Tag Archives: Human Rights

High Court muddle over data protection regime

A relatively common error by those unaccustomed to the rather odd structure of the data protection statutory regime in the UK, is to look first to the Data Protection Act 2018 (“DPA”) for the applicable law, instead of the UK GDPR. This is despite the fact that the very first section of the DPA instructs us in how the regime works. Section 1(2) provides that “most processing of personal data is subject to the UK GDPR”, and then sections 1(4) and (5) explain that Parts 3 and 4 of the DPA deal with those parts of the regime (law enforcement processing and intelligence services processing) which are out of the scope of UK GDPR.

“Put me to one side” – says the DPA tactfully – “you should have picked up your copy of the UK GDPR first, and not me”.

Accordingly, the key provisions, and the basic principles, applying to most processing, are to be found in the UK GDPR.

The result of this relatively common error, is that people will sometimes cite, say, section 45 of the DPA in relation to a generic subject access request, when in fact, the applicable provision is Article 15 of the UK GDPR (section 45 applies to subject access requests to competent authorities for the purposes of law enforcement).

Occasionally, I have seen non-specialist lawyers make this mistake.

And now, I have seen a high court judge do the same. In a judicial review case in the High Court of Northern Ireland, challenging the accuracy of a child’s social care records, part of the claim (which was primarily an Article 8 human rights claim) was pleaded as also a breach of Article 5(1) and (6) of the “GDPR” (the correct pleading should have been, and maybe was, by reference to the UK GDPR) and Part 1 of the DPA. Article 5(1) of the UK GDPR contains the data protection principles.

The judge, however, stated that

It seems to the court that in fact the relevant part of the 2018 Act are sections 86 to 91 which set out the six data protection principles in relation to data processing.

This is simply wrong. Sections 86 to 91 of the DPA lay out the data protection principles only in relation to intelligence services processing (i.e. processing of personal data by the Security Service, the Secret Intelligence Service or by the Government Communications Headquarters).

It isn’t clear whether there was any discussion about this in the court (quite possibly not), but it appears not to have been picked up when the judgment was circulated in draft or published to the parties. As it is, it seems very likely that nothing turns on it. This is because the Part 4 DPA principles, like the Part 3 DPA principles, effectively mirror the principles in Article 5(1) UK GDPR, and so the analysis, for the purposes of the substantive matter, was sound.

So this was an error of form, more than substance.

However, there are some differences between the UK GDPR regime, the Part 3 DPA regime and the Part 4 DPA regime, and in different circumstances an error like this could result in an outcome which is wrong, and harmful.

The views in this post (and indeed most posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under accuracy, Data Protection, Data Protection Act 2018, GDPR, human rights, Ireland, judiciary, UK GDPR

Ukraine Justice Alliance

My firm, Mishcon de Reya, is working with a collective of lawyers, law firms, and non-governmental organisations (NGOs) to form an alliance that will support Ukrainians in response to the catastrophic invasion of Ukraine. Please share widely:

Ukraine Justice Alliance

Leave a comment

Filed under human rights

The Seepage of Information Act

Transport yourself back to January 2020 (what a different world that was). You are a journalist, or maybe just an informed citizen, and you want to know what preparations the government had made in the event Boris Johnson had lost his seat in the general election a month previously.

You make a request for this information to the Cabinet Office under the Freedom of Information Act 2000 (FOIA). You know that you should get a response within twenty working days (section 10 of FOIA says so). And you know that there is a regulator (the Information Commissioner, or “ICO”) who oversees compliance with FOIA.

What you probably don’t expect is that, 25 months on, you not only haven’t received the information you requested but you have only just had a ruling from the ICO that you are not entitled to it.

That’s how long it has taken this request to make its way through what is an unacceptably slow process. The requester made the request to the Cabinet Office on 7 January 2020. By 12 March 2020 they had had no response whatsoever, so complained to ICO. Three months later, on 16 June 2020, ICO formally told the Cabinet Office to pull its finger out. On 3 August it did, and refused to disclose the requested information, citing one of the statutory exemptions. On 22 September 2020 the requester again complained to ICO, who then took sixteen months to decide that the Cabinet Office was entitled to rely on the exemption claimed.

What follows is far from a fully thought-out legal argument, but bear with me for the purposes of polemic: Article 10 of European Convention on Human Rights says that everyone has the qualified right to receive information (as well as to impart information) without interference by public authority. Previous attempts to argue that Article 10 confers something above and beyond FOIA in respect of accessing information from public authorities have foundered, on the grounds that, in context, Article 10 doesn’t add anything to the rights in FOIA (see Kennedy, para 92 and elsewhere). But it does seem to me that if the regulatory scheme itself interposes a delay which might be, as here, 1600% longer than the original statutory timescale given to the original recipient for responding to the request, the basis might arise for mounting an argument that the scheme fails to avoid public authority interference in the Article 10 fundamental right.

Maybe I’m overreaching. Let’s just say this: it cannot be right that it takes over two years to get a response and a regulatory decision on a FOIA request. Let’s hope new Commissioner John Edwards sorts this out.

The views in this post (and indeed most posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under access to information, Article 10, Cabinet Office, Freedom of Information, Information Commissioner

“Access delayed is access denied” – ICO’s terrible FOI compliance

Statistics show that the ICO is regularly delayed – sometimes very severely so – when responding to FOIA requests made to it. Is there a need for a review of the ICO’s own compliance?

The Information Commissioner’s Office (ICO) is tasked with regulating and enforcing the Freedom of Information Act 2000 (FOIA). The ICO is also – perhaps unusually for a regulator – subject to the law it regulates (it is a public authority, listed in Schedule One to FOIA). This means that – sometimes – the ICO must investigate its own compliance with FOIA. It also means that its own compliance with FOIA, and the seriousness with which it treats its own compliance, is bound to be viewed by other public authorities as an example.

FOIA is, let us not forget, of profound democratic importance. The right to receive information is one of the components of Article 10 of the European Convention on Human Rights. Information Commissioner Elizabeth Denham has previously said

openness of information, through FOI laws and other instruments, is vitally-important not only for government accountability in the moment, but also for the long-term health of our democracy… since information is power, the right to information goes to the heart of a democracy’s healthy functioning.

FOIA lays down timescales for complying with a request for information. The core one says that information must in general be provided within twenty working days. In that same speech Ms Denham referred to timeliness (“It is rightly said that access delayed is access denied”) and the benefits of publicising delays by authorities:

Reporting publicly on timeliness has proved to be a powerful tool for improving timely disclosure of information. And public authorities have used their poor grades to push successfully for more resources where the demand has outstripped supply.

Indeed, she has previously taken government departments to task for their FOIA delays

I think that central government though has got away with – I’m not going to say murder – I think they’ve got away with behaviour that needs to be adjusted…I know which organisations we need to focus on…

The ICO certainly has enforcement powers, and a policy which informs it when action is appropriate. The Freedom of information regulatory action policy (which doesn’t appear to have been updated since 2012) says that enforcement may be appropriate where there are “repeated or significant failures to meet the time for compliance” and that, when deciding to take enforcement action, the ICO will take into account such factors as

the severity and / or repetition of the breach; whether there is evidence that obligations are being deliberately or persistently ignored; whether there would be an educative or deterrent affect; whether it would help clarify or test an issue; and whether an example needs to be created or a precedent set.

With all of this in mind, one organisation the ICO apparently needs to focus on is itself.

Regrettably, and rather oddly, the ICO doesn’t publish figures on its own FOI compliance, except at a very high level, and combined with other types of access requests, in its annual report). This is despite the fact that the Code of Practice issued under section 45 of FOIA, observance of which the ICO is specifically tasked with promoting, says that public authorities with more than 100 members of staff should published detailed statistics on compliance.

However, what evidence there is indicates a repeated, and serious, failure by the ICO to comply with the timescales it is supposed to enforce on others. Of the formal decision notices issued by the ICO against itself, in 2020 and 2021, 50% (10 out of 20) found a failure to comply with the statutory timescale (and two further ones appear – from an analysis of the notices – to have involved delay, without resulting in a specific finding of such). And it is worth noting that these are formal decisions where requesters have asked for formal notices to be issued – it is almost inevitable that there will be similar delays in a significant proportion of those requests which don’t make it to a formal decision.

Indeed, analysis of recent requests to the ICO made on the request website WhatDoTheyKnowsimilarly shows delays in approximately half the requests. But even worse, many of those delays are of an extraordinary length. In two cases, requests made in February 2021 have only been responded to in November – delays of ninemonths, and in other cases there are delays of six, four and two months.

COVID has – no doubt – affected the ICO, as it has affected all organisations. But if the ICO needs extra resource to comply with FOIA, it has certainly not indicated that. Its published approach to regulatory compliance during the pandemic (not updated since June this year) says that where public authorities have backlogs, the ICO expects them to “establish recovery plans focused on bringing the organisation back within compliance with the Freedom of Information Act within a reasonable timeframe”. In the accompanying blogpost the Deputy Commissioner said that

we have seen more and more organisations adjusting to the circumstances, and returning to offering the transparency…our [own] recovery plan has had a positive impact in removing and reducing backlogs

If that is the case it is hard to know why the WhatDoTheyKnow examples (and one’s own experiences) show precisely the opposite picture.

What is also of concern – though this is an issue for policy-makers and Parliament – is that there is nothing that an individual can do when faced with delays like this, except complain – once more to the ICO. FOIA expressly does not permit individuals to take civil action against public authorities for failure to comply – the only recourse is through the ICO as regulator. Short of bringing judicial review proceedings, citizens must just suck it up.

In 2016 the Independent Commission on Freedom of Information said that FOIA was “generally working well”, but that it “would like to see a significant reduction in the delays in the process”. In 2016, that was not addressed at the ICO, but now it most certainly could be. That Independent Commission has long been dissolved. Meanwhile, the Public Administration and Constitutional Affairs Committee is conducting an inquiry into the Cabinet Office’s FOI handling. 

But, maybe, there actually needs to be some Parliamentary oversight of the ICO’s own FOI compliance.

The views in this post (and indeed most posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under access to information, Freedom of Information, human rights, Information Commissioner, rule of law, transparency

Journalist has to seek pro bono support to enforce subject access request

My firm Mishcon de Reya is acting for John Pring, stalwart editor of Disability News Service, who has been seeking access to his personal data from DWP for more than a year. The ICO upheld his complaint but (see this blog, passim) said it wouldn’t take steps to require DWP to comply.

More here, and here.

As a result of the latest letter, and media coverage, ICO has said it is reopening the case.

Leave a comment

Filed under access to information, DWP, GDPR, human rights, Information Commissioner, subject access, UK GDPR

If ICO won’t regulate the law, it must reboot itself

The exercise of the right of (subject) access under Article 15 of the General Data Protection Regulation (GDPR) is the exercise of a fundamental right to be aware of and verify the lawfulness of the processing of personal data about oneself.

That this is a fundamental right is emphasised by the range of enforcement powers available to the Information Commissioner’s Office (ICO), against those controllers who fail to comply with their obligations in response to an access request. These include the power to serve administrative fines to a maximum amount of €20m, but, more prosaically, the power to order the controller to comply with the data subject’s requests to exercise his or her rights. This, surely, is a basic function of the ICO – the sort of regulatory action which underlines its existence. This, much more than operating regulatory sandboxes, or publishing normative policy papers, is surely what the ICO is fundamentally there to do.

Yet read this, a letter shown to me recently which was sent by ICO to someone complaining about the handling of an access request:

 

Dear [data subject],

Further to my recent correspondence, I write regarding the way in which [a London Borough] (The Council) has handled your subject access request.

I have contacted the Council and from the evidence they have provided to me, as stated before, it appears that they have infringed your right to access under the GDPR by failing to comply with your SAR request. However, it does not appear as though they are willing to provide you with any further information and we have informed them of our dissatisfaction with this situation.

It is a requirement under the Data protection Act 2018 that we investigate cases to the ‘extent appropriate’ and after lengthy correspondence with the Council, it appears they are no longer willing co-operate with us to provide this information. Therefore, you may have better results if you seek independent legal advice regarding the matters raised in this particular case.

Here we have the ICO telling a data subject that it will not take action against a public authority data controller which has infringed her rights by failing to comply with an access request. Instead, the requester must seek her own legal advice (almost inevitably at her own significant cost).

Other controllers might look at this and wonder whether they should bother complying with the law, if no sanction arises for failing to do so. And other data subjects might look at it and wonder what is the point in exercising their rights, if the regulator will not enforce them.

This is the most stark single example in a collection of increasing evidence that the ICO is failing to perform its basic tasks of regulation and enforcement.

It is just one data subject, exercising her right. But it is a right which underpins data protection law: if you don’t know and can’t find out what information an organisation has about you, then your ability to exercise other rights is stopped short.

The ICO should reboot itself. It should, before and above all else, perform its first statutory duty – to monitor and enforce the application of the GDPR.

I don’t understand why it does not want to do so.

[P.S. I think the situation described here is different, although of the same species, to situations where ICO finds likely non-compliance but declines to take punitive action – such as a monetary penalty. Here, there is a simple corrective regulatory power available – an enforcement notice (essentially a “steps order”) under section 148 Data Protection Act 2018.]

The views in this post (and indeed most posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under access to information, Data Protection, GDPR, human rights, Information Commissioner

The wheels of the Ministry of Justice

do they turn so slowly that they’ll lead to the Lord Chancellor committing a criminal offence?

On 21 December last year, as we were all sweeping up the mince piece crumbs, removing our party hats and switching off the office lights for another year, the Information Commissioner’s Office (ICO) published, with no accompanying publicity whatsoever, an enforcement notice served on the Secretary of State for Justice. The notice drew attention to the fact that in July 2017 the Ministry of Justice (MoJ) had had a backlog of 919 subject access requests from individuals, some of which dated back to 2012. And by November 2017 that had barely improved – to 793 cases dating back to 2014.

I intended to blog about this at the time, but it’s taken me around nine months to retrieve my chin from the floor, such was the force with which it dropped.

Because we should remember that the exercise of the right of subject access is a fundamental aspect of the fundamental right to protection of personal data. Requesting access to one’s data enables one to be aware of, and verify the lawfulness of, the processing. Don’t take my word for it – look at recital 41 of the-then applicable European data protection directive, and recital 63 of the now-applicable General Data Protection Regulation (GDPR).

And bear in mind that the nature of the MoJ’s work means it often receives subject access requests from prisoners, or others who are going through or have been through the criminal justice system. I imagine that a good many of these horrendously delayed requests were from people with a genuinely-held concern, or grievance, and not just from irritants like me who are interested in data controllers’ compliance.

The notice required MoJ to comply with all the outstanding requests by 31 October 2018. Now, you might raise an eyebrow at the fact that this gave the MoJ an extra eight months to respond to requests which were already incredibly late and which should have been responded to within forty days, but what’s an extra 284 days when things have slipped a little? (*Pseuds’ corner alert* It reminds me of Larkin’s line in The Whitsun Weddings about being so late that he feels: “all sense of being in a hurry gone”).

Maybe one reason the ICO gave MoJ so long to sort things out is that enforcement notices are serious things – a failure to comply is, after all, a criminal offence punishable on indictment by an unlimited fine. So one notes with interest a recent response to a freedom of information request for the regular updates which the notice also required MoJ to provide.

This reveals that by July this year MoJ had whittled down those 793 delayed cases to 285, with none dating back further than 2016. But I’m not going to start hanging out the bunting just yet, because a) more recent cases might well be more complex (because the issues behind them will be likely to be more current, and therefore potentially more complex, and b) because they don’t flaming well deserve any bunting because this was, and remains one of the most egregious and serious compliance failures it’s been my displeasure to have seen.

And what if they don’t clear them all by 31 October? The notice gives no leeway, no get-out – if any of those requests extant at November last year remains unanswered by November this year, the Right Honourable David Gauke MP (the current incumbent of the position of Secretary of State for Justice) will, it appears, have committed a criminal offence.

Will he be prosecuted?

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

1 Comment

Filed under access to information, Data Protection, Directive 95/46/EC, GDPR, human rights, Information Commissioner, Ministry of Justice, Uncategorized

FOIA’s not the only route

News emerges of a potential judicial review attempt to force disclosure of government Brexit papers not under FOI but under common law and human rights to information

More than three years ago the Supreme Court handed down judgment in a long-running piece of litigation under the Freedom of Information Act 2000 (FOIA). Journalist Dominic Kennedy had attempted to get disclosure from the Charity Commission of information relating to inquiries into George Galloway’s “Mariam Appeal”. The Commission said, in effect, that the absolute exemption to disclosure at section 32(2) of FOIA was the end of the story, while Kennedy argued that Article 10 of the European Convention on Human Rights imposed a positive obligation of disclosure on public authorities, particularly when the requester was a “public watchdog” like the press, and that s32(2) should be read down accordingly to require disclosure in the circumstances (I paraphrase). In his leading opinion Lord Mance gave this stirring introduction:

Information is the key to sound decision-making, to accountability and development; it underpins democracy and assists in combatting poverty, oppression, corruption, prejudice and inefficiency. Administrators, judges, arbitrators, and persons conducting inquiries and investigations depend upon it; likewise the press, NGOs and individuals concerned to report on issues of public interest. Unwillingness to disclose information may arise through habits of secrecy or reasons of self-protection. But information can be genuinely private, confidential or sensitive, and these interests merit respect in their own right and, in the case of those who depend on information to fulfil their functions, because this may not otherwise be forthcoming. These competing considerations, and the balance between them, lie behind the issues on this appeal.

What was most interesting about the judgment in Kennedy, and, again, I disrespectfully heavily paraphrase, was that the Supreme Court basically said (as it has been wont to do in recent years) – “why harp on about your rights at European law, don’t you realise that our dear old domestic friend the common law gives you similar rights?”

the route by which [Mr Kennedy] may, after an appropriate balancing exercise, be entitled to disclosure, is not under or by virtue of some process of remodelling of section 32, but is under the Charities Act construed in the light of common law principles and/or in the light of article 10 of the Human Rights Convention, if and so far as that article may be engaged

This greatly excited those in the information rights field at the time, but since then, there has been little of prominence to advance the proposition that FOIA rights are not the only route [Ed. there’s a great/awful pun in there somewhere] but it did get a positive airing in R (Privacy International) v HMRC [2014] EWHC 1475 (Admin) (on which see Panopticon post here).

Yesterday (12 October) barrister Jolyon Maugham announced that his Good Law Project was seeking donors towards a judicial review application if the government refused to publish information and reports comparing the predicted economic harm of Brexit with the predicted economic benefits of alternative free trade agreements. Keen followers of information rights litigation will note that Tim Pitt-Payne  and Robin Hopkins are instructed: the potential respondents should quake in their boots.

Well worth watching this, and well worth – in my opinion – donating towards the cause.

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under Brexit, Freedom of Information, human rights, Open Justice

Anti-EU campaign database – in contravention of data protection laws?

The politics.co.uk site reports that an anti-EU umbrella campaign called Leave.EU (or is it theknow.eu?) has been written to by the Information Commissioner’s Office (ICO) after allegedly sending unsolicited emails to people who appear to have been “signed up” by friends or family. The campaign’s bank-roller, UKIP donor Aaron Banks, reportedly said

We have 70,000 people registered and people have been asked to supply 10 emails of friends or family to build out (sic) database

Emails sent to those signed up in this way are highly likely to have been sent in breach of the campaign’s obligations under the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), and the ICO is reported to have to written to the campaign to

inform them of their obligations under the PECR and to ask them to suppress [the recipient’s] email address from their databases

But is this really the main concern here? Or, rather, should we (and the ICO) be asking what on earth is a political campaign doing building a huge database of people, and identifying them as (potential) supporters without their knowledge? Such concerns go to the very heart of modern privacy and data protection law.

Data protection law’s genesis lie, in part, in the desire, post-war, of European nations to ensure “a foundation of justice and peace in the world”, as the preamble to the European Convention on Human Rights states. The first recital to the European Community Data Protection Directive of 1995 makes clear that the importance of those fundamental rights to data protection law.

The Directive is, of course, given domestic effect by the Data Protection Act 1998 (DPA). Section 2 of the same states that information as to someone’s political beliefs is her personal data: I would submit that presence on a database purporting to show that someone supports the UK”s withdrawal from the European Union is also her personal data. Placing someone on that database, without her knowledge or ability to object, will be manifestly “unfair” when it comes to compliance with the first data protection principle. It may also be inaccurate, when it comes to compliance with the fourth principle.

I would urge the ICO to look much more closely at this – the compiling of (query inaccurate) of secret databases of people’s political opinions has very scary antecedents.

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under accuracy, Data Protection, Directive 95/46/EC, Europe, human rights, Information Commissioner

Is an FOI request from an investigative journalist ever vexatious?

Last week, in the Court of Appeal, the indefatigable, if rather hyperbolic, Mr Dransfield was trying to convince three judges that his request, made long ago, to Devon County Council, for information on Lightning Protection System test results relating to a pedestrian bridge at Exeter Chiefs Rugby Ground, was not vexatious. If he succeeds in overturning what was a thorough, and, I think, pretty unimpeachable ruling in the Upper Tribunal, then we may, at last, have some finality on how to interpret section 14(1) of the Freedom of Information Act 2000 (FOIA):

a public authority [is not obliged] to comply with a request for information if the request is vexatious

But what is certain is that the Court of Appeal will not hand down a ruling which would allow a public authority to feel able merely to state that a request is vexatious, and do nothing more to justify reliance on it. But that is what the Metropolitan Police appear to have done in an extraordinary response to FOIA requests from the Press Gazette. The latter has been engaging in a campaign to expose what it believes to be regular use of surveillance powers to monitor or investigate actions of journalists. This is both a serious subject and a worthy campaign. Investigative journalism, by definition, is likely to involve the making of enquiries, sometimes multiple ones, sometimes speculative, “to discover the truth and to identify lapses from it”. It is inevitable that an investigative journalist will from time to time need to make use of FOIA, and the Information Commissioner’s Office (ICO) advises that

[public] authorities must take care to differentiate between broad requests which rely upon pot luck to reveal something of interest and those where the requester is following a genuine line of enquiry

The ICO doesn’t (and couldn’t) say that a FOIA request from an investigative journalist could never be classed as vexatious, but I think the cases when that would happen would be exceptional. The Upper Tribunal ruling by Wikeley J that Mr Dransfield is seeking to overturn talked of “vexatious” as connoting

a manifestly unjustified, inappropriate or improper use of a formal procedure

and

It may be helpful to consider the question of whether a request is truly vexatious by considering four broad issues or themes – (1) the burden (on the public authority and its staff); (2) the motive (of the requester); (3) the value or serious purpose (of the request) and (4) any harassment or distress (of and to staff)

although it was stressed that these were neither exhaustive, nor a “formulaic checklist”.

It is difficult to imagine that the motive of the Press Gazette journalists can be anything but well-intended, and similarly difficult to claim there is no value or serious purpose to the request, or the other requests which need to be considered for context. Nor has there been, as far as I am aware, any suggestion that the requests have caused Met staff any harassment or distress. So we are (while noting and acknowledging that we are not following a checklist) only likely to be talking about “the burden on the public authority and its staff”. It is true that some requests, although well-intentioned and of serious value, and made in polite terms, have been accepted either by the ICO or the First-tier Tribunal (FTT), as being so burdensome to comply with that (even before considering whether FOIA costs limits are engaged) they merit rejection on vexatiousness grounds. In 2012 the FTT upheld an appeal from the Independent Police Complaints Commission, saying that

A request may be so grossly oppressive in terms of the resources and time demanded by compliance as to be vexatious, regardless of the intentions or bona fides of the requester. If so, it is not prevented from being vexatious just because the authority could have relied instead on s.12 [costs limits]

and last year the FTT similarly allowed a late submission by the Department of Education that a request from the journalist Laura McInerney for information about Free School applications was vexatious because of the burden it would impose:

There is no question here of anything in the tone of the request tending towards vexatiousness; nor does anyone doubt Ms McInerney’s genuine motives…There is value in openness and transparency in respect of departmental decision making. That value would be increased by the academic scrutiny which the disclosed material would receive…In our judgment, however, these important considerations are dwarfed by the burden which implementation of the request places on DFE.

But it does not appear that the request in question from the Press Gazette was likely to go any way towards being grossly oppressive, or to being a burden which would “dwarf” the other considerations.

Moreover, and it does not appear to have been a point argued in the DfE case, there is an argument, explored through a series of cases in the Court of Justice of the European Union, and, domestically, in the Supreme Court, in Kennedy v ICO and Charity Commission, that Article 10 of the European Convention on Human Rights, providing as it does in part a right “to receive and impart information and ideas without interference by public authority” (subject to limitations that are prescribed by law, necessary and proportionate, and pursue a legitimate aim) might sometimes need to read down into FOIA, particularly where a journalist is the requester. Although the Supreme Court, by a majority, and on the facts (specifically in the context of a FOIA absolute exemption), rejected the submission in Kennedy, the argument in the abstract still has some weight – someone engaging in investigative journalism is clearly generally acting as a “social watchdog”, and the likelihood that they are making a FOIA request with bad motives, or without serious purpose, or in a way likely to harass or cause distress is correspondingly low. It seems to me that, absent the sort of “excessive burden” argument explored in the IPCC and DfE cases – and, as I say, the Met don’t seem to have advanced any such argument – to label a request from an investigative journalist as vexatious is to stand at the top of a slippery slope. One hopes that the Met review and reverse this decision.

p.s. In a world in which we are all journalists, this all has the potential to get very complicated.

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

149 Comments

Filed under Article 10, Freedom of Information, journalism, police