A recent judgment of the Irish High Court illustrates the fine balance that must be struck between privacy rights and the right of investigators to access information seized under warrant.
Opening his judgment like a whodunit, judge Max Barrett of the Irish High Court sets the scene for a thriller concerning the rights of the Irish Competition regulator (the CCPC) to access information seized during a dawn raid and exposes the dangers of not privacy-proofing search and seizure laws.
For those who want to skip to the end, let’s just say it doesn’t end well for the CCPC which had ventured into Terra Incognita to find that the only discernible feature in the otherwise desolate landscape consists of a rock and a hard place.
The facts are simple – in May 2015 the CCPC obtained a warrant to search the premises of Irish Cement Limited (ICL) at its factory North of Dublin. During the raid, the CCPC took copies of large amounts of electronic information including the entirety of the email box of a senior ICL executive. It transpired that the seized information included both personal and private information that was not covered by the CCPC warrant. Recognizing this, the CCPC indicated that it would review all of the seized information and that it would decide which information came within the scope of the warrant. Naturally ICL objected and proposed a procedure whereby an independent party would conduct the review and only hand over relevant information to the CCPC. The parties were unable to reach agreement and so ICL issued proceedings asking the court to determine the scope of CCPC’s right to access private and personal information falling outside of the scope of the search warrant.
Barrett J sets the scene:
One has arrived at a place that seems largely, if not entirely, ungoverned by law. The [CCPC] maintains, not that this provided anywhere in the 2014 Act, that the proper thing to be done is that it should go through of the materials it now possess … weeding out the wheat to which it is entitled from the chaff.
For its part ICL contended that such a process is a violation of the European Convention on Human Rights, the Charter of Fundamental Rights, the Data Protection Acts and the Irish Constitution.
Barrett J agreed firstly observing that while there was no illegality in the seizure of the information, the accessing of it by the CCPC would constitute a breach of the ECHR and Constitutional rights to privacy and while there were statutory protections for legally privileged information, no such protections were provided for private or personal information. The CCPC could not assume that it had carte blanche in respect of such information and, according to the court, that the only way to access any of the seized information was through negotiation and agreement with ICL.
This undoubtedly makes it difficult, if not impossible, for the CCPC to continue its investigation.
While the judgment may be appealed the law as it stands makes it virtually impossible for the CCPC to conduct an investigations since, with electronic information in particular, there is almost always an intermingling of personal and irrelevant private information in any seizure. Without a statutory framework for accessing seized information it is difficult to see how the CCPC can confidently gather evidence if it has to rely solely on the cooperation of the undertaking which is subject to investigation.
The case highlights the importance of privacy-proofing legislation. While the legislature saw fit to provide safeguards for legally privileged information, it doesn’t seem to have considered the possibility that a seizure would “hoover up” mixed information and didn’t provide similar protections for the privacy rights of individuals and corporates.
The judgment may be appealed but until a final decision is issued it seems that the CCPC is stymied and ultimately there may be a need for a statutory amendment to resolve the issue.
Thanks to TJ McIntyre for posting a copy of the judgment online.