Open Justice Charter versus Privacy Rights

 The Guardian has published an article suggesting court lists should be freely available as part of a drive towards open data. William Perrin, in his own words a local active citizen, proposes (“with the government’s drive to transparency and open data “) a charter for transparency in the courts under which

people should be able to find out easily, on the internet:
what cases are expected to come up in a court from the time that they are scheduled
name, address and specific charges in all cases available from the time the case is scheduled (see footnote)
the full names, including first names, of judges, prosecution and defence lawyers, witnesses, and other professionals who speak during proceedings (e.g. magistrates’ clerks giving legal advice) from when they are known
judgements handed down from the end of the working day on which the case is concluded

Footnote

In criminal cases, the following basic information should be readily available
The full spelling of a defendant’s name
Their date of birth and full home address, including door number and postcode
The charges against them (including an opportunity to read them)
Written copies of any reporting restrictions applicable in the case

Perrin appreciates some of the risks

All the above is subject to contempt of court and protection of vulnerable defendants and witnesses

but

The longstanding openness of courts must not be compromised by data protection. In particular, well meaning but misplaced concerns about the data protection act and copyright must not stop the recording and transmission of information presented in open court.

(In passing, I struggle to understand his contrasting of “codified” data protection and copyright and “uncodified” open justice. If by “codified” he is referring to written laws and procedures then I would refer him to, in particular,  rule 39.2(1) of the Civil Procedure Rules, which provides that “The general rule is that a hearing is to be in public”. This is reinforced by our Convention rights, given full domestic effect in the Human Rights Act 1998. Article 6 says

In the determination of his civil rights and obligations or of any criminal charge against him, everyone is entitled to a fair and public hearing within a reasonable time by an independent and impartial tribunal established by law. Judgement shall be pronounced publicly by the press… (emphasis added))

Justice certainly should be, as a general principle, open. It is an ancient concept – it goes to the heart of the judicial system.  Lord Halsbury famously said, in 1913

Publicity is the very sole of justice…and the surest of all guards against improbity (Scott v Scott 1913 AC 417)

and Lord Diplock, in 1979

The application of this principle of open justice has two aspects: as respects proceedings in the court itself it requires that they should be held in open court to which the press and public are admitted and that, in criminal cases at any rate, all evidence communicated to the court is communicated publicly. As respects the publication to a wider public of fair and accurate reports of proceedings that have taken place in court the principle requires that nothing should be done to discourage this (Attorney-General  v Leveller Magazine Ltd. and Others [1979] A.C. 440)

At the recent Justice Wide Open event at CityUniversity, I saw Perrin speak eloquently about his experiences of trying to engage as a member of public in his local courts. He and other speakers gave dispiriting accounts of misinformed court staff and the paucity of reporters covering court news.  Addressing these shortfalls is a worthy aim, and I would not want to be seen as in any way criticising someone for doing that. Perrin, however, appears to see data protection (and perhaps to a lesser extent, the law of copyright) as contributing to an erosion of open justice.

The DPA has its origins – in part – in concerns about the potential for harm caused by electronic processing of personal information. As far back as 1972 the Younger Committee on Privacy had recognised public concerns about the accumulation by the state of electronic databanks. Electronic processing power has increased immeasurably since then, and it is in the light of that increase that we must consider proposals to open up the personal data of those appearing in court.

The DPA gives effect to theUK’s obligation under Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. In very broad terms it requires that those who “process” “personal data” in the role of “data controller” do so in compliance with the Act and specifically with eight data protection principles (at Schedule 1). Failure to do so can in some circumstances constitute a criminal offence. The DPA is enforced primarily by the Information Commissioner (IC) who has various powers, including one to impose monetary penalties (to a maximum of £500,000 for serious breaches of the Act).

Personal data are

data which relate to a living individual who can be identified from that data

so, clearly, someone’s name, address and criminal charge would be personal data

“Processing” is defined as

obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data

Publishing court listings on the internet would be classed as “carrying out an operation on the data”. Under Perrin’s proposals it would appear to be, at least in the first instance, the courts themselves which would be disclosing. The courts would certainly be classed as data controllers (the “person who…determines the purposes for which and the manner in which any personal data are…processed”). They would, therefore, have to process the personal data in accordance with the Act.

Just because personal data are or might be considered to be in the public domain, this does not necessarily authorise further processing. In R (on the application of Robertson) v City Of Wakefield Metropolitan Council [2001] EWHC Admin 915 the High Court held that the sale of the electoral register to commercial concerns was in breach of section 11 of the DPA (which gives data subjects the right to object to direct marketing based on their personal data) and of their Article 8 rights. Kay J rejected a submission that because an individual could not object to public right of inspection of the electoral register, there was not an actionable breach of these Article 8 rights arising from the sale of the same (and he could have equally rejected a similar submission on DPA grounds). The collection and publishing of personal data in the form of an electoral register available for physical public inspection was prescribed in law, and was a legitimate form of processing; its sale to commercial interests was not.

For similar reasons the Information Commissioner advises planning authorities that, although they may have a statutory duty to maintain, and make available for physical public inspection, a register of planning applications including objections

Extreme care should be taken to avoid any unnecessary disclosure of telephone numbers, email addresses and signatures. The need for the local authority to hold such information is obviously of benefit to all parties. However, there is no requirement to make it publicly available on the Internet… The recommendation…is that the applicant’s telephone number, email address and signature should not be visible via a website or other online system.

The DPA says that information about criminal offences will almost certainly be “sensitive personal data”, which includes

Personal data consisting of information as to… the commission or alleged commission by [the data subject] of any offence, or…any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.

Such data must be processed fairly and lawfully, but also at least one condition in Schedule 3 must be met. In simple terms, Schedule 3 will, broadly, for the current purposes, only permit processing of sensitive personal data if the data subject has explicitly consented to it,  if it is required by law or if it is necessary for the purposes of legal proceedings or the administration of justice.

Even the posting outside the court room of lists is processing of sensitive personal data, and, although there is some inconsistency (I have heard, for instance, that some courts tweet the names of defendants) the general approach is that these lists are not published widely by the court service. (To the limited extent that they are published I would suggest that the processing would be justified by an argument that it is necessary for the purposes of legal proceedings or the administration of justice.)

The problem with publishing, on the internet, the sort of information Perrin’s charter proposes, is that the internet has few limits, whether special, technological or temporal.

Anyone, in any country, could harvest the data published. They could amass huge data banks not just of criminals, but those who have merely been charged with an offence, as well as witnesses. If that information is then tied to their address (and date of birth) hugely sensitive databases could be created, about which there might be little knowledge, and over which there might be little control. In 2009 the Information Commissioner prosecuted a man called Ian Kerr for running a secret blacklist of containing information about construction workers’ personal relationships, trade union activity and employment history. Kerr created the blacklist on behalf of an organisation called The Consulting Association. The Commissioner only had jurisdiction because this processing of personal data took place in theUK. A blacklist amassed from court data, and hosted outside the EU, could be hugely damaging to the employment prospects of countless people, whether they be convicted, charged and not convicted, or even merely witnesses.

Moreover, this information could be kept indefinitely. Rehabilitation of offenders, and the laws that underpin the rehabilitation could be greatly compromised if this sort of court data is openly available for anyone to retain and archive. In S and Marper v United Kingdom 30562/04 [2008] ECHR 1581 the European Court of Human Rights held that the indefinite retention of DNA samples of people who had been arrested or charged, but not convicted of an offence, was a violation of Article 8 of the Convention, and observed that

The protection of personal data is of fundamental importance to a person’s enjoyment of his or her right to respect for private and family life, as guaranteed by Article 8 of the Convention. The domestic law must afford appropriate safeguards to prevent any such use of personal data as may be inconsistent with the guarantees of this Article

Marper was concerned with the indefinite retention of sensitive information under a state measure authorising its retention. Perrin’s charter is silent on how long the information it describes should be retained, or remain published, and it would be interesting to see how it would fit into the proposed new European data protection framework [pdf] which proposes a “right to be forgotten” (a right which in fact arguably already exists under principle 3 and 5 of the DPA), but even if the state or an emanation of the state deleted the data at a later date, it is difficult to see how any restrictions could be imposed on the information which would prevent its retention (even if such retention was unlawful) by private individuals, or organisations, or even other emanations of the state.

The permanence of internet-published information, and the ease with which it can be harvested and disseminated, could also greatly increase the risk of witness (and judge, and lawyer, and court official) intimidation or retribution, and most strategies for prevention [pdf] of this understandably focus on restricting the amount of information.

And, ultimately, mistakes and crimes often occur with the electronic processing of personal data. Given the huge financial pressures the court system is currently experiencing, it is very difficult to imagine that there could never be a data breach, and if one occurred it would potentially involve the personal data of vulnerable victims of crime, as well as witness, and those accused.

For these reasons, and absent any major change in the UK data protection statutory scheme (which in turn would suggest there would have had to have been a major change in the European framework) I have doubts that Perrin’s charter, as currently presented, could operate without the people acting under it being at risk of breach of the DPA, and potentially in violation of Article 8.

Those who work in the field of data protection are often accused of putting barriers in the way of progress, and of effective working. I don’t accept this: I’m an advocate of good data protection, but I’m also an advocate of freedom of information, transparency and open justice. It seems clear that the court system could be better at promoting open justice without disproportionately infringing private rights. However, I don’t think that Perrin’s charter is the way forward, because I do not feel it goes anywhere near far enough in adequately protecting the personal information of those who would be publicised under it.

Addendum 9 May 2012

Since writing this blog post my attention has been drawn to the Magistrates Court Act 1980 (thanks @Greg_Callus on twitter). Section 8 deals with restrictions on reporting of commital proceedings, and, by way of s8(4) permits publication of

(a)the identity of the court and the names of the examining justices;

(b)the names, addresses and occupations of the parties and witnesses and the ages of the accused and witnesses;

(c)the offence or offences, or a summary of them, with which the accused is or are charged;

(d)the names of the legal representatives engaged in the proceedings;

(e)any decision of the court to commit the accused or any of the accused for trial, and any decision of the court on the disposal of the case of any accused not committed;

(f)where the court commits the accused or any of the accused for trial, the charge or charges, or a summary of them, on which he is committed and the court to which he is committed;

(g)where the committal proceedings are adjourned, the date and place to which they are adjourned;

(h)any arrangements as to bail on committal or adjournment;

(i)whether a right to representation funded by the Legal Services Commission as part of the Criminal Defence Service was granted to the accused or any of the accused.

These provisions of the MCA appear to have been drafted in order to prevent the risk of prejudice to forthcoming trials, rather than with a view to protecting any privacy rights of accused. Nonetheless, they clearly, in general terms, permit publication of the sort of information proposed by Will Perrin’s Open Justice Charter. Whether the ICO would consider that they were sufficient to mean that a Schedule 3 DPA condition were met is another matter. The Data Protection (Processing of Sensitive Personal Data) Order 2000 does provide a Schedule 3 condition if the disclosure “is in the substantial public interest…[and]…is in connection with…the commission by any person of any unlawful act (whether alleged or established)…[and]…is for the special purpose [of journalism]”. However, can a blog, even one as clearly public-focussed as Perrin’s, be classed as “journalism”?

The MCA was enacted long before the internet as we know it was even conceived (it was amended in 1990 to encompass television broadcasts) and the DPA was enacted in the modern internet’s infancy. “Journalism” has no fixed definition, probably for very pragmatic reasons, but modern technology means that many people, such as bloggers, social commentators, twitter users, etc, are engaging, to a greater or lesser extent, in activities which might broadly be defined as journalism.

This leads on to wonder, in an age when “we are all journalists”, might we all benefit from the common law and statutory protections afforded to journalism? And, if so, in what way could journalism benefit from being a special category under laws such as the DPA?