Thursday, March 26, 2020

Using privacy law to prevent the death penalty

In 2018, El Shafee Elsheikh and Alexanda Kotey - two British citizens who had purportedly been stripped of their citizenship by the British government - were captured while fighting for Isis in Syria. The British government then conspired to hand them over to the US, and agreed to provide evidence against them despite the fact that they may face the death penalty. The UK Supreme Court has now ruled that that conspiracy was unlawful:

The government’s decision to cooperate with US authorities over the prosecution of two alleged Islamic State executioners without assurances that they would not face the death penalty was unlawful, the supreme court has ruled.

In a unanimous judgment that will have repercussions for US-UK relations, the court’s seven justices said the home secretary’s agreement to provide evidence about El Shafee Elsheikh and Alexanda Kotey breached data protection rules.

Delivering the judgment, Lord Kerr said that under the Data Protection Act transferring information in this context was contrary to law. He said: “Much of the information provided, or to be provided, to the US authorities consisted of personal data. It was common ground between the parties that provision of mutual legal assistance involved the ‘processing’ of such personal data falling within part 3 [of the] Data Protection Act.

“Such processing is only lawful where it complies with the data protection principles in section 34 DPA. I concluded that since the transfer of material to the US authorities without obtaining death penalty assurances was contrary to law, it followed that the first and second principles – requiring processing that is lawful and fair – were not met.”

Its a fairly weird way to approach what should be a straight-out human rights question. Opposition to the death penalty is meant to be a fundamental principle of UK foreign policy and UK law. But it turns out that there was nothing actually stopping a minister from handing over information which could see people executed. Now, there is. Unfortunately, though, it may be too late for these two men, who are still being held in US custody in Iraq.

So would this sort of collateral attack work if the New Zealand government engaged in such behaviour? Probably not. While the Privacy Act requires all collection of information to be for a lawful purpose, there's no explicit equivalent restriction on its disclosure. Instead, you'd have to rely directly on the BORA, which covers all actions taken by any part of the government, and includes explicit protection for the right to life. The courts don't really recognise "justified limitations" on that, so it is likely that they would rule disclosure of information which may lead to the death penalty as unlawful. Which seems much simpler than having to rely on privacy law.