Court hears parliamentarians should not be exempt from spying

A convention under which the UK’s elected representatives have been exempt from state surveillance is not appropriate for an age of mass interception of communications, according to Government lawyer James Eadie QC. The Wilson Doctrine has no legal force, he told the Investigatory Powers Tribunal this week. It emerged in earlier testimony in the case, brought by two MPs, that the UK’s intelligence agencies operate different policies on intercepting communications from public officials. GCHQ, for example, considers that the doctrine does not apply to devolved parliaments in Wales, Northern Ireland and Scotland, or to the European Parliament.

UK Government launches “war on Freedom of Information”

Freedom of Information (FOI) campaigners hit out this week after the UK Government announced it will consult over the proposed introduction of fees for appeals against decisions of the Information Commissioner (ICO). Charges of GBP 100 to apply for an appeal and GBP 500 for an oral hearing were described by Tim Turner on his 2040 Information Law blog as “biased against the public interest”. In light of a recent decision to switch oversight of FOI from the Ministry of Justice to the Cabinet Office, he said the plans announced on 17 July represent the “latest salvo in [the Government’s] war on Freedom of Information”.

Barclays offers compensation to 13,500 UK customers in data breach

Barclays has offered 13,500 customers GBP 250 compensation after personal details dating back to 2008 were found on a memory stick in a property in Bristol. The bank has also offered them a year’s free access to their credit histories, although it said there was no evidence the information (which includes names, addresses, social security numbers, mortgage details and salaries) has been used to carry out any crimes. The memory stick was discovered during an unconnected police investigation.

Court approves Council’s 35-year data retention policy

A Local Authority policy of keeping child protection records for 35 years or more is lawful, according to the Administrative Court in R (C) v Northumberland County Council & Anor [2015] EWHC (Admin) 2134. Judicial Review proceedings were brought after a man requested that all records pertaining to his family should be destroyed because they caused his family injustice. In deciding whether the policy should stand, the court heard testimony from child protection officers who explained the need to retain records under various circumstances for different periods. The judge said the policy had been applied flexibly and proportionately.

German regulator overrides Facebook’s real name policy

Facebook was told this week that requiring account-holders to use their real names is in breach of German law. The social networking site must allow pseudonyms and must refrain from freezing certain accounts while it investigates the identity of the user, following an order by the Hamburg data protection authority. Johannes Caspar said Facebook’s policy violated the right to privacy enshrined in German law and that the company could not fall back on arguments that it was only subject to the law of Ireland where it is based.

French dating sites “could do more to protect data”

France’s privacy watchdog, CNIL, has criticised several dating sites for failing to do enough to protect their users’ sensitive personal data. This week, CNIL said sites such as Easyflirt and Adopte un Mec (Adopt a Guy) should introduce a check-box to offer users control over which data is available to those looking for a match. The sites were also told to monitor and delete inactive accounts. Responding to the comments in French media, one of the networks singled out by CNIL denied the allegations and said the suggested measures would make no difference.

European Court: publishing publicly available tax data is “breach of privacy”

The European Court of Human Rights (ECHR) ruled last week that a Finnish publisher which lists information about individuals’ taxable income and assets can be prevented from doing so under privacy law, even though such data ispublicly available under Finnish law. Satakunnan Markkinaporssi and Satamedia have both published the data for 20 years and were recently ordered to stop the practice by Finland’s privacy watchdog. They refused, citing their right to freedom of expression. The case was eventually referred to the ECHR, which ruled that publication was in breach of individuals’ right to privacy.