The Information Tribunal has disagreed with the Information Commissioner’s ruling, and ruled that, if the email still existed, it was still “held” and therefore the University should disclose the email or issue a valid refusal notice.

Whilst this ruling relates to the Environmental Information Regulations, it is based on the same principles as disclosures under the Freedom of Information Act 2000 and is an interesting precedent.

Whilst this ruling relates to the Environmental Information Regulations, it is based on the same principles as disclosures under the Freedom of Information Act 2000 and is an interesting precedent.

The Information Commissioner’s Office and, now on appeal, the Information Tribunal agreed with the police. The Tribunal also discounted Ms Smith’s claims that sensitive personal data can be disclosed if it is in the substantial public interest to do so. The Tribunal ruled that although there was public interest in establishing data on sexual offences, the higher threshold of substantial public interest had not been surmounted. There was public interest in establishing sexual offences by teachers and others in positions of trust. Substantial public interest could have been for something like prevalence of sexual offender activity or police incompetence in dealing with the issue. The Tribunal decided that although the decision was finely balanced, the police were right not to reveal the information that could have led to identifying individuals in this case.

The ruling can be found here: http://www.bailii.org/uk/cases/UKFTT/GRC/2011/2011_0006.html.

The ICO’s consultation document can be found here: http://www.ico.gov.uk/about_us/consultations/our_consultations.aspx.

Big Brother Watch’s statement can be found here: http://www.bigbrotherwatch.org.uk/Police_databases.pdf.

These figures are astonishing. Everyone would reasonably expect there to be the odd bad apple or two. But the scale of wrongdoing is incredible. The police need to carry out a root and branch review to ensure that their staff more effectively do what they should be doing – protecting the public. Anyone arguing that this demonstrates that we live in a police state, however, need to remember this – we only found out about these figures because of the Freedom of Information Act and the investigative work carried out by Big Brother Watch.

The Regulations mean that, in basic terms, consent must be obtained from a website user before a website operator can place a cookie on the user – if a user refuses to give their consent, the cookie cannot be placed. Various means of obtaining consent have been suggested, but the ICO went for the straightforward route on its own website – a tick-box when you arrive on the website homepage telling you that, unless you give your consent, certain parts of the website will not work properly.

Under the Freedom of Information Act, a member of the public can request that certain information be disclosed by a public body. In this instance, a member of the public asked the ICO to disclose figures of who was giving their consent to the placement of the cookie. The information disclosed showed that 90% of users refused to give their consent. The cookie was a Google Analytics cookie and, as a result, 90% of users disappeared from the ICO’s analytics.

It’s easy to ignore this information – what would the ICO want this information for anyway? The importance, however, is in the fact that other websites who use cookies and have to ask for consent are likely to see a similar pattern, and those websites might use the information collected for advertising purposes – analytics for advertising may see the information they have to use drastically reduced, and many Internet businesses that rely on advertising for revenue may be operating at a handicap.

Information is key to the ongoing development of the advertising-run Internet, but also to the business that rely on the Internet for revenues, whether advertising based or not. A commercially viable option for obtaining consent to place cookies is an essential tool going forward for any Internet-dependent business.

The new law has been attacked for providing little privacy benefits to users, whilst adversely affecting their online experience and adding red tape and cost to website operators as well as potentially operating their viability with advertising revenue affected. This development will surely only add to those concerns.

The ICO has recently given website operators a one year window to comply with the new law, but has warned of action against anyone not taking appropriate steps to prepare. Meanwhile, the European Commission has now thrown down the gauntlet to industry to create industry standards by June 2012 that will create standard ways of gaining user consent to cookies. Neelie Kroes, a European Commissioner, has threatened to use all available means to protect citizens’ privacy if this does not happen. So far, only six countries (including the UK) across the European Union have implemented the new cookies opt-in law.

If you would like to discuss what options you have in order for your business to comply with the Regulations, please contact us on mark.weston@mablaw.com, paul.gershlick@mablaw.com or simon.weinberg@mablaw.com.

Under the FOIA a person can request details from a public authority as to whether the public authority holds certain information and, if so, to have that information disclosed to them. Under the FOIA such information is exempt from disclosure if disclosure would contradict any of the data protection principles.

In this case, the All Party Group asked for information from the Ministry of Defence regarding treatment of people detained at war in Afghanistan and Iraq. The Upper Tribunal ruled that the disclosure of anonymised personal data could not for the purposes of FOIA be considered the processing of personal data as the recipient would not be able to identify any of the persons to whom the data related, and as such the data protection principles did not apply. This was despite the fact that the discloser still owed the people whose data was anonymised duties as data controller under the DPA.

The Information Commissioner, the Information Tribunal and now the High Court have ruled that the Department’s approach was wrong. The refusal should not have taken place. The data was totally anonymised when published. This would not have identified the personal details of the individuals involved, as that information would not have been made public. Therefore, no personal data would have been disclosed. To decide otherwise would nullify the chance of any anonymised data ever being published.

UK Athletics Limited, the UK athletics governing body, provided the information to the UK Sports Council, a body which distributes public funds to support high performance in sport. The applicant had applied for the information to be disclosed under the Act.

The tribunal ruled that the information had been submitted by UK Athletics Limited in confidential circumstances, that the information itself was confidential, and that the public interest argument for disclosure of the information was not strong enough to justify disclosure.

Channel Four had attempted to argue that, where the substantive parts of the agreement were exempt, there was no obligation to disclose the whole agreement where an application for disclosure had been made under the FOIA. However, the tribunal ruled that those parts of the agreement not exempt from disclosure should be disclosed in a redacted version of the agreement. The tribunal pointed out that the clear intention of the legislation was to protect the rights of the public to access certain information, and the ability to avoid disclosure of an entire document due to certain sections being exempt did not fit in with that.

In the first case (Bryce v IC), the Tribunal followed the restrictive approach to interpreting ‘personal data’ set out in the Durant v FSA case. That case had established that not all data about a living individual constituted personal data – it had to have the individual as its focus and be about something which would be regarded as relating to his privacy. In the situation before the Tribunal, some people had been concerned about a police investigation into a relative’s death. The Tribunal considered each person’s data separately and, for example, the data regarding the police officers should be treated differently to those who were being investigated.

In the second case (Roberts v IC), the Tribunal said that senior civil servants of grade 5 or above did not have a reasonable expectation of anonymity, regardless of how sensitive it was. Junior civil servants may sometimes have expected their privacy to be maintained, although this would have been more likely if the matter involved controversy and less likely if the job was more of a public facing one.

The ICO said that when the Trust refused to disclose the information, it had given appropriate consideration to the following:

• The sensitive nature of the information.
• The confidentiality clause in the agreement.
• How useful the information would be to competitors.
• The fact that the information was still current.
• The information would not help the public to assess value-for-money.

The Tribunal accepted that there would likely to be a prejudice to the DWP’s commercial interests. However, it did not accept that it would actually prejudice. There was no evidence to show that it was more probable than not that there would be prejudice – this was mere speculation. The Tribunal did agree to keep one bit secret, though – Atos’s financial model should have special protection as a trade secret. The Tribunal said that for trade secrets, there was a stronger public interest in keeping it secret because of the investment involved, and competitors would get an unfair advantage. However, for liability caps, benchmarking and the rest of the contract, the public interest favoured an order for disclosure so that the public could know the service levels, performance measures, costs and risks.

To comment on the scope of the Directive, the fees charged for the information or anything else, click here to take part in the consultation: http://ec.europa.eu/yourvoice/ipm/forms/dispatch?form=psidirective2010.

This announcement comes on the back of other moves to increase civil liberties. The new Government has already said it would scrap the ID scheme and the associated National Identity Register, water down the national DNA database, regulate CCTV more, preserve jury trials and open up freedom of information laws.

‘This Government will end the culture of spying on its citizens,’ said Clegg. ‘It is outrageous that decent, law-abiding people are regularly treated as if they have something to hide. It has to stop.’ No more detail of the plans have been given at the moment, but the Home Office said that the Government would review arrangements for retaining communications data to ensure records are not stored without good cause.