CEDHCASELAW;JUDGMENTS;CHAMBER;ENG4
CEDH · CASELAW;JUDGMENTS;CHAMBER;ENG — 24 janvier 2019
- ECLI
- ECLI:CE:ECHR:2019:0124JUD004351415
- Date
- 24 janvier 2019
- Publication
- 24 janvier 2019
droits fondamentauxCEDH
Source : DILA / Judilibre · open data
Mes notes
privées · visibles par vous seulRésumé structuré
version préliminaireFaits
Non déterminable à partir du texte fourni.
Procédure
Non déterminable à partir du texte fourni.
Question juridique
Non déterminable à partir du texte fourni.
Solution
source officielleViolation of Article 8 - Right to respect for private and family life (Article 8-1 - Respect for private life)
Résumé généré automatiquement — à vérifier avec la décision originale.
Analyse IA non disponible
Générez un résumé intelligent de cette décision
Texte intégral
.s800EAC49 { font-size:12pt } .sFE10DC93 { margin-top:0pt; margin-bottom:0pt; text-align:center } .sBB9EE52A { font-family:Arial } .s29100277 { font-family:Arial; font-weight:bold } .sA36B60A1 { font-family:Arial; font-style:italic } .s598389FB { margin-top:0pt; margin-bottom:0pt; text-align:center; font-size:14pt } .sF5E1C6CF { font-family:Arial; font-weight:bold; text-decoration:underline; color:#ff0000 } .sE208486F { font-family:Arial; color:#ff0000 } .s598389F8 { margin-top:0pt; margin-bottom:0pt; text-align:center; font-size:11pt } .s4ACA9207 { page-break-before:always; clear:both; mso-break-type:section-break } .s9793A85B { margin-top:0pt; margin-bottom:0pt; text-indent:14.2pt } .sCB9E0544 { margin-top:0pt; margin-bottom:0pt; text-align:left } .sB9D5CABB { width:28.35pt; display:inline-block } .sD3B63DAD { margin-top:36pt; margin-bottom:12pt; page-break-inside:avoid; page-break-after:avoid; font-size:14pt } .s79DE5897 { margin-top:18pt; margin-left:17.85pt; margin-bottom:12pt; text-indent:-17.85pt; page-break-inside:avoid; page-break-after:avoid } .sA8776625 { margin-top:18pt; margin-left:29.2pt; margin-bottom:12pt; text-indent:-17.6pt; page-break-inside:avoid; page-break-after:avoid } .sF7A86111 { margin-top:6pt; margin-left:21.25pt; margin-bottom:6pt; text-indent:7.1pt; font-size:10pt } .s72C8F48C { margin-top:12pt; margin-left:36.6pt; margin-bottom:6pt; text-indent:-15.05pt; page-break-inside:avoid; page-break-after:avoid } .s32563E28 { margin-top:0pt; margin-bottom:0pt } .sAADB120E { margin-top:6pt; margin-left:28.35pt; margin-bottom:6pt; text-indent:7.1pt; font-size:10pt } .sA20670C4 { margin-top:12pt; margin-left:48.75pt; margin-bottom:6pt; text-indent:-17pt; page-break-inside:avoid; page-break-after:avoid; font-size:10pt } .s7ACB8D74 { margin-top:0pt; margin-left:14.2pt; margin-bottom:0pt; text-indent:14.2pt } .s59DEA84 { margin-top:12pt; margin-left:59.5pt; margin-bottom:6pt; text-indent:-17.85pt; page-break-inside:avoid; page-break-after:avoid; font-size:10pt } .sB206C230 { margin-top:12pt; margin-left:68.65pt; margin-bottom:6pt; text-indent:-16.75pt; page-break-inside:avoid; page-break-after:avoid; font-size:10pt } .s39A7D870 { margin-top:0pt; margin-bottom:0pt; text-indent:14.2pt; page-break-inside:avoid; page-break-after:avoid } .sBB355983 { margin-top:6pt; margin-left:21.25pt; margin-bottom:6pt; text-indent:7.1pt; page-break-inside:avoid; page-break-after:avoid; font-size:10pt } .s583D00FA { margin-top:0pt; margin-left:17pt; margin-bottom:0pt; text-indent:-17pt } .s26FF04E7 { margin-top:0pt; margin-left:17.3pt; margin-bottom:0pt } .s64E792FA { margin-top:0pt; margin-left:39.7pt; margin-bottom:0pt } .s4B243ECC { margin-top:12pt; margin-bottom:0pt; text-indent:14.2pt; page-break-inside:avoid; page-break-after:avoid } .sF7A4323 { margin-top:36pt; margin-bottom:0pt; text-align:left } .s28BDCFEA { width:6.53pt; display:inline-block } .s5E0D12F4 { width:155.86pt; display:inline-block } .s7602FED2 { width:18.21pt; display:inline-block } .sDC434588 { width:212.56pt; display:inline-block } .s379BC09C { margin-top:36pt; margin-bottom:0pt; text-align:right } .s5E1364CA { margin-top:0pt; margin-bottom:12pt; text-align:center; page-break-inside:avoid; page-break-after:avoid; font-size:14pt } .sC422C878 { margin-top:0pt; margin-bottom:0pt; text-indent:17.85pt }       FIRST SECTION             CASE OF CATT v. THE UNITED KINGDOM   (Application no. 43514/15)                 JUDGMENT         STRASBOURG   24 January 2019     FINAL   24/04/2019   This judgment has become final under Article 44 § 2 of the Convention. It may be subject to editorial revision. In the case of Catt v. the United Kingdom, The European Court of Human Rights (First Section), sitting as a Chamber composed of:   Linos-Alexandre Sicilianos, President ,   Aleš Pejchal,   Ksenija Turković,   Armen Harutyunyan,   Pauliine Koskelo,   Tim Eicke,   Gilberto Felici, judges , and Abel Campos, Section Registrar , Having deliberated in private on 11 September 2018 and 11   December 2018, Delivers the following judgment, which was adopted on the last ‑ mentioned date: PROCEDURE 1.     The case originated in an application (no. 43514/15) against the United Kingdom of Great Britain and Northern Ireland lodged with the Court under Article 34 of the Convention for the Protection of Human Rights and Fundamental Freedoms (“the Convention”) by Mr John Oldroyd Catt, a British national, on 2 September 2015. 2.     The applicant was represented by Mr S. Dutta of Bhatt Murphy Solicitors, a lawyer based in London. The United Kingdom Government (“the Government”) were represented by their Agent, Ms R. Sagoo of the Foreign and Commonwealth Office. 3.     On 19 May 2016 the application was communicated to the Government. 4.     The Equality and Human Rights Commission and the NGO Privacy International were given leave to intervene in the written procedure (Article   36 § 2 of the Convention and Rule 44 § 3 of the Rules of Court). THE FACTS I.     THE CIRCUMSTANCES OF THE CASE A.     The background facts 5.     The applicant was born in 1925 and lives in Brighton. 6.     The applicant has been active in the peace movement since 1948 and has been a regular attender at public demonstrations since then. 7.     In 2005 the applicant began participating in demonstrations organised by Smash EDO. The object of Smash EDO was to close down the activities in the United Kingdom of EDO MBM Technology Ltd, a United States-owned company which manufactured weapons and weapon components and had a factory in Brighton. Serious disorder and criminality were features of a number of Smash EDO protests. Smash EDO protests therefore attracted a substantial policing presence. 8.     The applicant was twice arrested at Smash EDO demonstrations for obstructing the public highway but has never been convicted of any offence. 9 .     In March 2010 the applicant made a subject access request to the police under section 7 of the Data Protection Act 1998 (see “Relevant domestic law and practice”, below) for information relating to him. Sixty ‑ six entries from nominal records for other individuals and information reports which incidentally mentioned him, concerning incidents between March 2005 and October 2009, were disclosed to him. Those records were held on a police database known as the “Extremism database”, which at the relevant time was under the responsibility of the National Public Order Intelligence Unit of the police (NPOIU). 10 .     Most of the records related to demonstrations at the office of EDO MBM Technology Ltd but thirteen entries related to other demonstrations. They included, for example, the recording of his attendance at the Trades Union Congress (“TUC”) Conference in Brighton in September 2006; at a demonstration at the Labour Party Conference in Bournemouth in September 2007; at a pro-Gaza demonstration in Brighton in January 2009 and at a demonstration against “New Labour” organised by a number of trade unions in September 2009. In the great majority of cases, the information recorded about Mr Catt was his name, presence, date of birth and address. In some cases his appearance was also described. A photograph of the applicant taken at a demonstration in September 2007 was also disclosed to him in response to his subject access request. 11 .     In August 2010 the applicant asked the Association of Chief Police Officers (“ACPO”) to delete entries from nominal records and information reports which mentioned him. In September 2010 ACPO declined to do so. They did not give reasons. 12.     On 17 November 2010 the applicant issued proceedings against ACPO for judicial review of the refusal to delete the data. He contended that the retention of his data was not “necessary” within the meaning of Article   8 §   2 of the Convention. Permission to seek judicial review was granted in March 2011 (see section B, below). 13 .     In January 2012, HM Inspectorate of Constabulary published a report on undercover police operations designed to obtain intelligence about protest movements (see paragraphs 50 to 53 below). The report concluded that information was being unnecessarily retained in police records. Although the report was concerned with covertly obtained intelligence, it also led to an extensive review of the database covering overtly obtained intelligence and resulted in the deletion of a large number of nominal records and information reports. After that deletion process, the number of reports which mentioned the applicant was apparently reduced to two. 14.     Following the judicial review proceedings, the applicant wrote to the police to make a further subject access request. The police replied on 12   November 2015 stating: “... the records are held to help UK policing manage a future risk of crime – of which [you] could be the victim. The records themselves should not and will not be disclosed [to you] for what are obvious reasons. An intelligence database loses all efficacy if it is not kept confidential.” 15 .     In answer to a question asked by the Court when communicating the case the Government indicated that they had discovered four additional records mentioning the applicant in the database. They clarified that as a result, at the time the case was determined by the domestic courts there had in fact been six rather than two records in the database mentioning the applicant. 16 .     Of the four additional records, two concerned references to the domestic legal proceedings by third parties. The Government indicated in their submissions that one of those has since been deleted. The other two referred to the applicant. One was dated 15 April 2011 and detailed the applicant’s presence at five separate events, not organised by Smash EDO, where there was a significant police operation and arrests occurred. The other was dated 19   July 2011 and related primarily to a third party but mentions the applicant’s attendance at an event which was not organised by Smash EDO. There is no indication of whether there was any police presence or arrests at that event. 17 .     The Government stated that the police could not provide any explanation of why the reports were not disclosed previously. However, they were investigating the matter. They indicated that they had informed the Supreme Court and the applicant of the additional reports. B.     The domestic proceedings 1.     Proceedings before the High Court 18 .     In a witness statement dated 6 June 2011 prepared in the context of the proceedings introduced by the applicant before the High Court, the then National Coordinator explained the functions of the National Public Order Intelligence Unit (NPOIU) and the position as regards retention of data relating to the applicant. In his witness statement, the National Coordinator clarified that the material which had been disclosed to the applicant following his subject access request of March 2010 was not all the material held in respect of the applicant: a considerable amount of further information had not been disclosed on the grounds that disclosure would prejudice the investigation or detection of crime and that the material was thus exempt from disclosure under section 29 of the Data Protection Act (see “Relevant domestic law and practice”, below). 19.     After explaining the nature of his activities and the various units supervised by him, the National Coordinator continued: “16.     The term ‘domestic extremism’ is not prescribed by law. It is a descriptor generally used by the police service and partners to describe the activity of individuals or groups who carry out criminal acts of direct action to further their protest campaigns, outside the democratic process.” 20 .     He then provided examples of how intelligence reports had assisted in policing a Smash EDO protest in 2010 and confirmed that, in his view, the applicant’s data were being processed lawfully and fairly. 21 .     A hearing in the judicial review proceedings took place on 9   February 2012. With the agreement of the parties, the Commissioner of Police of the Metropolis was joined as a defendant. The High Court handed down its judgment on 30 May 2012. The court considered that Article 8 was not engaged in the case and that, even if it were, the interference was justified under Article 8 § 2. The applicant was granted permission to appeal by the Court of Appeal on 31 October 2012. 2.     Proceedings before the Court of Appeal 22 .     Following a two day hearing during which legal representatives for the applicant, an NGO, the NHRI for England and Wales, ACPO and the Secretary of State presented their arguments, the Court of Appeal unanimously allowed the appeal in a judgment of 14 March 2014. It found that the inclusion of the applicant’s personal data in the database constituted an interference with his Article 8 rights which was not justified. The court said that it did not doubt the importance to modern policing of detailed intelligence gathering and that it accepted the need for caution before overriding the judgment of the police about what information was likely to assist them in their task. It noted that, for present purposes, that task was to obtain a better understanding of how Smash EDO was organised in order to be able to forecast the place and nature of its next protest and to anticipate the number of people likely to attend and the tactics they were likely to adopt. 23 .     The court said that it was “not easy to understand how the information currently held on Mr Catt can provide any assistance in relation to any of those matters”. It referred to the comment in the statement of the National Coordinator that it was valuable to have information about the applicant’s attendance at protests because he associated with those who had a propensity to violence and crime. However, it considered that the statement did not explain why that was so, given that the applicant had been attending similar protests for many years without it being suggested that he had indulged in criminal activity or actively encouraged those that did. The court continued: “44. ... The systematic collection, processing and retention on a searchable database of personal information, even of a relatively routine kind, involves a significant interference with the right to respect for private life. It can be justified by showing that it serves the public interest in a sufficiently important way, but in this case the respondent has not in our view shown that the value of the information is sufficient to justify its continued retention. It is striking that [the National Coordinator] does not say that the information held on Mr Catt over many years has in fact been of any assistance to the police at all. The Divisional Court considered that it was not practically possible to weed out from time to time information held on particular individuals. There is, however, no evidence to support this conclusion and we are not satisfied that it is correct. It should not be overlooked that the burden of proving that the interference with Mr Catt’s article 8 rights is justified rests on the respondent. 45.     That leaves the question whether the interference with Mr Catt’s rights is in accordance with the law. This is very much a live issue given the relatively vague nature of some aspects of the regime contained in the MoPI Code and Guidance and the criticisms voiced by the Divisional Court in C (paragraph [54]) [see “Relevant domestic law and practice”, below] and by the Strasbourg court in M.M. v.   the United Kingdom (2012) (Application no. 24029/07). However, in the light of the conclusion to which we have come on the question of proportionality it is unnecessary for us to reach a final decision on the point.” 3.     Proceedings before the Supreme Court 24 .     The Supreme Court granted the Commissioner and ACPO leave to appeal. Following a three day hearing during which legal representatives for the applicant, an NGO, the NHRI for England and Wales, ACPO and the Secretary of State submitted arguments, it upheld the appeal in a judgment of 4 March 2015 by a majority of four justices to one. All five justices agreed that Article 8 was applicable and that retention of the data amounted to an interference with the applicant’s rights under that article. 25.     Lord Sumption delivered the leading opinion for the majority. He set out the applicable legal framework for collection and retention of data. After reviewing the requirements for “lawfulness” under Article 8 of the Convention, by reference to S. and Marper v. the United Kingdom [GC], nos.   30562/04 and 30566/04, § 99, ECHR 2008, he concluded that the interference was in accordance with the law. He noted that the Data Protection Act laid down principles that were germane and directly applicable to police information and contained a framework for their enforcement. These principles were supplemented by a statutory Code of Practice and administrative Guidance (see “Relevant domestic law and practice”, below), compliance with which was mandatory. While, inevitably, there were discretionary elements in the scheme, their ambit was limited. Lord Sumption considered the applicant’s argument that the Code of Practice and the Guidance did not enable him to know precisely what data would be obtained and stored or for how long to be unrealistic. He explained that the infinite variety of situations in which issues of compliance might arise and the inevitable element of judgment involved in assessing them made complete codification impossible. However, he noted, any person who thought that the police held personal information about him could seek access to it under section 7 of the Data Protection Act and, if he objected to its retention or use, could bring the matter before the Information Commissioner. 26.     Lord Sumption then turned to consider the proportionality of the interference. He observed that political protest was a basic right recognised by the common law and protected by Articles 10 and 11 of the Convention. He summarised the facts of the applicant’s case, including the nature of Smash EDO’s activities and the applicant’s attendance at public demonstrations, and the framework for police collection and retention of data in this context. He concluded that the retention of information, including some which related to persons such as the applicant against whom no criminality was alleged, was justified. The starting point, in his view, was the nature and extent of the invasion of privacy involved in the retention of information of this kind, which he described as minor. While the information stored was personal information because it related to individuals, it was in no sense intimate or sensitive information. Rather, it was information about the overt activities in public places of individuals whose main object in attending the events in question was to draw public attention to their support for a cause. Although the collation of the information in the form in which it appeared in police records was not publicly available, the primary facts recorded were and always had been in the public domain; no intrusive procedures had been used to discover and record them. 27 .     He then addressed the justification for retaining the personal data for someone who has a clean record and for whom violent criminality must be a very remote prospect indeed. Referring back to the National Coordinator’s statement (see paragraphs 18 to 20), he identified three reasons for the need to retain such data: (1) to enable the police to make a more informed assessment of the risks and threats to public order; (2) to investigate criminal offences where there have been any, and to identify potential witnesses and victims; (3) to study the leadership, organisation, tactics and methods of protest groups which have been persistently associated with violence. He also underlined some basic facts about intelligence-gathering commenting: “31 ... Most intelligence is necessarily acquired in the first instance indiscriminately. Its value can only be judged in hindsight, as subsequent analysis for particular purposes discloses a relevant pattern ... The most that can be done is to assess whether the value of the material is proportionate to the gravity of the threat to the public ...” 28.     Lord Sumption further considered that the retention in a nominal record or information report of information about third persons such as the applicant did not carry any stigma of suspicion or guilt. It did not imply that all those mentioned as participating in events such as Smash EDO protests were being characterised as extremists. It was further noteworthy that the material was not usable or disclosable for any purpose other than police purposes, except as a result of an access request by the subject under the Data Protection Act. It was not used for political purposes or for any kind of victimisation of dissidents and was not available to potential employers. The material was also periodically reviewed for retention or deletion according to rational and proportionate criteria based on an assessment of danger to the public and value for policing purposes. 29.     In conclusion, Lord Sumption was of the view that sufficient safeguards existed to ensure that personal information was not retained for longer than required for the purpose of maintaining public order and preventing or detecting crime, and that disclosure to third parties was properly restricted. 30 .     Lady Hale concurred with Lord Sumption but indicated: “51. ... it would be more objectionable if the police were to retain a nominal record collecting together all the information that they currently hold about him. Such dossiers require particular justification, not least because of their potentially chilling effect upon the right to engage in peaceful public protest. Mr Catt may be a regular attender at demonstrations, some of which are organised by a group which resorts to extreme tactics, but he himself has not been involved in criminal activity at those or any other demonstrations, nor is he likely to be in the future. Had the police kept a nominal record about him, therefore, I would have been inclined to agree with Lord Toulson that it could not be justified.” 31 .     Lord Toulson, dissenting, agreed that the collection and retention of the data by the police was in accordance with the law. However, he considered that retention of the data was disproportionate. He explained that he had no difficulty in accepting in general terms the explanation given in the National Coordinator’s statement, but that there had to be limits, particularly in the case of a person who had never been accused of violence and had been assessed not to be a threat. The statement did not explain why it was thought necessary to maintain for many years after the event information on someone whom the police had concluded, as they had in July 2010, was not known to have acted violently and did not appear to be involved in the coordination of the relevant events. Nor did it explain why it was thought necessary and proportionate to keep details of the applicant’s attendance at other political protest events such as the Labour Party conference and the TUC conference. 32.     He agreed with the Court of Appeal that the Commissioner had not shown that the value of the information relating to the applicant was sufficient to justify its continued retention. As to the suggestion that it would place too great a burden on the police to undertake frequent reviews, Lord Toulson pointed out that there was no evidence from the police that this would be over-burdensome. On the contrary, he said, the thrust of the evidence was that they did carry out regular reviews so there was nothing to indicate that deleting their historic records of the applicant’s attendances at protest events would create any real burden. 33 .     Lord Toulson accepted that, when investigating serious organised crime, it was necessary for the police to be able to collate and keep records of the details of their investigations. However, he did not agree that there was any risk of that being hampered by upholding the decision of the Court of Appeal in the applicant’s case. While the court should be slow to disagree with the evaluation of the potential usefulness of evidence by the police if a clear reason for it had been advanced, on the facts of this case Lord Toulson could not see what value they had identified by keeping indefinitely a record of the applicant’s attendances at events where he had done no more than exercise his democratic right of peaceful protest. He concluded: “69.     One might question why it really matters, if there is no risk of the police making inappropriate disclosure of the information to others. It matters because in modern society the state has very extensive powers of keeping records on its citizens. If a citizen’s activities are lawful, they should be free from the state keeping a record of them unless, and then only for as long as, such a record really needs to be kept in the public interest.” II.     RELEVANT DOMESTIC LAW AND PRACTICE A.     Power to collect and retain data 34.     At common law the police have the power to obtain and store information for policing purposes including for the maintenance of public order and the prevention and detection of crime. 35.     Under those powers the police have collected information relating to “domestic extremism” and this has resulted in the creation of the National Special Branch Intelligence System, commonly referred to as the “Extremism database”. For the purposes of the domestic proceedings in the present case “domestic extremism” was defined as (see paragraph   18): “... the activity of individuals or groups who carry out criminal acts of direct action to further their protest campaigns, outside the democratic process.” 36.     In its June 2013 report reviewing the progress made against the recommendations in its 2012 report on the national police units which provide intelligence on criminality associated with protest, Her Majesty’s Inspectorate of Constabulary identified three different working definitions of “domestic extremism” used by different bodies within the police (see paragraph 52, below). B .     The processing of personal data 1.     The Data Protection Acts 1998 and 2018 37 .     The Data Protection Act 1998 regulated the processing of personal data. It required that the processing of data comply with the “data protection principles” in Schedule 1 to the Act. For a summary of the relevant principles see M.M. v. the United Kingdom , no. 24029/07, §§   65-71, 13   November 2012. Part 2 of the Act was titled “Sensitive personal data”: “In this Act “sensitive personal data” means personal data consisting of information as to— (a) the racial or ethnic origin of the data subject, (b) his political opinions, ... (d) whether he is a member of a trade union (within the meaning of the [1992 c. 52.] Trade Union and Labour Relations (Consolidation) Act 1992), ...” 38.     The Data Protection Act 1998 was repealed and replaced by the Data Protection Act 2018 which came into force on 27   May 2018. Chapter 2 of Part 3 of the Data Protection Act 2018 sets out the principles that apply to the processing of data by law enforcement. Section 35 states that “sensitive processing” means the processing of personal data revealing “political opinions” or “trade union membership” inter alia . Section 42 provides for further safeguards in relation to such “sensitive processing”. 39.     Both the Data Protection Acts implement instruments of European Union Law all of which provided for “special categories” of personal data liable to higher protection than other types of personal data (see paragraphs   67-70 below). 2.     Code of Practice on the Management of Police Information 40 .     Under section 39A of the Police Act 1996, the Secretary of State is empowered to issue codes of practice for the purpose of promoting the efficiency and effectiveness of police forces. A Code of Practice on the management of police information (“MoPI Code of Practice”), based on the provisions of the Data Protection Act, was issued by the Secretary of State in July 2005. Under the Code, handling of police information is limited to “police purposes”. These are defined at paragraph 2.2 as protecting life and property, preserving order, preventing crime, bringing offenders to justice and performing any legal duty or responsibility of the police. 41.     The MoPI Code of Practice provides for more detailed provision to be made by way of guidance. Such guidance (the “MoPI Guidance”) was originally issued by ACPO in 2006 and updated by a new edition in 2010. It was later superseded by the Authorised Professional Practice: Information Management – Retention, review and disposal, published by the College of Policing in 2013. However, the 2013 Guidance appears substantially the same as the 2010 edition. 42 .     Section 2 of the 2010 MoPI Guidance addresses the processes for managing police information. It states at 2.2. that: “The management of records is fundamental to effective information management. The integrity of police information relies on the information being trusted, acceptable useable and available. To assist the evaluation, auctioning, sharing and review of information the information should be in a format that is accessible and easy to use, whether is an electronic, photographic or paper record.” 43.     Section 7 deals with the review of information for retention or disposal. It requires police information to be managed in compliance with the Convention, the Human Rights Act and the Data Protection Act. Paragraph 7.1 begins: “Reviewing information held by forces to determine its adequacy and continuing necessity for a policing purpose is a reliable means of meeting the requirements of the Data Protection Act. Review procedures should be practical, risk focused and able to identify information which is valuable to the policing purpose and needs to be retained. Review procedures should not be overly complex but should be as straightforward as is operationally possible.” 44 .     Paragraph 7.2.1. states that the police force must act in a way that complies with the European Convention on Human Rights and the Human Rights Act 1998: “In relation to record retention this requires a proportionate approach to the personal information held about individuals. The decision to retain personal records should be proportionate to the person’s risk of offending, and the risk of harm they pose to others and the community. A higher proportionality test should be met in order to retain records about relatively minor offending.” 45.     Paragraph 7.3.1 provides that the object of the review is to ensure that there is a continuing policing purpose for holding the record, that the record is adequate, up-to-date and not excessive, that the Data Protection Act is complied with, and that the assessment of the level of risk that the person presents is correct. 46.     Paragraph 7.4 provides: “All records which are accurate, adequate, up to date and necessary for policing purposes will be held for a minimum of six years from the date of creation. This six ‑ year minimum helps to ensure that forces have sufficient information to identify offending patterns over time, and helps guard against individuals’ efforts to avoid detection for lengthy periods. Beyond the six-year period, there is a requirement to review whether it is still necessary to keep the record for a policing purpose. The review process specifies that forces may retain records only for as long as they are necessary.” 47.     A number of detailed criteria for carrying out this exercise are set out. Records are required to be subjected to an initial evaluation and then kept for a minimum of six years. Thereafter, they are subject to “triggered reviews”, when information is added about the person in question; a statutory demand for access or disclosure is received; or a request for information is made by another law enforcement agency. 48.     Appendix 4 to the guidance sets out scheduled reviews, which are fixed for information relating to individuals who have committed serious criminal offences or are considered dangerous to the public. The timing of these reviews varies with the nature of the information and the gravity of the risk. The Appendix specifies that records should be retained until persons reach 100 years old if they have been convicted or are suspected of involvement in offences involving the highest level of danger to the public. Otherwise, where retention limits are mentioned these refer to the minimum limits of 6 years retention or the length of sentence (if longer). 49.     Paragraph 7.7 of the MoPI Guidance explains the need to collect and retain intelligence: “The retention of information relating to criminal activity and known and suspected offenders allows the Police Service to develop a more proactive approach to policing. By contributing to the identification of criminal patterns and threats and helping to prioritise the subsequent deployment of policing resources, information retention assists forces to prevent and detect crime and protect the public.” 3.     Oversight 50 .     Her Majesty’s Inspectorate of Constabulary (HMIC) is a statutory organisation established under s.54 of the Police Act 1996 to inspect, and report to the Home Secretary and to Parliament on the efficiency and effectiveness of the police forces in England and Wales. The HMIC has a remit to report on information management by the police. 51.     Following revelations about the use of undercover policing in unrelated, domestic litigation HMIC announced they would review the systems used by the NPOIU to authorise and control the development of intelligence. HMIC published its “review of national police units which provide intelligence on criminality associated with protest” in 2012. 52 .     The report is focussed on reviewing the use of undercover policing. However, it does examine police work in this domain more widely including an analysis of “the NPOIU and its governance” in section 4 of the report, which also reviewed the work of its so-called sister units the National Extremism Tactical Co-ordination Unit and the National Domestic Extremism Team (“NDEU”). In this part of the report, it criticised the definition of “domestic extremism”, stating: “This definition includes all forms of criminality, no matter how serious. It could lead to a wide range of protestors and protest groups being considered domestic extremists by the police. HMIC questions whether this is appropriate, and if the police should instead reserve this potentially emotive term for serious criminality.” 53 .     The review also examined the intelligence systems used commenting: “... the NDEU is the sole national body for the collation and analysis of domestic extremism intelligence ... When intelligence is received by the NDEU it is recorded on a computer database ... During the early part of the 2000s, a weeding policy was developed which meant a record would be removed from the database if there had been no new intelligence for six months. However, this never formed a definitive policy; and in practice, by 2006 weeding was not robust. The current database has an automatic weeding process, although it still requires human confirmation. Since 2008 more than 2,900 expired entries and documents have been removed from the database. HMIC has examined the NDEU database and found that in a number of cases the rationale for recording and retaining the intelligence was not strong enough (in terms of the ‘necessity and proportionately’ tests). This makes it difficult for NDEU to provide assurance that these tests are satisfied. In order to meet the Management of Police Information requirements, NDEU must document ‘objective facts’ used to justify retaining intelligence. HMIC will revisit this issue separately.” 54 .     In its July 2015 report “Building the Picture: An inspection of police information management” the HMIC stressing the importance of good information management stated in its national inspection findings: “It is a matter of serious concern that there is insufficient review taking place of the information that forces hold. Without these reviews – and the means to demonstrate that they have taken place properly or at all- the police service leaves itself vulnerable to challenge. The absence of sound and consistent reviews means that information might be destroyed when it should be kept, thus increasing the risk to public safety.” 55 .     In its findings for the Metropolitan Police Service, which is the service that includes Special Branch, responsible for policing “domestic extremism”, it commented: “The records management manual records how the force meets the retention, review and disposal elements of the APP [formerly the MOPI] guidance ... The length of time that the force plans to keep information on systems was set out in the manual but the timescales were not consistent with either the previous MOPI or current APP standards. A review of the manual was planned during which the force approach will be matched to developing ICT [information communications technology]. All police information on force system was retained indefinitely. There was no process of review and no consistent process for deleting information once it is no longer useful. This situation increases risk of duplication and compromises investigation and analysis (see national recommendations 1 and 7).” 56.     Recommendation 1 to chief constables was that they should ensure: “... that a review is undertaken of the way in which their forces’ information management policies and practice comply with the APP on information management so that they give effect to the national approach and minimise any divergence from that APP.” 57.     Recommendation 7 to the College of Policing was that it: “... should amend its APP on information management so as to specify the minimum information management requirements for initial reviews in relation to the retention and disposal of information.” III.     RELEVANT COUNCIL OF EUROPE INSTRUMENTS Council of Europe 1.     The Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data 1981 (Treaty   108) 58 .     Article 6 of the Convention titled “Special categories of data” states as follows: “Personal data revealing racial origin, political opinions or religious or other beliefs, as well as personal data concerning health or sexual life, may not be processed automatically unless domestic law provides appropriate safeguards ...” 59.     In relation to Article 6 the Explanatory Report to the Convention comments: “43.     While the risk that data processing is harmful to persons generally depends not on the contents of the data but on the context in which they are used, there are exceptional cases where the processing of certain categories of data is as such likely to lead to encroachments on individual rights and interests. Categories of data which in all member States are considered to be especially sensitive are listed in this article.” 60 .     The Convention was modernised, by means of the Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, opened for signature on 10   October 2018 and Article 6 of the Convention, as amended by the Protocol, reads: “1.     The processing of: - genetic data; - personal data relating to offences, criminal proceedings and convictions, and related security measures; - biometric data uniquely identifying a person; - personal data for the information they reveal relating to racial or ethnic origin, political opinions, trade-union membership, religious or other beliefs, health or sexual life, shall only be allowed where appropriate safeguards are enshrined in law, complementing those of this Convention. 2.     Such safeguards shall guard against the risks that the processing of sensitive data may present for the interests, rights and fundamental freedoms of the data subject, notably a risk of discrimination.” 2.     Committee of Ministers’ Resolution (74) 29 on the protection of the privacy of individuals vis-a-vis electronic data banks in the public sector 61 .     Principle 3.a. states that the existence of electronic databanks in the public sector (defined as any electronic data processing system which is used to handle information) must have been provided for by law or by special regulation or have been made public in a statement or document, in accordance with the legal system of each member state. 62 .     Principle 4 states: “Rules should be laid down to specify the time-limits beyond which certain categories of information may not be used or kept or used. However, exceptions from this principle are acceptable if the use of the information for statistical, scientific or historical purposes requires its conservation for an indefinite duration. In that case, precautions should be taken to ensure that the privacy of the individuals concerned will not be prejudiced.” 63.     Principle 5 states: “Every individual should have the right to know the information stored about him.” 3.     Committee of Ministers’ Recommendation R (87) 15 to member states regulating the use of personal data in the police sector 64.     The appendix to the recommendation sets out the basic principles in this context. Principle 2.1 – Collection of data, states: “The collection of personal data for police purposes should be limited to such as is necessary for the prevention of a real danger or the suppression of a specific criminal offence. Any exception to this provision should be the subject of specific national legislation.” 65 .     Principle 2.4. states: “The collection of data on individuals solely on the basis that they have a particular racial origin, particular religious convictions, sexual behaviour or political opinions or belong to particular movements or organisations which are not proscribed by law should be prohibited. The collection of data concerning these factors may only be carried out if absolutely necessary for the purposes of a particular inquiry.” 66 .     Principle 7 – length and storage of updating of data states: “Measures should be taken so that personal data kept for police purposes are deleted if they are no longer necessary for the purposes for which they were stored. For this purpose, consideration shall in particular be given to the following criteria: the need to retain data in the light of the conclusion of an inquiry into a particular case; a final judicial decision, in particular an acquittal; rehabilitation; spent convictions; amnesties; the age of the data subject, particular categories of data.” IV.     RELEVANT EUROPEAN UNION TEXTS 67 .     For a summary of relevant texts see M.M. v. the United Kingdom , cited above, §§   143-148 and Big Brother Watch and Others v. the United Kingdom nos. 58170/13 and 2 others, §§   217-220, 13   September 2018) . 68.     The Data Protection Directive (Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data), adopted on 24 October 1995, regulated for many years the protection and processing of personal data within the European Union. It provided that the object of national laws on the processing of personal data is notably to protect the right to privacy as recognised both in Article 8 of the European Convention on Human Rights and in the general principles of Community law. Article 8 in the Directive prohibited the processing of special categories of data unless certain conditions were satisfied. The special categories of personal data identified were data “revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership ...” 69.     With effect from April 2016 the 1995 Directive was replaced by the General Data Protection Regulation and Directive (EU) 2016/680 which sets out data protection principles in the context of law enforcement (the LED). Both of those instruments continue to impose special requirements concerning the processing of "special categories” of personal data. The LED defines ‘processing’ as: “... any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;” 70 .     Article 5 of the LED is titled “Time-limits for storage and review”, it states: “Member States shall provide for appropriate time limits to be established for the erasure of personal data or for a periodic review of the need for the storage of personal data. Procedural measures shall ensure that those time limits are observed.” 71.     Article 10 of the LED provides: “Processing of special categories of personal data Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be allowed only where strictly necessary, subject to appropriate safeguards for the rights and freedoms of the data subject, and only: (a) where authorised by Union or Member State law; (b) to protect the vital interests of the data subject or of another natural person; or (c) where such processing relates to data which are manifestly made public by the data subject.” THE LAW I.     ALLEGED VIOLATION OF ARTICLE 8 OF THE CONVENTION 72.     The applicant complained that the retention of his data by the police was in violation of his right to privacy as provided in Article 8 of the Convention, which reads as follows: “1.     Everyone has the right to respect for his private and family life, his home and his correspondence. 2.     There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.” A.     Admissibility 73.     The Government raised two arguments relating to admissibility. 74.     The first was that the applicant was no longer a victim to the extent claimed in his application, because nearly all the entries in the database he complained of were deleted in 2012. 75.     In this connection, the applicant underlined that his complaint was about the refusal of the police in 2010 to delete the sixty six records mentioning him in their database, which were collected and retained from 2004 onwards. The fact that all but six of those records were deleted in 2012 in the context of a weeding procedure triggered by revelations about undercover police work in unrelated domestic proceedings was not relevant. 76.     The Court notes that the applicant’s data was first collected and retained in 2005 (see paragraph 9, above). Since then, the police have continually retained his personal data on the database in one form or another. He has therefore had victim status from a Convention perspective since 2005. This conclusion is not affected by the fact that some of the applicant’s personal data was deleted in 2012. 77.     The second argument made by the Government was that the applicant had at his disposal a range of judicial remedies which he could have used to secure the deletion of his personal data. 78.     The Court recalls that under its established case-law, when a remedy has been pursued, use of another remedy which has essentially the same objective is not required (see, inter alia , Micallef v. Malta [GC], no.   17056/06, §   58, ECHR 2009 and Kozacıoğlu v. Turkey [GC], no.   2334/03, § 40, 19   February 2009). 79.     In light of the above, the Court notes that the application is not manifestly ill-founded within the meaning oArticles de loi cités
Article 8 CEDHArticle 8-1 CEDH
Citations
Aucune citation répertoriée pour cette décision.
Décisions connexes
Aucune décision similaire identifiée pour le moment.
Synthèse
- Juridiction
- CEDH
- Chambre
- CASELAW;JUDGMENTS;CHAMBER;ENG
- Formation
- 4
- Date
- 24 janvier 2019
- Matière
- droits fondamentaux
Référence
ECLI:CE:ECHR:2019:0124JUD004351415
Données disponibles
- Texte intégral