use was unlawful.
95. I am therefore in agreement with the findings of the High Court and accordingly I would dismiss this appeal.
96. With regard to costs, as Mr. Doolin has been entirely successful, it would seem to follow that he is entitled to the costs of this appeal. If the DPC wishes to contend for a different order, she will have liberty to apply within 14 days of the date of this judgment for a short supplemental hearing on costs. If such hearing is requested and does not result in an order different from that proposed, the DPC may additionally be liable for the costs of the supplemental hearing. In default of such application, an order in the terms proposed will be made.
97. As this judgment is delivered electronically, Haughton and Ní Raifeartaigh JJ. have indicated their agreement with it.