Sorry, but copying text is forbidden on this website!
The right to privacy in the UK is contained in Article 8 of the European Convention on Human Rights as well as in the Data Protection Act 1998. In general Article 8 provides the individual with the right to control the use of private and personal data and with a reasonable expectation of privacy in his or her private life and personal papers. Be that as it may, Article 10 and Article 8(2) of the European Convention on Human Rights creates some tensions with this right to protection of private life in that it makes it possible for the Government to implement laws that limit or restrict the general right to privacy. One such law is the Freedom of Information Act 2000. The tension is a real one which the courts have struggled to reconcile. This paper will discuss the tension between the laws providing for the right to privacy and the laws which place restrictions on that right and the consequences of that duality in the context of the current political climate.
Article 8 and the Right to Privacy
Article 8 of the European Convention on Human rights mandates that the individual is entitled to respect for his or her “private and family life, his home and his correspondence.” This provision places a positive obligation on domestic governments not to implement laws that interfere the citizen’s right to privacy and to make provisions for the protection of those rights. The European Court emphasized the State’s obligation under Article 8 in respect of confidential medical information and data protection in general as follows: “The protection of personal data, not least medical data, is of fundamental importance to a person’s enjoyment of his or her right to respect for private and family life as guaranteed by Article 8 of the Convention. Respecting confidentiality of health data is a vital principle in the legal systems of all the contracting parties to the Convention. It is crucial not only to respect the privacy of the patient but also to preserve his or her confidence in the medical profession and in the health services in general.”
In complying with its positive obligations under Article 8 the UK Parliament implemented the Data Protection Act 1998 which essentially makes provisions for the manner in which individuals may control how their personal information can be used. The Data Protection Act 1998 which was implemented pursuant to he EC Directive 95/46/EC 24, October 1995. Article 1 of the EC Directive provides that:
“In accordance with this Directive, Member states shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data.”
Despite this liberal expression of the right to privacy Article 8(2) provides for restraints on that right. Article 8(2) provides the State with a general right to intrude upon the individual’s right to privacy when the State considers that it is in the general public’s interest to do so.
Those exemptions can be identified in the Data Protection Act itself. For instance under Section 28 of the Act, personal data may be collected for the purpose of protecting the nation’s national security. Moreover, Section 29 permits the collection of personal data for the protection and/or prevention of crime and for purposes associated with tax collection.
In today’s political climate with the onset of fears associated with international terrorism the right to privacy under Article 8 of the European Convention on Human Rights is virtually a misnomer. The exemptions envisioned in both Article 8(2) and Sections 28 and 29 of the Data Protection Act 1998 are quite broad and could conceivably cover a broad range of scenarios.
In today’s world with the introduction of the internet, freedom of information practices have functioned to create more tensions and difficulties for any claim to protection of privacy. There are a broad range of circumstances in which a person’s privacy can be invaded leaving him with little or no protection. This is especially so in cases where intrusive information is posted in one jurisdiction and read in several others simultaneously. The problem becomes one of control and determining which country has jurisdiction over the matter in the event the injured party has a claim either in breach of privacy or in defamation.
In cases where the injury occurs online the concept of territorial jurisdiction has no real meaning since it is possible that each country in which the internet is available can have jurisdiction over the matter. In this regard, matters such as these contribute to function in favour of the concept of freedom of information over concepts of privacy. The new age of the internet has redefined concepts of privacy to such an extent that it quite often takes a backseat to an age where the thirst for the free exchange of information is so easily facilitated.
Moreover the exemptions to the right to privacy as contained in Article 8 of the European Convention on Human Rights only make it more difficult for a right to privacy to function as an absolute right. While these exemptions together with the intrusive nature of the internet and its free exchange of information serve to contradict the general right to privacy and create tensions between the conflicting nature of Article 8, Article 10 which gives rise to the Freedom of Information Act 2000 creates even more tension. As will be borne out, Article 10 feeds into the dynamics of the new age of information via the internet and the escalating media wars. Moreover, Article 10 has its own conflicts.
Article 10 of the European Convention on Human Rights
Article 10 of the European Convention on Human Rights provides the individual with the right to freedom of express, religions, conscience and thought. Article 10(1) provides as follows:
“Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers…”
Like Article 8 of the Convention rights, Article 10(2) also contains constraints on freedom of expression which are also related to matters of national security. Be that as it may, Article 10 creates tension with the right to privacy contained in Article 8 and as such requires a delicate balancing of competing rights.
The House of Lords considered the tension between Articles 8 and 10 in Campbell v Mirror Group Newspaper Ltd. 2 AC 457. Lord Nicholls noted that the tension created by these two conflicting rights:
“…have prompted the courts of this country to identify more clearly the different factors involved in cases where one or other of these two interests is present.”
At the end of the day it is incumbent upon the courts to distinguish between those who endeavour to hide behind the cloak of privacy to prevent the publication of an unpleasant truth and those who wish to unjustly invade the privacy of others.
In Stone v South East Coast Strategic Health Authority (formerly the Kent & Medway Strategic Health Authority) et ales  EWHC 1668 the Court of Appeal determined that in order to justify an exemption to the right to privacy under Article 8 it was necessary to consider:
“…the benefits that will be achieved by its publication are proportionate to the harm that may be done by the interference with the right to privacy….”
However in assessing public interest in the context of the right to privacy as contained Article 8 of the European Convention on Human Rights, Article 10 was relevant since it makes provision for the free exchange of information. In other words the court was obligated by virtue of the tensions created by Articles 8 and 10 to balance the individual’s right to privacy against the public’s interest in the free exchange of information.
As Lord Nichols explained in the Campbell case this distinction creates an entirely different approach to the question of privacy and the freedom of expression conflict. Previously, all the court had to do was to satisfy itself:
“…whether the published information engaged article 8 at all by being within the sphere of the complainant’s private or family life.”
Now, in balancing the interest to be served by both Articles, the correct question to be asked is :
“…whether in respect of the disclosed facts the person in question had a reasonable expectation of privacy.”
It is difficult to imagine how anyone surfing the internet can reasonably claim that he or she had a reasonable expectation of privacy. In each case a person who conducts a search online or visits a website his or her IP address is recorded and that information with is personal to the internet user is available for public inspection. Moreover, when using a credit or debit card online the user runs the risk of having that personal information stored on his computer’s hardware with the result that it can be accessed without the user’s consent or knowledge. It therefore follows that in today’s world where freedom on information takes on its literal meaning, any person surfing the internet cannot reasonably expect to enjoy any measure of privacy.
The internet is a free for all system and based on the reasonable expectation of privacy principle any person freely using the internet does not have a claim arising out of a breach of privacy. In this way freedom of information fuels the use of the internet and its success largely depends upon the cultivating of an environment where freedom of information is not compromised in favour of claims to privacy.
In keeping with the mandate of Article 10 of the European Convention on Human Rights and its general right to freedom of expression, the UK Parliament enacted the Freedom of Information Act 2000 which contains a general right to access to information held by public authorities. By virtue of Part II of the Freedom of Information Act 2000 there are general exemptions to the right to access to such information and again those exemptions are generally related to matters of national security. In any event the cumulative impact of both the right to privacy and the right to the free exchange of information has created a tension which requires a delicate balancing act, one which the courts generally resolve against the right to privacy.
Balancing the Right to Privacy Against the Rights to Freedom of Information
Courts can generally take one of two approaches to resolving the tension created by the right to privacy the right to the free exchange of information. Those views are the deontological approach or the consequential approach. The deontological generally balances the right to privacy against matters of confidentiality. Or the courts can take the consequential approach where confidentiality is measured against public interest. The courts are in general reluctant to compromise freedom of expression if enforcing the right to privacy will infringe upon the benefits that general “flow from information sharing.”
As previously noted freedom of expression is intricately tied to freedom of information and both exist in a virtually lawless state on the world wide web. Although new initiatives in globalization seek to remove territorial boundaries for the purpose of facilitating trans-border commercial transactions, the internet has in fact accomplished this goal, whether intentionally or not. As the US Supreme Court noted in Reno v ACLU, 117 S.Ct. 2329, 2334-35 (1997), the internet has created:
“…a unique medium – known to its users as ‘cyberspace’ – located in particular geographical location but available to anyone , anywhere in the world.”
John D. Bari argues that the internet is so dynamic and exists such as way as to have its own world, that it might become necessary for the internet to have its own set of laws. Bari writes:
“…the internet is gong to require a uniform set of principles so that those who merge onto the information superhighway have an idea what the speed limit is.”
Be that as it may, the internet is subject to traditional laws although it operates almost entirely independently with the result that freedom of information knows little or no boundaries. This free exchange of information tool functions to trump any expectation or contemplation of privacy.
The fact remains that the internet is a legitimate mechanism for the free exchange of information. Any and all claims via the internet arising out of privacy issues are required to balanced against the legitimate use of the internet for the public exchange of information. Separate and apart from freedom of information technology, security risks in today’s escalating criminal activities and the fear of international terrorism make an even stronger case for freedom of information as opposed to protection of privacy. In W v Edgell  1 ALL ER 835 the Court of Appeal was clearly predisposed against the application of the deontological approach. The Court of Appeal held that a breach of the protection against publication of confidential medical information was justified on the grounds that it was in the public interest for protection from “dangerous criminal acts.”
The rationale in the W v Edgell is that by disclosing the offender’s medical or mental disease action can be taken to identify and correct the conduct of others who might have a tendency to commit similar criminal acts. W v Edgell unequivocally illustrates that it is always possible for the courts to justify a case in favour of disclosure under the exemptions to the Data Protection Act 1998 and the broad interpretation of Article 8(2) of the European Convention on Human Rights.
Another approach to the disclosure of personal data which is usually applied in the disclosure of medical documents is the utilitarian approach. The utilitarian view takes the position that confidentiality is necessary:
“…for maintaining medical confidentiality…rests ultimately on a calculation of the effects of confidentiality or disclosure on the behaviour of current and potential future patients.”
This argument recognizes that the best interest of the future patient be weighed against the best interest of the future victim. This argument can be applied in a wide range of professional circumstances where confidentiality is required and protected. Both the deontological and utilitarian approaches are relevant in applying the protection of the public interest with regard to Article 10 when balanced against the protection of the individual and his Article 8 right to privacy.
The House of Lords in the Campbell case treated this balance in favour or confidentiality ruling that the notoriety of the claimant did not justify the Article 8(2) or the statutory exemptions that permit departure from the protection against publication of confidential data. It appears that the only ground upon which the court permitted the disclosure of Stone’s medical records was the fact that his crimes were of immense public interest. However, the House of Lords ruling in the Campbell case rejected the publicity argument, maintaining that notoriety alone could not justify public disclosure of confidential medical records.
Broader Considerations and Tensions between Data Protection and Free Exchange of Information
In general the right to privacy entails the following:
“…the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.”
This definition when taken together with international conventions and Article 8 of the European Convention on Human Rights gives the impression that the right to data protection is an absolute right. Privacy at first glance appears to be a concept recognized and indorsed by virtue of Article 12 of the UN Declaration on Human Rights as well as the International Covenant on Civil and Political Rights, Article 17.
However in today’s current political climate with the technological advancements in which the internet thrives, freedom of information and information sharing takes on an entirely different dimension. This is particularly so in instances where a conflict and tensions arise between the two. The internet has increased the possibility of access to information and it can always be argued that persons surfing the internet and permitting personal data to be harvested online do not have a reasonable expectation of privacy.
The US Supreme Court in Bartnicki -v- Vopper 69 USLW 4323 at 4331 (2001) put the new age of information sharing in perspective as follows:
“Technology now permits millions of important and confidential conversations to occur through a vast system of electronic networks. These advances, however, raise significant privacy concerns. We are placed in the uncomfortable position of not knowing who might have access to our personal and business e-mails, our medical and financial records, or our cordless and cellular telephone conversations.”
In the final analysis, the Data Protection Act 1998 is powerless to control the storing and harvesting of information via the internet. All it can do and all that it purports to do is to limit how that information can be used. And in doing so it balances the right of the individual to freedom of information. As Kirby explains in the current political climate where modern technology makes it possible to gain access to all kinds of information, current privacy protection laws are inadequate. The laws do not specifically address current technological advanced “twenty first century man or woman.”
The balancing of competing and conflicting rights in the UK with respect to privacy protection and information sharing generally takes the position that some element of privacy must be sacrificed for the common good of commercial advancement which is a natural result of information sharing. The law at least as far as judicial interpretation of the laws permit also take the position that privacy must invariably be compromised in safeguarding against breaches of national security. National security has taken on new meaning and importance following the September 11 terror attacks. Therefore in today’s political climate where technological advancements have made it possible to detect and prevent crime, the right to privacy has become even more compromised.
While it has been argued that data protection laws in general are weak and leave too much room for departure by way of exceptions to the protective provisions, it is also true that the laws make it possible for internet users to control what information they want to be stored or communicated to others about them. The mere weakness of the data protection laws provides a deterrence incentive. Bygrave maintains that data protection and privacy laws are designed to limit a person’s freedom of self-disclosure.
As noted by Bygrave:
“…the protection of privacy serves a large range of other values and interests.”
According to Bygrave these values and interests include “personal autonomy, integrity and dignity.”
An obvious conflict arises for the courts in attempting to strike a fair balance by implementing laws such as the Data Protection Act 1998 and the Freedom of Information Act 2000. As Bygrave notes, the conflict and tensions are inevitable as there are competing interests which are privacy and freedom of information. The only reasonable way to balance these competing interests is the implementation and developing of laws that seek to regulate and control the flow of information.
The tensions that are experienced in the balancing of the right to privacy via the Data Protection Act 1998 and the Freedom of Information Act 2000 are in practice real and ongoing. The tensions have become more prominent in today’s political culture where national security issues as a result of the threat of international terrorism are more prevalent than previously.
Moreover, the ease with which information can be exchanged in light of freedom of information technology, protection of privacy via these technological forums becomes a mammoth task doomed for failure if the new technology is going to survive. Since both legislative provisions and Articles 8 and 10 of the European Convention on Human Rights specifically provide for departure from both fundamental rights on the ground of national securities those tensions have become more prominent and will likely continue.
Bartnicki -v- Vopper 69 USLW 4323 at 4331 (2001)
Bari, John Di. (2005) “A Survey of The Internet Jurisdiction Universe.” New York International Review. Vol. 18, 123
Bone, Shawn. (2005) “Private Harms in the Cyber-World: The Conundrum of Choice of Law For Defamation Posed by Gutnick v Dow Jones and Co.” Washington and Lee Law Review. Vol. 62, 279
Buckner, Fillmore and Marvin Firestone, (2000). “Where the Public Peril Begins: 25 Years. After TARASOFF” The Journal of Legal Medicine, 21: 2, pp. 187- 222
Bygrave, Lee, A. (2001) The Place Of Privacy In Data Protection Law. UNSWLJ 6
Campbell v Mirror Group Newspaper Ltd. 2 AC 457
Cate, F. H. and Michael E. Staten, (2001). “The Value of Information-Sharing” Copyright National Retail Federation .
Data Protection Act 1998
EC Directive 95/46/EC 24, October 1995
European Convention on Human Rights
Freedom of Information Act 2000
Havard J. (1985) “Medical confidence.” J Med Ethics 11:8–11
International Covenant on Civil and Political Rights
Jones, C. (2003) “The utilitarian argument for medical confidentiality: a pilot study of patients’ views.” J. Med. Ethics ;29;348-352
Kirby, M D ‘Privacy in Cyberspace’, (1998) 21 University of NSW Law Journal 323
O’Brien, J. Chantler, C. (2003) “Confidentiality and the duties of care” J Med Ethics 2003; 29: 36-40
Ramon, Jeffrey. (1999) The Impact of State Soveriegnty on Global Trade and International Law. Kluwer Law International
Reno v ACLU, 117 S.Ct. 2329, 2334-35 (1997)
Stone v South East Coast Strategic Health Authority (formerly the Kent & Medway Strategic Health Authority) et ales  EWHC 1668
UN Declaration on Human Rights
W v Edgell  1 ALL ER 835
Westin, Alan F. (1970) Privacy and Freedom New York: Atheneum
Z v Finland (1998) 25 EHRR 371