This is the first of three posts examining Privacy law in the UK. This post will examine the development of a law on privacy, its scope and the basic legal theory. The second post will look into the application of the law, focussing on contempt of court, the need for injunctions and their application, including orders contra mundum. It will briefly discuss the issue of Parliamentary Privilege. The third post will consider the principle of Open Justice, and super-, anonymised and hyper- injunctions.
Privacy law in the UK is fairly simple, but its application is confusing, and this confusion has not been helped by recent events. Over the last few weeks we have seen intense criticism of the law, and its application by the judiciary, coming from politicians, the media and even the Prime Minister. Before going into the finer details, a few things are worth noting;
- There is no one privacy law in the UK, it comes from a variety of Acts of Parliament, procedural rules and key cases,
- The law has not been “made up” by judges over the last few years, some elements of the law go back over a hundred years,
- There is a great deal of misinformation and confusion over the law among the public, which has not been helped by the fact that…
- The major newspapers, especially the tabloids, are very much “interested parties” when it comes to privacy law. Many of the recent cases in this area have been against newspapers, and have been successful.
The Common Law History of Privacy
The earliest case I could find relating to privacy was that of Thompson v Stanhope (1774) Amb. 737, in which an injunction was granted preventing the publication of letters sent from Lord Chesterfield to his son, by the latter’s widow. While today this would most easily be dealt with through copyright, it is interesting to see that, in some ways, privacy law covers much the same ground as it did in 1774. This case was eventually followed by various cases (most notably, Prince Albert v Strange  EWHC Ch J20, concerning etchings of the royal family) and by the mid-twentieth century, the modern tort of breach of confidence had developed.
Breach of confidence is fairly limited in its scope, and in Malone v Metropolitan Police Commissioner  Ch 344, Sir Robert Megarry V-C refused to create a general right to privacy – a decision echoed in Wainwright & Anor v Home Office  UKHL 53 where the House of Lords rejected the idea that there was a more general “tort of invasion of privacy” (at 35).
This position has been altered, however, by the passing of the Human Rights Act, which has been in force across the UK since 2000 (but after the events at the heart of Wainwright above). This Act requires that all public authorities, including courts, act in a manner compliant with the European Convention on Human Rights, Article 8 of which states:
- Everyone has the right to respect for his private and family life, his home and his correspondence.
While this does not create a stand-alone tort of breach of privacy, it forced the courts to develop the current tort of misuse of private information, based on breach of confidence, to allow them to apply Article 8, as required by Parliament. This was clearly demonstrated by the House of Lords in Campbell v MGN Ltd  UKHL 22.
Since then, the lower courts have loyally applied the law, based on the decisions of the House of Lords, and the requirements placed on them by the Human Rights Act.
Breach of Confidence
The requirements for breach of confidence were laid down in Coco v A N Clark (Engineers) Ltd, a minor case from 1969, but the rules given there are still applied today (although they have been modified over time). Confidence (in the sense of confidentiality) is breached when an individual uses or shares certain information provided the following conditions are satisfied:
- The information has the “quality of confidence” (i.e. it is secret or confidential),
- the information must have been given in circumstances where there was a reasonable expectation of confidentiality (in the first instance),
- the information must be used or shared without authorisation in a way that causes damage to the original party.
While this originally developed in business settings, it has been expanded to cover almost any situation involving secrets, although some cases are now more likely to fall under “misuse of private information”. Of course, with any unlawful activity there are clear defences. In the case of breach of confidence, there are three main exemptions (listed by Lord Goff in Attorney General v Guardian Newspapers  UKHL 6). Confidence will not apply:
- if the information is in the public domain (in the sense of being generally accessible, rather than the copyright term),
- if the information is useless or trivial, or
- if there is some overriding public interest in publishing or disclosing the information (including, but not limited to, exposing criminality).
The “public interest” defence is not simply whether the information is of interest to the public, but whether there is in the public interest to breach the confidence in question. In the case of criminality, it can be limited to informing the relevant authorities, rather than the public.
Misuse of Private Information
This has been developed by combining elements of breach of confidence with the Human Rights Act and, in theory, is considerably simpler. It is defined in Campbell (above) and Murry v Big Pictures (UK) Ltd  EWCA Civ 446. It is a two-stage test; for there to be a misuse of private information:
- the claimant (the person alleging the misuse and bringing the lawsuit) must prove that they had a “reasonable expectation of privacy” in relation to the information, and if so;
- the defence must show that there was a justification for the disclosure of the information (such as a public interest),
As this is based on the Human Rights Act (and through it, the ECHR), this is the now-familiar application of rights contained in the ECHR. The first establishes that (in this case) Article 8 is engaged (see above for Art 8(1)) and the second covers the exemptions given in Article 8(2):
- There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. [emphasis added]
i.e. any interference with private life by the Court (in this case, as it is acting as a public authority in judging the case) must be done according to a law, be necessary and proportionate, and must have one of the legitimate aims listed; the most common in these cases being the final one, which includes the freedom of expression rights of the public (and specific individuals) as set out in Article 10.
This “balancing exercise” between the competing rights must be done on a case-by-case basis, and will depend on the precise situation. While there is plenty of case-law (both domestically and from the European Court of Human Rights), the outcome is left entirely to the judge(s) in each case.
The Human Rights Act is not the only law passed by Parliament to deal with privacy. While there has been no Privacy Act, there are a number of laws that deal with issues overlapping with privacy, including;
- the Data Protection Act, dealing with the handling of private and personal information,
- the various Official Secrets Acts, covering issues of national security and defence,
- the Protection from Harassment Act, which creates both criminal sanctions and civil remedies for harassment,
- the Sexual Offences Act, adding a criminal offence of non-consensual voyeurism, and, to some extent,
- the Theft Act, which made blackmail a crime.
Given this, it is difficult to suggest that Parliament has not legislated on privacy issues, and in any case, it is hard to imagine how a new law could be drafted to “improve” the existing law, or substantially alter it, without straying too far from the requirements of the human rights and fundamental freedoms laid out by the ECHR and EU.
Remedies and Application
Both misuse of private information and breach of confidence have the standard remedies of the court system; injunctions and damages. Damages awards are the basic remedy of the common law system, where a defendant is required to pay money to compensate a successful claimant. Injunctions, developed by the system of equity, are court orders on an individual or group, requiring that they either do something or stop doing something.
In cases of privacy, where a breach has occurred, damages awards are often given. However, as the ECrtHR recently noted in its judgment in Mosley v The United Kingdom  ECHR 774, “no sum of money awarded after disclosure [of private material can] afford a remedy” nor can it effectively compensate for a breach of privacy. As such, it is often the case that Courts will grant injunctions preventing the disclosure of information before a trial as a preventative measure.
While the legal theory may be relatively straightforward, its application is particularly complicated, often shrouded in secrecy (by necessity) and regularly criticised, particularly by those on the receiving end of injunctions.
The application of the law, including Contempt of Court, interim injunctions, orders contra mundum will be discussed in the second post, along with a brief look at Parliamentary Privilege.