Last week, in a testy exchange with Ben Emmerson QC, the Chairman of the House of Commons’ home affairs select committee, Keith Vaz, trumpeted his committee’s commitment to transparency. The committee was taking evidence on the Independent panel inquiry into child sexual abuse and, at one point, Mr Emmerson QC, who had been heavily criticised by panel member Sharon Evans at a previous committee session, was keen to known whether a letter she had written had been, as Mr Vaz had previously indicated, published on the committee’s website. Mr Vaz replied (at 16:34:46)
Yes, yes, all letters that we receive – we don’t believe in suppressing information. This is Parliament so we put everything on the website
However, it now transpires that, when he said “everything”, this might have been taken too literally. It appears that not just correspondence might have been published, but, also, the names of four survivors of abuse. Sky News reports that
Survivors of child sex abuse have received death threats after their personal details and confidential communications with an abuse inquiry were published online.
Members of the group have written to the Home Secretary expressing “grave concern” about the publication of documents they say were leaked by a member of an abuse inquiry panel
In response, Mr Vaz, the Telegraph reports, said “The names of all these individuals were already in the public domain”.
However, just because names of victims or alleged victims of sexual offences are in the public domain does not provide a defence, for instance, to a charge under section 5 of the Sexual Offences (Amendment) Act 1992, (SO(A)A) which provides lifetime anonymity for such people, insofar as no publication may be made of their name, or address, or a still or moving picture of them.
Moreover, even if personal data is in the public domain, the provisions of the Data Protection Act 1998 (DPA) apply, and in the absence of a legal basis for publication, there will be a contravention of that Act if personal data is published unfairly. Given that complaints have been made about this publication, it certainly seems to be the case that the data subjects did not consent to such publication, and would not have had a reasonable expectation that it would happen. That would tend to suggest unfair processing.
I have written before about the dangers of inadvertently disclosing personal data in pursuance of an over-eager transparency agenda. It may be that Mr Vaz’s commitment to transparency on the part of his committee has realised these dangers.
However (and contrary to what I suggested in the first draft of this post – thanks Rich Greenhill) it appears that information published by a parliamentary committee is likely to be covered by parliamentary privilege (pages 58-59 of the Select Committee Red Book), and Greg Callus informs me that I failed to check the early-Victorian statute book – the Parliamentary Papers Act 1840 lays the basis for parliamentary privilege. This would probably provide a defence to charge of breach of SO(A)A, but it wouldn’t necessarily completely oust the regulatory jurisdiction of the Information Commissioner, in the event that the publication was inadvertent, as opposed to deliberate, and to the extent that it evinced a lack of organisational and technical measures to safeguard against unlawful or unfair processing of personal data (in contravention of the seventh data protection principle). This is because the DPA exemption (section 35A) applying to parliamentary privilege does not cover the seventh principle.However, I’m sure this is purely an academic question.
The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.