Attorney General v BBC [2022] EWHC 1189 (QB) – High Court considers what information can be made public about alleged MI5 CHIS

In a judgment handed down on 18 May 2022 the High Court has considered what information be BBC can publish in a story pertaining to the actions of an alleged MI5 covet human intelligence source (“CHIS”).

The BBC alleged that X was a CHIS and had been psychologically and sexually abusive to two female partners.

The judgment can be found here: https://www.bailii.org/ew/cases/EWHC/QB/2022/1189.html

The judgment is in two parts- one heard in public and the other in private. The private hearing was held to be necessary so that the Court could hear submissions about information that, if released to the public, would make the identity of the alleged CHIS known.

Mr Justice Chamberlian comments: “The court must be alert to the possibility of “jigsaw” identification. One piece of information may on its own seem innocuous, but when taken together with other information known to a particular malign actor, it may lead to the identification of an individual with greater or lesser confidence. The threat of jigsaw identification is a familiar feature of arguments against disclosure in closed material proceedings in the national security context. It is regularly deployed as a basis for refusing to disclose information known only from covert sources. But, although the court must be alive to the threat of jigsaw identification, it must also be astute not to allow the threat to justify a blanket prohibition on disclosure of any piece of the jigsaw.

at p.24

The BBC’s article on the case can be found here: https://www.bbc.co.uk/news/uk-61528286

The intial BBC coverage of this matter here: https://www.bbc.co.uk/news/uk-61508520

And details of one of X’s former partners’ legal action to be taken against MI5 here: https://www.bbc.co.uk/news/uk-politics-61521569

The Personal Data life cycle: Where to start the analysis? – Vladyslav Tamashev, Privacy lawyer at Legal IT Group

Have you ever thought about data on your computer? It doesn’t matter whether you are a content creator, programmer, or just a regular user thousands of different files were created, downloaded, and altered on your device. But what happens when some of that data becomes useless to you?

Usually, this data will be manually deleted to get some free space on your storage device or it will be wiped during the OS reinstallation. Everything that happened with that data starting from its creation or collection until its destruction is called the data life cycle.

The data life cycle is a sequence of stages that happened to a particular unit of data. The simplified life cycle model has 5 basic stages: Collection, Processing, Retention, Disclosure, Destruction. In practice, when we talk about personal data life cycle, this sequence can be dramatically different, dependant on the type of information, its usage, origin, company policies, personal data protection regulations and legislation.

Continue reading