Menu
ALT Advisory | Public Interest Advisory Services
  • Home
  • Services
    • Advisory
      • Project management // strategy
      • Network development
      • Human rights impact assessments
      • Law reform // advocacy
      • Regulatory compliance // risk
        • > POPIA Compliance
        • > GDPR Compliance
      • Privacy by design
    • Analysis
      • Legal // policy analysis
      • Country trends analysis
      • Regional // international trends analysis
      • Reviews // vetting
      • Treaty body reporting
    • Research
      • Commissioned research reports
      • Comparative legal research // mapping
      • Community engagement // public participation
      • Development of legal instruments
      • Field research // social surveys
    • Training
      • Toolkits // training manuals
      • Constitutional literacy
      • Information security
      • Capacity-building workshops
      • Online platforms // courses
      • Organisational policies
  • Practice Areas
    • Public Law
      • Constitutional law // democratic institutions
      • International law // multi-stakeholder engagement
      • Activism // right to protest
      • Corporate accountability
      • Electoral integrity // right to vote
      • Eliminating trade in harmful technologies
      • Equality // inclusion
      • Labour migration governance
      • Environmental law // climate change
    • Information Rights
      • Internet governance
      • Free expression online
      • Press freedom // protected disclosures
      • Disabling disinformation
      • Online harms reduction
      • Open data // access to knowledge
      • Internet access
      • Digital equity
    • Data Privacy
      • Protection of personal information
      • Responsible data collection
      • Information security // cybercrimes
      • Automated decision-making // profiling
      • Biometrics // facial recognition
      • Responsible data trade
      • Surveillance technologies
    • Emergent Tech // Innovation
      • Algorithmic bias
      • AI // robotics
      • Blockchain // smart contracts
      • Copyright online
      • Smart cities // the Internet of Things
      • Future of work
  • Special Projects
    • ALT AI
    • Data Protection Africa
    • Democracy 2.0
    • Internet in Schools
  • About
    • About
      • About Us
      • Our Work
      • Vision
      • Mission
      • Empowerment
    • People
      • Avani Singh
      • Michael Power
      • Tina Power
      • Tara Davis
      • S’lindile Khumalo
      • Jessie Rashid
      • Kwazi Nwana
      • Dércio Tsandzana
      • Wendy Trott
    • Opportunities
      • Vacancies
      • Internships
      • Collaboration
    • Policies
      • Accessibility
      • Best Practices
      • Non-discrimination
      • Open Source
      • Privacy
  • Connect
Close Menu
Case Note 2020
29 Jan 2019

European Court rules on the retention of personal data during protests

Advisory Notes, Case Notes Data Privacy, European Convention on Human Rights, European Court of Human Rights

Catt v The United Kingdom, Application No. 43514/15

Date of judgment: 24 January 2019

Court: European Court of Human Rights, First Section


Background

The applicant had regularly attended demonstrations since 1948. In 2005, the applicant began participating in demonstrations organised by Smash EDO, whose object was to close down the activities of EDO MBM Technology Ltd, a company that manufactured weapons and other components. According to the judgment, serious disorder and criminality were features of a number of Smash EDO protests, and the protests therefore attracted a substantial policing presence. The applicant had twice been arrested at Smash EDO demonstrations for obstructing the public highway, but had never been convicted of any offence.

In March 2010, the applicant made a subject access request to the police under section 7 of the United Kingdom Data Protection Act, 1998 for information relating to him. Sixty‑six entries from nominal records for other individuals and information reports which incidentally mentioned him were disclosed from a police database known as the “Extremism database”. Most of the records related to demonstrations at the office of EDO MBM Technology Ltd, with thirteen entries relating to other demonstrations that had taken place in the United Kingdom. In the majority of cases, the information recorded about the applicant was his name, presence, date of birth and address; in some cases, his appearance was also described. Additionally, a photograph of the applicant taken at a demonstration in September 2007 was also disclosed to him.

In August 2010, the applicant asked the Association of Chief Police Officers (ACPO) to delete the entries from the nominal records and information reports which mentioned him. In September 2010, ACPO declined to do so without giving reasons. The applicant challenged ACPO’s refusal to delete the data, arguing that the retention of his data was not “necessary” within the meaning of article 8(2) of the Convention for the Protection of Human Rights and Fundamental Freedoms (the Convention). In particular before the European Court, the applicant argued that that the systematic collection and retention of information about him in a searchable database amounted to an interference with his right to privacy. Furthermore, the applicant argued that the database on which the data was held did not provide sufficient safeguards; that the scope of the database may be adjusted arbitrarily by the police; that the data was retained for excessively long periods on the basis that the database as a whole may be useful; and that the data was subject to automated and manual processing.

Moreover, the applicant submitted that the retention was unjustified given that the data retained related to his involvement in proper and lawful political protest activity and had never been useful for any police functions, and accordingly that the retention of such data would likely have a chilling effect.

Assessment by the European Court

As a point of departure, the European Court noted that the mere storing of information amounted to an interference with the applicant’s right to respect for private life, as secured in article 8(1) of the Convention. The European Court then turned to consider whether the interference was justifiable, which in its assessment turned on whether the interference was necessary in a democratic society. The elements in this regard required the interference to answer to a pressing social need; be proportionate to the legitimate aim pursued; and whether the reasons adduced by the national authorities to justify the interference were relevant and sufficient.

In respect of the personal information held about the applicant, the European Court noted that personal data revealing political opinions falls amongst the special categories of sensitive data, attracting a heightened level of protection. The European Court further emphasised the importance of examining compliance with the principles of article 8 of the Convention where the powers vested in the state are obscure and create a risk of arbitrariness, especially where the technology available is continually becoming more sophisticated. Furthermore, the European Court took into account the fact that the complete records had not been revealed to the applicant when initially requested, which it noted had an impact on its evaluation of the available safeguards.

The European Court accepted that there was a pressing social need to collect the data about the applicant, and that it is in the nature of intelligence-gathering that the police will first need to collect the data before evaluating it. The European Court further agreed with the domestic courts that the police had an obvious role to monitor protests of Smash EDO where the activities of that group were known to be violent and potentially criminal.

However, the European Court held that there was not a pressing need to retain the applicant’s data. In this respect, it underlined that while there may indeed have been a pressing need for such data retention for a period of time after it was collected, the applicant was entirely reliant on the diligent application of the highly flexible safeguards to ensure the proportionate retention of his data, without their being any maximum time limit prescribed. Importantly, the European Court stated that: “Where the state chooses to put in place such a system, the necessity of the effective procedural safeguards becomes decisive … Those safeguards must enable the deletion of any such data, once its continued retention becomes disproportionate.”

Further to this, the European Court noted that whilst the applicant could and did request the disclosure and destruction of his data, this safeguard appeared to be of limited impact given ACPO’s refusal to delete his data or to provide any explanation for its continued retention. This was reaffirmed by the consideration that the absence of effective safeguards was of particular concern in the present case, as personal data revealing political opinions attracts a heightened level of protection.

The European Court went on to observe that engaging in peaceful protest has specific protection under article 11 of the Convention. In the present matter, the European Court highlighted the danger of an ambiguous approach to the scope of data collection, and considered that the decisions to retain the applicant’s personal data did not take into account the heightened level of protection for data revealing a political opinion. Accordingly, it concluded that the retention must have had a “chilling effect”. The European Court also drew attention to the failure by the state to show that the retention of the applicant’s data, in particular concerning the peaceful protests, was either absolutely necessary or served a particular purpose.

In its closing remarks, the European Court noted that it was not convinced that deletion of the data would be so burdensome as to render it unreasonable. It stated further that: “In general terms the Court would add that it would be entirely contrary to the need to protect private life under article 8 if the government could create a database in such a manner that the data in it could not be easily reviewed or edited, and then use this development as a justification to refuse to remove information from that database.”

The European Court therefore concluded that there had been a violation of article 8 of the Convention.

Order of the European Court

In the result, the European Court ordered as follows:

“For these reasons, the Court, unanimously,

1. Declares the application admissible;

2. Holds that there has been a violation of Article 8 of the Convention;

3. Holds

(a) that the respondent State is to pay the applicant, within three months from the date on which the judgment becomes final in accordance with Article 44 § 2 of the Convention, the following amounts, to be converted into the currency of the respondent State at the rate applicable at the date of settlement:

(i) EUR 27,000 (Twenty-seven thousand euros), plus any tax that may be chargeable to the applicant, in respect of costs and expenses;

(b) that from the expiry of the above-mentioned three months until settlement simple interest shall be payable on the above amount at a rate equal to the marginal lending rate of the European Central Bank during the default period plus three percentage points; 

4. Dismisses the remainder of the applicant’s claim for just satisfaction.”

Concurring opinion of Judge Koskelo

While the concurring opinion agreed with the outcome of the case, it was of the view that the interference should have been found to be unjustifiable for failing to meet the requirement of being “in accordance with the law”. The concurring opinion noted that: “[T]here is no underlying statutory basis, and the basis in non-statutory law is about as vague as it can get. For the particular database in question, no further legal basis exists.” According to the concurring opinion, clear rules governing the scope of the measures were lacking, and the accessibility and foreseeability of the norms were therefore deficient. This in turn led to a dilution of the relevance and effectiveness of the safeguards against abuse and arbitrariness.

The concurring opinion reiterated the previous jurisprudence of the European Court that “it is not only essential to have clear, detailed rules governing the scope of measures, but also governing safeguards relating to the storage, use, duration of retention, access, as well as procedures for preserving the integrity and confidentiality of data and for their destruction”. The concurring opinion therefore concluded that it would have been more appropriate for the majority to focus its analysis more thoroughly and consistently on the assessment of the “quality of the law” aspect of the case, instead of leaving that issue open and resolving the case on the basis of the assessment of “necessity”.

Please note: The information contained in this note is for general guidance on matters of interest, and does not constitute legal advice. For any enquiries, please contact us at [email protected].

Informed consent as a key element for data protection Call for comment: Distribution of regional seats to the National Assembly

Related Posts

Advisory 2020

Advisory Notes

UN issues recommendations on artificial intelligence and racial profiling by law enforcement

Advisory 2020

Advisory Notes

International Day for the Elimination of Violence against Women

Advisory 2020

Advisory Notes

South African regulator publishes draft declaration on crypto assets

Latest Advisory Notes

  • Advisory 2020UN issues recommendations on artificial intelligence and racial profiling by law enforcement
    30 Nov 2020
  • Advisory 2020International Day for the Elimination of Violence against Women
    25 Nov 2020
  • Advisory 2020South African regulator publishes draft declaration on crypto assets
    23 Nov 2020
  • Advisory 2020Italian data protection authority fines Vodafone for “aggressive telemarketing practices”
    18 Nov 2020
Back To Top
ALT Advisory | Public Interest Advisory Services
  • Accessibility
  • Ethical Practices
  • Legal
  • Non-discrimination
  • Opportunities
  • Privacy
  • Sitemap

Web development with ❤️ by:

© 2017-2021 Applied Law & Technology (Pty) Ltd (t/a ALT Advisory) is a private company registered in the Republic of South Africa (2017/145368/07). All rights reserved.
If you're still reading this you must be bored. Come and visit us and we'll have a cup of coffee.
Our website uses cookies to improve your experience but we are fully committed to respecting your privacy. ACCEPT COOKIE SETTINGS PRIVACY POLICY
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are as essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Non-Necessary cookies may not be particularly necessary for the website to function and are used specifically to collect data via Google Analytics. None of the data collected constitutes personally identifiable information.

COVID-19: Level 3 Advisory

 

Level 3 status: Our offices are partially open and we’re fully available online.

As a result of the implementation of the Level 3 Regulations on 28 December 2020, our physical offices are partially open for necessary and essential matters and we are fully available remotely. We can be contacted on +2711 268 6881 or at [email protected] for pre-existing and new matters. All necessary office protocols have been implemented. We hope that everyone continues to stay safe during this time and please visit https://sacoronavirus.co.za for more information.