Home | Databases | WorldLII | Search | Feedback Privacy Laws and Business International Report

Balancing open government and data protection law [1998] PLBIRp 40; (1998) 46 Privacy Laws and Business International Report 18

Balancing open government and data protection law

OPEN GOVERNMENT AND DATA PROTECTION can go

hand in hand, as they do in Canada. In the UK, it is likely that two different regimes will exist in the future. What are the tensions between privacy protection and access to official records and information?

The relationship between access to public sector information, and pro- tection of individuals’ personal data was explored in a panel discussion at the Privacy Laws & Business Annual conference in July. Four leading experts spoke on the issues and their experiences, giving a timely airing to the subject just when the incorpora- tion of the European Convention on Human Rights into United Kingdom law, the proposal for a Freedom of Information Act, and the new Data Protection Act have all thrown a spotlight on the relationships between contrasting information principles and rights.

CANADIAN COMMISSIONERS’

DUAL ROLE

Dr David Flaherty, the Information and Privacy Commissioner of British Columbia, reflected on five years experience. Pointing out the inherent tension between freedom of informa- tion and privacy in the legislation under which he worked, he empha- sised the need for balance, and the advantage of having a single Commissioner with a dual role. This is the pattern in the Canadian provinces, and is one of the alterna- tives that has been debated in the British context as well.

In making a balance in any given case, Flaherty argued that open and accountable government had to take precedence over privacy protection in the final analysis, but that he aimed to create a “privacy-friendly environ- ment” by not requiring the disclosure of intimate or salacious details about any individual.

The public has a right to know about government actions; the British Columbia law that he enforces makes the public interest paramount in questions of disclosure – for example, with regard to risks from environ- mental hazards or in the health and safety field. Yet it also seeks to prevent the unreasonable invasion of third-party privacy when access to government-held information is granted. As Commissioner, he has to strike the balances in a very large proportion of cases, and also to judge the balances that other organisa- tions, such as the self-regulating professions, make when they put information into the public domain.

UK DRAFTING A FOI BILL Graham Davies, of the Freedom of Information (FOI) Unit in the Cabinet Office, next outlined the current progress in the UK towards a Freedom of Information Act. A law would put a statutory regime in place of the merely administrative system of openness under the present code of practice. The Government had made a manifesto commitment which they were now fulfilling, with a White Paper late in 1997 (PL &B Feb ‘98 p. 22), a consultation period, and now an intention to bring forward a draft bill in 1998. However, Davies was speaking before the Government’s midsummer Cabinet reshuffle, which seems to have post- poned the legislative timetable to the indefinite future. Davies examined the links between FOI and data protection: there was some overlap concerning the scope of access to personal infor- mation, but not necessarily any difficulty. Data protection promotes subject access but restricts third-party access, and this could tear the heart out of FOI unless “common sense and practicality” prevailed in getting them to work together. Recital 72 and Article 13 of the European Union Data Protection Directive indicated, in principle, the area of compatibility. One way forward might be to have just one Commissioner for both. If there were two Commissioners, there would need to be consultation and exchange between them. Although unable to elaborate on the various models, he hinted that the envisaged FOI Act might “dovetail” the routes of access to personal infor- mation, rather than overlap them: there could be one route rather than a choice of competing regimes. CERTAIN AREAS OF SECRECY WILL REMAIN

David Flaherty’s earlier remark, that there would remain a need for a vigorous FOI campaign to monitor practice for years after any FOI law came into force, set the scene for the next speaker: Maurice Frankel, the Director of the UK Campaign for Freedom of Information. He began with the hope that Scotland would not just apply “common sense,” because the Scots were in advance of

the rest of Britain on matters to do with openness. He also drew atten- tion to problems arising when people wanted access to the personal infor- mation of public figures in regard to the exercise of their public functions, and he wondered whether public interest and accountability would prevail in such cases.

Frankel next turned to the FOI White Paper, which he commended strongly, but expressed his concern over signs that it was being watered down in the run-up to legislation. There were stories that some Ministers wanted to weaken the FOI Commissioner’s powers to override a refusal to grant access, such that the Commissioner could not challenge the decision on its merits but only on the judicial-review ground of the refusal’s “unreasonableness verging on absurdity.”

There was also the worrisome ret- rograde clause in the Data Protection Act that imposed secrecy upon the Registrar, in regard to the disclosure legislation encompassing data protec- tion and FOI, but that was not to be. There now must be statutory FOI law to parallel statutory data protection, because the two were pillars of equal weight. But the FOI law must limit any tensions between the two as regards definitions, resolution mechanisms, access routes and the like.

Data protection and FOI came from different stables, so there were bound to be some tensions, but these could be “constructive.” It should not be forgotten that both were about individual rights, and confidence in government. People should not be given a run-around in exercising their rights. She was, therefore, pleased to have responsibility for “accessible records” (certain health and educa- tional records), as a result of the government giving effect to the Gaskin court case on judging when public interest outweighed privacy. Case law and FOI legislation could help her to build on this in the future sides, thinking that this would give precedence to privacy rather than to openness. But she dispelled any doubt that this would result, and she opposed any dilution of FOI. The White Paper was commendable, but one weakness was that it put the harm test the wrong way round from the point of view of privacy protection. However, this was not such a serious difference, and in any event the European Directive gave strength to the assumptions of the Data Protection Act.

In the question period that followed, chaired by James Michael, Director of the Centre for Communications and Information Law at University College London, there was further discussion of the

“culture of secrecy” in government and the long time it would take to change it; the meaning – and difficulty – of the Data Protection Act’s media exemption; the availabili- ty of public registers containing personal data; and the experiences of

of information gathered about organ- isations in respect of their compliance the United States and Sweden. This concluded a lively and informative

with data protection law.

A third area where secrecy still threatened to prevail concerned law- enforcement authorities, which were apparently – and uniquely, in the world – to be excluded from the FOI law. Whereas a harm test could be applied under the Data Protection Act regarding subject access to police files, there might be no access at all to any wider, non-personal information. Frankel thought this was an over- reaction by those seeking to protect the police and other law-enforcement bodies. However, he was encouraged by the fact that the FOI White Paper sought to cover the information held by privatised companies and contrac- tors, although perhaps we might see some retreat from this intention when the Bill is produced.

SEPARATE FOI AND DATA PROTECTION REGIMES

The final contributor to the panel was Elizabeth France, the UK Data Protection Registrar. She had worked hard to get one integrated piece of

ROLE OF THE OMBUDSMAN

Elizabeth France drew attention to the Ombudsman, whose activities were very largely to do with the accu- racy of personal information, the publication of government informa- tion, and other matters that stretched across data protection and FOI. She wondered what the Ombudsman’s role would now become. There had been rumours that some Ministers who disliked FOI were beginning to look favourably upon the argument for giving her office responsibility for both session that placed privacy issues into a context of freedom of information that is likely to become even more relevant in the UK in the future.

This panel discussion at the Privacy Laws & Business Annual Conference in July 1998 was reported by Charles Raab, University of Edinburgh

(e-mail: c.d.raab@ed.ac.uk). A set of conference papers is

available from Privacy Laws & Business, Tel: + 44 181 423 1300. At mid-November, the Government planned to publish the draft Bill on

freedom of information in early 1999.