What’s in a name? The criminal implications of pleasantries

by | Feb 9, 2017

author profile picture

About Rory Kelly

Rory Kelly is pursuing a DPhil in criminology at the University of Oxford and is an Editor for the OxHRH Blog.

Citations


Rory Kelly,  “What’s in a name? The criminal implications of pleasantries” (OxHRH Blog, 9 February 2017) <https://ohrh.law.ox.ac.uk/whats-in-a-name-the-criminal-implications-of-pleasantries> [Date of Access]

In September a new batch of research assistants started at the Law Commission in London. Having collected them from reception, I brought them over to meet the rest of the criminal law team, and said, ‘Everybody, this is K and S, they’re new.’ At first glance, this appears to be a relatively innocuous encounter. However, by making such an introduction I may well have committed a criminal offence. This has significant implications for freedom of expression in the UK.

Section 55 of the Data Protection Act 1998 criminalises the knowing or reckless disclosure of personal data, or the information contained therein, without the consent of the data controller. All recorded information held by a public authority constitutes data under the Act. Thus, on the assumption that the Law Commission holds a record of its employees, the new research assistants’ names clearly constitute ‘data’ for the purposes of the legislation. In essence, what makes data ’personal’ under the Act is that an individual can be identified from it. That the new research assistants’ names constitute personal data is thus quite uncontroversial.

Given that I blurted out K and S’s names in an open-plan office, and specifically to the rest of the criminal law team, it is clear that I intentionally disclosed personal information of a type held in personal data. I had not sought the consent of the data controller before making this introduction. In fact, at the time I did not know who from the Commission could give this consent.

Therefore, it appears that my introductions may well have constituted a prima facie offence. If prosecuted, I could only avoid conviction by proving, on the balance of probabilities, that one of the defences in section 55 was applicable. The most relevant defence to my pleasantries would be that I held a reasonable belief that I had the right to disclose the personal data. The central problem with this defence (leaving aside the standard of proof) is that it becomes unclear when such a belief would be reasonable. The defence may well encompass me introducing colleagues, but would it encompass me also telling someone K’s date of birth or S’s address? The answer to this is unclear.

Other potential remedies to the remarkable breadth of the offence in section 55 offence may be the public interest defence, or prosecutorial discretion. However, neither of these offer any real clarity on which information can be disclosed and which cannot. In the context of the right to freedom of expression, the range of disclosures which can potentially result in a prosecution is chilling. By way of comparison, the European Court of Human Rights has recently held that the conviction of an intelligence officer for disclosing information to the public constituted an interference with the right to freedom of expression (Bucur and Toma v. Romania). However, it cannot be definitively stated whether an introduction such as the one described above is an offence in the United Kingdom.

Two factors heighten the potential chilling effect of the section 55 offence. First, there is no detailed prosecutorial guidance on when a case will be brought. The Information Commissioner’s Office has produced a Prosecution Policy Statement, but it does not even mention the section 55 offence. Further, section 77 of the Criminal Justice and Immigration Act 2008 grants the Secretary of State the power to increase the maximum sentence for the offence to two years’ imprisonment.

The time is ripe to fundamentally reconsider the offence in section 55 of the 1998 Act. In 2016, the European Union passed a directive and a regulation to overhaul existing data protection law in the Union. When the impact of this EU level reform is considered in the UK, it is imperative that the structure of the section 55 offence is also addressed. Possible solutions might include a fault element of intention to cause harm, or a narrowing of the information which is covered by the offence. Regardless, reform is needed and it is needed now. Otherwise, the right to freedom of expression risks withering, and we all risk prosecution for pleasantries.

Share this:

Related Content

0 Comments

Submit a Comment