Data protection / Freedom of information / Privacy / Right to be forgotten

The First Tier Tribunal (Information Rights) refuses to disclose the names of 4 police officers involved in a ‘car selling-scam’… and a few considerations about the right to be forgotten

baby

Some of the most vocal criticisms of the right to be forgotten as interpreted by the Court of Justice of the European Union in its famous case decided on 13 May 2014 come from Internet giants. The Wikimedia foundation and the Wikipedia founder himself are no exception. “This right to be forgotten is the idea that people may demand to have truthful information about themselves selectively removed from the published public record or at least make it more difficult to find”, one can read in the press. And a common example given to explain why such a ruling is a bad ruling is that of criminal offenders sending notices to Google to make their convictions disappear from the web… the web now embodying the myth of the neutral marketplace of ideas, a myth that permeated the writings of US scholars and judges in the 1960’s and 1970’s.

These views are however over-simplifying the terms of the debate seeking to assess the real contribution of the right to be forgotten, which strictly speaking is the right not to have one’s name used as keywords to make links referring to webpages containing personal data appear in the list of search results when certain conditions are met (e.g. when the information being linked to appears, “having regard to all the circumstances of the case, to be inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes of the processing at issue carried out by the operator of the search engine”).

Robert Peston’ story is interesting in this regard as it took him a couple of days to realise that “what Google has done [to his blog] is not quite the assault on public-interest journalism that it might have seemed”.

In order to truly assess the contribution of the right to be forgotten, one should in reality step into the shoes of an individual, who is not a public figure, but who is both a consumer and eventually a producer of online content: on some occasions others may have expressed views about him which are only a partial account of who he is and what he does or, he himself might have expressed views that he does not hold anymore.

But here we are, it is a very common practice to throw out the baby with the bath water in the field of privacy law. And it is likely that the recent decision of the First Tier Tribunal (Information Rights) of 16 October 2014 in a case about the interplay between the Freedom of Information Act of 2000 (FOIA) and the Data protection Act of 1998 (DPA) will provoke the same kind of reaction.

In this case the appellant wanted to know the names of four police officers who, as told by the press, had been dismissed for gross misconduct (a Lancashire Evening Post article titled “Police sacked in car-selling ‘scam’” had been dedicated to the issue). As explained by the Tribunal the scam “involved the purchase of unmarked police cars for use in covert operations. In a bid to stop the cars being identified by criminals, they were changed frequently and sold by Lancashire Constabulary to the public at heavily reduced prices, most cars being around 6 to 12 months old. The officers who were subject to the investigation and dismissal had ordered cars for police work with particular specifications which they wanted for themselves, knowing that the cars would soon be available to buy personally at a reduced cost.” Although the police officers had been charged with gross misconduct, the Crown Prosecution Service had subsequently decided not to prosecute the officers.

The Independent Police Complaints Commission (IPCC), the Information Commissioner and the First Tier Tribunal all refused to grant the request for the disclosure of the names of the police officers, relying in particular on section 40(2) FOIA. Why so?

In its decision of 16 October the Tribunal confirmed that the requested information was sensitive data within the meaning of s.2 (g) of the DPA, as it was information about “the commission or alleged commission….of any offence”. This, for the Tribunal, put “the data into a category where it needs to be treated with particular care and where it is not normally disclosed unless there is a justifiable reason for doing so”.

Moreover, as acknowledged by the Tribunal, for the IPCC to be able to perform its duties, it should be able to keep relevant information confidential, which meant that the police officers had a reasonable expectation of privacy in these circumstances. [But this does not seem to be the most important bit of the decision].

Interestingly two additional arguments are put forward to justify the non-disclosure:

  • The police officers had not put the information into the public domain.
  • The disclosure had not been sought for the purposes of journalism and subsequent publication in a newspaper or book.

In other words, what the Tribunal may be saying is that yes data relating to the commission or alleged commission of an offence are sensitive data and the processing of these data, in particular the disclosure of these data, requires compliance with high ethical standards.

Sophie Stalla-Bourdillon

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s