The Right to access environmental information: The protracted reality

From our guest intern Patrick Barrett LLM:

Collins English Dictionary defines ‘expeditious’ as “quick and efficient”.  In today’s fast paced society, where people bemoan their lack of free time and hectic schedules, the expectation of expeditious service has become customary.

European law provides a right of access requests to environmental information held by public bodies. If an applicant is unhappy with the outcome of their request, they may seek an expeditious review from an independent adjudicator called the Commissioner for Environmental Information.

The Office of the Commissioner for Environmental Information (OCEI) is an independent statutory body, run by the Commissioner, Mr. Peter Tyndall. The OCEI is quick to point out what it is not on it’s website; it is not a court; it is not formal or adversarial; and it does not assist or advise the public in making Environmental Information requests.

Therefore, the appropriate question is; what does the OCEI do? More precisely, how has the Office performed over the previous four years? In comprehensively analysing the 77 decisions made between 2014 and 2017, the objective findings are as follows:

  • How long are reviews taking on average?

There are 77 listed decisions in the four-year period 5 of which do not record the date of appeal. Therefore, it is only possible to ascertain the length of time in 72 cases.

Length of times vary, from 34 days in Francis Clauson and The Commission for Energy Regulation (CEI/16/0022) to a protracted 959-day review in Lar McKenna and EirGrid (CEI/13/0015). Overall the median time calculated stands at 381 days per decision.

  • What type of information is being considered in appeals?

The breakdown of AIE Regulations considered by the Commissioner are as such:

Number of times considered:

Article 3 (Interpretation)                                                                    33

Article 7 (Action on request)                                                               28

Article 9 (Discretionary grounds of refusal)                                       24

Article 10 (Incidental provisions related to refusal)                           12

Article 8 (Grounds that, subject to Art.10, mandate a refusal)          11

Article 6 (Request for Environmental Information)                            6

Article 11 (Internal review of refusal)                                                 5

Article 4 (Scope)                                                                                  4

Article 12 (Appeal to Commissioner)                                                  1

Article 15 (Fees)                                                                                  1

 

  • What are the outcomes from appeals to the OCEI?

The outcome of decisions by the Commissioner are:

46 refusals to release information, 26 findings that information should be released, and 7 decisions stating the request be reprocessed.

The Commissioner has recorded 32 affirmations, 27 annulments and 18 variations.

  • How many are threshold decisions?

With regard to the 77 decisions 28 concern the issue of whether the information requested is environmental information.

Almost 1 in 8, i.e. 9 decisions, question whether the entity is within the scope of public authority. There are 2 decisions that relate to both definition of public authority and environmental information.

From our analysis the time to make decisions is decreasing. However it is doubtful that the timeframe meets the legal requirements of EU law. The Aarhus Convention clearly states at Article 9(1):

In the circumstances where a Party provides for such a review by a court of law, it shall ensure that such a person also has access to an expeditious procedure established by law that is free of charge or inexpensive for reconsideration by a public authority or review by an independent and impartial body other than a court of law.

A cursory glance at the dictionary definition of expeditious may serve as a poignant reminder that applicants expect, and are entitled to, prompt and efficient recourse.

Commission releases legal submissions in Nowak data protection case

Since July 2017 it is now possible to get access to legal submissions in CJEU cases which are held by the European Commission. Since the Commission is a party or intervener in a wide range of cases, particularly the more important ones, this means that there is a now a high degree of transparency regarding the arguments of parties in CJEU cases.

We requested access to the pleadings in the well known case of Peter Nowak v. Data Protection Commissioner which concerned the issue of whether an exam script could be personal data.

You can follow the request below using the AsktheEU.org service

The case concerned a request by Mr Nowak for access to his exam script in a professional accountancy exam. The request was refused on the basis that his exam script was not personal data and therefore not accessible under the Data Protection Acts. The Data Protection Commissioner agreed and dismissed his claim as “frivolous or vexatious” i.e. the request was bound to fail.

Each of the Circuit Court, High Court and Court of Appeal agreed and dismissed his appeals. However the Supreme Court held that Mr Nowak was entitled to appeal and as a matter of EU law there was doubt as to whether Mr Nowak’s exam script was personal data. In that case the Supreme Court stayed proceedings and made a preliminary reference to the CJEU.

Both Ireland and the Data Protection Commissioner argued for a narrow definition of personal data. In particular the Data Protection Commissioner acknoweldged that the exam result itself was personal data but the answers to the exam questions in this particular case were not personal data since there were no special circumstances such as, for example, where the exam requires the candidate to expose factual personal information.

Ireland made similar arguments.

The Court ultimately rejected this narrow interpretation and found that information becomes personal data because of the content, purpose or effect which links it with an identifiable individual. In terms of each of these the CJEU found that the information contained in an exam script was linked to the candidate and was therefore personal data and, in principle, accessible under the subject access right.

C 434 16 Observations Ireland EN

&nbsp

C 434 16 Observations Data Protection Commissioner EN Redacted

 

Sandra Conway appointed to board of the Transparency Legal Advice Centre

FP Logue associate, Sandra Conway, was today appointed to the Board of Directors of the Transparency Legal Advice Centre (TLAC).

TLAC is Ireland’s only independent law centre specialising in providing free, independent legal advice and referral services to anyone making disclosures of wrongdoing. TLAC was established by Transparency International Ireland following the introduction of the 2014 Protected Disclosures Act which has lead to a substantial increase in the volume of people reporting concerns arising in the course of their work.

Transparency International Ireland continues to support public bodies to create a supportive work environment for employees, including sign-posting the facilities offered by TLAC to public sector employees and continues to operate the Speak Up helpline providing support to witnesses, whistleblowers and victims of corruption and other wrongdoing. Since 2011 it has provided information and referral services to over 900 people.

Sandra volunteered with the Speak Up helpline in 2011 as it launched before joining the business integrity initiative at Transparency International Ireland until Jan 2014. She is delighted by the developments within the organisation and proud to support TLAC as a member of the Board.

FP Logue welcomes Sandra’s appointment to TLAC since it fits with the firm’s commitment to transparency and the protection of people who expose corruption and wrongdoing.

Access to European Court legal submissions clarifies Google Spain case

The 2014 CJEU judgment in Google Spain represented an historic victory for privacy campaigners when it held that the individual right to privacy and data protection generally took precedence over freedom of expression, and the rights of users to access information published on the internet.

In its judgment the CJEU said that the Google search engine is subject to EU data protection law and that Google has a duty to uphold the rights of individuals to have personal data erased from its search results unless there is a legitimate interest in having public access to that information.

In an age where you are who Google says you are, the judgment was decisive in setting boundaries for the tech giants.

We were curious about the other arguments that had been raised before the CJEU and how they had been dealt with, so we requested the submissions made in the case from the European Commission Legal Service under Regulation (EC) 1049/2001, on public access to European Parliament, Council and Commission documents.

Before July 2017, the European Commission maintained that the written submissions of the parties did not come within the scope of Regulation 1049/2001. The CJEU decision in Commission v Patrick Breyer (Case C-213/15 P) changed this and allowed for access to documents submitted to the court by third parties to be released after a case had been decided. This increased transparency allows for greater understanding of the ECJ’s reasoning and the consideration it gives to the arguments made before it.

The Legal Service shared the written observations to the Court of :

  1. The European Commission,
  2. Google Spain SL and Google Inc. (the Appellants),
  3. the Greek Government,
  4. the Spanish Government,
  5. the Italian Government,
  6. the Austrian Government and
  7. the Polish Government.

The Commission’s response is set out in its letter:

reply

Of interest was the summary treatment by the Court of arguments of proportionality and the right to operate a business; the “mere economic interest” of the search engine was dismissed despite the protection offered to the ‘freedom to run a business’ under article 16 of the Charter of Fundamental Rights. The concerns raised by Google that in singling it out, it would be unduly prejudiced, quickly dissipated when other search engines, such as Yahoo and Bing (operated by Microsoft) recognised the implications of the judgment for them and adapted.

The submissions are in French, as this is the working language of the European Court of Justice, but if there is something among the documents you’d like to examine in more detail, we’re happy to help – language is no barrier here!

Photo: https://www.flickr.com/photos/valeriaastaburuaga/35512380606

Court recognises right to environmental protection in Irish Constitution

http://www.thebluediamondgallery.com/highlighted/images/environment.jpg

Update: The text of the judgment is available at this link.

In a ground-breaking judgment the High Court has recognised in the Irish constitution a right to environmental protection consistent with the human dignity and well-being of citizens.

The proceedings, brought by the Cork-based environmental NGO Friends of the Irish Environment, concerned a challenge to a decision of Fingal County Council granting the Dublin Airport Authority a five-year extension to a 2007 planning permission for the construction of a third runway at Dublin Airport.

FIE argued various points of European and Irish law including that the Irish constitution granted implicit environmental protections.

While the challenge was ultimately unsuccessful on the technical ground that  FIE didn’t have legal standing to bring a challenge under the relevant legislation Mr Justice Barrett nevertheless dealt at some length with the issue of whether there was a personal right to environmental protection in the Constitution.

In summarising its conclusions, the court noted that until recently the exploitation of natural resources had few legal restrictions but lately awareness has grown of the limits to environmental exploitation and of the toll that industrial and technological progress had taken on the environment. Such a historical, exploitative approach, the court said, has been tempered in recent years through European law and through greater public concern about environmental protection and its connection with our quality of life.

It was in this context that the court went on to state:

A right to an environment that is consistent with the human dignity and well-being of citizens at large is an essential condition for the fulfilment of all human rights. It is an indispensable existential right that is enjoyed universally, yet which is vested personally as a right that presents and can be seen always to have presented, and to enjoy protection, under A1t. 40.3.1° of the Constitution. It is not so utopian a right that it can never be enforced.

Concrete duties and responsibilities will fall in time to be defined and demarcated. But to start down that path of definition and demarcation, one first has to recognise that there is a personal constitutional right to an environment that is consistent with the human dignity and well-being of citizens at large and upon which those duties and responsibilities will be constructed.

While the decision of the High Court is open to appeal it nevertheless represents a historic judicial recognition of environmental rights in the Irish Constitution.

FP Logue acts for Friends of the Irish Environment

 

Court says National Broadband Plan is environmental information

The Court of Appeal today delivered its judgment in Stephen Minch v. Commissioner for Environmental Information where it found that the National Broadband Plan constitutes environmental information because the plan discussed a variety of options each of which would have significant environmental impacts.

The Court also found that while a report containing a financial analysis of various options for the delivery of broadband infrastructure was not in itself environmental information, it could nevertheless be considered as such if it was used within the framework of the broadband plan.

In making its decision, the Court of Appeal dismissed appeals by the Commissioner for Environmental Information and the Minister for Communications, Energy and Natural Resources against a decision of the High Court quashing a decision of the Commissioner for Environmental Information refusing to grant access to a financial report relating to the National Broadband Plan.

The Court observed that it seemed implicit from the Commissioner’s conclusions that the economic analyses contained in the report were used in the formation of the National Broadband Plan although there was no express finding in that regard. The Court observed that if this was accepted then the requested report itself must be environmental information.

Members of the public have a particular right of access to environmental information under EU law and the Aarhus Convention. What may be categorised as environmental information is an important aspect of the scope of this right and with the judgment in Minch, the Court of Appeal has clarified where the boundary lies between an idea that is merely an academic thought experiment and more definite plans, policies or programmes that are likely to affect the environment.

A copy of the judgment is available here.

FP Logue Solicitors acted for the applicant, Mr Minch in this case.

Photo credit: https://www.flickr.com/photos/smemon/

Are exam scripts personal data?

Does an examination script contain personal data in such a way that an examination candidate might therefore ask the examination body for access to his own script on the basis of the Data Protection Directive?

That is the question that the Court of Justice of the European Union was asked by the Supreme Court in Nowak.

Today saw the publication of Advocate General Kokott’s opinion and her view that exam scripts are personal data and in principle are accessible under the Data Protection Directive. She went on to find that the right of access is unlikely to be used as a way for candidates to look to correct errors in the exam under the right of rectification. She also went on to observe that the right of access and the definition of personal data itself is not to be construed merely in the context of the rights of objection, erasure and rectification.

So why is an exam script personal data?

The Data Protection Commissioner had argued that an exam script merely recorded information, i.e. the answers to questions and at the very most only the result of the exam could be construed as personal data.

Dismissing this narrow interpretation AG Kokott noted that rather than simply recording information independent of an individual, an exam script shows how a candidate thinks and works and is used to determine the strictly personal and individual performance of the exam candidate. She found support for this conclusion from the fact that a candidate would have a legitimate interest in objecting to the processing of his script for purposes outside of the context of the examination process.

AG Kokott provided an extensive discussion of the purpose of the right of access to personal data and noted that the definition of what is personal data could not be constrained by concerns about other matter such as the right of rectification.

She noted that accuracy and completeness must be judged in light of the context in which the personal data was created and that in the context of an exam, incorrect answers could not be said to be inaccurate or incomplete in the same way as, for example, would be the case if exam scripts were mixed up or parts of it were missing.

The issue of whether Mr Nowak was abusing the right of access given that he could have availed of an appeal process was also addressed. Again AG Kokott noted that the legislature had given precedence to Data Protection Rights. She also noted that when the GDPR  comes into effect there will be new provisions which qualify the right of access to protect the rights and freedoms of others and for other important public interest reasons.

However the mere existence of other national legislation that also deals with access to exam scripts could not give rise to an assumption that the subject access right was being misused nor could the possibility of circumventing the examination complaints procedure be a reason for excluding the application of data protection legislation.

This is a very thorough opinion and highlights the fundamental importance of the right of access as well as the need to adopt a purposive approach to the definition of what is personal data. The connection between the individual and the context is key rather than simply considering the nature of the information itself.

So what happens next?

The CJEU will issue its decision later this year in what is likely to be a significant precedent for interpretation of the GDPR.

Photo credit https://www.flickr.com/photos/comedynose

The State shouldn’t get a free pass when Europe’s data law comes into effect

There are only 314 days to go; fewer if you subtract weekends and holidays. On May 25, 2018, the General Data Protection Regulation comes into effect.

This new European Union law, better known as the GDPR, will make fundamental changes to how our information is used and protected, giving greater rights to the individual and creating much more severe penalties for non-compliance.

This tight deadline creates severe pressures for businesses and other organisations such as charities which must completely review how they handle personal information by then.

Some are already in the process of doing this; the majority are scrambling to catch up.

It also puts all parts of the Irish State under significant time pressure.

Although the GDPR is a European law, parts of it require national legislation to implement. The Department of Justice and Equality is responsible for preparing a Bill to give effect to the GDPR in Irish law.

That Bill must then pass the Dáil and Seanad to put in place a new legal framework for enforcement, including a restructured Data Protection Commission. All of this must be done in good time prior to May 2018 to enable planning for the transition.

So far, the Department has produced a draft Heads of Bill, and with commendable speed the Oireachtas Joint Committee on Justice and Equality has already held three hearings examining this draft.

Most of the draft is relatively technical and uncontroversial. But the hearings have exposed aspects which could significantly undermine the position of individuals against the State.

On behalf of Digital Rights Ireland, I gave evidence to the Joint Committee about two of these issues.

The first is that the draft Head 23 proposes to exempt public bodies from fines for breach of the GDPR. The argument for the exemption is that these fines would be circular – that they would merely shuffle money from one public fund into another public fund.

But this ignores the experience in the United Kingdom where fines have been an important deterrent, encouraging public bodies to improve their information security.

The exemption also gives the wrong impression – that the public sector is to be held to a lower standard than others.

And it would be practically unworkable: as a matter of European law, one cannot have a situation where a public body such as a hospital is given preferential treatment over private market competitors. The Data Protection Commissioner, Helen Dixon, has described the exemption as a serious concern and pointed out that it would create a real burden for her office by forcing it to assess, in every case, whether a public body has private competition.

The second issue with the draft is that in Head 20 it gives the power to any Minister to make regulations in any area restricting any individual rights on the basis that this is necessary for any “important objective of general public interest”.

The effect of this is to create an open-ended power to limit the rights created by the GDPR on the basis of a ministerial signature only – with no requirement for any approval from the Dáil or Seanad.

There are, of course, situations where data protection rights should be restricted in the public interest. For example, the right to know what information is held about you does not apply where that would undermine a criminal investigation.

But until now those have almost always been provided for in primary legislation, subject to scrutiny by lawmakers.

An unconstrained power to make new restrictions will in practice mean government departments being the judge of what rights individuals should have against those departments and their agencies.

As with the proposed exemption from fines, the intention is that the state will receive more lenient treatment.

It is worth remembering that shortly before his retirement the last Data Protection Commissioner, Billy Hawkes, summed up his term in office by saying that public bodies had “in too many cases, shown scant regard by senior management to their duty to safeguard the personal data entrusted to them”.

He said that “the state system in general is not paying sufficient attention to its responsibilities for the quantum of data it holds on all of us” and that there was a need for “system-wide action” before “an inevitable crisis” was triggered.

Given this background, and the fact that the state holds so much data on us, it should be held to a higher, not a lower standard.

[This post is an edited version of an opinion piece by TJ McIntyre which ran in the Irish Independent on 8 July 2017]

SMEs can now access KDB tax relief without filing a patent

Irish SMEs can now apply for Knowledge Development Box (KDB) tax relief without owning a patent if their invention is certified by the Patents Office to be novel, non-obvious and useful.  This is known under the KDB scheme as ‘intellectual property for small companies’.

All that is required is an application to the Patents Office for a KDB Certificate – which must include an opinion from a Patent Agent attesting that the invention is novel, non-obvious and useful. However, this is a new departure for Irish Patent Agents and it remains to be seen how this will work in practice.

Applying to accounting periods commencing on or after 1 January 2016, the KDB relief provides for a 6.25% corporation tax rate on profits arising from certain (1) patents, (2) copyrighted software, and (3) ‘intellectual property for small companies’ resulting from qualifying R&D activity carried out in Ireland. For more information see the Revenue website.