Ian Kerr, the man behind the company that maintained a blacklist which allowed prospective employers in the construction industry to discriminate against trade union activists, has been fined £5,000 for breach of the Data Protection Act (DPA) 1998. The fine, which has been described as “totally inadequate” by Trades Union Congress (TUC) General Secretary Brendan Barber, provides little or no deterrent for compilers of such lists. However, the Department for Business Innovation & Skills (BIS) has published a consultation paper—The Blacklisting of Trade Unionists: Consultation on Revised Draft Regulations—setting out the UK Government’s proposals to introduce new regulations outlawing the compilation, dissemination and use of trade union blacklists.
In 2008, the Information Commissioner's Office (ICO) conducted an investigation into Mr Kerr’s company, which revealed that for over 15 years Mr Kerr had been running a database of construction workers containing sensitive personal data, such as individuals’ trade union activity, which subscriber firms could consult before deciding whether to offer an individual employment (see Issue 59 of the European IP Bulletin (April 2009), pages 9 and 10). In the Information Commissioner’s view, Mr Kerr contravened the First Data Protection Principle. However, there are no punishments available for breaches of the data protection Principles, which is why the ICO chose only to prosecute Mr Kerr for failure to notify as a data controller.
Mr Kerr was duly prosecuted, fined £5,000 and ordered to pay £1,187.20 costs. The ICO has also now served Enforcement Notices on 17 construction firms that subscribed to Mr Kerr’s database. Formal enforcement action will follow shortly, subject to any representations made by the companies.
In light of this case, the Government is revisiting a decision taken in 2003 not to legislate against blacklisting.
The BIS consultation seeks views on draft Regulations, which are based on proposals contained in the 2002/2003 consultation on the Employment Relations Act, that would outlaw the compilation, dissemination and use of blacklists of trade unionists and make it unlawful for organisations to refuse employment, to dismiss an employee or otherwise cause detriment to a worker for a reason related to a blacklist. The Regulations would also make it unlawful for an employment agency to refuse a service to a worker for a reason related to a blacklist. Employment tribunals will be empowered to hear complaints about alleged breaches of the Regulations and award remedies based on existing trade union law. As an alternative, the courts will be able to hear complaints from any persons that they have suffered loss or potential loss because of a prohibited blacklisting activity. The Regulations have been drafted in a way that covers both direct and indirect use of trade union blacklists.
Individuals will be entitled to seek compensation through an employment tribunal or the courts. Trade Unions will also, in certain circumstances, be able to take enforcement action, for example against a compiler of a blacklist, in a county court, whilst supporting applications to the tribunal by its members against employers for using the same blacklist. However, individuals will not be able to use the tribunal route to obtain an order requiring the closure of a blacklist or restraining a user from accessing such a list.
The penalty imposed on Mr Kerr reflects the fact that the ICO has limited options for dealing with DPA breaches. The ICO will, however, have the power to impose financial penalties where the DPA has been breached knowingly or recklessly under new Section 55A DPA, which comes into force in April 2009. The type of conduct engaged in by Mr Kerr and some construction firms is likely to incur much heavier fines in future. As for the new Regulations, their scope does not extend beyond trade union blacklists. The power to deal with blacklisting based on other types of data therefore remains constrained.