09 May 2020

NSW Strip Search Procedure

My 'Castles and casualties: recent case law about procedure, trespass and the private sphere' in (2019) 16(3/4) Privacy Law Bulletin 71 last year considered recent trespass and privacy controversies, including Attalla v New South Wales [2018] NSWDC 190; BC201840353. In Attalla the NSW District Court awarded the plaintiff $112,387 for an unjustified and incorrectly conducted strip search alongside unlawful detention. The Law Enforcement (Powers and Responsibilities) Act 2002 (NSW) specifically referred to regard for privacy in the conduct of searches.

In this blog I have subsequently highlighted other incidents (eg here), asking whether training and supervision in the NSW Police is adequate. The NSW Law Enforcement Conduct Commission (LECC) last week released its independent report on the LECC investigation regarding the incident.

The report problematically redacts a copy of the judgment by referring to 'SAN' rather than Attalla and pseudonymises the names of NSW Police personnel who were identified in the District Court judgment. The LECC appears unhappy about the Police responsiveness to its investigation.

Its report states
Shortly prior to the trial in the civil proceedings, the State of NSW conceded that the strip search was unlawful. In the course of the trial, the State also conceded that the continued detention of SAN1C, after he was subjected to a search by Officer SAN4 was unlawful. However, these concessions do not obviate the need for the Commission to consider whether the police committed any serious misconduct in connection with these events. 
As has already been noted, Officer SAN4 conducted a strip search of SAN1C at the police station. This involved requiring SAN1C to squat and move his testicles. Certainly, SAN1C had not consented to the requirement but had complied because it was clear that the officer was asserting legal control. Since, however, this procedure was conventional and Officer SAN4 understood that he was acting within his powers the Commission does not consider that, in taking these actions, he had committed any serious misconduct. 
A more fundamental objection to the legality of strip searching SANIC is that Officer SAN4 had no proper basis for conducting the search. There was no matter that could have given rise to a reasonable suspicion that the search was necessary. Officer SAN1 had conveyed only that she believed he "might have had something" but not the basis for that belief and it is clear that Officer SAN4 had no independent suspicion, let alone one based on reasonable grounds, that a strip search was necessary. He acted at the direction of Officer SAN1 and also, it seems likely, in accordance with the general rule at the time applying in the Kings Cross Police Station that persons brought into custody were to be strip searched. In light of that rule the Commission is not minded to make a finding of misconduct against Officer SAN4, although his conduct of the strip search at Officer SANTs direction was not, as he should have known, authorised by his LEPRA powers. 
Although Officer SAN1 had not herself conducted the search, it is clear that it was conducted at her direction. There was no legal basis for the direction. Considering the circumstances as a whole, the only reasonable explanation was that it was instituted to humiliate SANIC for his non­ compliance with her earlier unreasonable directions and Officer SANTs indifference to the legal limits on police powers, of which she was only vaguely aware. This conduct was a serious breach of her duty. 
The Commission was originally concerned that the litigation was not conducted in accordance with the model litigant policy (see Annexure). The Commission is satisfied that there is no basis on which to find that the NSWPF, did not act in accordance with that policy. 
As noted, an investigation of the complaint was declined by Officer SAN7 as he relied upon s 132(g) of the Police Act 1990, concluding that the issues had been canvassed during the civil proceedings. As he acknowledged, in hindsight, that decision was not appropriate (see par. 4.76). It is now accepted by the NSWPF that the mere fact of civil proceedings cannot be a ground, unless the circumstances are exceptional, for declining to investigate misconduct information. It is obvious that, whilst civil proceedings might resolve issues between the State of NSW and a plaintiff who has sued because of unlawful police conduct, it will do nothing about the officers' responsibility for that conduct and the duty of the Commissioner to deal with it. This is even more so when it is appreciated that by far the majority of such litigation is settled before judgment. At every point, the NSWPF failed to appropriately respond to the SAN1C decision. Officer SAN7 agreed that the SAN1C decision should have been brought to the attention of the subject police officers and discussed with them as they were otherwise none the wiser as to their conduct. The Commission is satisfied that the NSWPF has since taken measures to educate and train their officers as to their powers by way of regular email updates, stickers and on-line training. In addition, training involving practical case scenarios has been implemented. The Commission has recently addressed this issue in its report to Parliament: "Review of the NSWPF Standard Operating Procedures for Strip searches in Custody, January 2020" which was made public on 13February 2020. The Commission is satisfied that the NSWPF is presently taking measures to address the Commission's concerns about its training and education of officers in this regard.
The report notes
The judgment of the Court raised the following issues:
(i) A person, going about his daily business, was unlawfully arrested and subjected to the degrading ordeal of being strip-searched, during which he was asked to lift his genitals and to squat and cough, in significant part because he chose to exercise his legal rights and protested against the actions of police. 
(ii) The conduct of the defendant in the civil proceedings, particularly because of the concessions made so late in the day, giving rise to the following finding by the Court, "Although the State made concessions about the lawfulness of the continued arrest, the belated and limited nature of those concessions meant that SAN1C was forced to undertake litigation with its concomitant stress, worry, time and cost, to establish that which the State eventually conceded." 
(iii) What, if anything, flowed from the decision in the proceedings in so far as training and education of NSWPF officers? Did the NSWPF bring the decision, which was very critical of the actions of the involved police officers, to the attention of those officers so that they might learn from their mistakes and not repeat them in the future? Was further training in police powers provided to those officers? Was the decision a catalyst to provide more comprehensive and specific training in police powers under the Law Enforcement (Powers and Responsibilities) Act 2002 (LEPRA) and was it included in any such training?
The Commission decided that the conduct of the involved NSWPF officers and the NSWPF itself was of such concern that it warranted investigation

COVIDapp

'Australia’s COVIDSafe experiment, Phase II: A draft law for surveillance and trust' (University of New South Wales Law Research Series, 2020) by Graham Greenleaf and Katharine Kemp comments
The joint Australian governments’ coronavirus contact tracing app, marketed as ‘COVIDSafe’, was released on 26 April 2020 for public download by the federal government, together with an emergency Determination under the Biosecurity Act to govern its operation, a Privacy Impact Assessment (PIA), plus the App itself and its privacy policy. 
A week later the federal government released an Exposure Draft Privacy Amendment (Public Health Contact Information) Bill 2020 (‘the COVIDSafe Bill’), which it is expected will be debated and enacted in a Parliamentary sitting from 12-14 May. 
It is a package intended to create sufficient public confidence to result in downloads of the app by a sufficient percentage of the Australian mobile-phone-owning population, for it to have a significant effect on the tracing of persons infected with the COVID19 virus. In the first two weeks since its launch over 5 million Australian’s have downloaded the app, about 25% of those possible. This article analyses the extent to which the draft Bill provides the privacy protections that would help justify public trust, and aims to make a constructive contribution to the development of better legislation and greater transparency. 
The Draft Bill contains significant improvements on the previous Determination, particularly the inclusion of an individual right of enforcement action before the Privacy Commissioner for most breaches of the COVIDSafe requirements. This is particularly important as a means of stopping attempts to make use of the app de facto compulsory. It also adds valuable provisions concerning deletion of data, extension of Commonwealth jurisdiction to cover state and territory authorities, and sharing of information between Australian privacy authorities. 
We conclude that the conditions necessary to justify sufficient public trust in government for the Australian public to opt in voluntarily to the installation and use of the COVIDSafe app, and to not opt out, are lacking. Many of the main deficiencies we identify in this article are remediable: five deficiencies in transparency; and nine categories of improvements to the current Determination by the proposed COVIDSafe Act. However, the question of whether an individual Australian would be well advised to install and run the app remains a decision which depends on individual circumstances. 
Many other countries are developing contact tracing apps. Australia’s experiment is further advanced than most that are attempting to build a system on voluntary uptake, protected by legislation. The results of its experiment will be of interest to many.

07 May 2020

Sovereign Citizens

Another Sovereign Citizen judgment, this time in South Australia and regarding a parking rather than speeding offence.

In Rossiter v Adelaide City Council  [2020] SASC 61 Livesey J has considered an appeal against a parking conviction by a SA magistrate.

 Rossiter - who characterised himself as a Free Spirit Man -  received an expiation notice as the driver of a vehicle parked in excess of the Council's 30-minute time limit. He chose to be prosecuted and was issued an information and summons. On the day of trial, but before the matter was called on, Rossiter showed the prosecutor a notice which read, “Notice: private property, no trespassing”. He said that the notice was displayed on the vehicle when the expiation notice was left on the windscreen. In the Magistrates Court he was mute, not entering a plea. The magistrate directed that a plea of "not guilty" be entered and proceeded as if the matter was ex parte. The prosecution proceeded to prove the appellant’s guilt beyond reasonable doubt with the assistance of statutory aids to proof.  Rossiter was found guilty of breaching r 205 of the Australian Road Rules; a fine without a conviction was recorded.

 On appeal to the Supreme Court  he contested  it on 11 grounds, including on the bases that no plea was entered and that the inspectors trespassed when attaching the expiation notice to the windscreen. The Court considered that there had been no miscarriage of justice, that 'affixation of the expiation notice to the vehicle was explicitly permitted by the Expiation of Offences Act 1996 (SA) and could not comprise trespass'. Free, sovereign or other spirit, Rossiter has to pay the fine.

The judgment states
 The appellant describes himself as “Tim: Rossiter, a man” for reasons that will become clear. Whatever his name, he objects to the imposition of a parking expiation notice, and appeals against conviction for a breach of r 205 of the Australian Road Rules. 
The prosecution case was that the appellant was the driver of a Toyota sedan when, on Sunday, 7 April 2019, he parked on Grote Street, Adelaide between 1.20 pm and 2.09 pm, well exceeding the 30-minute time limit indicated by the permissive parking sign. 
Covered by the words “all rights reserved, without prejudice” the appellant elected to be prosecuted by a notice dated 8 April 2019, following which an Information and Summons was issued and the matter was eventually listed for trial on 24 February 2020. 
At an earlier hearing on 4 October 2019 another Magistrate spoke to the appellant whilst he was sitting at the bar table. He replied only with words to the effect, “I am a man”. In the absence of a plea, the Magistrate treated the response as a plea of “not guilty” and set the matter down. On the day of the trial, but before the matter was called on, the appellant showed the prosecutor the notice that he said was displayed in the windscreen on the day the expiation notice was issued. It read: “Notice: private property, no trespassing”. 
When the matter was called on, the appellant did not approach the bar table and remained seated in the back row of the public gallery. He apparently remained mute throughout the trial and during the delivery of ex tempore reasons. 
The Magistrate treated the appellant’s failure to respond as another plea of “not guilty” and proceeded as if the matter was ex parte. The prosecution opened and proceeded in the ordinary way, although without any interaction from the appellant. In his reasons, the Magistrate accepted the evidence of two parking inspectors who gave evidence (using photographs that recorded the date and times at which they were taken), that the Toyota was parked for longer than 30 minutes, and that certain statutory presumptions had “not been rebutted”. ...
Where the appellant elected to remain mute and not participate in the trial, it was inevitable that he would be found to be the driver given that was what had been alleged. The Magistrate found the appellant guilty of the charge, but explained that it was usual not to record a conviction, and so the penalty without conviction was a fine of $52, a court fee of $286, a victims of crime levy of $160 and prosecution counsel fees of $1,270, a total of $1,768.
The judgment continues
The handwritten grounds of appeal are unusual: No plea was entered, a notice was on car front windscreen that says ‘Notice, private property, no trespassing’ clearly visible respondent attached a sticker over it without permission or consent, the ‘election to be prosecuted’ and ‘stat dec’ was signed with
‘all rights reserved, without prejudice’ which I do not consent to be used in court, i am not the ‘registered owner’ of the car the local government has no constitutional recognition, (1988 referendum, Question 3) i do not have any contract with the corporation with the ABN: 20 903 762 572 and i do not consent to contract with them, i emailed the respondent a letter denying consent on 3/9/2014 which was not responded to or refuted, i have attached a copy, i did not cause any harm, injury or loss, the ‘Expiation Notice’ has foreign text on it which is not english, and i do not understand the nature of it.
 Nice try, as Groucho Marx said, but no juridical cigar.
It is not necessary to address appeal grounds 4, 5, 7, 8, 10 or 11 in much detail because they do not raise matters capable of giving rise to any defence, and they misunderstand the nature of the statutory and regulatory authority by which the respondent is authorised to control and regulate parking. The Road Traffic Act 1961 (SA) and the Local Government Act 1999 (SA) confer the statutory and regulatory powers by which the respondent controls parking and enforces parking offences within its area. That statutory and regulatory regime is as follows: The appellant was charged with a breach of r 205 of the Australian Road Rules, which are made under s 80(a) of the Road Traffic Act 1961 (SA). By s 17 of the Road Traffic Act 1961 (SA) a “road authority” may with Ministerial approval install “a traffic control device on, above or near a road”. The term “road authority” is defined by s 5 to mean, amongst other things, an “authority ... responsible for the care, control or management of a road”. The term “traffic control device” is defined by s 5 to mean, amongst other things, a sign, signal or parking ticket-vending machine and parking meter. Under s 208(1) of the Local Government Act 1999 (SA) all “public roads in the area of a council are vested in the council in fee simple under the Real Property Act 1886 (SA)”. As the owner of a road, a council is responsible for the care, control and management of a road, and it is therefore a “road authority” permitted to install “traffic control devices” such as signs and parking ticket-vending machines near a road under the Road Traffic Act 1961 (SA). By an instrument dated 22 August 2013 Ministerial approval was granted to the respondent (and all other councils) pursuant to s 17 of the Road Traffic Act 1961 (SA) to install “any traffic control device on, above or near a road which is under its care, control and management...”.
 ... By s 35 of the Road Traffic Act 1961 (SA), an “authorised person” as defined in the Local Government Act 1999 (SA) is an “authorised officer” under the Road Traffic Act 1961 (SA) for the purposes of enforcing prescribed provisions or exercising prescribed powers. Authorised persons are appointed under s 260 of the Local Government Act 1999 (SA) and, under s 261, they may issue expiation notices. By s 292 of the Local Government Act 1999 (SA) it is not necessary in any legal proceedings to prove the existence or constitution of a council, the appointment of an officer, or the appointment of an authorised person. ...
Onwards to the 'your law doesn't apply to me' theatrics
Ground 1 complains that no plea was entered. It has long been recognised that a defendant’s right to attend a criminal trial is a right capable of being waived, with the result that a trial judge has a discretion, to be “exercised with great care” in the case of unrepresented defendants, to proceed ex parte, whether the absence is due to the misconduct of the defendant in the courtroom, or a deliberate refusal to attend at, or participate in, the trial. 
According to Archbold, the English practice requires that a jury be empanelled to determine in a hearing whether the defendant was “mute of malice or by the visitation of God”, because this cannot be determined by the court. If the finding is that the defendant is “mute of malice”, the court may, under the relevant statute, direct that a plea of “not guilty” be entered, otherwise, if “mute by visitation of God” (perhaps because of deafness),  the court must then determine whether there exists a disability that prevents the defendant from being tried. In 1971 in R v Hall the Full Court of the Supreme Court of Victoria described the direction of a trial judge that a plea of “not guilty” be entered, after the defendant said that he could not plead, as a “well-established practice”. In South Australia, the issue is addressed by the Criminal Procedure Act 1921 (SA), portions of which were known as the Summary Procedure Act 1921 (SA) until 2018. Section 129 of the Act, which is found in Part 5 “Indictable offences”, Division 6 “Pleas and proceedings on trial in superior court,” provides:
129—Plea of not guilty and refusal to plead (1) A person arraigned on an information who pleads not guilty will, by that plea, without any further form, be taken to have put themself on the country for trial (and the court must, in the usual manner, proceed to the trial of that person accordingly). (2) If any person, being so arraigned, refuses or fails to enter a plea to the information, it is lawful for the court to order a plea of not guilty to be entered on the person’s behalf and the person will be treated as if the person had pleaded not guilty.
Thus, where the defendant remains “mute” it is lawful for the superior court to order that a plea of “not guilty” be entered. If the defendant is under a mental impairment this is separately addressed by the provisions of Part 8A in the Criminal Law Consolidation Act 1935 (SA). In summary proceedings, where it is proved that the defendant has had notice of the proceeding, and a reasonable opportunity to attend and participate, the trial may proceed. 
The procedure is, as one might expect, simplified so that where the defendant does not respond, the adjudication may proceed “as fully and effectually ... as if the defendant had personally appeared” and, indeed, the Magistrates Court may “in so doing regard any allegation contained in the summons, or information and summons, (as served upon the defendant) as sufficient evidence of the matter alleged”. 
Whilst it is not made explicit by s 62BA(1) of the Criminal Procedure Act 1921 (SA), it appears that the trial may proceed as if the Magistrate has ordered that a plea of “not guilty” be entered. I was told by the respondent on the hearing of this appeal that this is often done in Magistrates Court trials in this State. In this case, the Magistrate directed that a plea of “not guilty” be entered after the appellant refused to participate in the trial. 
As might be clear from the terms of s 62BA(1), and what appears to be long-established practice, the decision to proceed in the absence of any plea from the appellant did not, therefore, detract from the Magistrate’s power to adjudicate the question of guilt. The prosecution then proceeded to prove guilt beyond reasonable doubt at the trial in the ordinary way, with the assistance of statutory aids to proof, rather than utilising the assistance of s 62BA(1) of the Criminal Procedure Act 1921 (SA), which treats the allegations “as sufficient evidence of the matter alleged”. 
That the Magistrate’s adjudication in this case proceeded with the benefit of the calling of evidence was, if anything, a precaution which merely reinforced the absence of any miscarriage of justice to the appellant. Whilst the respondent suggested on this appeal that the Magistrate required that the matter proceed on evidence, that is not how I read the transcript. The summary trial can be considered in terms of three distinct steps. 
The first concerned the procedure to be applied when the appellant refused to participate. The Magistrate saw that the appellant was in the courtroom and, after questioning him, exercised the first discretion conferred by s 62BA(1) and decided to proceed, effectively ex parte. It is primarily that discretion which it has been said should be exercised “with caution”, as Bray CJ explained in Walker v Eves: ... the vital word is “may”, not “shall”. It is not mandatory for a court of summary jurisdiction to proceed ex parte under this section whenever a complaint has been made by a police officer and the summons is served as authorized by the Act and the defendant does not appear. It should not automatically do so. It should consider the seriousness of the offence and the possibility of a satisfactory explanation for the failure to appear. Requests for adjournment should not be lightly refused. 
The second step involved the taking of a plea. As I have explained, in the absence of participation from the appellant, the Magistrate directed that a plea of “not guilty” be entered, as was appropriate. It is for that reason that this first appeal ground must be rejected. 
The third step involved the form in which the trial would proceed. There was in fact no argument on that point at trial, and the Magistrate was not invited to proceed in accord with the second discretion conferred by s 62BA(1), on the basis that he could treat the allegations “as sufficient evidence of the matter alleged”. 
As Bray CJ went on to explain in Walker v Eves:
The Court has not only a discretion whether to hear the case ex parte at all, but another discretion once it has been decided to hear it ex parte whether or not to regard the allegations in the complaint or summons as sufficient evidence of the matter alleged. Whilst there may in some cases be good reason to be cautious and proceed with proof in the ordinary way, that inevitably involves time spent on matters that may not genuinely be in issue. 
In the circumstances of this case, where the appellant was present but refusing to participate, there seems to have been no good reason not to take advantage of this statutory aid. 
Grounds 2 and 3 complain that the parking inspectors attached the expiation “sticker” over the “no trespassing” sign. As may be obvious to some, there has been a tendency in recent times to try and exploit the proposition that, where there has been a revocation by written notice of the implied licence to enter a property, if that property is then entered, there is a trespass which can be made the subject of an action for damages. It is not necessary for the purposes of these reasons to determine whether that proposition is correct, or indeed what notice by words or conduct is effective to revoke the implied licence to enter property.  In this case the same idea is used in a different way. The appellant says that no expiation notice could be affixed where any implied licence to encroach on property has been revoked by a notice on a chattel, here the Toyota sedan. The implication underpinning these arguments is that because the expiation notice could not be left on the vehicle the prosecution founders. There is no merit in any of these arguments. 
The appellant cited Entick v Carrington, a case of trespass to land. There it was said that “our law holds the property of every man so sacred, that no man can set his foot upon his neighbour’s close without his leave; if he does he is a trespasser, though he does no damage at all; if he will tread upon his neighbour’s ground, he must justify it by law”. Whilst that famous case has often been followed, it does not assist the appellant in this case where there was explicit statutory authority to leave an expiation notice on the vehicle and where, more importantly, the right to park the vehicle was the subject of a lawful regulation, only permitting occupation of the relevant parking space for a specified period of time. I shall set out my reasons for finding that these grounds of appeal must be rejected. ... 
Ground 4 assumes that the election to be prosecuted had some bearing on the prosecution. It did not. It simply operated as a notice advising the respondent that the appellant had no intention of paying the expiation fee. 
Ground 5 assumes that the prosecution depended on proof that the appellant was the registered owner. It did not. It was sufficient that he was a deemed driver. 
For scholars of the sovereign citizen phenomenon will be unsurprised by Livesey J's statement -
Ground 6 is a complaint that there is no constitutional recognition of local government. This has been tried by others before. It is without merit. Because the 1988 constitutional referendum failed, local government remains a matter within the residual power of the States. The failure of the constitutional amendment says nothing about the legal existence and validity of local government entities such as the Adelaide City Council, and their capacity to regulate parking and prosecute parking offences. 
Grounds 7 and 8 assume that the prosecution depended upon the existence of a contract with the respondent and that the respondent’s Australian Business Number was relevant. Both assumptions are wrong. 
Ground 9 refers to the appellant’s letter dated 14 December 2012, apparently sent to the respondent on 3 September 2014, “denying consent”. It is this letter that explains why the appellant is concerned not to be described by the name he was, nonetheless, prepared to use on his notice of appeal. The implication underlying this ground is that the appellant sent the 2014 letter to the respondent making it clear that, unless there was a response to it, he was to be taken as having certain rights and immunities. These include the “right to travel freely without limit”. The appellant’s letter is addressed generically to “Dear Madams and Sirs” and says that it comprises his “Notice of Understanding and Intent and Claim of Right and denial of consent for your understanding”. 
The letter is said to be from “Timothy-Noel: Rossiter, Free-spirit man” who is “man and man has certain inalienable rights”:
3. My truth and law exists inside me ... ... People living on the geographical area commonly referred to as Australia have the right to revoke or deny consent to be represented and thus governed, and; I, commonly known as Timothy-Noel: Rossiter do not consent to being governed/represented, and; If anyone does revoke or deny consent they exist free of government control and statutory restraints ...
Despite the intention eight years ago to disengage from society and to “direct my life which ever [sic] way I see fit”, the appellant was nevertheless concerned to claim the right to “use the police to protect me, my friends, family and my property”, as well as the “right to free education”. 
The letter comprises three pages, and is witnessed, stamped and sealed by Joseph Pertl, Solicitor, Barrister and Notary Public. 
The precept that the appellant can only be governed by that to which he explicitly consents possibly explains why he sent a handwritten “Notice” to my chambers in the following terms:
Notice: Dear Sir, i, a man, accept your oath of office, yours faithfully, [signed, together with a fingerprint] Tim: Rossiter 15/04/2020 
Quite apart from the absence of any evidence at the trial that the 2012 letter was ever sent to the respondent, its effect is “most unclear”, and it is incapable of having any bearing at all on the prosecution case. It is incapable of generating any defence. 
Various terms have been used to describe “pseudolegal arguments” such as those advocated by the appellant in this case. They have without reservation been rejected as involving both legal nonsense and an unnecessary waste of scarce public and judicial resources. So too here. 
Grounds 10 and 11 refer to the absence of harm or injury and to the foreign language text on the expiation notice, included no doubt for the assistance of those who have difficulty with English. None of that was relevant to the efficacy of the expiation notice or the prosecution for which the appellant elected on 8 April 2019.
The judgment in conclusion states
It is regrettable that the appellant has advocated the various pseudolegal arguments underpinning this appeal. If he has acted on the advice of others, he is well advised to stop doing so. His decision to defend has resulted in a trivial parking fine escalating to a financial burden exceeding $2,000.

In Adelaide City Council v Lepse [2016] SASC 66, another judgment regarding a pseudolegal response to a parking penalty, the Court states 

 the conduct of the defendant reflects a bizarre and delusional litigious strategy that has been described in a number of decided cases concerning similar circumstances as “ pseudolegal ”. The propounding of such baseless arguments may be uniformly unsuccessful but nevertheless highly disruptive and time-wasting. However, such documentation may usually be summarily dismissed as an abuse of the process of the court with little further ado. ... On 17 March 2016, the defendant filed a notice of appeal in this Court seeking, perhaps ironically, to engage the jurisdiction of this Court. ... 

it has now become common for unrepresented persons to themselves download court-approved forms from court websites, type in their relevant details, and file the completed document at the registry. The present case exposes a potential problem with that procedure. 

Here, the defendant downloaded the appropriate appeal form from the court website, and typed into the appropriate areas of the form some details pertaining to her case and successfully filed it at the registry. The document, as presented, appeared genuine and I do not wish to be in any way critical of registry staff, or indeed of the solicitor of the respondent, for failing to detect a certain aberration. However, closer inspection by the Court prior to the hearing of the appeal revealed that while the document otherwise corresponds (closely enough) to the court-approved form, the following additional words (emboldened here but certainly not in the document as filed) had been surreptitiously inserted by the defendant in the substantive body of the form: 

The Appellant, Waltraud Lepse, APPEALS to the a single Judge (acting under oath to Queen Elizabeth the second) of the Supreme Court of South Australia against the judgment of a single Magistrate of the Adelaide Magistrates Court. (Emphasis added) 

Those emboldened words above do not form any part of the court-approved form and have been surreptitiously introduced by the defendant for her own purposes, and without any authority whatsoever to do so. 

As many in the legal profession will be aware, there has been a considerable number of cases, both here and overseas, which have dealt with various bizarre purported “constitutional defences” sought to be advanced from time to time, and usually on the basis of suggestions to be found on the internet. It is sufficient to observe that there are obvious indications that this phrase “acting under oath to Queen Elizabeth the second” may be thought by some ill-informed persons to in some way advance abstruse, indeed unintelligible, arguments purporting to be in the nature of “constitutional” arguments. It is unnecessary to speculate further as to the purported motives of the defendant in inserting those words. 

At the hearing of the appeal, of my own motion, I amended the notice of appeal by striking out the words and parentheses “(acting under oath to Queen Elizabeth the second)” pursuant to Rule 57 of the Supreme Court Civil Rules. 

The fact that I took that course without initiating an investigation into this conduct of the defendant should not be thought to indicate that the surreptitious alteration of a substantive part of a court-approved document form is other than a very serious matter. In certain circumstances, such conduct might constitute a criminal offence, for example an attempt to pervert the course of justice. ... 

It can be seen from the transcript (as verified by the affidavit of Mr Muscat, Exhibit R1), that the defendant deliberately adopted the same modus operandi in relation to both the Special Justice and the Magistrate. She passed through the door of the courtroom and, standing at a position just inside the door, attempted to negotiate with the Court the terms under which she would be prepared to attend, or appear, before the Court. She was asked on several occasions to come forward to the designated area where the parties in a case, or legal practitioners representing such parties, must attend or appear when their case is called on by the presiding judicial officer, namely “the bar table”. But the defendant at all times refused to do so, and asserted that it was entirely a matter for her choice as to whether she would submit to the Court’s jurisdiction. ... 

A situation not dissimilar to the present occurred in the Western Australian decision of Ashwell v Commissioner for Consumer Protection

The defendant appealed from a decision of the Magistrates Court. When the appeal was called on before Jenkins J on 5 June 2015, the defendant was in the public gallery and sought to make his submissions from there. He refused to come to the bar table despite repeated requests by the Judge. The result was that Jenkins J refused to hear submissions by the defendant from the public gallery and therefore heard oral submissions only from the respondent. 

In later delivering reasons for that ruling, Jenkins J stated:

[25] I then asked Mr Ashwell why he declined to come to the bar table. Mr Ashwell replied “I don’t believe in your court”. This comment was consistent with various statements made in the appellants’ written submissions filed in the appeal. For example, those submissions include the following statements:

The man, David Ashwell, at no time, grants willing consent to being a party to these proceedings, but attends merely for the purpose of putting matters right. Attendance is under duress: to bring clarity to falsified information, to serve compensation bills for harm and injury incurred, to hold accountability by those who chose to harm Mr Ashwell, his wife, and his livelihood to make a point out of a matter that was exploited beyond any rational proportion. Attendance is under protest and as a result of injury incurred. ... It is recognised and acknowledged that this court, the Supreme Court of Western Australia and the Magistrates Court of Geraldton Western Australia, is NOT following procedures under a Common Law Jurisdiction. ... Silence is consent. Well not in this court room on June 5th 2015. Let it be clearly known and understood, that consent to this paradigm is NOT granted. 

[26] Mr Ashwell’s comment was also consistent with comments he had made to the magistrate, including the comment “I do not recognise the court” (ts 24, 28 August 2014). 

[27] I advised Mr Ashwell that I did not wish to deny him an opportunity to be heard orally in the appeal, but that unless he came forward to the bar table, I was not prepared to hear him. I said that the reason for this was that in order for him to prosecute the appeal he must submit to the authority of the court to hear and determine it. Mr Ashwell refused to come forward to the bar table then and again after the respondent’s oral submissions were made. In those circumstances, I declined to permit him to make oral submissions on his appeal from the public gallery. 

[28] On the material before me, there was no practical reason why Mr Ashwell could not come forward to the bar table. Rather, because of his hearing disability, there were very good practical reasons why it was desirable for him to come forward to the bar table to make his submissions. 

[29] Fundamentally, Mr Ashwell refused to come to the bar table as a demonstration of his belief that the court does not have authority over him. Of course, this belief is inconsistent with the commencement and prosecution of the appeal. Putting that issue to one side, it seemed to me that by his actions Mr Ashwell was mocking the court’s authority and demonstrating his refusal to recognise the court’s jurisdiction. Whilst the court does not revel in exercising authority over litigants, it is important that litigants who seek redress from the court are prepared to acknowledge the authority of the court and to demonstrate that by appropriate behaviour in the court. (Emphasis added)

In Lepse Peek J goes on to express concern about what might be perceived as endorsement by JPs of pseudo legalism -

In the present case, a Justice of the Peace has been prepared to append her signature and stamp to documents which falsely purport to be affidavits and, to a lay person, might well be presumed to be affidavits. However, it is quite clear that these documents have in no way been sworn of affirmed. I consider this to be a serious matter. 

However, the matter does not stop there. The content of documents may be so clearly redolent of an abuse of legal process that a person such as a Justice of the Peace should play no part in the advancing of such documentation, quite irrespective of whether they actually purport to be affidavits. ... 

Justices of the Peace, or others, who purport to witness documents which on their face appear to be associated with meritless pseudolegal arguments may be seen to be giving support to such arguments. It is disappointing to see that documents of that sort in this case have been given what might appear to be some verisimilitude by appearing to have been formalised by a Justice of the Peace.

06 May 2020

Consent in EU Privacy Law

The European Data Protection Board Guidelines 05/2020 on consent under Regulation 2016/679 states
These Guidelines provide a thorough analysis of the notion of consent in Regulation 2016/679, the General Data Protection Regulation (hereafter: GDPR). The concept of consent as used in the Data Protection Directive (hereafter: Directive 95/46/EC) and in the e-Privacy Directive to date, has evolved. The GDPR provides further clarification and specification of the requirements for obtaining and demonstrating valid consent. These Guidelines focus on these changes, providing practical guidance to ensure compliance with the GDPR and building upon the Article 29 Working Party Opinion 15/2011 on consent. The obligation is on controllers to innovate to find new solutions that operate within the parameters of the law and better support the protection of personal data and the interests of data subjects. 
2. Consent remains one of six lawful bases to process personal data, as listed in Article 6 of the GDPR. When initiating activities that involve processing of personal data, a controller must always take time to consider what would be the appropriate lawful ground for the envisaged processing. 
3. Generally, consent can only be an appropriate lawful basis if a data subject is offered control and is offered a genuine choice with regard to accepting or declining the terms offered or declining them without detriment. When asking for consent, a controller has the duty to assess whether it will meet all the requirements to obtain valid consent. If obtained in full compliance with the GDPR, consent is a tool that gives data subjects control over whether or not personal data concerning them will be processed. If not, the data subject’s control becomes illusory and consent will be an invalid basis for processing, rendering the processing activity unlawful. 
4. The existing Article 29 Working Party (WP29) Opinions on consent4 remain relevant, where consistent with the new legal framework, as the GDPR codifies existing WP29 guidance and general good practice and most of the key elements of consent remain the same under the GDPR. Therefore, in this document, the EDPB expands upon and completes earlier Article 29 Working Party Opinions on specific topics that include reference to consent under Directive 95/46/EC, rather than replacing them. 5. As the WP29 stated in its Opinion 15/2011 on the definition on consent, inviting people to accept a data processing operation should be subject to rigorous requirements, since it concerns the fundamental rights of data subjects and the controller wishes to engage in a processing operation that would be unlawful without the data subject’s consent. 
5 The crucial role of consent is underlined by Articles 7 and 8 of the Charter of Fundamental Rights of the European Union. Furthermore, obtaining consent also does not negate or in any way diminish the controller’s obligations to observe the principles of processing enshrined in the GDPR, especially Article 5 of the GDPR with regard to fairness, necessity and proportionality, as well as data quality. Even if the processing of personal data is based on consent of the data subject, this would not legitimise collection of data, which is not necessary in relation to a specified purpose of processing and be fundamentally unfair. 
6. Meanwhile, the EDPB is aware of the review of the ePrivacy Directive (2002/58/EC). The notion of consent in the draft ePrivacy Regulation remains linked to the notion of consent in the GDPR.7 Organisations are likely to need consent under the ePrivacy instrument for most online marketing messages or marketing calls, and online tracking methods including by the use of cookies or apps or other software. The EDPB has already provided recommendations and guidance to the European legislator on the Proposal for a Regulation on ePrivacy. 
7. With regard to the existing e-Privacy Directive, the EDPB notes that references to the repealed Directive 95/46/EC shall be construed as references to the GDPR. This also applies to references to consent in the current Directive 2002/58/EC, as the ePrivacy Regulation will not (yet) be in force from 25 May 2018. According to Article 95 GDPR, additional obligations in relation to processing in connection with the provision of publicly available electronic communications services in public communication networks shall not be imposed insofar the e-Privacy Directive imposes specific obligations with the same objective. The EDPB notes that the requirements for consent under the GDPR are not considered to be an ‘additional obligation’, but rather as preconditions for lawful processing. Therefore, the GDPR conditions for obtaining valid consent are applicable in situations falling within the scope of the e-Privacy Directive. 
2 CONSENT IN ARTICLE 4(11) OF THE GDPR 
8. Article 4(11) of the GDPR defines consent as: “any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” 
9. The basic concept of consent remains similar to that under the Directive 95/46/EC and consent is one of the lawful grounds on which personal data processing has to be based, pursuant to Article 6 of the GDPR. Besides the amended definition in Article 4(11), the GDPR provides additional guidance in Article 7 and in recitals 32, 33, 42, and 43 as to how the controller must act to comply with the main elements of the consent requirement. 
10. Finally, the inclusion of specific provisions and recitals on the withdrawal of consent confirms that consent should be a reversible decision and that there remains a degree of control on the side of the data subject. 
ELEMENTS OF VALID CONSENT 
11. Article 4(11) of the GDPR stipulates that consent of the data subject means any:  freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. 
12. In the sections below, it is analysed to what extent the wording of Article 4(11) requires controllers to change their consent requests/forms, in order to ensure compliance with the GDPR.
3.1 Free / freely given 
13. The element “free” implies real choice and control for data subjects. As a general rule, the GDPR prescribes that if the data subject has no real choice, feels compelled to consent or will endure negative consequences if they do not consent, then consent will not be valid.  If consent is bundled up as a non-negotiable part of terms and conditions it is presumed not to have been freely given. Accordingly, consent will not be considered to be free if the data subject is unable to refuse or withdraw his or her consent without detriment. 
14 The notion of imbalance between the controller and the data subject is also taken into consideration by the GDPR. 
14. When assessing whether consent is freely given, one should also take into account the specific situation of tying consent into contracts or the provision of a service as described in Article 7(4). Article 7(4) has been drafted in a non-exhaustive fashion by the words “inter alia”, meaning that there may be a range of other situations, which are caught by this provision. In general terms, any element of inappropriate pressure or influence upon the data subject (which may be manifested in many different ways) which prevents a data subject from exercising their free will, shall render the consent invalid. ... 
3.1.1 Imbalance of power 
16. Recital 4315 clearly indicates that it is unlikely that public authorities can rely on consent for processing as whenever the controller is a public authority, there is often a clear imbalance of power in the relationship between the controller and the data subject. It is also clear in most cases that the data subject will have no realistic alternatives to accepting the processing (terms) of this controller. The EDPB considers that there are other lawful bases that are, in principle, more appropriate to the activity of public authorities. 
17. Without prejudice to these general considerations, the use of consent as a lawful basis for data processing by public authorities is not totally excluded under the legal framework of the GDPR. The following examples show that the use of consent can be appropriate under certain circumstances. ... 
21. An imbalance of power also occurs in the employment context. Given the dependency that results from the employer/employee relationship, it is unlikely that the data subject is able to deny his/her employer consent to data processing without experiencing the fear or real risk of detrimental effects as a result of a refusal. It is unlikely that an employee would be able to respond freely to a request for consent from his/her employer to, for example, activate monitoring systems such as camera observation in a workplace, or to fill out assessment forms, without feeling any pressure to consent.  Therefore, the EDPB deems it problematic for employers to process personal data of current or future employees on the basis of consent as it is unlikely to be freely given. For the majority of such data processing at work, the lawful basis cannot and should not be the consent of the employees (Article 6(1)(a)) due to the nature of the relationship between employer and employee. 
22. However, this does not mean that employers can never rely on consent as a lawful basis for processing. There may be situations when it is possible for the employer to demonstrate that consent actually is freely given. Given the imbalance of power between an employer and its staff members, employees can only give free consent in exceptional circumstances, when it will have no adverse consequences at all whether or not they give consent. ... Imbalances of power are not limited to public authorities and employers, they may also occur in other situations. As highlighted by the WP29 in several Opinions, consent can only be valid if the data subject is able to exercise a real choice, and there is no risk of deception, intimidation, coercion or significant negative consequences (e.g. substantial extra costs) if he/she does not consent. Consent will not be free in cases where there is any element of compulsion, pressure or inability to exercise free will. 
3.1.2 Conditionality 
25. To assess whether consent is freely given, Article 7(4) GDPR plays an important role. 26. Article 7(4) GDPR indicates that, inter alia, the situation of “bundling” consent with acceptance of terms or conditions, or “tying” the provision of a contract or a service to a request for consent to process personal data that are not necessary for the performance of that contract or service, is considered highly undesirable. If consent is given in this situation, it is presumed to be not freely given (recital 43). Article 7(4) seeks to ensure that the purpose of personal data processing is not disguised nor bundled with the provision of a contract of a service for which these personal data are not necessary. In doing so, the GDPR ensures that the processing of personal data for which consent is sought cannot become directly or indirectly the counter-performance of a contract. The two lawful bases for the lawful processing of personal data, i.e. consent and contract cannot be merged and blurred. 
27. Compulsion to agree with the use of personal data additional to what is strictly necessary limits data subject’s choices and stands in the way of free consent. As data protection law is aiming at the protection of fundamental rights, an individual’s control over their personal data is essential and there is a strong presumption that consent to the processing of personal data that is unnecessary, cannot be seen as a mandatory consideration in exchange for the performance of a contract or the provision of a service.  
28. Hence, whenever a request for consent is tied to the performance of a contract by the controller, a data subject that does not wish to make his/her personal data available for processing by the controller runs the risk to be denied services they have requested. 
29. To assess whether such a situation of bundling or tying occurs, it is important to determine what the scope of the contract is and what data would be necessary for the performance of that contract. 
30. According to Opinion 06/2014 of WP29, the term “necessary for the performance of a contract” needs to be interpreted strictly. The processing must be necessary to fulfil the contract with each individual data subject. This may include, for example, processing the address of the data subject so that goods purchased online can be delivered, or processing credit card details in order to facilitate payment. In the employment context, this ground may allow, for example, the processing of salary information and bank account details so that wages can be paid. There needs to be a direct and objective link between the processing of the data and the purpose of the execution of the contract. 
31. If a controller seeks to process personal data that are in fact necessary for the performance of a contract, then consent is not the appropriate lawful basis. 
32. Article 7(4) is only relevant where the requested data are not necessary for the performance of the contract, (including the provision of a service), and the performance of that contract is made conditional on the obtaining of these data on the basis of consent. Conversely, if processing is necessary to perform the contract (including to provide a service), then Article 7(4) does not apply. ... 
34. The choice of the legislator to highlight conditionality, amongst others, as a presumption of a lack of freedom to consent, demonstrates that the occurrence of conditionality must be carefully scrutinized. The term “utmost account” in Article 7(4) suggests that special caution is needed from the controller when a contract (which could include the provision of a service) has a request for consent to process personal data tied to it. 
35. As the wording of Article 7(4) is not construed in an absolute manner, there might be very limited space for cases where this conditionality would not render the consent invalid. However, the word “presumed” in Recital 43 clearly indicates that such cases will be highly exceptional. 
36. In any event, the burden of proof in Article 7(4) is on the controller.  This specific rule reflects the general principle of accountability, which runs throughout the GDPR. However, when Article 7(4) applies, it will be more difficult for the controller to prove that consent was given freely by the data subject. 
37. The controller could argue that his organisation offers data subjects genuine choice if they were able to choose between a service that includes consenting to the use of personal data for additional purposes on the one hand, and an equivalent service offered by the same controller that does not involve consenting to data use for additional purposes on the other hand. As long as there is a possibility to have the contract performed or the contracted service delivered by this controller without consenting to the other or additional data use in question, this means there is no longer a conditional service. However, both services need to be genuinely equivalent. 
38. The EDPB considers that consent cannot be considered as freely given if a controller argues that a choice exists between its service that includes consenting to the use of personal data for additional purposes on the one hand, and an equivalent service offered by a different controller on the other hand. In such a case, the freedom of choice would be made dependent on what other market players do and whether an individual data subject would find the other controller’s services genuinely equivalent. It would furthermore imply an obligation for controllers to monitor market developments to ensure the continued validity of consent for their data processing activities, as a competitor may alter its service at a later stage. Hence, using this argument means a consent relying on an alternative option offered by a third party fails to comply with the GDPR, meaning that a service provider cannot prevent data subjects from accessing a service on the basis that they do not consent. 
39. In order for consent to be freely given, access to services and functionalities must not be made conditional on the consent of a user to the storing of information, or gaining of access to information already stored, in the terminal equipment of a user (so called cookie walls) ... 
3.1.3 Granularity 
42. A service may involve multiple processing operations for more than one purpose. In such cases, the data subjects should be free to choose which purpose they accept, rather than having to consent to a bundle of processing purposes. In a given case, several consents may be warranted to start offering a service, pursuant to the GDPR. 
43. Recital 43 clarifies that consent is presumed not to be freely given if the process/procedure for obtaining consent does not allow data subjects to give separate consent for personal data processing operations respectively (e.g. only for some processing operations and not for others) despite it being appropriate in the individual case. Recital 32 states, “Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them”. 
44. If the controller has conflated several purposes for processing and has not attempted to seek separate consent for each purpose, there is a lack of freedom. This granularity is closely related to the need of consent to be specific, as discussed in section 3.2 further below. When data processing is done in pursuit of several purposes, the solution to comply with the conditions for valid consent lies in granularity, i.e. the separation of these purposes and obtaining consent for each purpose. ... 
3.1.4 Detriment 
46. The controller needs to demonstrate that it is possible to refuse or withdraw consent without detriment (recital 42). For example, the controller needs to prove that withdrawing consent does not lead to any costs for the data subject and thus no clear disadvantage for those withdrawing consent. 
47. Other examples of detriment are deception, intimidation, coercion or significant negative consequences if a data subject does not consent. The controller should be able to prove that the data subject had a free or genuine choice about whether to consent and that it was possible to withdraw consent without detriment. 
48. If a controller is able to show that a service includes the possibility to withdraw consent without any negative consequences e.g. without the performance of the service being downgraded to the detriment of the user, this may serve to show that the consent was given freely. The GDPR does not preclude all incentives but the onus would be on the controller to demonstrate that consent was still freely given in all the circumstances. ... 
3.2 Specific 
55. Article 6(1)(a) confirms that the consent of the data subject must be given in relation to “one or more specific” purposes and that a data subject has a choice in relation to each of them.  The requirement that consent must be ‘specific’ aims to ensure a degree of user control and transparency for the data subject. This requirement has not been changed by the GDPR and remains closely linked to the requirement of 'informed' consent. At the same time, it must be interpreted in line with the requirement for 'granularity' to obtain 'free' consent. In sum, to comply with the element of 'specific' the controller must apply: i Purpose specification as a safeguard against function creep, ii Granularity in consent requests, and iii Clear separation of information related to obtaining consent for data processing activities from information about other matters. 
56. Ad. (i): Pursuant to Article 5(1)(b) GDPR, obtaining valid consent is always preceded by the determination of a specific, explicit and legitimate purpose for the intended processing activity. The need for specific consent in combination with the notion of purpose limitation in Article 5(1)(b) functions as a safeguard against the gradual widening or blurring of purposes for which data is processed, after a data subject has agreed to the initial collection of the data. This phenomenon, also known as function creep, is a risk for data subjects, as it may result in unanticipated use of personal data by the controller or by third parties and in loss of data subject control. 
57. If the controller is relying on Article 6(1)(a), data subjects must always give consent for a specific processing purpose. In line with the concept of purpose limitation, Article 5(1)(b) and recital 32, consent may cover different operations, as long as these operations serve the same purpose. It goes without saying that specific consent can only be obtained when data subjects are specifically informed about the intended purposes of data use concerning them. 
58. Notwithstanding the provisions on compatibility of purposes, consent must be specific to the purpose. Data subjects will give their consent with the understanding that they are in control and their data will only be processed for those specified purposes. If a controller processes data based on consent and wishes to process the data for another purpose, too, that controller needs to seek additional consent for this other purpose unless there is another lawful basis, which better reflects the situation. ... 
60. Ad. (ii): Consent mechanisms must not only be granular to meet the requirement of 'free', but also to meet the element of 'specific'. This means, a controller that seeks consent for various different purposes should provide a separate opt-in for each purpose, to allow users to give specific consent for specific purposes. 
61. Ad. (iii): Lastly, controllers should provide specific information with each separate consent request about the data that are processed for each purpose, in order to make data subjects aware of the impact of the different choices they have. Thus, data subjects are enabled to give specific consent. This issue overlaps with the requirement that controllers must provide clear information, as discussed in paragraph 3.3. below. 
3.3 Informed 
62. The GDPR reinforces the requirement that consent must be informed. Based on Article 5 of the GDPR, the requirement for transparency is one of the fundamental principles, closely related to the principles of fairness and lawfulness. Providing information to data subjects prior to obtaining their consent is essential in order to enable them to make informed decisions, understand what they are agreeing to, and for example exercise their right to withdraw their consent. If the controller does not provide accessible information, user control becomes illusory and consent will be an invalid basis for processing. 
63. The consequence of not complying with the requirements for informed consent is that consent will be invalid and the controller may be in breach of Article 6 of the GDPR. 
3.3.1 Minimum content requirements for consent to be ‘informed’ 
64. For consent to be informed, it is necessary to inform the data subject of certain elements that are crucial to make a choice. Therefore, the EDPB is of the opinion that at least the following information is required for obtaining valid consent: i. the controller’s identity, ii. the purpose of each of the processing operations for which consent is sought,  iii. what (type of) data will be collected and used,   iv. the existence of the right to withdraw consent,  v. information about the use of the data for automated decision-making in accordance with Article 22 (2)(c)  where relevant, and vi. on the possible risks of data transfers due to absence of an adequacy decision and of appropriate safeguards as described in Article 46.
In relation to Scientific research the guidelines state
151. The definition of scientific research purposes has substantial ramifications for the range of data processing activities a controller may undertake. The term ‘scientific research’ is not defined in the GDPR. Recital 159 states “(...) For the purposes of this Regulation, the processing of personal data for scientific research purposes should be interpreted in a broad manner. (...)”, however the EDPB considers the notion may not be stretched beyond its common meaning and understands that ‘scientific research’ in this context means a research project set up in accordance with relevant sector- related methodological and ethical standards, in conformity with good practice. 
152. When consent is the legal basis for conducting research in accordance with the GDPR, this consent for the use of personal data should be distinguished from other consent requirements that serve as an ethical standard or procedural obligation. An example of such a procedural obligation, where the processing is based not on consent but on another legal basis, is to be found in the Clinical Trials Regulation. In the context of data protection law, the latter form of consent could be considered as an additional safeguard.64 At the same time, the GDPR does not restrict the application of Article 6 to consent alone, with regard to processing data for research purposes. As long as appropriate safeguards are in place, such as the requirements under Article 89(1), and the processing is fair, lawful, transparent and accords with data minimisation standards and individual rights, other lawful bases such as Article 6(1)(e) or (f) may be available.65 This also applies to special categories of data pursuant to the derogation of Article 9(2)(j). 
153. Recital 33 seems to bring some flexibility to the degree of specification and granularity of consent in the context of scientific research. Recital 33 states: “It is often not possible to fully identify the purpose of personal data processing for scientific research purposes at the time of data collection. Therefore, data subjects should be allowed to give their consent to certain areas of scientific research when in keeping with recognised ethical standards for scientific research. Data subjects should have the opportunity to give their consent only to certain areas of research or parts of research projects to the extent allowed by the intended purpose.” 
154. First, it should be noted that Recital 33 does not disapply the obligations with regard to the requirement of specific consent. This means that, in principle, scientific research projects can only include personal data on the basis of consent if they have a well-described purpose. For the cases where purposes for data processing within a scientific research project cannot be specified at the outset, Recital 33 allows as an exception that the purpose may be described at a more general level. 
155. Considering the strict conditions stated by Article 9 GDPR regarding the processing of special categories of data, the EDPB notes that when special categories of data are processed on the basis of explicit consent, applying the flexible approach of Recital 33 will be subject to a stricter interpretation and requires a high degree of scrutiny. 
156. When regarded as a whole, the GDPR cannot be interpreted to allow for a controller to navigate around the key principle of specifying purposes for which consent of the data subject is asked. 
157. When research purposes cannot be fully specified, a controller must seek other ways to ensure the essence of the consent requirements are served best, for example, to allow data subjects to consent for a research purpose in more general terms and for specific stages of a research project that are already known to take place at the outset. As the research advances, consent for subsequent steps in the project can be obtained before that next stage begins. Yet, such a consent should still be in line with the applicable ethical standards for scientific research. 
158. Moreover, the controller may apply further safeguards in such cases. Article 89(1), for example, highlights the need for safeguards in data processing activities for scientific or historical or statistical purposes. These purposes “shall be subject to appropriate safeguards, in accordance with this regulation, for the rights and freedoms of data subject.” Data minimization, anonymisation and data security are mentioned as possible safeguards.  Anonymisation is the preferred solution as soon as the purpose of the research can be achieved without the processing of personal data.. Transparency is an additional safeguard when the circumstances of the research do not allow for a specific consent. A lack of purpose specification may be offset by information on the development of the purpose being provided regularly by controllers as the research project progresses so that, over time, the consent will be as specific as possible. When doing so, the data subject has at least a basic understanding of the state of play, allowing him/her to assess whether or not to use, for example, the right to withdraw consent pursuant to Article 7(3). 
160. Also, having a comprehensive research plan available for data subjects to take note of, before they consent could help to compensate a lack of purpose specification.  This research plan should specify the research questions and working methods envisaged as clearly as possible. The research plan could also contribute to compliance with Article 7(1), as controllers need to show what information was available to data subjects at the time of consent in order to be able to demonstrate that consent is valid. 
161. It is important to recall that where consent is being used as the lawful basis for processing there must be a possibility for a data subject to withdraw that consent. The EDPB notes that withdrawal of consent could undermine types scientific research that require data that can be linked to individuals, however the GDPR is clear that consent can be withdrawn and controllers must act upon this – there is no exemption to this requirement for scientific research. If a controller receives a withdrawal request, it must in principle delete the personal data straight away if it wishes to continue to use the data for the purposes of the research.

AI and IP frameworks in the EU

The European Parliament's Committee on Legal Affairs draft report on intellectual property rights for the development of artificial intelligence technologies states
Artificial intelligence (AI) is a field of scientific research whose origins date back to the mid-20th century. The objective is an ambitious one: to understand how the human cognitive system works in order to reproduce it and so create comparable decision-making processes. Some years ago, a new era began in AI, thanks to a combination of vast computing power, much larger numbers of data sets and powerful algorithms. 
The resulting new impetus is fuelling the development and deployment of AI in many sectors. It is making it possible, for example, to automate the analysis of clinical samples, or to adjust traffic lights in response to road traffic flows without human intervention. The potential of this technology, in terms of innovation, is therefore enormous, and it is important that the European Union adopt an operational legal framework for the development of European AI and public policies that are commensurate with the issues at stake, particularly with reference to the training of people in Europe and financial support for applied and fundamental research. This framework must necessarily include thinking about intellectual property rights (IPRs) in order to encourage and protect innovation and creativity in this area.
The definition of AI is still a matter for debate, but legal certainty is likely to stimulate the necessary investment in this area in the EU. A form of legislative flexibility should therefore be promoted in order to take account of the multifaceted reality of AI and create a framework that is future-proof (catering for further technological progress).
Upstream, consideration must first be given to assessing patent law in the light of the development of AI. Patents protect technical inventions, i.e. products that provide a new technical solution to a given technical problem. Thus, although algorithms, mathematical methods and computer programs are not patentable as such, they may form part of a technical invention that can be patented. It is crucial for the deployment of European AI that economic operators, in particular European start-ups, are aware of this opportunity.
Patent applications registered by the European Patent Office for inventions directly related to the operation of AI (core AI technologies) have more than tripled in a decade: from 396 in 2010 to 1 264 in 2017. However, it should be noted that more applications are being submitted in some third countries and that international competition in this strategic area is strong.
AI is also used by patent offices to facilitate research into the state of the art. In that connection, it seems important to point out that the technology provides useful assistance, but should not replace analysis by a human examiner as a basis for granting rights. In the field of patents, it must also be pointed out that the complexity of the reasoning used by certain AI technologies may increase the difficulty of checking that these inventions comply with existing rules.
Downstream, the growing autonomisation of certain decision-making processes can give rise to technical or artistic creations. Assessing all IPRs in the light of these developments must be a priority for this area of EU law, in order to foster an environment conducive to creativity and innovation by rewarding creators. The role of human intervention remains fundamental to the programming of AI devices, the selection of input data and the application of the results obtained. The prospect of a ‘strong’ AI, that is to say one that is conscious of itself, seems after all still to be very futuristic.
As regards copyright, the condition of originality, which imprints on the work the personality of its author, could constitute an obstacle to the protection of AI-generated creations. However, the general trend with regard to that condition is towards an objective concept of relative novelty, making it possible to distinguish a protected work from works already created. AI-generated creation and ‘traditional’ creation still have in common the aim of expanding cultural heritage, even if the creation takes place by means of a different act. At a time when artistic creation by AI is becoming more common (one example being the ‘Next Rembrandt’ painting generated after 346 works by the painter were digitised so that they could be processed using AI), we seem to be moving towards an acknowledgement that an AI-generated creation could be deemed to constitute a work of art on the basis of the creative result rather than the creative process. It should also be noted that a failure to protect AI-generated creations could leave the interpreters of such creations without rights, as the protection afforded by the system of related rights implies the existence of copyright on the work being interpreted.
Therefore, it is proposed that an assessment should be undertaken of the advisability of granting copyright to such a ‘creative work’ to the natural person who prepares and publishes it lawfully, provided that the designer(s) of the underlying technology has/have not opposed such use. This reasoning would be in line with the European system of protection of ‘works data’; such data may be exploited as part of the data used to train AI technologies which can then generate secondary creations, including for commercial purposes, provided that the right to such use has not been expressly reserved by their rightholders.
Lastly, given the essential role of data and its selection in the development of AI technologies, a number of questions arise concerning the accessibility of such data, in particular dependence on data, lock-in effects, the dominant position of certain undertakings and, in general, insufficient data flow. It will therefore be important to encourage the sharing of data generated in the European Union in order to stimulate innovations in artificial intelligence. In the short term, this may in particular be based on the transposition of the Open Data Directive and promotion of the conclusion of licensing agreements to encourage the sharing of industrial data. In the medium term, the Commission’s forthcoming proposal on the generic legislative framework for the governance of common European data areas will be decisive, in particular for access to sensitive databases such as those in the field of health.
The associated Motion for a European Parliament Resolution on intellectual property rights for the development of artificial intelligence technologies (2020/2015(INI)) states
 – having regard to the Berne Convention for the Protection of Literary and Artistic Works, 
– having regard to the World Intellectual Property Organisation (WIPO) Copyright Treaty and the draft Issues Paper on intellectual property policy and artificial intelligence Policies (WIPO/IP/AI/2/GE/20/1) of 13 December 2019, 
– having regard to Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC , 
– having regard to Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases , 
– having regard to Directive 2009/24/EC of the European Parliament and of the Council of 23 April 2009 on the legal protection of computer programs , 
– having regard to Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure , 
– having regard to Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information , 
– having regard to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC , 
– having regard to Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the European Union , 
– having regard to Regulation (EU) 2019/1150 of the European Parliament and of the Council of 20 June 2019 on promoting fairness and transparency for business users of online intermediation services , 
– having regard to the Commission White Paper of 19 February 2020 on Artificial Intelligence - A European approach to excellence and trust (COM(2020)0065), 
– having regard to the work of the High Level Expert Group on Artificial Intelligence set up by the Commission, 
– having regard to the Commission communications entitled ‘A European Data Strategy’ (COM(2020)0066) and ‘A new industrial strategy for Europe’ (COM(2020)0102), 
– having regard to the Guidelines for Examination in the European Patent Office (EPO) of November 2019, 
– having regard to the Digital Economy Work Programme 2016/05 ‘An Economic Policy Perspective on Online Platforms’ of the Joint Research Centre and its Institute for Prospective Technological Studies (IPTS), 
– having regard to the political guidelines for the next European Commission 2019-2024: A Union that strives for more, – having regard to Rule 54 of its Rules of Procedure, 
– having regard to the opinions of the Committee on the Internal Market and Consumer Protection, the Committee on Transport and Tourism and the Committee on Culture and Education, 
– having regard to the report of the Committee on Legal Affairs (A9 0000/2020), 
A. whereas the European legal framework for intellectual property aims to promote innovation, creativity and access to knowledge and information; 
B. whereas Article 118 of the Treaty on the Functioning of the European Union stipulates that the Union legislator must establish measures for the creation of European intellectual property rights (IPRs) to provide uniform protection of those rights throughout the Union; whereas the single market is conducive to the stronger economic growth needed to ensure the prosperity of European citizens; 
C. whereas recent developments in artificial intelligence (AI) represent a significant technological advance that is generating opportunities and challenges for European citizens, businesses and creators; 
D. whereas the aim of making the European Union the world leader in AI technologies must include efforts to safeguard the Union’s digital and industrial sovereignty; 
E. whereas a human-centred approach to AI is needed if the technology is to remain a tool that serves people and the common good; 
F. whereas legal certainty fosters technological development, and whereas public confidence in new technologies is essential for the development of this sector; 
G. whereas the EU is the appropriate level at which to regulate AI technologies in order to avoid fragmentation of the single market; whereas the EU regulatory framework in the field of AI will have the potential to become a legislative benchmark at international level; 
H. whereas AI technologies are regarded as mathematical methods within the meaning of the European Patent Convention; 
I. whereas AI technologies are based on the creation and execution of computer programs which, as such, are protected by copyright;  
J. whereas AI technologies, as computer programs, cannot be patented, except under Article 52(3) of the European Patent Convention; 
K. whereas the development of AI is raising questions about the protection of innovation itself and the application of IPRs to data generated by AI technologies, which can be industrial or artistic creations; whereas it is sometimes difficult to distinguish between assisted creation and AI-generated creation; 
L. whereas AI technologies are heavily dependent on data, a blanket term for information falling into a range of categories that requires protection and tailoredgovernance; whereas increased access to certain data and databases in the European Union will play a crucial role in advancing the development of European AI; 
1. Welcomes the Commission White Paper on ‘Artificial Intelligence - A European approach to excellence and trust’ and the European Data Strategy; stresses that the approaches outlined therein are likely to contribute to the deployment of the potential of human-centered AI in the EU; notes, however, that the issue of the protection of IPRs in the context of the development of AI technologies does not seem to have been addressed by the Commission, despite the importance of these rights and the role played by innovation and creativity in the EU economy; 
2. Stresses that the development and deployment of AI technologies and the growth of the global data economy make it necessary to address significant technical, social, economic, ethical and legal issues in a variety of policy areas, including IPRs; 
3. Stresses the importance of protecting IPRs in relation to AI technologies, in order to create the legal certainty and build the trust needed to encourage investment in these technologies; considers that the EU can be a frontrunner in the creation of AI technologies if it adopts an operational regulatory framework that is regularly assessed in the light of technological developments and implements proactive public policies, particularly as regards training programmes and financial support for research; 
4. Considers also that the Union must address the various aspects of AI by means of a definition that is technologically neutral and sufficiently flexible to encompass future technological developments; 
5. Recommends that priority be given to assessment by sector and type of IPR implications of AI technologies; considers that such an approach should take into account the degree of human intervention, the importance of the role of the data used and the possible involvement of other factors, such as sectoral economic equilibria; 
6. Suggests that assessment focus on the impact and implications of AI technology under the current system of patent law, trade mark and design protection, copyright and related rights, including the applicability of the legal protection of databases and computer programs, and the protection of undisclosed know-how and business information (‘trade secrets’) against their unlawful acquisition, use and disclosure; emphasises, further, the need to assess whether contract law and competition rules ought to be strengthened in order to create a more comprehensive legal framework for the economic sectors in which AI plays a part; 
7. Points out that mathematical methods are excluded from patentability unless they constitute inventions of a technical nature, which are then patentable if the applicable criteria relating to inventions are met; points out, further, that if a claim relates either to a method involving technical means or to a device, its purpose, considered as a whole, is technical in nature and it is therefore not excluded from patentability; consequently, notes that innovations in AI are patentable if the criteria relating to inventions are met; 
8. Notes that patent protection can be granted provided that the invention is new and not self-evident and involves an inventive step; notes, further, that patent law requires a comprehensive description of the underlying technology, which may pose challenges for certain AI technologies in view of the complexity of the reasoning; stresses also that reverse engineering is an exception to the trade secrets rule that may pose IPR-related problems in the context of the development of AI technologies; 
9. Notes that the autonomisation of the creative process raises issues relating to the ownership of IPRs; considers, in this connection, that it would not be appropriate to seek to impart legal personality to AI technologies; 
10. Takes the view that consideration must be given to protecting technical and artistic creations generated by AI, in order to encourage this form of creation; considers that certain works generated by AI can be regarded as equivalent to intellectual works and could therefore be protected by copyright; recommends that ownership of rights be assigned to the person who prepares and publishes a work lawfully, provided that the technology designer has not expressly reserved the right to use the work in that way; 
11. Looks forward to a review of the current policy on trade marks and designs, as these can be generated autonomously by AI applications; 
12. Notes that AI makes it possible to process a large quantity of data relating to the state of the art or the existence of IPRs; notes, at the same time, that the use of AI technology cannot be a substitute for human verification in relation to the granting of IPRs and the determination of liability for infringements of IPRs; 
13. Notes, with regard to the use of data by AI, that the use of copyrighted data needs to be assessed in the light of the text and data mining exceptions provided for by the Directive on copyright and related rights in the Digital Single Market; highlights the IPR issues arising from the creation of deep fakes on the basis of data which may be subject to copyright; 
14. Stresses the importance of full implementation of the Digital Single Market Strategy in order to improve data accessibility in the EU; stresses the need to assess in that connection whether EU rules on intellectual property are capable of protecting the data needed for the development of AI; considers that comprehensive information should be provided on the use of data protected by IPRs, in particular in the context of platform-to-business relationships; 
15. Notes that the Commission is considering the desirability of legislation on issues that have an impact on relationships between economic operators whose purpose is to make use of data, one element in which is the evaluation of the IPR framework, including a possible revision of the Database Directive and a possible clarification of the application of the directive on the protection of trade secrets as a generic framework; looks forward to the results of the public consultation procedure launched by the Commission on the European Data Strategy; 
16. Stresses the need for the Commission to continue to aim at the highest level of protection of intellectual property for European AI developers and the maximum legal certainty for users in international negotiations, in particular as regards the ongoing discussions on AI and the data revolution under the auspices of the World Intellectual Property Organisation (WIPO); 
17. Instructs its President to forward this resolution to the Council and the Commission as well as to the parliaments and the governments of the Member States