NORMAN BAKER MP v SECRETARY OF STATE FOR THE HOME DEPARTMENT

[Donald ramsbottom]

From Lawtel, report on data Protection and the security services.

As ever if not interested in law do no t read.




NORMAN BAKER MP v SECRETARY OF STATE FOR THE HOME DEPARTMENT (2001) 

Court:
Information Tribunal (Sir Anthony Evans P, Michael Beloff QC, James Goudie 
QC) 1/10/2001 

Subject:
ADMINISTRATIVE - INFORMATION TECHNOLOGY 

Descriptors:
DATA PROTECTION : SECURITY SERVICE : PROCESSING PERSONAL DATA : HOLDING
PERSONAL 
DATA : NON-COMMITTAL REPLY : NEITHER CONFIRM NOR DENY : NCND : EXEMPTION
CERTIFICATES 
: HOME SECRETARY : BLANKET EXEMPTION : REASONABLE GROUNDS : JUDICIAL REVIEW 
: POSITIVE RESPONSES : NATIONAL SECURITY : INTENSITY : LEGITIMATE AIMS :
PROPORTIONALITY 
: NATIONAL SECURITY : JUDICIAL DEFERENCE TO EXECUTIVE : ALTERNATIVE REMEDIES 
: MODIFICATION OF CERTIFICATES : DETAILS OF CERTIFICATES : S.7 AND S.28 DATA 
PROTECTION ACT 1998 : EUROPEAN CONVENTION FOR THE PROTECTION OF HUMAN RIGHTS 
AND FUNDAMENTAL FREEDOMS 1950 : EUROPEAN CONVENTION ON HUMAN RIGHTS : ECHR 


Summary:
The Home Secretary did not have reasonable grounds for issuing a certificate 
giving the Security Service blanket exemption from revealing in response to 
a request under s.7(1)(a) Data Protection Act 1998 whether it was holding or 
processing personal data about an individual. 

Text:
Appeal to the Information Tribunal by a Member of Parliament ('B') under
s.28(4) 
Data Protection Act 1998
. Under s.7(1) of the Act B had requested the Security Service ('Service') 
to inform him whether it held personal data about him. The Service gave a
non-committal 
reply to the request consistent with its policy to "neither confirm nor deny" 
whether relevant data existed (known as "NCND"). The Service relied upon a 
certificate issued by the respondent, the Home Secretary, dated 22 July 2000 
as exempting it from the requirement under s.7(1)(a) of the Act to inform B 
whether or not his personal data were being processed by it and therefore, 
if the certificate was valid, it permitted the Service to respond with its 
non-committal reply. The Tribunal was required by s.28(5) of the Act to
determine 
whether the Minister had reasonable grounds for issuing the certificate. If 
not, it had power to quash the certificate. The Minister contended that there 
were reasonable grounds for authorising the Service to give a non-committal 
reply to this and other requests because it was considered necessary to
safeguard 
national security. B, supported by the Information Commissioner, accepted
that 
the NCND policy was justified in relation to s.7(1)(a) requests in all cases 
where the Service lawfully determined that a positive response would be
harmful 
to national security. However, the validity of the certificate was disputed 
on the ground that its terms were wide enough to relieve the Service from any 
obligation to consider each application individually. It was contended that 
it was not reasonable or proportionate for the Minister to issue the
certificate 
in such wide terms, which could permit the Service to give the NCND reply
even 
in cases where a positive response would not be harmful to national security. 


HELD: (1) The issue was limited because there was a fundamental difference 
between non-compliance with the requirements of s.7(1)(a) of the Act, where 
the data controller refused to say whether or not personal data existed, and 
those of the remaining provisions of s.7, which required him to provide
information 
regarding personal data which he did hold. In cases where s.7(1)(a) was
relied 
upon, it was not conceded that relevant personal data existed. (2) The
Tribunal 
applied the principles of judicial review as they were applied by the courts, 
which included the impact of the individuals rights under the European
Convention 
on Human Rights and the concept of proportionality (see De Freitas v
Permanent Secretary of Ministry of Agriculture, Fisheries, Land 
and Housing (1998)
 3 WLR 675; R v Secretary of State for the Home Department, ex parte Daly
(2001)
 2 WLR 1622). The intensity of the review was guaranteed by the twin
requirements 
that the limitation of convention rights was necessary in a democratic
society, 
in the sense of meeting a pressing social need and the question whether the 
interference was really proportionate to the legitimate aim being pursued. 
In the context of national security judges and tribunals had traditionally 
deferred more to the executive view. (3) The Minister did not have reasonable 
grounds for issuing the certificate. The exemption was wider than was
necessary 
to protect national security. There was no reason to suppose that the burden 
of dealing with requests individually would be unduly onerous. The statutory 
functions of the Service included matters that were independent of its task 
of safeguarding national security. The remedies available to aggrieved
individuals 
were insufficient to make reasonable the otherwise unreasonable issue of the 
certificate. It would not be impossible to modify either the certificate or 
procedures to achieve a situation where each request was considered on its 
merits. Other countries did not permit an identical unchallengeable
exemption. 
(4) The basic defect in the certificate in relation to s.28(2) of the Act was 
that it was expressed by reference to the purposes for which and the
circumstances 
in which personal data were acquired or held by the Service, rather than the 
consequences for national security if data were released or their existence 
acknowledged at the time of the request. (5) In the exercise of the
Tribunal's 
discretion under s.28(5) of the Act, the certificate was quashed. 

Appeal allowed. 

Donald Ramsbottom BA LLb (Hons) PGdip
Ramsbottom & Co Solicitors
Internet and Global Encryption Law Specialists & General UK  Law Matters
5 Seagrove Avenue Hayling Island Hampshire UK
Tel (44) 023 9246 5931 Fax (44) 023 9246 8349
Regulated by the Law Society in the conduct of Investment business
Service by Fax or Email NOT accepted