Human right to internet access qualified

At the end of November, the European Parliament approved the text for a new directive amending existing EC legislation on electronic communications networks.  Hurrah.  Whilst finalising the text, the European Parliament considered whether any restriction on an individual's access to the internet should require a prior court judgment to that effect.  Naked Law readers may recall that this was the position the French courts took in June this year, on the basis that access to online services is a human right.

The European Parliament has concluded that restrictions on internet access may "only be imposed if they are appropriate, proportionate and necessary within a democratic society".  Although there will be no need for a court ruling to restrict internet access, such measures may be taken only "with due respect for the principle of presumption of innocence and the right to privacy" and as a result of "a prior, fair and impartial procedure" guaranteeing "the right to be heard...and the right to an effective and timely judicial review."

All of which means that the way has been cleared for Lord Mandelson to introduce the much anticipated legislation obliging internet service providers to slow or cut off copyright infringers' access to their internet service.  This proposed legislation - the Digital Economy Bill - has its second reading in the House of Lords today.  So watch this space.

In the hierarchy of rights, it would seem that copyright currently trumps the right to online services.  One wonders whether it will continue to do so Sixty Years On.

Fred: Keene to find out

We have a lot of questions from public authorities and suppliers about the scope of the 'commercial interests' exemption under the Freedom of Information Act, particularly in relation to tenders.  A recent Information Tribunal judgment (Fred Keene v Central Office of Information) throws a little more light on things. Fred's business had been one of the unsuccessful bidders when the COI had invited tenders from reprographics businesses several years ago. In January 2007 Fred made a request for information to the COI under the FOIA regarding the selection process, in response to which the COI supplied some information but withheld the crucial evaluation and scoring details.

The COI relied on the Part II FOIA commercial exemption that disclosure would be likely to prejudice the commercial interests of any person, including the public authority holding the information. They argued that low scores or negative comments about the bidding businesses would damage their commercial interests by adversely affecting their reputation, and further that the commercial interests of COI would be damaged as disclosure of the disputed information would deter businesses from tendering, or providing adequate information, in the future.

The Tribunal found that:

• the meaning of 'likely to prejudice' was that there would be a real and significant risk, or 'weighty chance', of detriment or damage to the commercial interests of a party;
• the commercial interests of the bidding business would not be prejudiced by disclosure of the information as there was no commercially sensitive information or performance related comment in the evaluation information - it was held that although an application form was described as 'not great' and the applicant 'would not be able to handle COI's business', these comments were about entirely objective matters and therefore did not reflect negative opinion; and
• the commercial interests of COI would not be prejudiced as the COI had established tendering procedures that businesses would have to abide by, and most businesses were aware that as a public body the COI was subject to FOIA disclosure obligations.

As the test had not been met the COI was obliged to disclose the disputed information. Fred wins. Go Fred!

The court considered as an aside that the public interest in maintaining the exception did not outweigh the 'very strong public interest in promoting transparency and accountability in relation to tendering and procurement decisions of the COI and its expenditure of public funds'. Always good to know.

ICO consultation draft guidance

An update on the ICO's monetary penalty consultation - recent draft guidance has set the maximum penalty for serious breaches of the Data Protection Act at £500k. The ICO believes this is a proportionate sanction for serious contraventions of the data protection principles, and has stated that the possibility of a monetary penalty 'should act as an encouragement towards compliance, or at least as a deterrent against non-compliance' on the part of data controllers.

The guidance states that, following an investigation to determine whether there has actually been such a contravention, the Commissioner will determine whether a monetary penalty is appropriate and the amount of that penalty firstly based on the underlying aim of the measures to promote compliance with the DPA and then based on the circumstances of the particular breach. Factors including the nature of the data, the number of people affected by the breach, whether it was a one-off incident or part of a series, the duration and extent, whether the breach was deliberate and the steps taken by the data controller to prevent such an incident may all be taken into account.

Interestingly, the Commissioner will also consider the size and financial and other resources of the data controller in determining the amount of monetary penalty, and it seems that a data controller with substantial financial resources is likely to attract a higher penalty than one with limited resources for a similar contravention. So large organisations should beware - it would seem that once the 'serious' threshold is crossed in relation to the breach, financial resources may 'proportionately' affect the size of the fine (sorry, monetary penalty) imposed.

The consultation period ends on 21 December this year, and as yet there is no definitive information as to when these measures will be implemented - though the Commissioner has made his eagerness to use the powers public knowledge.

Incidentally, a slight inadvertent slip in Part 4 of the draft guidance - '...whether liability to pay the fine will fall on individuals...'

Good news for disclaimers?

A recent Court of Appeal case may be good authority for saying that website disclaimers can be effective.

A husband and wife wanted a swimming pool in their garden. They searched the Swimming Pool & Allied Trade Association ("SPATA") website (http://www.spata.co.uk/)  in order to find a contractor. The website explained that contractors listed were approved member companies who were fully vetted. Having found their details on SPATA, the claimants engaged Crown Pools Ltd ("Crown") to do the work. However, the work was not completed due to Crown becoming insolvent. The couple alleged that they had suffered financial loss and bought proceedings against SPATA on the basis that Crown was not in fact a full member of SPATA and SPATA had made negligent misstatements on their website to this effect, which the claimants had relied upon.

SPATA successfully argued that they had urged visitors to the site to seek further information as to the members, ie by obtaining an information pack (which had the Claimants done, they would have discovered that Crown was not a full member). This guidance appeared on the home page of SPATA and the list of members was sited very near to the wording mentioned above, namely that 'SPATA supplies an information pack and members lists which gives details of suitably qualified and approved installers in the customer's area'. The court held that the fact that visiters were directed to obtain an information pack meant that it was not liable where a visiter relied on wording on the website without seeking the information pack.  Therefore, the Court of Appeal held that SPATA did not owe a duty of care to the couple.

The verdict will surely be welcomed as it is one of the first to consider the issue of website disclaimers.  I note that the judge specifically states that the fact that the list of members appeared on a website did not make any difference and that no special considerations apply to representations on websites.  However, the fact that in this case a mistake on a website did not necessarily lead the website provider to be liable, means that this could represent good news for website operators who, up until now, have had little guidance or inkling as to the enforceability of their website disclaimers.  The case did not, unfortunately, give a steer on where a disclaimer must be found for it to be able to be enforced against a visitor, but no doubt it was relevant that the wording in this case relied upon by the website operator was very close to the representation in question.

Digital Economy Bill due soon

Proposals for new legislation to combat internet piracy are expected be announced at the State Opening of Parliament. It will be interesting to see how the government’s thinking has evolved since the Digital Britain report suggested that those who illegally download films and music may have their internet connections slowed.

You may recall that in August, Lord Mandelson upped the ante by voicing his opinion that people who illegally download films and music should have their internet connection cut off and possibly incur a fine of up to £50,000.

Whilst Lord Mandelson’s comments have not been unanimously supported some luminaries of the music world, including Elton John, have backed the harsher sanction. Presumably those pirates who have illegally downloaded Mr John’s songs have found that sorry seems to be the hardest word.

Latest ICO intelligence at Intellect

I'm on my way back to Cambridge after a meeting at Intellect's Russell Square offices about the new Information Commissioner and the latest from the ICO. Interesting points covered included:

• ICO will be able to impose fines from early next year for serious breaches with potential to cause substantial damage or distress (which we knew already) - but they're 'monetary penalties' and not fines because they are not criminal sanctions.
• Monetary penalties are still under consultation. ICO currently favours setting a maximum figure (rather than unlimited penalties or a percentage of turnover). The level is likely to be a 'substantial figure' (though less than £1m). Likely to go to a public consultation later this year so may still change further.
• April still the best bet for when the fines ... er ... penalties ... will be available to the ICO.
• They won't only apply to security breaches/7th principle breaches (though the ICO would have expected to be able to impose penalties on HMRC, MOD and the people behind the construction employee gaffe that all made headlines if the power had been introduced earlier).
• Also talk about compulsory audits (after 'assessment notices') for central Government (and other sectors, where extended by order).
• And data breach notification is still on the radar and still under discussion by the EC.

I’m a celebrity…get me out of this courtroom!

As from 1 October 2009, and for the first time in English legal history, Supreme Court proceedings may be televised. We’re passing comment on this in the Naked Law forum because although no mention has yet been made of the possibility of downloading coverage from the internet, one assumes it would be the next logical step...and even if it isn’t, this story is of general interest!

Broadcasting is banned from all other courts in England and Wales, but new rules apply to the Supreme Court under the Constitutional Reform Act 2005. Although the public have been able to see parts of House of Lords proceedings previously, such as the Pinochet extradition, the new broadcasting rules allow unprecedented access to proceedings.

The big objective of broadcasting is to make proceedings more accessible to the public, although there are (naturally) limitations. Footage will be filmed by the court and then passed to broadcasters; justices will be able to stop filming as necessary; and the footage may only be used for news, current affairs and educational and legal training programmes. In this way, the State should be able to overcome privacy issues, but even so, one feels that Strasbourg beckons in the not too distant future.

It remains to be seen whether the decisions of the Supreme Court Justices will be scrutinised as carefully as those of Alesha Dixon during Strictly Come Dancing.

Your privacy is not worth tuppence

There have been concerns recently about the value the courts put on people's sensitive personal data. Readers may recall that in November 2008, the entire BNP membership list was published online. Approximately 12,000 names, addresses, phone numbers and email addresses were disclosed. This information was clearly "sensitive personal data" under the Data Protection Act 1998 ("DPA"), as in the context it related to the political opinion of BNP members.

Due to its sensitive nature, political opinion is meant to be fastidiously protected by the DPA (and the data controller). As a result of BNP membership disclosure, some of those named were attacked, had their property vandalised, received white powder through the post (said to be anthrax) and one BNP member lost his job as a police officer (see here). The police received more than 160 complaints about the disclosure and its consequences. It comes as some surprise then that, following an investigation to have cost around £50,000, a former BNP security chief was fined £200 by the Nottingham Magistrates' Court. He was also ordered to pay costs of £100.

So, the disclosure of each individual's name attracted a fine of about one and two thirds of a penny.  Mary Poppins couldn't feed the birds for that.

The judge is reported to have said that the fine had to be "so low as to be ridiculous" because the former BNP security chief was living off benefits, but that may not satisfy those who suffered harm to themselves and/or their property as a result of the illegal disclosure.

To put the level of the fine into context, in December 2006, the Liverpool Magistrates' Court fined Liverpool City Council £300 for failing to respond to an information notice issued by the Information Commissioner's Office. This Naked Lawyer is not convinced that the punishments in data protection cases always fit the crime. Perhaps when the Information Commissioner finally receives the power to fine those who breach one of the eight data protection principles, the unauthorised disclosure of another's political opinion will attract a rather stiffer fine. It is currently anticipated that the Information Commissioner will receive this power in April 2010.

L'Oreal not worth it on eBay

It has been widely reported that L'Oreal have recently lost a case against eBay in France concerning the sale of counterfeit L'Oreal goods on eBay. This is one of a reported number of cases L'Oreal is bringing against eBay in different jurisdictions around Europe (including recent decisions in the UK and Belgium) in a series of cases which may have implications for the liability of online sales portals for third party actions.

 

It is also potentially a welcome relief for eBay following an unfavourable ruling in France in the Louis Vitton case. The general manager of eBay France, Alexander von Schirmeister, described the case as “a big victory for eBay” and “more importantly, a big victory for French consumers".

 

L'Oreal's contention in France was that eBay should be doing more to actively prevent conterfeit goods bearing L'Oreal trade marks from being sold in eBay. eBay's defence was that they had a procedure (the VERO procedure) for rights owners to report illegitimate sales of goods. They responded promptly when illegal activity was brought to their attention, but did not proactively screen content unless a report was made.

 

The French Court decided that eBay had put sufficient measures in place and is acting in good faith in its dealing in this area. The Court's view was that a sensible approach was for rights owners and internet hosting providers to work together on this issue, avoiding litigation where possible.

 

The writer has significant issues with the Louis Vitton decision and its consistency with the E-commerce Directive 2000 (specifically Article 14) - specifically whether this decision impliedly imposes a positive obligation on eBay (and others) to actively monitor third party content on their websites. Hopefully this series of decisions represents a consistent approach towards determining the liability of hosting services providers for illegal actions committed through their websites. Also, the writer hopes it helps to demonstrate to rights owners that collaborating with hosting service providers is preferable to resorting to the Courts at the first opportunity.

 

L'Oreal is reported to be appealing the French ruling, so sadly this might have some way to go.

Digital Britain - will it guarantee access?

The Government proposes to tax fixed phone lines for broadband roll out.  The big question remains for those with "theoretical" broadband access -- the ones who have it but at much less than the advertised rate, or intermittently, or both -- whether there will be a commitment to ensure that there is recourse for such consumers.  Despite the lack of concern from OFCOM about the poor service given by many broadband providers because apparently few complain, there are many out there who are simply resigned to a service which is below the advertised speeds.