Attorney General v BBC [2022] EWHC 1189 (QB) – High Court considers what information can be made public about alleged MI5 CHIS

In a judgment handed down on 18 May 2022 the High Court has considered what information be BBC can publish in a story pertaining to the actions of an alleged MI5 covet human intelligence source (“CHIS”).

The BBC alleged that X was a CHIS and had been psychologically and sexually abusive to two female partners.

The judgment can be found here: https://www.bailii.org/ew/cases/EWHC/QB/2022/1189.html

The judgment is in two parts- one heard in public and the other in private. The private hearing was held to be necessary so that the Court could hear submissions about information that, if released to the public, would make the identity of the alleged CHIS known.

Mr Justice Chamberlian comments: “The court must be alert to the possibility of “jigsaw” identification. One piece of information may on its own seem innocuous, but when taken together with other information known to a particular malign actor, it may lead to the identification of an individual with greater or lesser confidence. The threat of jigsaw identification is a familiar feature of arguments against disclosure in closed material proceedings in the national security context. It is regularly deployed as a basis for refusing to disclose information known only from covert sources. But, although the court must be alive to the threat of jigsaw identification, it must also be astute not to allow the threat to justify a blanket prohibition on disclosure of any piece of the jigsaw.

at p.24

The BBC’s article on the case can be found here: https://www.bbc.co.uk/news/uk-61528286

The intial BBC coverage of this matter here: https://www.bbc.co.uk/news/uk-61508520

And details of one of X’s former partners’ legal action to be taken against MI5 here: https://www.bbc.co.uk/news/uk-politics-61521569

The Personal Data life cycle: Where to start the analysis? – Vladyslav Tamashev, Privacy lawyer at Legal IT Group

Have you ever thought about data on your computer? It doesn’t matter whether you are a content creator, programmer, or just a regular user thousands of different files were created, downloaded, and altered on your device. But what happens when some of that data becomes useless to you?

Usually, this data will be manually deleted to get some free space on your storage device or it will be wiped during the OS reinstallation. Everything that happened with that data starting from its creation or collection until its destruction is called the data life cycle.

The data life cycle is a sequence of stages that happened to a particular unit of data. The simplified life cycle model has 5 basic stages: Collection, Processing, Retention, Disclosure, Destruction. In practice, when we talk about personal data life cycle, this sequence can be dramatically different, dependant on the type of information, its usage, origin, company policies, personal data protection regulations and legislation.

Nowadays one of the most challenging quests for an IT company is to create an efficient and secure data processing inside the company, that will be compliant with local legislation and international regulations. Data life cycle optimization and adaptation is a complex task that starts with personal data life cycle analyses.

The first step in personal data life cycle analysis is to define principles of data collection and processing in the company.

These are some simple questions, that will help you:

  • What’s the purpose of users` data collection in your company? (marketing, statistics, software optimization, etc.)
  • What information is collected? (name, payment information, location, music preferences, etc.)
  • How it was collected? (directly from the user, surveillance, third parties, etc.)
  • Which categories of data are necessary and which are not? (For example email, name, and payment information – are necessary for the company; profile photo, favorite music band, phone number – are not)
  • Who will have access to that data? (top-management, outsource teams, all processes are automated, etc.)
  • Will that data have shared with the third parties? (no, contractors, processors, etc.)

In the second step, the data should be differentiated into categories and analyzed for risks associated with it. Risk analysis will help to highlight the most critical and valuable data categories. There are lots of risk determination approaches, but most of them use negative events probability and possible negative consequences in different variations.

risk = probability of a negative event X negative consequences.

For example, such factors as potential vulnerabilities, possible negative events, the intensity of negative effects and the response to negative effects may be used for more precise risk determination. Such personal data as identification and payment information are at much higher risk of dedicated hackers’ attacks than, for example, less valuable website usage statistics or users’ interface color scheme preferences.

After general analysis, each stage of the life cycle should be analyzed separately.

Collection – is the first stage of the data life cycle. Users must be informed about their data collection in a form of consent or notice. In terms of collection mechanics, data can be obtained directly (the registration form) or indirectly (surveillance, third parties).

Processing – this stage is unique for each company. It can be done manually by company employees, automatically, or with the mixed approach, which depends on the data category and the purpose of data collection. The main principles are to process as minimum information as possible to perform companies’ tasks and restrict unauthorized access.

Retention – means storage of information. The data itself should be stored no longer than necessary or defined by the data policy. For the data life cycle analysis, this stage is the key point.  Depending on the data type it can be reused, destroyed, or disclosed.

Distraction – simple data deletion is perfect for most scenarios, but when we talk about full data distraction, it means that data should be wiped out of servers, backup files, inner documentation, employees’ PCs, and any other storage devices connected to the company. That’s why data tracking should be applied inside the company.

Reuse – the most common stage of the data life cycle. Each time you log into an account or get a personalized email your data is reused by the company and altered according to your actions.

Disclosure – data sharing is important to provide good services and promote your business. Such things as advertisements, statistics, marketing, and other services are based mostly on third-party data disclosure. During the analysis, you should ensure that data transfer is compliant with legislation, the company privacy policy, and allowed by the user.

The personal data life cycle analysis is a complex process, that touches almost every aspect of the company, its data flow, business model, internal and external structure. But it`s the first step in developing a data processing system that will be resistant to external or internal threats and put users’ privacy and data security in the first place.

Vladyslav Tamashev
Privacy lawyer at
Legal IT Group

College of Policing publishes Live Facial Recognition usage guidance

The College of Policing has published guidance on the application of facial recognition software.

The guidance comes following the case of Bridges in which the Court of Appeal criticised the South Wales Police Forces use of live facial recognition software. TPP has covered the Bridges appeal in depth.

The Independent considers privacy advocates comments that the use of the software “is a hammer blow to privacy”.

Sky News also highlights privacy campaigners comments that the software “will turn our streets into police line-ups”.

Attorney General v BBC [2022] EWHC 380 (QB): Attorney General’s application to hear case concerning programme about an MI5 agent in private refused

In a case which reinforces and is underpinned by the principle of open justice, the court has found that an interim hearing concerning the airing of a BBC programme about an MI5 agent who was allegedly “a dangerous extremist and misogynist” should be heard in public.

The BBC wants to broadcast a programme about an individual, “X”. The programme is to include the allegations that X is a dangerous extremist and misogynist who physically and psychologically abused two former female partners; that X is also a covert human intelligence source (variously referred to as a “CHIS” or an “agent”) for the Security Service (“MI5”); that X told one of these women that he worked for MI5 in order to terrorise and control her; and that MI5 should have known about X’s behaviour and realised that it was inappropriate to use him as a CHIS.”

The programme is to include the allegations that X is a dangerous extremist and misogynist who physically and psychologically abused two former female partners; that X is also a covert human intelligence source …; that X told one of these women that he worked for MI5 in order to terrorise and control her; and that MI5 should have known about X’s behaviour and realised that it was inappropriate to use him as a CHIS.”

See INFORRM for further details. The now made public judgment can be found on Bailli here.

Citation: The Guardian: Privacy laws could be rolled back, government sources suggest – A rebuttal

The Guardian has a piece suggesting, following the judgment of the UK Supreme Court this week in ZXC, that privacy laws could be rolled back by replacements to the Human Rights Act.

Following the judgment in ZXC a government spokesperson has stated: “A free press is one of the cornerstones of any democracy. The government recognises the vital role the media plays in holding people to account and shining a light on the issues which matter most. We will study the implications of the judgment carefully.”

Whilst political sources are usually careful not to criticise judges, the balance between freedom of expression and privacy rights of individuals is a contentious area, drawing critical voices from both sides of the debate. TPP advocates balance between the two competing rights.

It should be noted that whether someone has a reasonable expectation of privacy in respect of information regarding a criminal investigation pre-charge is still a highly fact-sensitive and nuanced approach. The court has set a general presumption. But it reflects a careful case-by-case approach in which all the circumstances of a case are taken into account.

The finding in ZXC does not to say there cannot be a case where criminal investigations pre-charge can be made public by the press. This involves a balancing of privacy rights against freedom of expression- the second limb of the well-entrenched test. Its notable that this second limb was not at issue in ZXC.

Therefore, ZXC serves to reinforce pre-existing caselaw, particularly following the Cliff Richard case, in finding that pre-charge details of a criminal investigation fall within ones reasonable expectation of privacy. This then needs to be rebutted by freedom of expression, and one would posit, public interest arguments.

The suggestion from the Government that “there should be a presumption in favour of upholding the right to freedom of expression, subject to exceptional countervailing grounds, clearly spelt out by parliament” is a dangerous one.

As the ZXC judgment rightly points out- neither privacy rights nor freedom of expression takes precedence over the other. The rights have, importantly, always been couched as equally weighted. Both rights are fundamental to a democratic society.

The government wading into such a sensitive process is concerning. Not least by touting criticised approaches to reforming the Human Rights Act. The safeguarding of an individuals privacy, allowing for autonomy, is as fundamental to a democratic society as a free press.

Examine the cases and a fact-sensitive highly nuanced approach to balancing the competing fundamental democratic rights of privacy with freedom of expression readily emerges.

Judges are acutely sensitive to this fact in striving to independently adjudicate complex matters of fact and law. The Meghan Markle case is one of the recent examples of where the balance between privacy and expression has been bought to debate in the public consciousness. The Brett Wilson’s Media Law Blog comes to the defence of privacy and the judiciary- an approach which TPP endorses.

To circle back around- ZXC has ensued a fresh wave of criticism in an area which has typically been at the cutting edge of this debate- the rights of those suspected of criminal activities. And, I add with emphasis here, at pre-charge stage without applying the second limb of the two-stage test.

Again the law makes a the critical distinction here. Open justice and public interest rightly hold sway at a post-charge stage.

And even in these circumstances balancing competing rights comes into play. In the right to be forgotten cases of NT1 and NT2, the right to privacy has evolved and reinforces the right to be forgotten where “the right to be left alone” presents itself.

And, as the court rightly observes in ZXC, where factors to be considered are drawn into lists, such as the Murray factors, these are non-exhaustive. This serves contextual approach serves as “a legitimate starting point”- it affords judges the leeway to take into account fact-sensitive nuances in cases and balance the countervailing rights. Because that is what is takes to safeguard both fundamental rights.

For those interested in this debate I highly recommend Hugh Tomlinson QC’s article in the Guardian: Privacy law: what’s the way ahead?

Bloomberg v ZXC: UK Supreme Court finds that suspects of crime have a reasonable expectation of privacy in investigation details pre-charge

Judgment has been handed down by the UK Supreme Court in the appeal in the case of Bloomberg v ZXC. The court has found for the respondent, refusing the appeal.

The case has significant implications for the law of privacy. It endorses the finding in the Cliff Richard case and provides crucial precedent on the reasonable expectation of privacy suspects of crime can expect. TPP will have further coverage of the judgment shortly. See the judgment here.

“The courts below were correct to hold that, as a legitimate starting point, a

person under criminal investigation has, prior to being charged, a reasonable

expectation of privacy in respect of information relating to that investigation and that

in all the circumstances this is a case in which that applies and there is such an

expectation.”

at p.146

Does ISPO’s Editors Code need to be reformed to protect the relatives of the accused? – Freyja McLoughlin

The British press has been described as a ‘watchdog’ when it comes to protecting the public, and arguably this function is of upmost importance when reporting on criminal cases and their developments. The wide spread reporting of Wayne Couzins brutal kidnap, rape and murder of Sarah Everard, and most shockingly his abuse of his role as an officer in the Met Police to carry out such an atrocity has dominated headlines this Autumn. It is of vital importance that this case was given such a high level of exposure; because with such exposure and public outrage, organisations are forced to address institutional problems – and hopefully prevent such monstrosities occurring again.

However when there is such widespread coverage of an accused; because that is what they are before they have been convicted, no matter how compelling the evidence or the story, the risk of Contempt of Court is always lurking. In Couzins case, the Attorney General, Rt Hon Michael Ellis QC MP, recognised that the reporting was spiralling and subsequently published a statement saying,

‘it can amount to contempt of court to publish information relating to untested and unconnected allegations against the suspect and matters adverse to his character, the admissibility of which a Judge in due course may need to determine’. Contempt proceedings did not become an issue in Couzins case ultimately, however it is a useful prop to demonstrate how heavy the reporting was.

ISPO’s, Editors Code of Practice is one tool which is designed to present press reporting over-stepping the line and amounting to contempt. However ISPO is also, as its website declares, designed ‘To support those who feel wronged by the press and to uphold the highest professional standards in the UK press’. This article will therefore be focusing on if these ‘missions’ of ISPO still appear effective when focusing on the coverage of Couzins wife, Elena Couzins. As well as examining if the ISPO Editors’ Code of Practice sufficiently protects the privacy rights of family members of the accused. It is highly unlikely that family member coverage of an accused could amount to contempt under the Act, however perhaps under the veins of ISPO such prejudicial reporting, although not amounting to contempt, could be prevented.

The Editors’ Code of Practice is applicable to all signatory newspapers, which raises the first question as to its enforcement potential. Questions have been raised that ISPO are reluctant to enforce hefty fines or regulate stringently out of fear that newspapers will simply abstain from joining the organisation. Such a view was articulated by Brain Cathcart, when he stated that ISPO appear to ‘bend over backwards to avoid finding breaches of the code’ and this view point is embodied by the fact after ISPO has never, in its 7 years of existence, used its powers of investigation or issued a single fine. ISPO therefore doesn’t appear to be acting as a sufficient deterrent in any case, including when considering the privacy of the relatives of the accused; is a body which has never issued a fine really going to appear a serious threat to multi million pound newspapers? The statistics echo such a response, off the 9,766 complaints and enquires made to ISPO in 2019, 55 were upheld, a shockingly small number.  The second concern, which this article shall be focusing on is that the Clause’s themselves being interpreted too narrowly and thus failing to protect the public adequately; again this is echoed in the statistics, in 2019 of the 8,891 complaints which didn’t warrant a possible breach, 2,617 of these failed because they didn’t satisfy any criteria for raising a breach. This therefore suggests the threshold needed to qualify as a potential breach is higher than the public would expect it to be. The exception of public interest, which applies in 9 out of the 16 clauses adds another level of protection between the press and an infringement of a Clause. These factors combine mean ISPO appears the opposite of it what it declared itself to be in 2014, ‘the toughest press regulator in the Western World’.

One article in particular in Couzins case is surely the manifestation of everything ISPO is designed to prevent, with extracts including ‘what happened to his [Couzins] and children and where are they now?’. What follows from this questioning title is a detailed life story of Couzins wife, with loaded comments surrounding her English language skills, ‘She didn’t speak very good english’ and personal details surrounding their children and how they met. ISPO clearly states it does not cover issues of ‘taste and decency’ due to the infringement of editorial freedom it would result in, and perhaps this title would immediately be described as one of ‘bad taste’. However this article will be outlining how this article could also be perhaps be disputed, through Article 2, Privacy.

Clause 2 states

i) Everyone is entitled to respect for their private and family life, home, physical and mental health, and correspondence, including digital communications.

ii) Editors will be expected to justify intrusions into any individual’s private life without consent. In considering an individual’s reasonable expectation of privacy, account will be taken of the complainant’s own public disclosures of information and the extent to which the material complained about is already in the public domain or will become so.

iii) It is unacceptable to photograph individuals, without their consent, in public or private places where there is a reasonable expectation of privacy.

The first factor that is immediately apparent when considering Clause 2 is that it is marked with ‘The Public Interest’ exception.  Public Interest within the code is interpreted in a broad manner, and has the effect of allowing infringements of clauses such as ‘Privacy’ or ‘Reporting on Suicide’, if it is in the public interest to do so. It is indisputable that there was a public interest in the Couzin case. In the regular manner of there being a  genuine public interest in freedom of expression itself [bullet point 2], which prevents such atrocities being hidden away, and also in disclosure of an organisation failure [bullet point 1(4)], which seems particularly relevant given the criticism of the met policies toxic masculine culture. Yet it is surely arguable that there is no public interest in reporting extensively upon Couzins wife, she was not a threat to public safety, her existence was not a miscarriage of justice and her marriage wasn’t contributing to public debate in an constructive manner. The press are highly likely, if forced to justify themselves, to argue that Elena’s arrest for assisting an offender creates a public interest; and there is no denying that it adds weight to their argument. Yet Elena was released with no charge and hence had no involvement in the crime; following on from this, ZXC V Bloomberg confirmed that individuals have a realistic expectation of privacy pre charge, which was the exact status of any potential proceedings against Elena. The press are well aware that ‘gossip sells’, and what better sick gossip than a women’s husband of 15 years committing one of Britains most horrific crimes. It can therefore certainly be argued that ISPO are defending the press’s ability to print stories that sell well, rather than protecting individuals who are at the receiving end of the press’s glare.

And the principles of Murray V Express Newspaper indicate the law is heavily in favour of ISPO’s viewpoint; indicating Elena Couzins would not be successful in bringing her case to court. In Murray, J.K Rowling’s son was photographed with a long camera lense whilst being pushed down the street, much similar to the press photograph, which accompanied almost every article of Elena, of her walking down the street outside her house. In Murray’s case, the court ruled against the claimant, and presented their judgment in the following manner:

‘on my understanding of the law including Von Hannover there remains an area of innocuous conduct in a public place which does not raise a reasonable expectation of privacy and secondly, that even if the ECtHR in Von Hannover has extended the scope of protection into areas which conflict with the principles and decision in Campbell, I am bound to follow Campbell in preference.’

Both Campbell and Von Hannover respectively create the precedent that there can be no expectation of privacy in public places, especially when considering a ‘High profile individual’. An interesting angle when considering these cases in the voluntary nature of the ‘celebrity’ in questions, a princess and a model. And although J.K Rowling, an author, could be brought in this category, her son could not, and thus it is highly doubtful the court would move away from this precedent when considering Elena’s non consensual profile.

The case of Jones V Mail Online in 2019 was one of the few which resulted in a ruling against the newspaper; it was found publishing videos a crime season which included images of a dead body was sufficient to qualify as an intrusion into the family grief and shock. This therefore appears to be offering some level of protection to family’s, although it is the victims family rather than accused. However, the case was upheld under Clause 4, which requires publications not to break news of a death to immediate family, rather than Clause 2. This therefore suggests what ISPO objected to was the death being revealed by the newspaper, rather than the images and impact it had on the family. Thus even a positive ruling for the complaints does not appear to demonstrate IPSO taking a compassionate and protective step for the well being of the family.

In conclusion, it appears ISPO take a very stringent and narrow approach when considering rulings against the press, and cases which involve the accused’s relatives bear no exception to this rule. ISPO, at its core, appears to reflect the view of the court and protect the public interest and the need for freedom of expression, rather than individuals privacy or well being. It therefore seems a stretch for them to declare they ‘support those who feel wronged by the press’; as they rarely believe any wrong has occurred. If this is right depends on ones perspective; however it seems harsh in cases such as Elena Couzin’s where no role has been played in the crimes committed, yet you are constantly considered alongside them.

This article was written and submitted to TTP and is published with permission and thanks to the author, Freyja McLoughlin.

Top 10 Defamation Cases 2021: a selection – Suneet Sharma

Inforrm reported on a large number of defamation cases from around the world in 2020.  Following my widely read posts on 2017,  2018,  2019 and 2020 defamation cases, this is my personal selection of the most legally and factually interesting cases from England, Australia and Canada from the past year.

Please add, by way of comments, cases from other jurisdictions which you think should be added.

  1. Fairfax Media Publications Pty Ltd; Nationwide News Pty Limited; Australian News Channel Pty Ltd v Voller [2021] HCA 27

The controversial finding of the majority of the High Court of Australia that news organisations were publishers of third-party comments on their Facebook pages.

Mr Voller brought defamation proceedings against a series of media organisations alleging that each of the applicants became a publisher of any third party comment on its Facebook once it was posted an read by another user. He was successful at first instance and the successive appeals against the finding was rejected.  The position was summarised as follows

“each appellant intentionally took a platform provided by another entity, Facebook, created and administered a public Facebook page, and posted content on that page. The creation of the public Facebook page, and the posting of content on that page, encouraged and facilitated publication of comments from third parties. The appellants were thereby publishers of the third-party comments” [105].

Inforrm had a post about the decision.

The Australian Government are already proposing to reverse the effect of this decision by statute – see the Inforrm post here.

  1. Lachaux v Independent Print Limited [2021] EWHC 1797 (QB)

In the latest instalment in the long running saga of the Lachaux libel litigation, Mr Justice Nicklin dismissed the Defendants’ public interest defence and ordered the publishers of The Independent, The i and the Evening Standard newspapers to pay £120,000 in libel damages to aerospace engineer Bruno Lachaux. The defendants falsely alleged he had, amongst other things, been violent, abusive and controlling towards his ex-wife, that he had callously and without justification taken their son away from her, and that he had falsely accused his ex-wife of abducting their son.

The Judge provided important commentary on the standards to be upheld by defendants seeking to establish the public interest defence to what would otherwise be considered defamatory coverage.  He said:

I have no hesitation in finding that it was not in the public interest to publish [Articles], which contained allegations that were seriously defamatory of the Claimant, without having given him an opportunity to respond to them. The decision not to contact the Claimant was not a result of any careful editorial consideration, it was a mistake …journalists and those in professional publishing organisations should be able to demonstrate, not only that they reasonably believed the publication would be in the public interest, but also how and with whom this was established at the time…

Informm had a case comment as did, 5RB.

The saga has not yet concluded.  The defendants have been granted permission to appeal and their appeal will be heard by the Court of Appeal on 12 April 2022.

3. Hijazi v Yaxley-Lennon[2021] EWHC 2008 (QB)

A case concerning a short altercation between two pupils on the playing field of Almondbury Community School in Huddersfield. A video was taken of the incident which subsequently “went viral”, just after the perpetrator of the altercation was expelled from school. He later received a caution for common assault for the incident.

On 28 and 29 November 2018 Mr Yaxley-Lennon used his Facebook account to post two videos of himself giving his opinion on the incident. He suggested, contrary to narratives emerging from media coverage of the altercation, that some of the sympathy toward Mr Hijazi (the claimant) were undeserved as he had committed similar violence.

Both videos were found to be defamatory of Mr Hijazi

In finding for the claimant after the substantive trial, Mr Justice Nicklin stated:

“The Defendant’s allegations against the Claimant were very serious and were published widely. The Defendant has admitted that their publication has caused serious harm to the Claimant’s reputation. The consequences to the Claimant have been particularly severe. Although it was media attention on the Viral Video that first propelled the Claimant (and Bailey McLaren) into the glare of publicity, overwhelmingly that coverage (rightly) portrayed the Claimant as the victim in the Playing Field Incident. The Defendant’s contribution to this media frenzy was a deliberate effort to portray the Claimant as being, far from an innocent victim, but in fact a violent aggressor. Worse, the language used in the First and Second Videos was calculated to inflame the situation. As was entirely predictable, the Claimant then became the target of abuse which ultimately led to him and his family having to leave their home, and the Claimant to have to abandon his education. The Defendant is responsible for this harm, some of the scars of which, particularly the impact on the Claimant’s education, are likely last for many years, if not a lifetime.”

There was an Inforrm Case Comment

4.  Abramovich v Harpercollins Publishers Ltd & Anor [2021] EWHC 3154 (QB)

Chelsea FC owner Roman Abramovich succeeded at a preliminary issue trial on meaning. Mrs Justice Tipples found that all nine of the meanings of allegations relating to Abramovich’s purchase of Chelsea FC “on the directions of President Putin and the Kremlin” were defamatory.

The case concerned a claim of defamation against Catherine Belton and publisher Harper Collins of allegations made in the her book, Putin’s People: How the KGB Took Back Russia and Then Took On The West.

5.   Vardy v Rooney [2021] EWHC 1888 (QB) Inforrm Case Comment

Known as the “Wagatha Christie litigation” this concerned a claim of defamation brought by Rebekah Vardy against Coleen Rooney. The case stems from series of statements published by the defendant on her public Instagram account. Mr Justice Warby, previously found that the statements meant:

Over a period of years Ms Vardy had regularly and frequently abused her status as a trusted follower of Ms Rooney’s personal Instagram account by secretly informing The Sun newspaper of Ms Rooney’s private posts and stories, thereby making public without Ms Rooney’s permission a great deal of information about Ms Rooney, her friends and family which she did not want made public.

This part of the litigation concerns the claimants attempts to strike out and claim summary judgment. A number of paragraphs of the Amended Defence were struck out in relation to allegations of the claimants’ publicity seeking behaviour.

  1. Nettle v Cruse [2021] FCA 93

Sydney based plastic surgeon Dr Nettle refused to operate on Ms Cruse. Cruse posted comments which were highly defamatory of Dr Nettle throughout 2018. This included creating a website in the URL of Dr Nettle’s name. Allegations ranged from failing to keep records confidential to performing unauthorised surgeries. The court found in Dr Nettles favour concluding:

“Dr Nettle has proved that he was defamed by Ms Cruse in four publications in 2018.  Judgment will be entered for Dr Nettle with damages payable by Ms Cruse assessed at $450,000.  Injunctions restraining Ms Cruse from republishing the four impugned publications, or the imputations which have been found to be conveyed by them, will be made permanent.  Ms Cruse will also be ordered to pay Dr Nettle’s costs of the proceeding.”             

  1. Webb v Jones [2021] EWHC 1618 (QB)

A libel claim arising from Facebook postings. The claimant failed to comply with the pre-action protocol and failed to provide particulars of publication context in her pleading until three months after service of the Claim Form.  The defendant’s application for strike out in this case was successful.  The case provides useful guidance on the procedural niceties of conducting a libel claim. Inforrm has a case comment. 

  1. Corbyn v Millett [2021] EWCA Civ 567

The respondent issued defamation proceedings against Jeremy Corbyn in respect of an interview he gave on the Andrew Marr Show in which he had referred to people in the audience as “Zionists” who “don’t understand English irony”.  Saini J held that this made a defamatory allegation of fact.  Mr Corbyn, appealed.  Warby LJ held that the judge did not err in finding that the words ‘disruptive’ and ‘abusive’ were statements of fact?  The appellant was “presenting viewers with a factual narrative”.  He also held that the Judge’s approach to  ‘bare comment’ had been correct and there was no error of law in the finding that imputation were defamatory at common law?

  1. Greenstein v Campaign Against Antisemitism [2021] EWCA Civ 1006

A libel claim against the Campaign Against Antisemitism after the Campaign referred to Greenstein in a series of five articles published on its website. The appeal was against an order striking out particulars of malice and judgment entered into in favour of the Campaign. In upholding the first instance decision, Dingemans LJ reiterated the principles to finding malice from Horrocks v Lowe [1975] AC 135.

  1. Chak v Levant2021 ABQB 946

Rebel Media founder Ezra Levant, was ordered to pay damages of $60,000, following Leonard J finding he defamed a political science professor and former Liberal candidate during a 2014 Sun News broadcast. Levant claimed Farhan Chak “shot up” a nightclub when he was 19 years old.

Top 10 Privacy and Data Protection Cases of 2021: A selection – Suneet Sharma

Inforrm covered a wide range of data protection and privacy cases in 2021. Following  my posts in 20182019 and 2020 here is my selection of most notable privacy and data protection cases across 2021:

  1. Lloyd v Google LLC [2021] UKSC 50

 In the most significant privacy law judgment of the year the UK Supreme Court considered whether a class action for breach of s4(4) Data Protection Act 1998 (“DPA”) could be brought against Google of its obligations as a data controller for its application of the “Safari Workaround”. The claim for compensation was made under s.13 DPA 1998.  The amount claimed per person advanced in the letter of claim was £750. Collectively, with the number of people impacted by the processing, the potential liability of Google was estimated to exceed £3bn.

Lord Leggatt handed down the unanimous judgement in favour of the appellant Google LLC:

“the claim has no real prospect of success. That in turn is because, in the way the claim has been framed in order to try to bring it as a representative action, the claimant seeks damages under section 13 of the DPA 1998 for each individual member of the represented class without attempting to show that any wrongful use was made by Google of personal data relating to that individual or that the individual suffered any material damage or distress as a result of a breach of the requirements of the Act by Google.”

The case has been heralded for its central importance in determining the viability of data protection class actions. The case drew wide coverage from Pinsent MasonsHill DickinsonClifford ChanceBindmans and Stewarts.

  1. HRH The Duchess of Sussex v Associated Newspapers Limited [2021] EWHC 273 (Ch) and [2021] EWCA Civ 1810.

In February 2021 Meghan, Duchess of Sussex, won her application for summary judgment against the Mail on Sunday.  Warby LJ said there were “compelling reasons” for it not to go to trial over its publication of extracts of a private letter to her estranged father, Thomas Markle.  He entered judgment for the Duchess in misuse of private information and copyright.  There was a news piece on Inforrm and a piece by Dominic Crossley.

Associated Newspapers was granted permission appeal and the appeal was heard on 9 and 11 November 2021 with judgment being handed down on 2 December 2021,  The Court, Sir Geoffrey Vos MR, Sharp P and Bean LJ, unanimously dismissed the appeal on all grounds, stating:

“Essentially, whilst it might have been proportionate to disclose and publish a very small part of the Letter to rebut inaccuracies in the People Article, it was not necessary to deploy half the contents of the Letter as Associated Newspapers did. As the Articles themselves demonstrate, and as the judge found, the primary purpose of the Articles was not to publish Mr Markle’s responses to the inaccurate allegations against him in the People Article. The true purpose of the publication was, as the first 4 lines of the Articles said: to reveal for the first time [to the world] the “[t]he full content of a sensational letter written by [the Duchess] to her estranged father shortly after her wedding”. The contents of the Letter were private when it was written and when it was published, even if the claimant, it now appears, realised that her father might leak its contents to the media.” [106]

 The case has been analysed on INFORRM by Brian Cathcart.

  1. Australian Competition and Consumer Commission v Google LLC (No 2) [2021] FCA 367

The Federal Court of Australia found that Google misled some users about the personal location data it collected through Android devices between January 2017 and December 2018.

The Court found that, in providing the option, “Don’t save my Location History in my Google Account”, represented to some reasonable consumers that they could prevent their location data being saved on their Google Account. In actual fact, users need to change an additional setting, separate, to stop their location data being saved to their Google Account.

Inforrm had a case comment.

  1. Hájovský v. Slovakia [2021] ECHR 591

Mr Hájovský placed an anonymous advert in a national newspaper offering payment to a woman in return for giving birth to his child. An investigative reporter posed as a candidate interested in surrogacy, replied to the advert and secretly filmed the ensuing meetings. These were later complied into a documentary. A national tabloid also covered the story using stills of footage and taking a critical stance of the applicants’ actions. Both stories revealed the applicant’s identity. This prompted the applicant to bring an action against the media groups for violation of his privacy under Slovakian law.

The Slovakian courts dismissed the application on the basis that the article contributed to a matter of public interest- the debate around surrogacy for payment and in any event the publishing of the advert had brought a private matter, the applicant’s wish to have a child, into the public domain.The ECtHR found in favour of the applicant. In doing so it reiterated the well-established balancing approach vis a vi privacy and freedom of expression as per Von Hannover and Axel Springer. In this instance the court found that the applicants right to privacy had been violated and that the Slovakian courts has erred in their approach to balancing the competing rights. In doing so the court make key observations about the privacy implications of photographs.

Inforrm has a case comment.

  1. Warren v DSG Retail Ltd [2021] EWHC 2168 (QB)

This case concerned the viability of claims for breach of confidence and misuse of private information against data controllers who have suffered cyber-attacks. In dismissing the claims for breach of confidence and misuse of private information Saini J found that both causes require some form of “positive conduct” by the defendant that is lacking where the cause of the private information being leaked is a cyber-attack.

Inforrm had a case comment.

6.  ES v Shillington 2021 ABQB 739

In this case the Alberta Court of the Queen’s Bench awarded damages under new “public disclosure of private fact” tort. The case concerned the making public of images of the claimant engaging in sex acts with the defendant- these had been shared during a romantic relationship between 2005 to 2016 where the parties had two children together. The parties had a mutual understanding that the images would not be shared or published anywhere. However, the defendant then proceeded to share the images online, including those involving the sexual assault of the claimant.

Delivering judgment for the claimant, Inglis J accepted their submissions that a new “public disclosure of private information” tort should be recognised as a separate cause of action from existing common law statutes.

Inforrm has a case comment.

  1. Hurbain v Belgium ([2021] ECHR 544)

 A case in which an order to anonymise a newspaper’s electronic archive was found not to breach the applicant publisher’s right to freedom of expression. This case reflects an important application of the right to be forgotten under article 8 of the Convention.  The applicant, Patrick Hurbain, is the president of the Rossel Group which owns one of Belgium’s leading French-language newspapers, Le Soir, of which he was previously Managing Editor. The article in question concerned a series of fatal car accidents and named one of the drivers, G, who had been convicted of a criminal offence for his involvement in the incidents. G made a successful application for rehabilitation in 2006.

However, Le Soir created a free, electronic, searchable version of its archives from 1989 onwards, including the article at issue.  G relied on the fact that the article appeared in response to a search on his name on Le Soir’s internal search engine and on Google Search. He explained that its availability was damaging to his reputation, particularly in his work as a doctor. The newspaper refused the application by stated it had asked Google to delist/deindex the article.

In 2012 G sued Mr Hurbain as editor of Le Sior and was successful domestically. Mr Hurbain then lodged an application with the Strasbourg Court complaining that the anonymisation order was a breach of Article 10. In balancing the article 8 and 10 rights in the case the Strasbourg Court found in favour of G.

Informm had a case comment.

  1. Peters v Attorney-General on behalf of Ministry of Social Development [2021] NZCA 355

The New Zealand Court of Appeal provided guidance in respect of the tort of invasion of privacy in this high-profile case. In 2017, the Ministry for Social Development (“MSD”) realised that Mr Peters, MP and leader of the New Zealand First Party, had overpaid New Zealand Superannuation (“NZS”). Due to errors NZS had been paid at the single rate when it should have been paid at the partner rate. Mr Peters immediately arranged for the overpaid amount to be repaid.

In August 2017 several reporters received anonymous calls in respect of the overpayment. To pre-empt any publicity, Mr Peters released a press statement addressing the incident. He also issued a claim for infringement of the tort of invasion of privacy against several MSD executives.  The High Court found the MSD executives were proper recipients of information and thus the claim failed.  The Court of Appeal dismissed Mr Peters’ appeal. For an invasion of privacy claim to succeed there is a two “limb” test:

  • the existence of facts in respect of which there was a reasonable expectation of privacy; and
  • that the publicity given to those private facts would be considered highly offensive to an objective reasonable person.

The Court agreed that limb one was met on the facts. However, the Court found that Mr Peters did not have a reasonable expectation of protection from disclosure of this information within MSD and from MSD to the relevant Ministers and select staff. As the claimant could not prove that any of defendants had released information to the media. The appeal was dismissed. The case affirmed the removal of the requirement for there to be widespread disclosure and the potential for the removal of the requirement that disclosure be highly offensive.

  1. R (Open Rights Group and the 3 million) v Secretary of State for the Home Department and Others [2021] EWCA Civ 800,

A case concerning “the lawfulness” immigration exemption found in paragraph 4 of Schedule 2 of the Data Protection Act 2018. This exemption allows those processing personal data for immigration control purposes to refuse to comply with the data subject rights guaranteed by the GDPR to the extent that complying with those provisions would prejudice those purposes.  The Court of Appeal found that this exemption was not compliant with Article 23 of the GDPR.

There was coverage from Hunton Andrews Kurth and 11KBW.

  1. Biancardi v. Italy [2021] ECHR 972

The ECtHR found that an order that the editor of an online newspaper was liable for failing to de-index an article concerning criminal proceedings did not breach Article 10 of the Convention. The case concerned an application for the delisting of an article concerning a fight involving a stabbing in a restaurant which mentioned the names of the those involved including the applicant V.X.

Inforrm had a case comment.

Suneet Sharma is a junior legal professional with a particular interest and experience in media, information and privacy law.  He is the editor of The Privacy Perspective blog.