Author Archives: Andrew Sharpe

About Andrew Sharpe

See my profile at

Spycatcher and Reds under the Bed

It is hard to explain to my junior colleagues how seriously we considered the threat to Western Europe from Warsaw Pact invasion in the 1980s. When I was commissioned in the RAF in 1984, its manpower strength was over 93,000 – its strength is currently planned to fall by 2015 to 31,000. A significant proportion of the RAF was located in Germany (as was the British Army), which, together with all air defence stations in the UK, maintained a high degree of readiness. Those of us serving during that period were well used to “no-notice call outs” and alerts, which somehow always seemed to be between 4 – 6 am.

It was in this Cold War environment that spies and spying thrived. This was an age of active mole hunts and speculation over the identities and range of the Cambridge spy ring – “reds under the bed” being the ultimate McCarthyist fear. So any threat to national security that a former spy’s autobiography could present was a critical matter. This was exactly the problem of Peter Wright, a former member of MI5 and Assistant Director who had retired to Tasmania, whose autobiography “Spycatcher: The Candid Autobiography of a Senior Intelligence Officer” (Spycatcher) was to be published first in Australia. It was also published in the United States of America. Disclosure of state secrets by Wright was, not surprisingly, in breach of the Official Secrets Act 1911.

The Government first attempted to bring an action in Australia to restrain publication of Spycatcher, but this ultimately failed (the book was eventually published in Australia in October 1987). Articles on the Australian legal proceedings were published in The Observer and The Guardian. These newspapers were then subject to an interlocutory injunction in June 1986 to restrain them from publishing information obtained by Wright. The Sunday Times also began to serialise Spycatcher, before and in anticipation of its publication in the US in July 1987. The Attorney General obtained further injunctions. These injunctions were discharged on application by the newspapers – the Court of Appeal dismissed that Attorney General’s appeals, so the joined cases reached the House of Lords (Attorney General v Observer Ltd [1990] 1 AC 109). The issue for the House of Lords was the question of publication in breach of a duty of confidence – was the duty of confidence outweighed by a countervailing public interest?

This is where the Spycatcher case has immediate relevance. Whilst The Sunday Times was ordered to account for profits it made as a result of its first serialisation of an extract from the book, which was in breach of a duty of confidence. it was recognised by their Lordships that once the book was published in the US and its contents became widely known, so that the information in the book was no longer confidential, injunctions no longer became necessary.

It should also be remembered that although the Attorney General sought injunctions in England (& Wales), the Lord Advocate failed to seek an interdict in Scotland, so that distribution of Spycatcher and reporting on it was at all times legal in Scotland.  Even if an interdict had been obtained, there is a more recent Scots Law case that follows the Spycatcher precedent (Lord Advocate v Scotsman Publications [1989] UKHL 7).

Does this sound familiar, given CTB v News Group Newspapers Limited and Imogen Thomas?  Will the courts continue to support injunctions against The Sun and Imogen Thomas when as a result of publication abroad, on Twitter or elsewhere, the private information being protected from publication is in the public domain (assuming that there has been no breach of the original anonymised injunction by The Sun or Imogen Thomas)?

Leave a comment

Filed under Commercial, Data Protection

CTB -v- Twitter, Inc. and Persons Unknown (Case No. HQ11XO1814)

Royal Courts of Justice (ValP) / CC BY-SA 2.0

If you do not know what the outside of the Royal Courts of Justice on the Strand in London looks like, the picture above may help.  However, we expect that if you watch any UK television news, you will also see plenty of TV reporters do pieces to camera from outside the court.  This will particularly be the case around the date of this post because the case of CTB v. Twitter Inc. and Persons Unknown (Case No. HQ11X01814) is inevitably going to receive plenty of attention.  It has all the topical ingredients that media reporters could wish for: the case has been brought by a Premier League professional footballer (at present known merely as CTB); it references super-injunctions and involves the Llanelli glamour model, Imogen Thomas (plenty of scope for gratuitous library video footage).

However, whilst not denying these interesting elements, what we are interested in is the attempt to bring an action in the High Court in England (& Wales) against “Twitter, Inc. and Persons Unknown”.  Some of the background to the case is described in our previous post: Footballer CTB is suing Twitter.

It appears that as the claim form has yet to be served, its details have not yet been made public.

There are a number of questions that arise from the case.  How can CTB bring a claim against “Persons Unknown”.  Given that these are likely to be anonymous Twitterers, CTB cannot serve upon them any statement of claim or injunction.  In circumstances such as these, CTB could seek to obtain a Norwich Pharmacal Order in respect of each of the unknown persons.  A Norwich Pharmacal Order requires a third party to disclose the information that would enable unknown persons to be identified for the purposes of civil proveedings.  However, this is not appropriate in these circumstances as the person with the relevant identity information, Twitter, is outside of the jurisdiction.

Fortunately for CTB, there is a procedure to enable him to seek the Court’s permission to serve the claim form and orders out of the jurisdiction (Section IV of Part 6 of the Civil Procedure Rules).  The method for service is likely to be one of the methods permitted by the Hague Convention of 1965 on the Service Abroad of Judicial and Extrajudicial Documents in Civil or Commercial Matters, to which the UK and the United States of America are members.  It remains to be seen that even if these steps are taken, and Twitter is successfully serviced with the statement of claim or any Norwich Pharmacal Orders, whether Twitter would take any notice of them and submit to the jurisdiction of the High Court.

The next question concerns the nature of the statement of claim.  We speculate that it must be an application to commit to prison the persons, including Twitter, for aiding and abetting the breach of the original injunction against The Sun (NGN Limited) and Imogen Thomas (and thus being themselves in contempt of court).  Rather than prison, the disobedient parties can be subject to an unlimited fine and the court can order any act to be done at their expense. Until the claim form is in the public domain, we cannot be sure.  We are not aware at this point of any ISPs or social media platforms being the subject of this type of application, so we cannot say whether the High Court would be persuaded by the so-called “mere conduit” defence that Twitter could raise.  Strictly, this defence arises under the Electronic Commerce (EC Directive) Regulations 2002 (Regulation 17), enabling service providers of an information society service to evade liability for the content of information passing through their networks over which they have no control. Whilst the terms of the regulation give service providers a defence so that they “shall not be liable for damages or for any other pecuniary remedy or for any criminal sanction”, we believe this has not been raised as a defence in contempt of court proceedings.


Filed under Commercial, Data Protection

Footballer CTB is suing Twitter

Master of the Rolls, Lord Neuberger © Judicial Communications Office

A “guest” post by Charles Russell partner Nick Armstrong, in our Sports & Media Group:

Twitter Inc. and some of its users are being sued in the High Court in London by the individual who obtained an injunction against The Sun and Imogen Thomas concerning allegations about his private life. In the injunction action (see below), and in the new Twitter action, he is referred to as “CTB”. The full case title of the new action is CTB v. Twitter Inc. and Persons Unknown. It is case no. HQ11X01814.

The action was commenced on 18 May. The “persons unknown” are described as those “responsible for the publication of information on the Twitter accounts” but the latter are listed in confidential appendices. It relates to the widely-reported posting on May 8 of a series of “tweets” purporting to name a number of celebrities who had obtained so-called super-injunctions, and describe the activities covered by the injunctions.

It marks the first concerted attempt to deal legally with way in which social media have of late been used an a vehicle for gossip and supposed ‘information’ in an apparent attempt to undermine or evade the authority of the High Court.

The news comes in the week that sees judicial attempts to inject some clarity into a public debate which in the media at least has featured wild and inaccurate comment about the perceived threat posed by “super injunctions”. For one thing, the injunctions that have caused the debate aren’t super injunctions at all – the term was hijacked in the media to refer misleadingly to the injunctions obtained by celebrities whose identities were anonymised to enable the injunction to be effective. The Neuberger Report (of the Committee on Super-Injunctions) was published on 20 May. It points out that in fact the Super-Injunction is an order which prohibits (i) publishing confidential or private information AND (ii) publicising or informing others of the existence of the order and the proceedings. Super-injunctions are reserved for exceptional cases and are only granted for very short periods, and only where this level of secrecy is necessary to ensure that the whole point of the order is not destroyed. Since January 2010, only two such super-injunctions have been granted, one which was set aside on appeal and the second which was in force for seven days.

That is not the case with the celebrity injunctions, which are termed “Anonymised Injunctions” i.e. the names of either or both of the parties to the proceedings are not stated.

In fact the principles of open justice are respected by Anonymised Injunctions because, since the relevant parties are anonymised, a full judgment can be issued in which the judge sets out his reasons for applying the balancing factors imposed by the Human Rights Act 1998 (right to freedom of expression v right to respect for private and family life) in making the order. This strikes the balance between open justice, and appropriate protection of privacy where the judge has found that to be required on the basis of the evidence put before him.

This happened this week when Eady J published his judgment in the CTB ‘Anonymised Injunction’ case itself. It should be read by anyone thinking of commenting about the issue of Anonymised Injunctions, as it puts in context much ill-informed comment which has obscured many of the real issues involved in the developing (and still very young) law of privacy enacted by Parliament in 1998 and applied by the judiciary.


Filed under Commercial, Data Protection

Revised cookies’ law and lack of guidance takes the biscuit

Les Cookies © Jonathan Kowalski

I was asked a couple of days ago to prepare an email alert for clients on a commercial law update circulation list to describe compliance steps required for the new cookies law. This turns out to be virtually impossible. Much as it pained me, the advice really comes down to the cliché lawyers’ answer of, “It depends”.

Together with my colleague Mark Alsop, we finally went with this:

When we issue email alerts on an imminent change in law that is likely to have a wide impact on normal business activities, we seek to give clear guidance on what steps must be taken for compliance with the new law.

Regrettably, this is rather difficult to do for the new law on the use of cookies, which comes into effect on 26 May 2011.

A cookie is a small file of letters and numbers placed by a website onto a user’s computer when he or she accesses the website.  They allow a website to recognise a user’s computer and to adjust the user’s experience of the website accordingly – cookies can be used for authentication, storing preferences, managing shopping baskets, tracking web-browsing and many other things.  A website may place several cookies onto a user’s computer.

The current law requires users to be given information about the use of cookies, which information must include details on how the user can opt out of cookies’ use – this is contained in the Privacy and Electronic Communications (EC Directive) Regulations 2003.  As their name implies, the Regulations implement a European Union Directive (Directive 2002/58/EC).  Compliance has usually involved no more than including a statement in website terms and conditions or privacy policy on the use of cookies.  The law applies not just to cookies, but also to alternatives that perform similar functions, such as tracking by IP address, hidden form fields and flash cookies – all covered by the word “cookies” for the purposes of this note.

This Directive has been amended so that, as well as giving users information on exercising an opt out, usually by changing their browser settings to reject any cookies, no cookies can now be used lawfully unless the user has given his or her consent to their use.

The change is practically difficult to implement without spoiling the user’s browsing experience.  It had been thought (hoped) that having browser settings which permit cookies would amount to consent, but this has been rejected as a means of obtaining consent.

The UK Government did consult on appropriate amendments to the UK Regulations to make them easier to comply with, but that came to nothing when the Ministry of Justice announced that in future all Regulations implementing EU legislation will simply faithfully reproduce the revised EU Directive wording.

The Information Commissioner’s Office (ICO) has recently published guidance on the new cookie law (click here), but this does not give any definitive, practical assistance in compliance.  Instead, it recognises that the new law is difficult to implement.  It merely advises that companies review their use of cookies and consider how they may be able to obtain the consent called for by the new regulation.

We can therefore only repeat the ICO advice.  Audit your use of cookies and consider how intrusive your use of the cookies is.  Then see how best you can get (and record) users’ consent.  The guide suggests methods involving features such as pop ups, terms and conditions and settings, i.e. instances asking users for consent at the same time as they anyway have to make choices in relation to the website.   These methods will of course not always be available.  The guidance does acknowledge that it will be particularly challenging to obtain consent in relation to “third party cookies” (which allow third parties to set cookies on a user’s computer).

There are reports that the Government is working with browser suppliers to bring in browsers that can give compliant consent.  This will be a big step forward, but as the guidance points out, there will remain the problem of users who do not upgrade to such browsers.

Two final observations.  First, the ICO expects websites to deal with the more intrusive cookies first.  Second, in terms of enforcement, the guidance acknowledges that there is no prospect of full compliance by 26th May, i.e. less than 3 weeks after the guidance was issued.  Instead, the ICO indicates that, for the time being, it is concerned to ensure that website owners have a realistic plan to achieve compliance.

The ICO states that further guidance will be issued “if appropriate, in future”.


Filed under Data Protection

Is 17p per unsecure online file a fair monetary penalty?

Scales of Justice © Alex Proimos

On 10 May 2011 the Information Commissioner imposed a £1,000 monetary penalty on Andrew Crossley, trading as ACS Law, for a serious breach of security that permitted over 6,000 individuals’ details to be accessible on an unsecured website. Already, there is much discussion on the internet as to the fairness of this penalty. Has justice been done?

Internet comment is not likely to be objective in the case of ACS Law, given that it was the law firm targeted by hackers for a distributed denial of service attack as retribution for its perceived aggressive approach to internet users claimed to be illegal copyright infringers (see the Wikipedia entry for ACS:Law). Andrew Crossley was reported to have made a profitable business pursuing copyright infringement cases – claiming he would be buying a Ferrari F430 Spider for cash.  The monetary penalty of £1,000 amounts to less than 17p for each individual’s details that ACS Law left unsecured on its website as part of its recovery from the DDOS.

However, the Information Commissioner has made it clear that had ACS Law still been trading, he would have imposed a monetary penalty of £200,000 (the maximum that could have been imposed was £500,000). Clearly the Information Commissioner was satisfied by the written representation sworn on oath by Andrew Crossley to reduce the fine to the token £1,000 – much to the chagrin of many on the internet less willing to accept Crossley’s pleas of reduced financial circumstances.

Other data controllers ought to reflect on the factors considered by the Information Commissioner in making the monetary penalty. In particular, the lack of investment in appropriate security measures was a major factor, as was the lack of appropriate IT trained personal in the organisation. In addition, whilst spending serious money to remedy the security breach (in ACS Law’s example, spending £20,000 to fix the problem) was considered as a mitigating factor, it was obviously not that significant given the level of the final penalty.

Lawyers and law firms also ought to take particular note that as far as the Information Commissioner is concerned, they cannot expect any leniency for any breach by them of the Data Protection Act 1998 – “Data controller is a lawyer and should have been fully aware of his obligations under the Act.”

Leave a comment

Filed under Data Protection

School or Home Tuition Sales Agency?

Education Guardian

An article in yesterday’s EducationGuardian caught my eye, and not because of the parental anger at schools pressure selling private tuition. What concerns me is the blatant direct marketing of a third party’s services by a school.

The story, if you did not click on the link, concerned parents’ anger at receiving letters signed by school headteachers on school headed notepaper marketing a DVD home tuition scheme of the Student Support Centre, a trading name of The Student Support Centre (UK) Limited (who, incidentally, fail to give their company name anywhere on their website, as far as I can see).  EducationGuardian discovered that the Student Support Centre pays schools an administrative fee for this marketing, but the article is unclear about what this fee is.  Anthony Lee, founder and chairman of the Student Support Centre, is quoted as saying he makes a “small token payment of up to £160″.

From a data protection point of view, the most obvious question is, do the schools that cooperate with the Student Support Centre or other home tuition companies include direct marketing as a purpose in their data protection notices?  Personal data, which in these circumstances must include the parents’ names and addresses for school pupils, must be processed in a fair and lawful manner.  To be fair and lawful, the person who “owns” the personal data must give their details and the  purposes for which the data will be processed (see paragraph 1 of Part I – the First Data Protection Principle – and paragraph 1 of Part II of the Data Protection Act 1998, Schedule 1).  Also, personal data cannot be processed in any manner incompatible with any stated (and notified) purpose or purposes (paragraph 2 of Part I, the Second Data Protection Principle).

There is no data protection fair processing notice or privacy policy for the primary school discussed in the story, Towerbank primary, or Edinburgh City Council, available on their websites, so I cannot comment on the school in question.  However, I would not expect direct marketing to be a usual purpose notified to parents.  As an example of a model schools’ data protection fair processing notice, I am pleased to see that my local council, Hampshire County Council, has an excellent precedent (see here).

Schools may wish to consider whether receipt of a small token payment is enough of an incentive to breach the Data Protection Act 1998, for which monetary penalties of up to £500,000 can be imposed by the Information Commissioner for serious breaches.

Leave a comment

Filed under Data Protection

Ofcom’s Sitefinder: rumours of its death have been greatly exaggerated?

Ofcom Sitefinder (click to visit)

I’ve always had more than a passing interest in the Ofcom Sitefinder, because prior to re-qualifying as a lawyer I was a communications engineer.  I was also a specialist radiation safety officer.  Sitefinder allows you to search any location or postcode in the UK to discover the location of any mobile phone base station, together with details about its operator, operating frequencies and maximum transmitter power (e.i.r.p. per channel).  From this site I can see that the nearest base station to my house in Portsmouth is about 600m away.  It’s details on Sitefinder show:

Name of Operator 3
Operator Site Ref. PO0032
21 Metres
2100 MHz
24.46 dBW
32 dBW


Whilst there is still ongoing discussion and medical research about what are safe levels of exposure to non-ionsing radiation, the maximum exposure levels recommended by the International Commission on Non-Ionizing Radiation Protection are widely followed. The safe exposure levels for members of the public for 10GHz, which are lower than that for 2.1GHz, are easily understood as it is set at 10W/m². As 3 transmits from the Cosham base station at 24.46 dBW, or 279.3W, and as all mobile phone (UHF) radio waves use direct radio propagation so that the power falls proportionally to the square of the distance from the transmitter, I would be perfectly safe under ICNIRP guidelines, assuming that I have roughly a 1m² profile, at a distance of 5.3m from the antenna (which would be difficult, as its 21m high).

Sitefinder is interesting from a legal point of view as it is the subject of a request for information under the Environmental Information Regulations 2004 (“EIRs”) to Ofcom, which was refused. The applicant for the information then made an appeal to Ofcom for an internal review, who upheld the initial decision to refuse the request. The applicant then appealed to the Information Commissioner, who was minded to order the disclosure of the relevant information (Case Ref: FER0072933, 11 September 2006). This was then appealed to the Information Tribunal (now known as the First-Tier Tribunal (Information Rights)), who also ordered disclosure (EA/2006/0078, 4 September 2007). Ofcom appealed to the High Court, where the appeal was dismissed ([2008] EWHC 1445 (Admin), 8 April 2008), then to the Court of Appeal ([2009] EWCA Civ 90, 20 February 2009) and the Supreme Court ([2010] UKSC 3, 27 January 2010), who referred a question to the Court of Justice of the European Union (“CJEU”) (Case C-71/10). The Sitefinder case will therefore be the first EIRs case to go the full distance.  On 10 March 2011 Advocate General Kokott gave her opinion. The story should therefore, after over 6 years, soon come to an end.

Initial Request and Internal Review

The EIRs provide for wider access to information that falls within the wide definition of environmental information included in the EIRs, than the Freedom of Information Act 2000 (“FOIA”) permits.  Consequently, the information request made by an information officer from Health Protection Scotland on 11 January 2005 requesting national datasets of the full details of each mobile phone base station within the Sitefinder database under the FOIA, was correctly processed by Ofcom (being a request for information on factors such as radiation – EIRs, reg.2.1(b)) under the EIRs.  The request was made because Sitefinder itself only permits users to research details within postcode areas, with no national or regional lists or exact details of base station grid references.

As a result of the initial request and request for internal review dated 25 February 2005, a number of exemptions under EIRs came into play, particularly:

  • the public safety and national security exemption at reg.12(5)(a) – the public interest in safeguarding the location of all TETRA sites, and hence all police and emergency services communications, outweighed any public interest in disclosure of the sites’ data; and;
  • the intellectual property rights (‘IPRs’) exemption at reg.12(5)(c) – disclosure would affect the rights of the network operators. The raw national dataset could be used by competitors to discover the design of each mobile network.  The IPRs in question were:
    • the operators’ database right in the Sitefinder database (applying the ruling in CJEU Case C-203/2 British Horseracing Board –v- William Hill, the Commissioner agreed that operators had made the necessary “substantial investment in obtaining, verifying or presenting the contents of the database” (Copyright and Rights in Databases Regulations 1997, reg 13(1)) to create a database right – Ofcom estimated that each operator took up to 50 man hours every 3 months to collate information for Sitefinder as well as 3-5 man-days per month to attend and contribute to Sitefinder policy and development groups);
    • copyright in the operators’ data; and
    • an obligation of confidence (the World Intellectual Property Organisation Convention 1967, Art. 2(viii), includes “rights relating to…works …protection against unfair competition and all other rights resulting from intellectual activity in the industrial, scientific, literary or artistic fields” – the Commissioner did not find that the appropriate obligation of confidence existed in the data supplied by the operators).

Appeal to Information Commissioner

The case was appealed to the Information Commissioner on 22 April 2005. The Commissioner considered the application by Ofcom of the EIRs, reg.12(5) exemptions, carefully applying his Awareness Guidance No. 20, which details how the Commissioner considers the adverse affect test for EIRs, re.12(5) should operate. Essentially, this is a harm test. The Guidance states: “the adverse affect test provides exceptions only in those cases where an adverse affect would arise. In other words, so far as environmental information is concerned, in order to engage an exception, some harm must be certain rather than merely likely. This is a significant difference.”  As Ofcom did not present the Commissioner with evidence of harm to public safety or national security, or the operators’ IPRs, disclosure was ordered.

In coming to this view, the Commissioner took account of the balance of interests under EIRs’ cases: Recital 16 of the EU Directive on public access to environmental information (Council Directive 2003/4/EC), upon which the EIRs are based, states that exceptions must “be interpreted in a restrictive way”. It was quite possible for Ofcom to disclose the requested information subject to the operators’ database rights and copyright, so that the requester could not use the disclosed database. A public authority cannot prejudge use of disclosed environmental information. The EIRs, as with the FOIA, do not require a requester to state the purpose of the request.  For both copyright and database right, it was ruled that use of the disclosed database by the requester would require a licence from the operators, which by implication they could refuse to grant.

Appeal to Information Tribunal

Ofcom appealed to the Information Tribunal on 10 October 2006, and T-Mobile was permitted by the Tribunal to be joined to the appeal on 29 November 2006.  The case before the Tribunal was a messy one – it was not simply an appeal of the Commissioner’s decision.  However, amongst other rulings, the Information Tribunal in considering the EIRs, reg.12(5)(b) public safety exception, did consider that there was a slightly increased risk that the disclosure of the site information requested, being more accurate than that already in the public domain, may adversely affect public safety. However, the Tribunal did not consider that this increased risk outweighed the public interest in the site information, given its importance as identified in the Stewart Report and for epidemiological investigations.

The Tribunal was also not convinced that the IPR exemption at EIRs, reg.12(5)(c) applied. The Tribunal decided that the exemption can only be applied if there is sufficient adverse effect to trigger the exemption, followed by a consideration of whether there the actual or potential harm in the disclosure is sufficiently great to outweigh the public interest in disclosure. The Tribunal considered that the test to find adverse effect should not be set with a particularly high threshold – the exemption could apply to any case where there was more than a mere technical or minimal infringement of the relevant IPR.  The Tribunal considered the degree of harm that disclosure of the Sitefinder dataset would cause. For example, it considered the potential loss of revenue claimed by the operators from their inability to license their site data and the adverse effect that the disclosure of the Sitefinder information would result in the implied disclosure of each operator’s network design.

In each case, the Tribunal was not convinced that there would be actual or potential harm under each of the headings submitted by Ofcom and T-Mobile, but considered that there was sufficient adverse effect from the combination of the various factors.

The Tribunal also considered a further public interest in withholding the Sitefinder data. The operators’ had warned Ofcom that as their supply of base station data was not a statutory requirement but was made by them voluntarily, they would refuse to supply any further data if the Tribunal ruled in favour of disclosure. There was clearly a public interest in maintaining Sitefinder. The Tribunal did not consider that it could base its decision on any actual or implied threat of future non-cooperation by the operators.

In addition, the Tribunal did not accept Ofcom’s view that the EIRs required it to consider whether the aggregate public interest in maintaining the exemptions outweighed the public interest in favour of disclosure.

Appeal to the Administrative Court

In the Administrative Court the question of how to apply the EIRs exemptions was considered. In essence, the Court reviewed whether a public authority should consider the public interest in disclosure outweighed the public interest in withholding the requested information for each separate exemption that could apply, and only if all exemptions resulted in the public interest in disclosure being outweighed should the information not be released. The contrary argument was that the public authority should consider the aggregate public interest, was dismissed by the Court. In reviewing the IPRs exemptions, the Administrative Court considered that the Tribunal could consider whether the use of the data to be disclosed (i.e. for epidemiological research) was in the public interest, even if that meant a breach of the operators’ rights. This was important as strictly a person requesting information under the EIRs or FOIA does not have to state a purpose (however, I have always advised applicants that the purpose should be stated, for exactly this reason – it colours the public interest test – see the chapter I have co-authored in the Law Society’s Freedom of Information Handbook).

Appeal to the Court of Appeal

The Court of Appeal reviewed the Administrative Court’s view on aggregation of public interest, and determined that the Administrative Court had erred in not following this approach. However, the Court of Appeal agreed that the purpose to which the data disclosed was to be put could be considered in any public interest test.

Supreme Court

The issue for the Supreme Court was therefore the same: how should a public authority apply more than one exemption? Is each exemption to be addressed separately, by considering whether the interest served by it is outweighed by the public interest in disclosure? Or can the interests served by different exemptions be combined and then weighed against the public interest in disclosure? The Supreme Court quickly realised that this involved discerning what was intended by Directive 2003/4/EC, and so made the following reference to the CJEU:

Under Council Directive 2003/4/EC, where a public authority holds environmental information, disclosure of which would have some adverse effects on the separate interests served by more than one exception (in casu, the interests of public security served by article 4(2(b) and those of intellectual property rights served by article 4(2)(e)), but it would not do so, in the case of either exception viewed separately, to any extent sufficient to outweigh the public interest in disclosure, does the Directive require a further exercise involving the cumulation of the separate interests served by the two exceptions and their weighing together against the public interest in disclosure?

Advocate General Opinion

Julianne Kokott has carried out her usual thorough analysis, and has suggested to the CJEU that they answer:

Under Council Directive 2003/4/EC on public access to environmental information, where a public authority holds environmental information, disclosure of which would have some adverse effects on the separate interests served by more than one exception under Article 4(2), but it would not do so, in the case of either exception viewed separately, to any extent sufficient to outweigh the public interest in disclosure, the directive requires a further exercise involving the cumulation of the separate interests served by the two exceptions and their weighing together against the public interest in disclosure.

If this is followed by the CJEU, then the matter will be referred back relatively quickly to the First-Tier Tribunal (Information Rights), where I would expect the aggregation of exemption interests will be found to outweigh the public interest in disclosure, so that Sitefinder will be saved, and we can all go home.

(PS For legal readers: I did describe the case up to the Information Tribunal, as it then was, in the Freedom of Information Journal. I intend to write-up a more legal analysis of the whole saga for publication, once the CJEU has made its ruling.)

1 Comment

Filed under Administrative Law, Freedom of Information, Telecoms Regulation

The law moves slowly – 24 years too slowly

Herald of Free Enterprise

Almost 3 years after this photograph was taken in Dover, on the cold evening of 6 March 1987, the Herald of Free Enterprise sailed from Zeebrugge bound for Dover with 459 passengers and 80 crew. Tragically the roll-on-roll-off ferry was designed for the Dover-Calais run, so in order to use Zeebrugge its bow ballast tanks were flooded to lower the car decks to reach the Zeebrugge ramps. The combination of this nose-down attitude and sailing with its bow doors still open resulted in the Herald taking on a mass of water shortly after it cleared the Zeebrugge harbour and in a matter of less than a minute capsizing. Only the fact that it capsized onto a sandbank prevented the ship sinking completely. 193 people died, many not by drowning but by hypothermia, trapped in the ship in water that was only 2-3°C.

The report of the Wreck Commissioner, Mr Justice Steen, makes grim reading. He found:

All concerned in management, from the members of the Board of Directors down to the junior superintendents, were guilty of fault in that all must be regarded as sharing responsibility for the failure of management. From top to bottom the body corporate was infected with the disease of sloppiness.

This led eventually to the prosecution of P&O European Ferries (Dover) Limited, formerly Townsend Thorensen, and five individuals for corporate manslaughter. Despite the clear failings within the company, the prosecution failed as Mr Justice Turner directed the jury not to convict ([1991] 93 Cr App R 72 (Central Criminal Court)). In order to convict the company of manslaughter under the identification principle that applied at the time, one of the individual defendants who could be “identified” with the company as its “controlling mind” would have had to have been guilty of manslaughter (see Bolton (Engineering) Co. v. Graham [1957] 1 QB 159, per Denning LJ, affirmed by the House of Lords in Tesco Supermarkets Ltd v. Nattrass [1972] AC 153). As this was not the case, the company could not be found guilty.

This was clearly unsatisfactory. Early critics, such as Professor Gary Slapper at the Open University, argued that the courts should adopt the aggregation principle, whereby a company could be found guilty of manslaughter where the combined fault of the directors and officers making up its “controlling mind” can be aggregated, rather than any one individual having the necessary intent for manslaughter.

However, on 15 February 2011 Cotswold Geotechnical (Holdings) Limited were the first company to be successfully prosecuted for corporate manslaughter under the Corporate Manslaughter and Corporate Homicide Act 2007. The Act came into force on 6 April 2008. The prosecution followed the death of Alex Wright, a 27-years-old geologist, on 5 September 2008. He was taking soil samples from the bottom of an unsupported 3.5 metre trial pit that collapsed on him, burying and asphyxiating him. Industry practice calls for all trial pits of over 1.2 metres depth to be shored and supported. Mr Justice Field sentenced the company at the Winchester Crown Court to a fine of £385,000, which was more than its annual turnover. He therefore ordered that the company pay the fine at a rate of £38,000 per year. The company was convicted under the following provisions of the Act:

1   The Offence

(1)   An organisation to which this section applies is guilty of an offence if the way in which its activities are managed or organised-

(a)   causes a person’s death, and

(b)   amounts to a gross breach of a relevant duty of care owed by the organisation to the deceased.

(3)   An organisation is guilty of an offence under this section only if the way in which its activitieis are managed or organised by its senior management is a substantial element in the breach referred to in subsection (1).

As someone who first considered a career in law as a result of qualifying as a health and safety officer, I am pleased that at last we appear to have a workable corporate manslaughter law. It has only taken 24 years.

Whilst this extreme form of deterrence is not an ideal way to promote health and safety, measures such as this will become more important as the Health and Safety Executive loses over a third of its funding under the October 2010 Comprehensive Spending Review. This will lead to cuts in the number of proactive inspections, and inevitably a fall in prosecutions under the Health & Safety at Work etc. Act 1974. The last full year fatal accident statistics, for 2009/10, show that Great Britain has a good record, with a steady decreasing trend in the fatal accident rate. None of us wants to see this trend reversed.

1 Comment

Filed under Commercial

In memory of Hannah Foster

Usually I give Ofcom consultations a quick speed read, just to be aware what’s happening. Sometimes I even get lucky and a competitor writes up a consultation before I’ve even read it, saving me more time. (Hat tip, as we say on Twitter, to Rob Bratby and his blog post Rules applicable to all UK telecoms operators to change, which I picked up during school half-term.)

So this brings me to the Ofcom’s consultation dated 24 February 2011 discussed by Rob: Changes to General Conditions and Universal Service Conditions. Unless you’re in the telecoms regulatory business, I’d give it a miss.  One of the changes proposed did, however, catch my attention.  Ofcom has considered the amendments required by the Citizens’ Rights Directive 2009/136/EC to the EU framework for telecoms regulation, and in particular the requirement to introduce equivalent access to emergency services for disabled people.  It proposes that this be done in the UK by requiring mobile operators to provide an emergency SMS service.

I have 2 lovely daughters, aged 18 and 16.  Like most dads of teenage girls, I want them to be safe and I worry about them, but I realise that they have social lives to live.  Until recently they lived in Southampton, not too far away from The Hobbitt in Bevois Valley.  This is a popular student pub – I used to go there myself when I was an undergraduate at Southampton.  Sadly, it is also where Hannah Foster, aged 17, went on the night of 14 March 2003, the night she was abducted on her way home, raped and murdered.  On 25 November 2008, Maninder Pal Singh Kohli, then aged 41, was found guilty on the charges of kidnap, rape and murder at Winchester Crown Court and was sentenced to life imprisonment, with a recommended minimum term of 24 years.

During the trial, evidence of Hannah’s last movements derived from her mobile phone records was critical.  Also included in the trial, but not conclusive evidence to convict her killer, were recordings of her 999 call.  She knew she was in danger, so made what is known as a silent emergency call by dialling 999 on her mobile in her pocket.  There is a police protocol to deal with these silent calls, but it is recognised that particularly with the advent of mobile phones, most of these silent emergency calls are accidental.  If the police get no response, following their protocol, they terminate the call.  This happened in Hannah’s case, so tragically her call for help went unheeded.

As a result of this and similar incidents, some emergency call centres (such as in Hampshire) will respond to requests for emergency services sent by text message to 80999.  However, as far as I am aware, no location data is forwarded with the 80999 text message. So I look forward to the introduction of full emergency SMS. Hopefully, as well as providing for the intended access to emergency services for disabled people, this will finally deal with the problem of silent emergency calls so that the next girl in trouble will be saved.


112 is the European Union emergency telephone number, and also the default number on all GSM (2G) mobile phone networks, which convert 112 calls automatically to the relevant national number.  Even though this was introduced in 1991, my anecdotal evidence suggests that this is still not widely recognised in the UK. Surely we ought to teach this as the standard emergency number, particularly for use on mobiles?

1 Comment

Filed under Telecoms Regulation

We’ll keep the Red White & Blue Flag flying here

A personal view from a Pompey fan.

If you are ever at a match at Fratton Park, Portsmouth, take a short detour on your way back to Fratton railway station to drop in on the Red White & Blue pub on Fawcett Road (in the absence of a licensable picture to embed in this post, look up 150 Fawcett Rd on Google Street View or the Portsmouth News story and picture).  When you are there, raise your glass to the pub landlady, Karen Murphy because:

  • if you are passionate about the state of professional football in England, she may have saved the soul of the English game;
  • if you are also a pro-European lawyer, her case may mark the watershed for the use of territorial intellectual property and similar rights to create artificial barriers to the internal market and the free movement of goods and services; or
  • if, like me, you harbour Pirate Party sympathies, this case is another example of rights holders abusing the original purpose of copyright to use in debates about reform of copyright law.

This is why.


Karen Murphy wanted to show Premiership football in her pub.  She was unwilling to pay the high fees for a BSkyB commercial use licence to show the games in a public place, so she used a decoder card imported from Greece to obtain a feed from a Greek broadcaster. Her Greek-sourced Premiership live games licence fee was around £800 per year, as opposed to the BSkyB fee that can be over £1,000 per month (BSkyB currently makes around £200m a year just from pub licences).  She was prosecuted for a breach of copyright law in the Portsmouth Crown Court for showing 2 matches (19th August 2006 Bolton Wanderers v. Tottenham Hotspur and 25th September 2006 Portsmouth v. Bolton Wanderers (Pompey lost 0-1)), and appealed by way of case stated to the High Court. In contrast, the pub landlords of the Hatch Inn Gate in Reading were fined £2,500 each plus costs for a similar offence in respect of one Reading game (note the involvement of the Federation Against Copyright Theft) and did not appeal.

The High Court made a reference to the Court of Justice of the European Union (“CJEU”) on a number of questions, but noted that on its own interpretation of English law, it would dismiss the appeal. On 3 February 2011 the Advocate General for the case, Case C-429/08, Juliane Kokott (who is a bit of a legal superwoman), gave her opinion on the legal point of the case to the CJEU. If the CJEU upholds her view, Mrs Murphy’s appeal should be allowed when her case reverts back to the High Court.

Saving the Soul of English Football

All the Premiership clubs’ copyright in television coverage of football matches are collected into one legal entity, Football Association Premier League Ltd (“FAPL”).  Each of the Premiership clubs is an equal shareholder in FAPL.  As a rights holder, FAPL can auction whole Premiership packages of rights at the best price for all the clubs (this is in contrast to, say, La Liga in Spain, where the clubs individually negotiate TV rights deals).  The most valuable package of rights is the rights to live transmissions of football matches in the UK. This package of rights has been held since the FAPL began auctioning these rights by BSkyB. FAPL currently earns £1.8bn for its three-year UK rights licence to BSkyB. The revenue from exploiting TV rights generates around half Premiership clubs’ income. This has had many consequences for the English game: hyper-inflation of players’ wages, lack of development of national football talent and the massive over-leveraging of clubs desperate to buy players in order to avoid the financially ruinous drop out of the Premiership, or for the top teams, the disastrous consequences of not qualifying for the UEFA Champions’ League. Arguably the emphasis on Premiership football has also seriously damaged football in all the other professional leagues and has ruined top-flight football as a working-class, spectator sport (prawn sandwich, anyone?).  The way TV rights money is distributed to the Premiership clubs has also arguably created a league-within-a-league to the detriment of the sporting nature of the league itself, as the money from the UK rights’ deals is not distributed evenly to all clubs.  With the exception of Blackburn Rover’s title in 1994/5, all Premiership titles have been won by one of Manchester United, Chelsea or Arsenal.

If the CJEU upholds the principle of the free movement of goods and services across the EU internal market, then it will be open for every consumer of satellite TV to source a decoder from any other member state in the EU to view live Premiership football. At a stroke the value of UK rights will be diminished.  Many would argue that the reduction in the amount of revenue in the game will force it to redress its structure and priorities.

Limits of Intellectual Property Rights and Territorial Restrictions

Intellectual property rights, being creations of statute, are by their nature territorial.  However, one of the founding principles of the European Economic Community, leading to the European Union, was to create a free trade market area, where goods and services would be able to move across international boundaries without any restriction in custom duties or any other national restrictions.  There has always been a tension between the proper use of intellectual property rights to protect national markets and the principle of the free movement of goods and services.

The intellectual property rights at issue in this case concern the sub-divisions of copyright known as the right of reproduction and right of communications to the public, which are set out in Directive 2001/29/EC, and the right to communicate to the public by satellite copyright works, as set out in Directive 93/83/EEC.  There were other territorial restrictions to consider, being those provided for under Directive 98/84/EC, which provides for the legal protection of conditional access services.  Conditional access service is the term used to describe the service that permits a consumer of satellite TV to receive, decrypt and view satellite broadcasts by use of a set-top box and decoder card.

On the other side of these territorial rights and restrictions are the “free movement” treaty provisions that prevent quantitative or other restrictions being placed upon the import of goods or provision of services (at Articles 34, 52 and 56 TFEU (formerly Articles 28, 30 and 49 EC)). 

As might be expected, these Treaty provisions are qualified both within the Treaty and by case-law, so that, in the example of this case, measures to protect industrial and commercial property may be justified.  The CJEU has developed over the years, in particular with respect to trademark cases, a general principle of the exhaustion of rights for the free movement of goods.  Put simply, the principle provides that when goods are lawfully placed on any EU internal market,  the exclusive rights of the intellectual property rights owner are exhausted so that the goods can be purchased in that market and resold anywhere else in the EU. 

Juliane Kokott argued in her opinion that the exhaustion of rights principle should apply equally to the free movement of services.  She found that there was no protection of industrial or commercial property justification for the principle not applying in this case.  In particular, she noted that any intellectual property rights restriction should not be considered to include a “right to charge different prices for a work in each Member State.”   She was not persuaded by the FAPL argument that there needed to be a restriction on rights in order to protect the so-called “closed period” in the UK, being a period in which no live transmissions are possible in order to protect the gates of the clubs.  She noted that the lack of closed periods in France, Germany, Italy, Spain and Northern Ireland had not affected attendance at matches in those territories.

Proper Exploitation of Rights

The Advocate General also considered the application of competition law to the FAPL method of granting licences throughout the EU, as this could be in breach of Article 101(1) TFEU (formerly Article 81(1) EU), being the prohibition on anti-competitive agreements between undertakings that have as their object the prevention, restriction or distortion of competition.  She noted that the series of licences imposed contractual obligations on the licensees to prevent their decoder cards being exported outside of the licensed territories.  She considered that unless a justification under Article 101(3) existed, this arrangement of licences could be incompatible with Article 101(1) TFEU. 

The Advocate General’s opinion therefore argues that FAPL may be using intellectual property rights improperly.  This is a core argument of the Pirate Party, that the development of copyright has gone too far.  To put it in simple UK terms, the Statute of Anne of 1709 granted publishers of a book 14 years copyright protection, with a further term of 14 years if the author was still alive after expiry of the first term.  This was to provide printers with sufficient time to recover their investment in setting the type and printing the book and to incentivize authors to publish.  One of the Pirate Party arguments is that the extension of this term to life of the author plus 70 years has gone way further than is necessary to incentivize authorship and to allow publishers in whatever medium to recover their investment in the distribution and production infrastructure required for that medium.

It will be interesting to see where the CJEU goes with this case, given the view of the Advocate General that free movement of services should have priority here over any intellectual property rights restrictions.

1 Comment

Filed under Administrative Law, Telecoms Regulation