Tag Archives: privacy

Programme for The Campbell Legacy

Registration is now open for our one-day conference on misuse of private information, breach of confidence and the world since Campbell v MGN. You can register online here.

Here’s the draft programme (click to enlarge):

Poster Thumbnail

Computers and the Coalition

This is a summary of a talk (at some point soon to be a full article) given at the launch of the Centre for Law & Information Policy on 25 February 2015.  (I am a member of the Centre’s advisory board). I wrote it up afterwards, so it’s less of a speech and more ‘what I think I said’. For a note and reflection on the talk itself, see Ray Corrigan’s post here. Further comments welcome, especially on things I’ve skipped / missed.

Introduction

As we approach the 2015 General Election in the UK, and mark the launch of this new Centre, it seems appropriate to look back on the record of the outgoing Coalition government regarding law and information policy.   The agreement between the Conservative and Liberal Democrat parties specifically emphasised the importance of information and of technology on a number of occasions, as I will highlight where appropriate. Beyond specific commitments, other issues of significance and controversy emerged during the lifetime of the Government.  It’s fair to say that this administration has been perceived (at least at times) as engaged with questions of law and technology, but is that an accurate observation?

I have reviewed the legislation adopted by Parliament during this period, referring back to the Coalition agreement where appropriate. I have also considered the more significant instances of secondary legislation and policy documents, including EU measures (but primarily those measures where Member States had some discretion in implementation or where there is a meaningful link with a national-level debate or controversy.

I group the work of the Coalition into four categories: rollback, rebalancing, re-regulation, and projects.

Rollback

My first category of Coalition activity can be described as ‘rollback’, on the grounds that the avowed intention of the Government was to repeal or substantially amend existing legislation and/or practice.  Typically, these changes were flagged up in the Coalition agreement, and appeared in one (or both) of the party manifestos.

An early piece of relevant legislation was the Identity Documents Act 2010. This repealed the 2006 legislation on identity cards, as part of the Coalition’s commitment to abandon the scheme. Not only was the legislation adopted, but the responsible Minister (Damien Green) was pictured assisting with the physical destruction of hard drives on which ID card information was stored.

A broader package of changes, again highlighted in the Coalition agreement, was included in the Protection of Freedoms Act 2012. This Act included provisions on DNA retention, biometrics, oversight of CCTV, and amendments to the Regulation of Investigatory Powers Act (RIPA) 2000. Perhaps these are not true ‘rollback’ in isolation, but the deliberate packaging of them in legislation on freedoms demonstrates the high water mark of the libertarian strand of thinking in the Government.

However, evidence of this approach is not only found in big-ticket legislative proposals. Take for example the changes in the Enterprise and Regulatory Reform Act 2013 sch 21, and related secondary legislation, removing the duty on television retailers to record and report the details of customers (to support the TV Licence system).

A good example of a rollback amendment, albeit not included in the Coalition agreement and not yet in force, is the proposed repeal of sections 17/18 Digital Economy Act 2010. These provisions, adopted in the very last days of the previous Parliament, were a move towards a statutory system for Internet blocking injunctions. However, in practice the expansive interpretation of section 97A CDPA 1988 (inserted in 2003), and latterly the use of wider powers (in the context of EU legislation), has meant that such injunctions are readily available against ISPs, on the application of affected rights holders. Ofcom was in 2010 critical of the feasibility of these provisions (in response to a request from the new Government), and the Government committed in 2011 not to implement them and then in 2012 to their repeal. The Deregulation Bill, which remains before Parliament, would do this.

Rebalancing

My second category is ‘rebalancing’. In this category, we find major, established areas of private law, where the Government has researched and/or successfully proposed changes that, taken as a whole, amend the balance between the different interests affected by the law in a clearly demonstrable fashion.

The first such example is the Defamation Act 2013. The Coalition agreement included a commitment to “review libel laws to protect freedom of speech”. Thus, both the intention and purpose were connected. The resulting legislation was indeed a reform project with a goal in mind, rather than a general review/update. The new provisions, including single publication, jurisdiction, yet another form of protection for Internet intermediaries (including the newly minted ‘operator of a website’), and changes to the threshold for making out the cause of action, generally favour the interests of libel defendants. These changes were not without criticism, but were broadly welcomed and supported by interests including publishers, journalists, and scientists.

In copyright law, the Government set up the Hargreaves Review, which built on the work of the Gowers Review under a previous administration. This was not the only IP project (see for instance the Intellectual Property Act 2014 on designs and patents, or the provisions of Part 6 of the Enterprise and Regulatory Reform Act 2013 on performances). However, the long gestation of the changes (eventually adopted by statutory instrument in 2014) points to the significance and controversy of the project. These changes included a new statutory exception for works of parody, caricature and pastiche, various protections for libraries, archives, cultural institutions and educational institutions, and a scheme to allow private copying without remuneration (which is under challenge).  Broadly, these changes restrict the exercise of exclusive rights under copyright law, although many were supported by technology industries. The freedom of action of the Government was constrained by EU law, so the new provisions are within what is permissible under the Information Society Directive. Nonetheless, the whole package – and the extensive economic evidence assembled during and after Hargreaves – is a lasting contribution to the field of copyright.

Before leaving this category, one could also consider an area of public law – the proposed Privacy and Civil Liberties Board, which is provided for (subject to future secondary legislation) in the Counter-terrorism and Security Act 2015 s 46. This Board, which was proposed during discussion of data retention legislation (see below), would allow the Home Secretary to appoint a board (mandate to be set out by statutory instrument) to support independent reviewers of terrorism powers. Its inclusion in counter-terrorism legislation is semantically uncomfortable, but does assist the scholar in categorising it as an attempt to address the perception that one set of interests (security) dominates over another (privacy) and requires rebalancing.

Re-regulation

My third category is a more controversial one, re-regulation. In the later days of the Coalition, it has put in place a number of areas that add new forms of regulation in respect of the use of the Internet – often reversing or significantly departing from provisions adopted under predecessor Governments.

One cannot avoid starting with the controversial, speedily-adopted Data Retention and Investigatory Powers (DRIP) Act 2014. Introduced ostensibly to fill the lacuna following the Court of Justice of the European Union (CJEU)’s finding that the Data Retention Directive was not valid due to infringement of fundamental rights, it readopted in primarily legislation much of the secondary legislation initially introduced as transposition of the Directive. A number of further changes were made. The legislation was given limited consideration by Parliament in summer 2014, and the author signed a letter critical of both its provisions and the lack of time available for its consideration. Already, however, it has been extended by way of s 21 Counter-Terrorism and Security Act 2015, which provide in effect for the further retention of data that will allow the association of devices with IP addresses.

An even clearer example of the Government’s changing approach to the Internet is found in the Audiovisual Media Services Regulations 2014. These provisions amend the scheme for regulating on-demand services, which were put in place in 2009/10 following the 2007 AVMS Directive. While the UK had been a vocal critic of the perceived over-regulation of on-demand services at the time, these new provisions (essentially applying BBFC standards on explicit content to on-demand services) go well beyond those in other EU states. The issue of restricting access to and in some cases prohibiting outright online video services was a matter of some concern to the Department for Culture, Media & Sport, including a request for input from Ofcom, regular updates (and exercise of existing powers) by the designed co-regulatory body ATVOD, and ongoing consideration of how far the UK could go without contravening the Directive.

Similarly, the Gambling (Licensing and Advertising) Act 2014 was an attempt to put in place, within the bounds of EU law, further restrictions on online gambling. The Gambling Act 2005 facilitated the advertising of online services from selected jurisdictions (EU and those on a ‘whitelist’ of countries with sufficiently robust regulatory mechanisms), and did not require providers located outside the jurisdiction to be regulated by the Gambling Commission. As I have written, the 2014 Act reverses both principles; now, where a service is used or likely to be used by users in Britain (if the operator knows or should know that), the Gambling Commission has regulatory jurisdiction. Only services regulated by the Commission can lawfully advertise in the UK. This legislation was unsuccessfully challenged by Gibraltar-based operators, and clearly responded to a degree of tolerance demonstrated by the CJEU in respect of similar legislation emanating from other member states.

Most recently, provisions in the Criminal Justice and Courts Act 2015 will, when they come into force, create or extend criminal offences of some significance. The Act extends the penalty for breach of the Malicious Communications Act 1988. It also extends the scope of the ‘extreme pornography’ provisions enacted by the previous Parliament. This was presented at various stages as a ‘possible loophole’ or ‘loophole’, although the evidence was in my view more nuanced and contested than this.  Famously, the Act also contains a new offence of ‘disclosing private sexual photographs and films with intent to cause distress’ – often, but not entirely accurately, called the ‘revenge pornography’ clause. Although without doubt a difficult and sensitive issue, these provisions were introduced without a committee stage in the House of Commons, and with limited research or consultation. The use of new approaches and definitions is interesting (note the focus upon distress, or the defining of sexual as including something that a reasonable person would consider to be sexual). However, unfortunately it is another example, in Internet-related criminal law, of the creation of a new offence without the methodical consideration of existing offences or an attempt to put in place a meaningful set of workable, understandable provisions. Taking along with the MCA changes and pornography provisions, we see the gradual growth of criminal sanctions in an area that surely demands a proper look (perhaps along the lines of the House of Lords Communication Committee’s 2014 report on social media and criminal offences).

Projects

A final category is major projects – here, I highlight open data, juries, consumer law, creative industries tax relief, local media, and the Leveson Inquiry.

Starting with the big one – open data. This is an area where the Government has been very active, at least in terms of policy statements and reports. The manifesto included commitments to openness in principle and further points of detail. Since then, we have seen a White Paper (2012), a review on public sector information, another review on anonymisation, and more. Open Data Strategies have been adopted at department level, prompted by a letter from the Prime Minister. Data.gov.uk is a repository of data and a shopfront for innovative uses.  An Open Data Institute, with a focus on private-sector activity, has been created. Legislatively, the changes were at a smaller scale. The Protection of Freedoms Act included an amendment to the FOI Act in support of the release of usable datasets. More controversially, the Health & Social Care Act 2012 put in place various regimes in relation to health data, which have already proven to be controversial (e.g. the care.data events of 2014). Interestingly, though, much of the work here has been non-legislative, confirmed by the statement in the 2012 White Paper that “we don’t want to use legislation too readily – that would sit at odds with our core principle to reduce bureaucracy”.

A smaller project, perhaps, is the work that the Law Commission has done on jurors, in the context of contempt of court. New provisions were included in the Criminal Justice and Courts Act 2015, dealing with matters including the carrying out of research by jurors and the use of electronic devices. The Law Commission’s project was wide-ranging, and led to timely legislation.

The consumer law reform project is an interesting one. There wasn’t much detail on this in the Coalition agreement (beyond a general commitment to “introduc(ing) stronger consumer protections, including measures to end unfair bank and financial transaction charges.” Initial steps came in the transposition of the Consumer Rights Directive, which had at one time been a planned overhaul of the EU consumer law acquis, but turned out to be something a lot less extensive. In this gap, then, came the Consumer Rights Bill, which remains before Parliament. The Bill, in line with the recommendations of a number of reports, addressed a long-standing potential gap in consumer law, which has a firm distinction between the sale of goods and the supply of services, without properly addressing the position of ‘digital content’. The new Bill creates a three-tier structure, with much (but not all) of the existing or reframed requirements for goods being applied to the new digital content category.

Creative industries tax relief was the subject of a notable shift in direction. The incoming Government initially abandoned video games tax relief, on the grounds that it was ‘poorly targeted’. However, it subsequently introduced a new relief for games, high-end television and animation. The games scheme was delayed pending consideration by the European Commission, but ultimately approved – and is now in force. Indeed, a follow-up set of changes introduces relief for theatre as well.  As I have written elsewhere, the adopting of this scheme highlights the ability of the Government to promote it within the UK as an industrial measure, while reassuring the European Commission that its objectives were truly cultural.

Local media was an early theme of the Department for Culture, Media and Sport, with the initial Secretary of State frequently wondering why local TV was in a better state in Birmingham, Alabama than in Birmingham, England. Beyond the soundbite, a number of specific changes were made. The Communications Act was amended twice: first in 2011 to liberalise some cross-ownership requirements, and then again in 2012 to put in place a new form of licence for local TV stations; some of them are now up and running.

And then, there was the Leveson Inquiry. Certainly not in the Coalition agreement, as the question of phone-hacking was yet to come to a head. When it did in 2011, the Prime Minister established the Inquiry, and the rest was history. Or was it?  Leveson’s recommendations were acknowledged in part through the inclusion of provisions in the Crime and Courts Act 2013 (linking membership of an approved regulator to the question of exemplary damages for certain media-related causes of action e.g. defamation), and the broadly-worded clause in s 96 Enterprise and Regulatory Reform Act 2013 on the relationship between Parliament and Royal Charters for specific industries. This was part of the Government’s attempt to provide for some measure of press regulation without formal statutory control, although the current Secretary of State at DCMS seems to have stepped back from this approach somewhat. Other areas of the Leveson report, especially on data protection and media pluralism, remain unimplemented at a legislative level.

Conclusion

Finally, I make three general observations, and then highlight some issues to watch in the election campaign and the formation of the next Government.

There was no major legislative project in this field during the lifetime of the Coalition. Open data as a project could be considered as information policy, although the lack of legislative underpinning is surprising for something argued to be so fundamental to a change in the way of governing. With 130 or so Acts adopted since the 2010 election, only a handful relate to information and technology, and often it was only a clause or two that were relevant.

The initial urgency of Coalition libertarianism gave way to a late enthusiasm for Internet (re)regulation.  This is not unusual for governments, and the knee-jerk response to perceived disorder or threat is not specific to the Internet, but it is remarkable how the measures in this field adopted over the last 12-18 months have been characterised by the extension of State power in a whole range of areas.

The Coalition also addressed a range of industries in varying ways. The press was pleased at the Defamation Act and (mostly) pleased with the (limited) approach to the Leveson report. IT industries were well served by changes to defamation and copyright law, but some spoke out against changes to data retention. Some in the creative industries were upset at the copyright changes, but reassured by the new tax reliefs.

Here are a few things to watch out for.

1. Data and information. Eventually, the EU will (should?) adopt the General Data Protection Regulation, which may lead to a debate at national level for other or related issues. A consultation on ‘nuisance calls’ consultation closed in December 2014, so the proposed changes might follow (update: this has now happened). The Law Commission’s project on data sharing has so far provided a scoping report, which sets out very explicitly the complexity of the legislative changes that could be necessary to support this goal. The long-term position of data retention will need to be resolved after DRIP expires, and the Justice Committee’s post-legislative scrutiny of the FOI Act could also be a useful starting point for a future Government.

2. Infrastructure. The Law Commission’s 2013 report on the Electronic Communications Code (which affects the building of networks) was to be implemented through the Infrastructure Bill. However, the provisions were withdrawn and a separate consultation is now taking place.

3. A review of the sharing economy reported in November 2014, recommending various changes to the law (albeit not in much detail, and the handling of the matter was questionable, with the report being written by an ‘independent’ person, the founder of a home-swapping company). Already, the Deregulation Bill contains a specific amendment that supports private short-term letting of property in London (amending 1970s legislation). However, the controversy associated with this field, and the existence of a report, could well keep this on the agenda.

4. Media. Many would have predicted, given DCMS activity and proposals, that this Government would have proposed a new Communications Act. The 2003 Act has been amended (mostly through secondary legislation), and other provisions are politically contentious. Will the next Parliament be asked to consider a Communications Bill?

PS: Subsequently, and quicker than I had expected, the Serious Crime Bill became the Serious Crime Act 2015. This Act contains provisions on journalistic sources (s 83), possession of any item that contains advice or guidance about abusing children sexually (s 69), sexual communication with a child (s 67), and a series of changes to the Computer Misuse Act. In the next version of this work, I’ll incorporate all that…

The Campbell Legacy: A Decade of ‘Misuse of Private Information’ (Newcastle, 17 April 2015)

I’m delighted to share news of an event I’m organising with a Newcastle colleague, Tom Bennett.  Here comes the formal stuff. Registration opens 2 March!

The 2004 decision of the House of Lords in Campbell v Mirror Group Newspapers was a significant case regarding privacy, and for human rights law and tort law more generally. Its influence is clear in current debates on the future of the Human Rights Act (particularly as we approach the General Election), and the relationship between the press, the State and the public. The legal status of the cause of action for ‘misuse of private information’ recognised in the decision has provoked significant debate, in the courts and in universities. A decade on, it is appropriate to reflect on both the case and its influence, both in domestic law and across the common law world.

At this one-day conference at Newcastle Law School, Campbell’s legacy will be debated by a range of speakers. Keynote addresses will be given by Dr. Nicole Moreham (Victoria University of Wellington, New Zealand) and Keith Schilling.

Nicole Moreham is a globally-recognised scholar of privacy law, and co-editor of and contributor to the second edition of key reference work The Law of Privacy and the Media. She has published numerous articles on the protection of privacy in England and Wales, New Zealand, and Europe. Her other research interests include the law of tort and media law.

Keith Schilling (who represented Ms. Campbell in the case) is the chair and founding partner of Schillings. A leading practitioner in the field, he has spent three decades specialising in the law relating to privacy and reputation, and continues to represent a number of high-profile and celebrity clients.

Other confirmed speakers include Gavin Phillipson (Durham), Paul Wragg (Leeds), Jacob Rowbottom (Oxford), Eric Descheemaeker (Edinburgh) and Patrick O’Callaghan (Cork).

Registration for the conference (online at http://www.ncl.ac.uk/nuls/; contact law.events@newcastle.ac.uk with any queries) opens on 2 March 2015 and closes on 10 April 2015. Registration is free for academics. A nominal fee of £25 is charged to practising barristers and solicitors, for whom evidence of attendance will be provided in recognition of participation in 5 hours of learning and development. All registered delegates will have the option to attend a conference dinner on Friday evening, at a cost of an additional £25.

We can accommodate a small number of additional papers within our schedule, on themes within the scope of the conference title. Proposals in the form of a title and abstract (approximately 250 words) should be submitted to law.events@newcastle.ac.uk by 9am on 27 February 2015. Papers may be considered for inclusion in a special section of a future issue of the Journal of Media Law.

This conference is organised by Tom Bennett and myself. We gratefully acknowledge the support of the Newcastle University Conference Support Scheme, Schillings, and the Journal of Media Law (Hart Publishing).

Blame it all on my roots

This month has seen two very different stories about emergency legislation emerge on either side of the Irish Sea. Here follows the results of my ruminating on the stories (my word of the week after seeing a professorship in non-ruminant science advertised).

In the UK, the Data Retention and Investigatory Powers (“DRIP”) Bill is before the House of Commons today.  After a debate on timing, at lunchtime today, it was agreed that all ‘stages’ be taken today. (Normally, legislation gets a broad second stage debate, consideration over a longer period (line by line) in a committee, and a final Commons stage).  It’s due before the House of Lords tomorrow.  Given the strong support for the truncated timing given by MPs earlier today (only 50 or so voted against), it’s very likely that the Commons will say yes – what the Lords make of it is to be seen.

I signed a letter about this legislation, which has provoked some interesting coverage (e.g. here, here and here).  I think that the Government is making a mistake in how it’s handling this legislation. It’s well known that the Court of Justice of the European Union found the Data Retention Directive invalid as a matter of EU law in April.  As Judith Rauhofer and I pointed out in our editorial (see part 4), this raised significant questions for the future of national measures adopted on the basis of it, as well as similar replacement measures. The CJEU declared the Directive invalid immediately and also made important points about what safeguards were required as a matter of EU law, including human rights.

Now this could have been a good opportunity for sober consideration of how to draft a new scheme, compatible with EU law and the European Convention on Human Rights, and informed by the engaging public debate on surveillance, security and technology. But readopting the bulk of the EU measure (without necessarily restoring lawfulness), along with some separate ‘clarifications’ (which may have merit in themselves or at least be the basis for further debate), is not a way for Government to establish and defend the legitimacy of data retention and surveillance. It’s inadvisable that this be construed as an emergency.  It’s clearly a matter of national importance and I do see the significance of the arguments put forward on the need to have a well-regulated system of intelligence and investigation. And something did have to be done after the CJEU’s decision – doing nothing would be, in my view, still a mistake.

But after the last few years of Snowden, the NSA, Wikileaks, well-founded fears about technological development and all that, now is the time to build support and trust. (The sad thing is that for a lot of people who don’t follow Parliament closely, they are paying attention today and not really seeing democratic deliberation at its best).  Today hasn’t achieved the goal of establishing trust and legitimacy, and I’d encourage readers to contact members of Parliament (especially the House of Lords) asking for a proper, careful debate.

Meanwhile, in Ireland, emergency legislation was one of the many proposals put forward to deal with a licensing decision (under the Planning & Development Acts – see part XVI) by Dublin City Council. The decision was significant because it pertained to proposed concerts by Garth Brooks. Promoters had already sold tickets (“subject to licence”) for five concerts at Croke Park (the largest stadium in the city), but the local authority only granted a licence for three.  (The full reasoned decision is published here).

One point that seemed to annoy some people was the inability of elected representatives to override this decision. A fair point, if one disregards the sorry history of planning corruption in Ireland and the need to apply the law in a consistent and transparent fashion. So with that in mind, ’emergency legislation’ was proposed (one Bill was even drafted by an opposition member of the Dáil). Again, I’m not saying that the law is perfect – the controversy has highlighted some areas for procedural change in particular (I taught a course on entertainment law last year – and hereby offer my free services to any official body in Ireland that wants some suggestions).  Nor am I unsympathetic to the disappointed ticket-buyers (not least because, having been a teenager in 1990s Ireland, I truly understand that he has a serious fan base – in my day, local radio playlisters first and foremost). But for a licensing system to have credibility, responsible authorities have to be able to say no as well as yes; the sale of tickets for what is at the time an unlicensed event shouldn’t affect this. So while it can be tempting to call for a new law, that also deserves proper consideration – of models from other jurisdictions, for example.

Fortunately, despite a lot of posturing, the Irish parliament didn’t go down that route, and it looks like the concerts aren’t happening at all.  Here are some interesting things to read on the topic: Fergal Davis, Rebecca Moynihan & Jane Horgan-Jones, Gene Kerrigan.

Ten things to read about today’s data retention decision

I am a fair-weather blogger, and so I cannot remember the last time I had so many visits or retweets in a day.  Piggybacking on the unexpected traffic boost, here are ten things worth reading (from various sources) about the reason for that traffic – the finding by the Court of Justice of the EU that the Data Retention Directive is, on human rights grounds, invalid.  (My own post, Data retention parrot, is here).

I had plenty to choose from in putting this list together – fortunate that the decision was published when many of us legal academics are not teaching?

  1. The decision of the Court.  The early pages are taken up with reproducing the provisions of the legislation, so if you are familiar with the Directive, those pages are most skippable.
  2. Fiona de Londras, professor at Durham Law School, writing at Human Rights in Ireland. Special mention: discussion on whether “a more tailored, narrower approach” might survive scrutiny if the Directive is to be replaced (see also her lessons for the US, posted at The Conversation).
  3. “Cybermatron”, an expert in this field, writing on her blog. Special mention: highlighting weaknesses in the decision, including where the Court may have underappreciated the significance of the legislation and of this challenge.
  4. Steve Peers, professor at the University of Essex Law School, writing on his blog EU Law Analysis. Special mention: analysis of the current status of the (invalid) Directive, and options for states and the EU from this point on.
  5. Paul Bernal, lecturer at the UEA Law School, writing on his blog. Special mention: how the decision sits within the wider debate on and advocacy for privacy.
  6. Karlin Lillington, journalist, writing in the Irish Times. Special mention: the consequences for Ireland and the EU, by someone who has been instrumental in highlighting data retention practices for over a decade.
  7. Luke Scanlon, solicitor, Pinsent Masons, writing on Out-law. Special mention: impact on other legislation, including data protection present and future.
  8. Glyn Moody, author and journalist, writing for ComputerWorld UK. Special mention: explanation, point by point, of how the court’s decision relates to specific data retention practices.
  9. Gabriele Steinhauser, journalist, writing in the Wall Street Journal. Special mention: how the decision is being reported to an international audience, including the political dimension.
  10. Press release and FAQ on the decision from the European Commission (the ‘losing’ side, not that you would know that from the statement). Special mention: reading it with a straight face.

Apologies to those omitted – additional links welcome, through the comments sections below.