Judgment Approved by the court for handing down.
R (Bridges) -v- CC South Wales & ors
39.
Having cited the general principles summarised by Lord Sumption in R (Catt) v
Association of Chief Police Officers [2015] UKSC 9, [2015] AC 1065 at [11] to [14]
and R (P) v Secretary of State for Justice and Another (also known as In re Gallagher)
[2019] UKSC 3, [2020] AC 185, at [16] to [31] applicable to the “in accordance with
the law” standard for the purposes of Article 8(2), the Divisional Court held (at [84])
that there is a clear and sufficient legal framework governing whether, when and how
AFR Locate may be used, comprising (in addition to the common law): (1) primary
legislation, (2) secondary legislative instruments in the form of codes of practice issued
under primary legislation, and (3) SWP’s own local policies.
40.
As to primary legislation, the Divisional Court referred to the DPA 2018 (which they
said they focused on rather than the DPA 1998 only for the sake of convenience). They
said (at [85]) that it embeds key safeguards which apply to all processing of personal
data, including the biometric data processed when AFR Locate is used. They referred,
in particular, to the provisions in Part 3 of the DPA 2018. They observed (at [88]) that
the requirements arising under the DPA 2018 are mirrored in the Code of Practice on
the Management of Police Information, issued by the College of Policing under section
39A of the Police Act 1996, and that section 39A(7) of the 1996 Act requires chief
police officers to have regard to that Code.
41.
As to the second element of the framework, the Divisional Court said (at [91]) that they
agreed with the overall submission of the Surveillance Camera Commissioner that the
Surveillance Camera Code of Practice, issued by the Home Secretary pursuant to
section 30 of the PFA 2012 and to which a chief officer of police must have regard,
provides a full system approach to the regulation of surveillance camera systems, as it
provides the legal and good practice standard which the Government expects, as well
as highlighting the broader spectrum of legislative requirements which apply.
42.
As to the third element of the framework, SWP’s own policies as to the use of AFR
Locate, the Divisional Court said (at [92]) that the three relevant policies are (1) SWP’s
Standard Operating Procedure, (2) SWP’s Deployment Reports and (3) SWP’s Policy
on Sensitive Processing.
43.
The Divisional Court concluded (at [96]) that, drawing everything together, the
cumulative effect of (1) the provisions of the DPA, (2) the Surveillance Camera Code
of Practice and (3) SWP’s own policy documents, is that the interference with the rights
in Article 8(1) which is consequent on SWP’s use of AFR Locate, occurs within a legal
framework that is sufficient to satisfy the “in accordance with the law” requirement in
Article 8(2); and that the answer to the primary submissions of the Appellant (and the
Information Commissioner who supported him on this issue) is that it is neither
necessary nor practical for legislation to define the precise circumstances in which AFR
Locate may be used, e.g. to the extent of identifying precisely which offences might
justify inclusion on a watchlist as a subject of interest or precisely what the sensitivity
settings should be.
44.
The Divisional Court then turned to the question of whether the interference of AFR
Locate with Article 8(1) satisfied the four-part proportionality test in Bank Mellat v Her
Majesty’s Treasury (No 2) [2013] UKSC 39, [2014] AC 700. Having accepted that it
was appropriate, when applying the third and fourth criteria in the context of the facts
of the present case, to apply a close standard of scrutiny, the Divisional Court rejected
all the substantive submissions of the Appellant on this issue. They concluded (at [101])