Month: March 2021

A couple of weeks ago, the journalist Heather Brooke tweeted the following in respect of myself and another person:

“Really, you two are starting to sound a little like trolls. Do I lurk on your feed & make continuous snide remarks? No”

She doesn’t quite call me a snide, lurking troll but we’re close. If “innocent face”  is enough to get Lord MacAlpine going, then associating me with trolls (example: Frank Zimmerman, the man who threatened Louise Mensch and her kids ) is surely murky territory. Could I argue that Brooke’s comments tend to lower me in the estimation of right-thinking members of society generally or would be likely to affect a person adversely in the estimation of reasonable people generally? Brooke is the hero of the MPs expenses case, the respected journalist and authority on FOI, the esteemed tutor of the next generation of journalists. I am just a tawdry freelancing consultant. Isn’t it possible that people might well give her comments credence because of her status as a respectable public figure?

So can I sue her for libel?

Of course not, it wasn’t libel. Brooke has a low opinion of me and these weekly mentions on my blog will probably only make it worse, but she is entitled to say I’m a troll. She can say worse things and has every right to. She said it’s a shame I’m not a journalist, so maybe she already has. Brooke expressed a negative opinion about the fact that I fired critical responses to some of her tweets in quick succession. The question of whether I was simply disagreeing with her (my version) or deliberately misunderstanding her point (her version) depends on your perspective – you’re obviously free to see it her way, and given our respective respectability, you probably will. I don’t agree with her accusation, but my objection doesn’t make it libel. She didn’t accuse me of training the BNP, teaching people in how to breach the DPA and get away with it, or bribing officials to get training contracts. I haven’t done these things, and I would sue anyone who said that I did. Free speech protects our legitimate opinions even if they offend other people. However, it shouldn’t allow us to say anything, especially if anything is an unfounded accusation of a crime.

All this is by way of introduction to a doubtless unwelcome and unpopular contribution to the depressing resolution of the libel battle between the redoubtable blogger Jacqui Thompson and Mark James, Chief Executive of Carmarthenshire Council . Doubtless I will be accused of backing Team Goliath for not simply foaming at the mouth in outrage, but I cannot say my reaction is the same as most of the comments I have seen.

Much of the background to the case is like a riposte to my own defences of public sector workers. The idea that councils might fund or back libel actions for their staff in any circumstances is a disgrace. Public money is for public services, and if an officer is libelled and cannot afford to defend their reputation, they must blame our legal system or cruel fate. If Carmarthenshire’s Chief Executive accepted public funds to defend his personal reputation – even though this might have been entirely legal – he should pay the money back, as he can afford his own defence.

Moreover, all senior council officers must have a thick skin. I once dealt with a senior officer who did not want his salary disclosed because of fears his children would be bullied in the playground. He earned more than £100,000 per annum, and he was talking bollocks. Every front-line officer gets abuse from time to time and they just plough on, letting it wash over them. If you are not prepared to be called crap, incompetent, idiotic, stupid, moronic, selfish, or cowardly, whether it’s fair or unfair, you are not fit for management in local (or central) government, the Police, NHS, Fire or the rest of the public sector. Suck it up; it’s part of the job.

The most eye-catching element of the case is still troubling. Public meetings should be public places. Any restriction on filming, recording, tweeting or reporting of proceedings held in public by any person for any reason is an affront to democracy. I would include the courts in this (with necessary protections for witnesses and victims). No part of the UK, and no UK institution no matter how large or small should seek to restrict access to public proceedings, no matter what the circumstances. Any organisation that attempts to restrict coverage of public meetings – whether by professional journalists or by amateur bloggers – must be prevented from doing so. Any amount of blather from Eric Pickles disguises the fact that he has done nothing formal to protect those wanting to film or report council and other similar proceedings.

And finally, calling the police because a person is filming a public meeting and refusing to stop is ridiculous. From a purely tactical perspective in the Carmarthenshire case, it was disastrous. The people who called the police have forever ensured that this case will always be the innocent ‘armchair auditor’ against the overweening, something-to-hide establishment. Mark James won his case, but in the court of public opinion, he and his council will forever be associated with the image of an ordinary taxpayer being led away simply for wanting to report the truth, and they deserve nothing else for their poor judgement in making that image happen.

But free speech is not dead. The arrest of Jacqui Thompson for filming a public meeting is a free speech issue, and I entirely agree with her stand on that. However, this libel case was launched by Thompson and not the council. Ultimately it is about accusations of corruption versus claims of intimidation. If you haven’t read the full judgement and are going off the headlines, you should read it objectively now before you pontificate (I didn’t and I deleted tweets as a result). If you really can’t bear it, this detailed story in the Western Mail (HT: @NewsatTwm on Twitter) is very strong.

The daft arrest isn’t the decisive issue. Thompson sued Mark James, the Chief Executive, because he published a letter accusing her and her family of conducting a campaign of harassment and intimidation against council officers. James counter-sued for comments that Thompson made on her blog about perjury, dishonesty and corruption. If Thompson could justify her allegations of corruption, the comments on her blog and her actions in the Council chamber would be vindicated, and James’ comments about the campaign would probably be libellous. However, without anything concrete to back up the corruption claims, the position is reversed. If Thompson made serious and repeated accusations without evidence, she has libelled James and potentially others. No matter how outrageous the arrest was, it does not prove that anyone is guilty of corruption, or justify statements that cannot be verified. Thompson’s libel action against James is not made one tiny bit stronger by the unfairness of her arrest, and it was not an opportunity for her to be recompensed for the unfairness of that arrest. No amount of capsule sermonising from Nick Cohen changes this.

Even the sympathetic Broken Barnet coverage of the case acknowledged that Thompson “has perhaps made errors of judgement in some of the comments made in some of her posts” . But isn’t it more than that? In 2006, Thompson accused James and a planning officer of corruption and was sued by the latter for libel. She lost, and had to retract her comments and apologise in court – paragraphs 6 and 7 of the judgment – as well as agreeing to pay £7500 in costs (costs she later argued should be borne by the Council, a suggestion that I think is outrageous). Thompson made no attempt to prove that any of her allegations of corruption were true and defended herself solely on “honest comment”. Every decision and comment I have found on this defence include a variation on this quote: the comment “must explicitly or implicitly indicate, at least in general terms, the facts on which it is based”. You cannot accuse someone of corruption without something concrete to back it up.

So consider paragraph 299 from the current judgement:

“Mrs Thompson did not, when sued by Mr Bowen, attempt to prove that the allegation of corruption she made against him was true. She has never attempted to prove in court that Mr Bowen was corrupt. A defamatory publication for which there is no defence is unlawful. She accepts that she cannot prove that. She accepted during the trial that the HMCS letter bearing the Council’s stamps does not prove that the Council made any payment in respect of Mr Bowen’s libel action, and does not prove that he or Mr James, or anyone else lied or committed perjury.”

At this point, I’m out. I can’t support Thompson if this is true. Corruption isn’t just a label you apply to those who you disagree with. Even if the corruption seems painfully obvious to you through experience of beating your head against a brick wall of bureaucratic numbskullery, impenetrable decisions, and people who just seem to have it in for you. Even with all that, corruption is not a loose or metaphorical word. Accusing someone of corruption is accusing them of a crime – taking or accepting bribes, committing acts of misconduct in public office, or perpetrating fraud. This is corruption. Unhappy FOI and Data Protection applicants, bloggers, letter writers and Local Government Ombudsman complainants throw around words like corruption and conspiracy as if all they need to justify their use is a deeply held conviction. Whatever the outcome of Jacqui Thompson’s libel case had been, flinging these words around is an abuse of free speech at best. The outcome of the case shows that the courts agree.

If accused of a crime, you are innocent until proven guilty. Evidence is weighed and sifted, and an objective decision made by a court. Journalists and bloggers can play a vital role in digging up evidence of crimes, in bringing them to public attention, and forcing the hand of the police and the CPS, but ultimately, it is the courts and not the commentators who make the decision of guilt. Without evidence, your strongest conviction is worth nothing and if you cannot keep it to yourself, you risk the wrong end of a libel suit. And now we see what that’s like.

Local newspaper journalism is dying; like most people, I believe that the internet including many enthusiastic bloggers will end up replacing it entirely. But Thompson Vs James must not be misrepresented as a threat to this. In her statement on the case, Thompson said this: “I believe this judgement has dire consequences for others who publicly scrutinise and criticise their local authority, including the press”.  I completely disagree with her. Nobody should feel that this case prevents them from scrutinising, criticising, mocking, or commenting on public affairs in the strongest possible terms. Get out there. Show why the decisions are shoddy, find the links between politicians and dodgy business, seek out the fraudsters, the hucksters and the bigots where they exist and show them for what they are.

But – and it’s a big but – do not accuse someone of criminal activity without something concrete. I don’t want to live in a society where allegations of criminality are made without being substantiated – that’s not free speech, it’s a witch-hunt. Nothing about this case puts the decision-makers and politicians in Carmarthenshire County Council in anything but a dire light, but I’m not paranoid enough to believe that Thompson was stitched up by the Establishment. She made accusations she couldn’t ultimately substantiate – even if they were true, she couldn’t prove it to the satisfaction of a judge. If she appeals and proves her claims to be true, refuting the idea that her campaign was illegitimate, I’ll be in a long queue to congratulate her. But she cannot win her appeal on the basis that the daft arrest was daft, or illiberal, or wrong. It was all of those things, but two wrongs do not make a right.

And if you want to call me an arsehole (guilty), a vile corporate stooge, a council apologist, a scumbag enemy of free speech, a self-hating blogger or even a wannabe journalist (not guilty), the comments section is below.

Dark times on the Wirral, as confidential memos about web filtering fly around, suggesting skullduggery on the corridors of Council power. The headlines are remarkable: “Confidential memo tells shocked Wirral councillors their emails are being read by town hall bosses“, which would be quite a thing if it was true. Following the receipt of offensive emails about Hillsborough, the Chief Executive of Wirral Council suggested that the Council could filter the emails out so that councillors would not receive them. The opposition members worked themselves up into a lather, with one, Councillor Chris Blakeley, declaring: “I think it is outrageous that the council should determine which emails we should receive”. Another, Councillor Lesley Rennie opined “My colleagues and I are absolutely appalled that there could have even been a suggestion that emails from the public could be considered for filtering“.

At the risk of starting another barney in the comments, I don’t think the Council was suggesting anything inappropriate. Whatever you think of Wirral Council (feel free not to tell me), I think it’s likely that the Council was simply offering to block offensive emails, rather than making decisions about which emails Councillors receive. The Chief Executive stated that he had received complaints about the emails, so clearly felt that some kind of response was required. As feelings across Merseyside are still understandably raw over Hillsborough, even if the Council response was inelegant, I can see why the offer was made.

However, the Councillors’ reaction and some of the comments on the Wirral Globe’s story (the commenter ‘2040TIM’ sounds like he knows what he’s talking about), raise an interesting question that I suspect many councils and most councillors have not considered. If you are not a Data Protection nerd or a dedicated council watcher, look away now.

Councillors wear up to three hats in the normal course of their activities. As participants in Council Committees and decision-making, they are part of the Council. For Data Protection purposes, they are covered by the Council’s DP notification and any incident or breach involving them would be the Council’s problem. Hat number 2 comes with membership of a political party. They may sometimes receive personal data from their party for campaigning purposes. In this scenario, the party is responsible for Data Protection. The strangest hat is the one they wear as constituency representatives. Here, neither the council nor the party is responsible. The Councillor is a Data Controller in their own right.

Much of the controversy about Councillors and Data Protection revolves around the technical issue of notification (still often called ‘registration’, despite that term belonging to the 1984 Act), and in particular who pays for it. Some councillors notify, some don’t. One Wirral blogger was told by a councillor that notification was ‘a load of tosh‘, which is an odd way for an elected representative to describe a legal requirement. Some councils pay for all of their councillor’s notifications, some don’t. However, despite the fact that numerous councillors across the UK remain without a notification, and despite the fact that the ICO has prosecuted estate agents, bar owners, solicitors and hairdressers for non-notification, no councillor in the UK has ever been prosecuted for non-notification.

The reason for this is probably that by prosecuting an errant elected member, the ICO would be crossing Eric Pickles, the Secretary of State for Communities and Local Government and an opponent of the ‘red tape’ that member notification represents. In 2011, Pickles told Conservative Home that notification for members was a ‘tax on volunteering’. In 2013, he proposed amending the DPA to exempt parish and town councillors from notification altogether (which is a good idea) and allowing councils to make a single payment for all Councillors’ notifications, which is unnecessary given that since the middle of the last decade, the ICO has accepted notification forms for all of a council’s members in one go with a single payment. I know this, because I used to do the notifications for my council’s members.

But this is all a red herring. Notification is an administrative tick-box. Under the 1984 Act, if you processed data electronically, you were covered by the Act and you had to register. If you didn’t process data electronically, you didn’t have to register and you didn’t have to comply. Under the 1998 Act, you have to comply regardless of whether you notify. If you’re exempt from notification, you still have to comply with all other aspects of the 1998 Act. If you refuse to notify, you’re committing an offence, but you still have to comply with all other aspects of the 1998 Act.

Just before Christmas, another Northern Council – Craven Council in the Yorkshire Dales – had a councillor / Data Protection controversy. The Council proposed rolling out iPads to its elected members as part of an upgrade to its IT security. Some councillors objected, and one Independent member was reported as offering “to sign up as his own data handler“, in other words, he was offering to notify as a data controller in order to avoid having the iPad. And so we come to the punchline. The Councillor was already a Data Controller whether he liked it or not. All councillors have to ensure that they are compliant with the DPA for the areas not covered by the Council or their party. Notification – and who pays the £35 – is just about the least significant aspect of this process.

For one thing, Councillors are Data Controllers for any equipment, any email account, any electronic system that they use to communicate with their constituents. The Council is their Data Processor in this context. Buried deep in the back of the Data Protection Act are surprisingly specific requirements for the relationship between a Data Controller and Data Processor – there must be a contract made or evidenced in writing, security guarantees given by the processor (the Council) to the Controller (the Councillor), and a reasonable check that the contract is being complied with. In other words, if the Wirral Councillors up in arms about what may or not be happening to their emails have not obtained a written contract from Wirral, ensuring that Wirral will act only on their instructions when handling their constituency correspondence, the Councillors are in breach of the Data Protection Act. The Council – as a data processor – is not.

It goes further. Councillors should clearly inform their constituents about the way in which their data is used. They should respond to subject access requests. The Wirral Councillors are upset about what they believe is happening to their Wirral.gov.uk email addresses, but many Councillors use Hotmail or Yahoo mail for constituency business, or at the very least have all of their Council emails auto-forwarded to an outside account. This carries both security risks that might breach the 7th DP principle, but also raises the spectre of the 8th Principle, which governs how to transfer information outside the European Economic Area (many web-based email providers use servers outside Europe).

Many senior Council officers and IT and DP specialists will weep at the thought, and I can think of one or two who will give me a smack for bringing it up. But Councils cannot dictate to their Councillors. It is clearly logical for Councillors to use systems and kit provided to them by the Council, but ultimately, they are responsible for a big slice of the data that they use as part of their work and it’s their decision. The Council is a processor, a service provider. Sticking with the robust corporate system is a reasonable idea, but they can work outside of it and if they do, Councillors are wholly responsible for what happens. In the meantime, any Councillor planning to kick up a fuss about emails or iPads or anything else should remember that if something goes wrong, the Council has a get-out-of-jail-free card for non-Council business. Perhaps they should be more shocked about that.

Last year, I wrote about the fact that Councillor Alex Ganotis, Labour leader of Stockport Council is also a group manager at the Information Commissioner’s Office. After an FOI request, the ICO admitted that he managed the teams responsible for complaints about political parties and local councils. At the time, I argued that this was an unacceptable conflict of interest, and something had to be done about it.

In May this year, shortly after being elected as Manchester’s new Mayor, Andy Burnham appointed Cllr Ganotis as his Environmental Tsar. You can watch a video of the announcement here, and ponder such fascinating questions as why Burnham’s nose is so red, or why throughout the first two minutes, the camera keeps cutting to a wide shot that captures Ganotis’ uncomfortable facial expressions while Burnham is talking. The announcement piqued my interest. If he was organising a grand summit of environmental worthies, would Cllr Ganotis really have time to work at the ICO? And if so, what effect would the review into political activities that Elizabeth Denham announced have on his role?

I made an FOI request to the ICO for the following information:

1) In 2016, the ICO confirmed to me that Alex Ganotis was manager of the team that dealt with complaints about councils and political parties, despite being Leader of Stockport Council at the time. Can you confirm whether Mr Ganotis is still a member of ICO staff, and if so, what is his current job, and what arrangements have been made to avoid any potential conflict of interest?

2) What is the current ICO policy and process for dealing with political party affiliations and potential conflicts of interest?

3) In August 2016, the Information Commissioner announced in an interview with the BBC’s Martin Rosenbaum that she had ordered a review of the involvement of ICO staff in political activities. I would like to see any report or findings arising out of the review, or other summary of the review and its findings, and details of any actions that were taken as a result of it.

4) I would like to receive all current declarations made by any member of staff of involvement in political activities

5) What specific measures have been taken in respect of each staff member who has made a declaration to ensure that there is no conflict of interest?

The response made for fascinating reading. For one thing, Cllr Ganotis remains a Group Manager at Wilmslow and although his group no longer deals with political parties, it still covers issues related to all local authorities in the UK except for those in Greater Manchester, Cheshire or Derbyshire. How politicians and others in every council outside the North West feel about complaints about their authorities still being supervised by the Leader of a Labour Council and a close ally of Andy Burnham is hard to judge. They might be thrilled. Maybe the ICO should ask them.

The report I received under item (3) of my request did contain an option to remove Cllr Ganotis from work involving local authorities altogether, but one of the reasons that this option was not recommended was the fact that “it could be seen to question the professionalism of Alex and other members of staff and their ability to apply the law without bias or political influence“. How Cllr Ganotis’ political career could possibly be seen to reflect on other people is beyond me, but it is jarring that a significant factor in the decision to keep him involved in council work might have been the effect on him, rather than the Commissioner’s ability to operate independently. To be blunt, the ICO as a whole is more important.

UPDATE: I have attached the ICO’s report into the conflict of interest here, so readers can judge whether how objective and balanced it is: Commissioner Information Note – Political Activities.pdf

Unless every team in the ICO handles complaints about local authorities (and to lesser extent, government), Cllr Ganotis should have been moved to one that doesn’t. Having decide to pursue a high-profile political career, asking him to make a sacrifice to avoid conflicts of interest and their perception would not be too much. I am surprised that Cllr Ganotis has not requested such a transfer himself. To risk even the perception of influence over decisions about politically-run organisations, and at the same time pursue a high-profile political career suggests either an enormous amount of faith in one’s ability to compartmentalise, or just old fashioned hubris.

The review identified gaps in the ICO’s Political Activities Policy, with recommended “updates” including a stipulation that staff must avoid party political activities which might impair their ability to perform their duties impartially, a requirement to inform the ICO if their activities or areas of responsibility change, and the scope to remove permission to undertake political activities if an individual’s ICO role or political activity changes. Needless to say, this means that none of this existed before.

The rest of the FOI request suggests a continuing unwillingness to face the issue of political involvement. Including Cllr Ganotis, eight staff members have made declarations of involvement in political activities, but the ICO refused to tell me who the other seven are, or what they do, claiming that the data is sensitive personal data. This is true, but it is not automatically a barrier to disclosure. For one thing, the Secret Seven could be asked for consent, and this is not the only route to disclosure.

There is surely a legitimate interest in knowing whether people working for an independent regulator such as the Commissioner have political affiliations, especially when you consider the ICO’s involvement in political matters. Over the past few years, the ICO has fined Leave.EU, David Lammy MP over his London Mayoral Campaign, the Daily Telegraph for its pro-Tory emails during the 2015 election, and in recent months, they took no action against Virgin Trains following Jeremy Corbyn’s antics in a train vestibule. More importantly, the Commissioner herself announced a formal investigation into the use of data analytics for political purposes with no small amount of fanfare, involving 20 staff. The ICO is knee-deep in politics and transparency over the declared political activities of the staff is in the public interest.

As the data is sensitive personal data, legitimate interests would not be enough; a condition must also be met from Schedule 3 of the Data Protection Act as well. One of the conditions is that the Data Subject has put their sensitive data into the public domain. If, for example, a senior ICO staff member was to mention on their LinkedIn page that they were a Councillor for 9 years, the Campaigns and Communications Officer for an MEP for five years, listed the Liberal Democrats as one of their main interests and was recommended for ‘politics’ and ‘political campaigning’ by dozens of people, I think I can argue that at least this one has manifestly made their political views public. The ICO refusal says “our staff do not have a reasonable expectation that their declarations would be disclosed into the public domain“, but the staff member in question was a candidate for the LibDems in the 2015 General Election, so I humbly suggest that the cat is out of the bag. Either this person is one of the seven, and the ICO’s arguments are false, or they haven’t made a declaration, and the ICO’s claim to me that “the review and policies are sufficient to demonstrate that we avoid conflicts in our work” is nonsense. Again, did they consider this before refusing me?

Every national, local, or internal party election or referendum runs on personal data, and personal data is exploited, analysed, shared, lost, stolen and misused in every single one of them. If you can name a major vote in this decade that hasn’t resulted in a DP snarl-up, you’ve a better memory than me. If there is one word that shines through everything the Commissioner sent me on this topic, last time and this time, it’s  complacency. The policies and procedures that existed before and the ones that have replaced them are built on an obvious assumption that a box needs to be ticked. Of course nobody is actually going to do anything untoward, the managers are on top of it, staff will proactively declare any conflicts of interest and besides, we have a procedure. But they thought it was all fine before. If I had not written my blog last summer, Cllr Ganotis would still be responsible for managing complaints involving his council, his party and his opposition.

I don’t think the Commissioner’s Office takes this seriously. I am amazed that Alex Ganotis is still allowed any influence over the ICO’s decisions about local government, regardless of how objective or benign that influence might be. I am appalled that anyone in the ICO’s senior management could think that this is acceptable. Every time the Commissioner acts or doesn’t act on a political issue, do we always need to ask: who was involved? What bias, conscious or unconscious, did they bring to bear? What other interests do they serve? In a world dominated by fake news and internet froth, the ICO’s independence and objectivity should be their highest priority. It isn’t.