Author: Rossa McMahon

DPC finds DEASP has been unlawfully processing child benefit data

Since 2008 the Department of Employment Affairs and Social Protection (DEASP) has issued child benefit beneficiaries with “eligibility certificates” which are, in fact, forms demanding personal information about the children involved in order to prove that they are still entitled to receive payments. The certificates are part of the Department’s “control measures”, aimed at ensuring fraudulent claims for social welfare payments are detected and that payments are not being continued for people who are no longer eligible, for one reason or other.

Such control measures might, under certain circumstances, be an appropriate and prudent measure to detect fraud and ensure that taxpayer funds are correctly distributed. I was consulted, however, by a client who had been receiving these forms repeatedly for a number of years, despite no change in circumstances.  (Note: my client is satisfied that non-identifying elements of this case are disclosed.)

The forms demanded that that the client provide the following information:

  1. For each of your children aged between 5 and 18 years, please insert details overleaf of the school or college they attend including full school name, address and phone number of the school.
  2. For children under 5 years old, please insert details overleaf of the doctor they attend or details of the playschool/créche they attend if applicable.

Initially, my client returned the forms. When they continued to arrive on an annual basis, my client wondered how the provision of this information was necessary, what it proved to DEASP and what they might do with the information to confirm entitlements. My client wondered whether this was an excessive request for personal information about children and whether DEASP was entitled to request it. The information provided in the forms sent by DEASP did not provide answers to any of these questions.

On querying this DEASP relied on various provisions of the Social Welfare Acts that regulate child benefit payments and in particular a provision that states that the Minister can require information to be furnished by a beneficiary where the Minister forms the opinion that the furnishing of that information would assist in deciding (among other things) whether a beneficiary is entitled to continue to receive child benefit.

My contention was that those provisions were not an adequate legal basis for the processing that was being carried out and that insufficient information was provided to beneficiaries about the use of the information obtained. DEASP did not accept this and so a complaint was made to the (then) Data Protection Commissioner. (This complaint was made, and dealt with, under the pre-GDPR rules established by the Data Protection Acts 1988 and 2003.)

Following a lengthy investigation and consideration of the complaint, the Commissioner has now issued a lengthy, detailed decision which finds:

  • DEASP’s stated rationale for processing the personal data involved is limited to a general description of policy objectives and control measures, and does not provide a detailed justification for the specific processing operations performed.
  • The forms issued by DEASP do not, of themselves, account for the necessity of the specific processing operations performed by the Department in this context.
  • The limited information supplied by DEASP regarding its processing is insufficient to conclude that such processing was necessary.
  • DEASP did not comply with the fairness principle because the Department selectively emphasised positive outcomes for child benefit recipients when describing the purposes of processing, which did not reflect the fact that the purpose of the processing was, to a substantial extent, the identification of persons who were no longer eligible to receive child benefit.
  • Because its information requests were mandatory and because of the types of information obtained, a significant duty of transparency fell on DEASP to explain the further processing which it intended to perform in relation to the information obtained.
  • DEASP should have provided at least information on its acknowledged “data-matching initiatives”, and specifically, information on the categories of personal data that may be processed in the course of data-matching initiatives, the purposes of processing for such data-matching and the identities of third party data controllers engaged in data-matching initiatives with DEASP.

The Commissioner notes the mandatory nature of the information requests and the fact that DEASP can suspend or terminate payments. In fact, DEASP repeatedly threatened to terminate my client’s payments and earlier this year, suddenly took the step of suspending the payments despite the fact that the Commissioner’s investigation was then at an advanced stage. Following objections, DEASP lifted the suspension pending the decision of the Commissioner.

The decision is very welcome and represents a significant challenge to the extensive and comprehensive data-gathering activities of DEASP and, indeed, other statutory bodies. It highlights the fact that the mere existence of a statutory provision or function is not sufficient to justify demands for personal data which go beyond that provision or which are not adequately explained or justified. While the decision concerns child benefit eligibility certificates in particular, it has relevance beyond those forms to many data-gathering activities of DEASP and other State bodies.

As mentioned, this is a pre-GDPR investigation and decision. The Commissioner did not refer to any intention to utilise the enforcement provisions in the pre-GDPR rules, but because DEASP continued to send out these forms and sent one to my client in 2019 (after the GDPR had come into force) that request for information by DEASP will now be considered by the (now) Commission under its GDPR complaint procedures. It is worth noting that the core data protection principles have not substantially changed, however, while the enforcement provisions have changed substantially.

Lights, camera, action?

I am not alone in wondering what the status of Limerick City & County Council’s Smart CCTV surveillance system is. County councillors have been asking what the delay with the system is and it appeared some weeks ago that the provision of legal advice to the Council was imminent but, as far as I can see, it has not been presented to councillors for consideration.

(See my previous post for some background on community surveillance and Limerick.)

The Data Protection Commission had told me last month that their office was not going to investigate complaints against the Limerick scheme because a national study on public CCTV was to commence within weeks, part of which would look at the Limerick scheme. However, the Commission also told me that it was their “understanding that the CCTV systems … are not in operation.” They did not state where that understanding came from. Somewhat unusually, the Commission does not appear to have made any public statement about its national study other than what was reported in the Irish Times in March.

So, I asked Limerick City & County Council if the cameras were recording. This request was made under section 3 of the Data Protection Acts 1988 and 2018, which allows individuals to see if an organisation is processing personal data. The Council have today told me that the surveillance system is active and recording footage. They say, however, that the footage is not currently being accessed because the cameras are being tested.

The Council’s position on this is that the system is in a “transitional” status and not a “live” or “operational” one because the footage is not being monitored. They say that the system is not not yet “live” because the Council is finalising its CCTV policy in line with the GDPR and data protection legislation. However, it is clear that the cameras are recording and the Council is, therefore, processing personal data (see Article 4 GDPR for the definition of “processing”). It is not clear what is being done with the footage recorded or what the testing of it involves.

A notable aspect of the Limerick scheme is that it has been authorised by the Garda Commissioner under section 38 of the Garda Síochána Act 2005, which provides for authorisations of community surveillance only for public order. The then Acting Commissioner confirmed to me in January that the authorisation granted was “for the sole or primary purpose of securing public order and safety in public places by facilitating the deterrence, prevention, detection and prosecution of offences.” The Council tell me that the primary purpose of the scheme is public order and safety “including” the following:

I was particularly interested in the reference to the “perception of safety” – the Council’s own statistics in the report that lead to the surveillance system show a significant drop in reported crime in many areas, including Newcastle West.

The Data Protection Commission will have to decide, in the first instance, whether or not the purposes to which the Council wishes to put its surveillance network are a justified and proportionate infringement on the privacy rights of individuals.  The remarkably vague reference to “open data” gives rise to further concern and it is again astonishing that a privacy impact assessment does not appear to have been done in advance of planning such a system.

It remains to be seen how piggybacking these additional purposes on the surveillance system is compatible with the section 38 authorisation granted by the Garda Commissioner. The Commissioner has not yet confirmed the position on that point but the previous Acting Commissioner confirmed to me that they had not, for example, authorised ANPR or tourism cameras.

Whatever results from the national study, it will be interesting to see where the Data Protection Commission obtained the understanding that Limerick’s surveillance system was not in operation and how the Council’s continuing preparations for the full operation and monitoring of the system will interact with the Commission’s national study.

Time for a regulatory review of online contracts & practices

The Consumer Protection Act 2007 was a major reform of Irish consumer law with predictably European foundations, but has had very little impact in Ireland. It is rarely enforced in any meaningful way and the lack of court cases mean it is underdeveloped, despite the Act having wide-ranging provisions, extensive criminal offences and enforcement powers and even rights for consumers to seek damages for its breach.

Given the scope of the legislation, which covers marketing, sales, pricing and contract practices, it is not hard to find consumer situations in Ireland where the Act applies but is not enforced or respected. Undisclosed advertorial, for example, is a frequent and ongoing source of controversy that came into focus with undisclosed celebrity and sportsperson endorsements but has become a bigger issue with the rise of social media influencers. Regular calls to “do something” or to provide “clarity” on the rules are usually framed in the terms of non-binding ASAI rules rather than the actual legal provisions of the Act which have a direct bearing.

Another consistent issue is contract and subscription services that can be set up online or in-app but which have complicated or disproportionately inconvenient cancellation requirements, the main culprits being online publications and utility companies. There is no fair reason for requiring someone to ring up to cancel, or to write in by post for example, other than to capitalise on inertia. In one example I have seen, customers can cancel by clicking a link in their account but that merely prompts the trader to call the customer to confirm – an unnecessary extra step which does nothing more than provide the trader with another opportunity to cajole the customer not to cancel, but which also raises contractual difficulties in determining the cancellation period.

The Act prohibits a range of commercial practices, including aggressive commercial practices. These are practices which, if by harassment, coercion or undue influence, would be likely to:

  1. cause significant impairment of the average consumer’s freedom of choice or conduct in relation to the product concerned, and
  2. cause the average consumer to make a transactional decision that the average consumer would not otherwise make.

This may not immediately seem relevant to cancellation practices, but the Act goes on to say that in determining whether the commercial practice employs harassment, coercion or undue influence, a number of things shall be taken into account, including the imposition of onerous or disproportionate non-contractual barriers by the trader when the consumer wishes to terminate the contract, exercise a contractual right or switch to another product or trader.

In 2011, the Bulgarian Supreme Court found that burdensome termination requirements effectively trapped consumers in automatic renewals of a service, amounting to an aggressive commercial practice. It is worth noting that, in Ireland, aggressive consumer practices are not just prohibited, they are a criminal offence. The penalties under the Act can be serious, ranging up to a fine of up to €5,000 or imprisonment for up to 12 months on summary conviction or up to €60,000 and 18 months on indictment.

The history of Irish regulatory law and enforcement, particularly in consumer law, suggests that prosecutions will continue to be rare and even if brought to conviction penalties will be at the low end of the scale. However, Irish consumers are entitled to a more activist consumer regulator monitoring terms and conditions and trader behaviours, particularly given that the lack of class action structures in Ireland means that the civil remedies in the Act are usually not cost-effective to invoke, devaluing another incentive for traders to improve behaviour. I have had District Court cases with awards of aggravated damages in the region of 25% due to misleading commercial practices, but the consumers involved had significant contractual claims to begin with. For most, private enforcement of a breach of the Act will not be worthwhile.

The merger of the under-resourced Competition Authority with the under-resourced Consumer Agency to form the Competition and Consumer Protection Commission has continued the trend of insufficient enforcement and monitoring of both areas of the law, but the emphasis remains on competition and merger control.

The Commission has only published lists of consumer protection enforcement measures taken up to the end of 2016 and for that year it reports 40 enforcement actions, but which cover only 7 categories of consumer law breaches and only three categories of remedial action (none of which were prosecutions). From 2012 to 2016 one major Irish retailer appears on the enforcement list 40 times, with some entries relating to multiple offences. Only one conviction is recorded, in the 2012 enforcement list. It would appear that fixed payment notices and other minor measures are a mere cost of doing business, rather than something that leads to an improvement for consumers.

The most commonly enforced rules are those prohibiting the car “clocking” and price display regulations. However, a significant amount of consumer disposable income is likely now spent on daily transactions, particularly through mobile internet use, which involve lengthy contracts with detailed terms and conditions. It is time for a detailed study of these terms and practices to check for compliance with the Act and a number of other relevant pieces of consumer legislation.

Community surveillance & Limerick’s Smart CCTV scheme

A Smart CCTV installation in The Square, Newcastle West

I have had a draft blog post lingering for many months addressing some of the issues and concerns with community surveillance, particularly in light of Limerick’s “Smart CCTV” scheme which, I believe, will be a model for a national network of community surveillance.

Quite a lot has since been written (and spoken) about the issue so I include links below to various reports and discussions about the scheme, and some other schemes around the country.

The Data Protection Commission is about to conduct an examination of public sector CCTV schemes nationally. The results of this will be interesting, particularly if one is to interpret anything from the recently-published proposed list of activities that will require a data protection impact assessment under the GDPR (I suggest that one should).

Given the commencement of the GDPR and Data Protection Act 2018, and the forthcoming examination by the DPC, one would think that they State authorities might pause these systems so that a national approach to them could be put in place before expanding their scope further. The opposite seems to be the case.

Media coverage

Other background information

Litigation disclosure of personal data

Photo © Convert GDPR
Photo © Convert GDPR https://www.convert.com/GDPR/

Litigation solicitors often request and disclose too much information about clients when representing them in court cases. The imminent data protection reforms in the GDPR are bringing data protection issues into focus on a daily basis, not least the routine things many businesses and professionals do and have always done which might not be acceptable under the GDPR or even existing data protection law.

Respecting privacy, and the GDPR, requires that we all consider and reconsider what personal data should be collected and what can or should be done with it. Solicitors owe a duty to their own clients, for example, not to unnecessarily disclose personal data.

What is the issue

This often arises when dealing with requests for information or documentation from “the other side” in a case. If you sue someone there is certain information you must provide the other side with, and some information they are entitled to ask for.  I’m going to use the example of personal injury cases, as they are the most relevant in this context.

In those cases the injured party (the plaintiff) has to give certain basic information like their name, address, PPSN, details of special damages and negligence alleged. The person being sued (the defendant) can ask the plaintiff for some additional information such as about previous personal injuries, claims and treatments where relevant and, if asked, the plaintiff must answer. These questions are put in what is called a “notice for particulars”, a document sent by the solicitor for the (usually) insurance company defending the claim. If the plaintiff refuses to answer the notice with “replies to particulars”, the defendant can ask for a court order compelling the plaintiff to answer.

That does not, however, mean that all questions must be replied to. The purpose to particulars is so that the defendant knows what case they have to meet at trial and to prevent them being surprised with unexpected allegations. It is not a means of a defendant getting advance details of the evidence that will be presented at trial, nor is it an opportunity for a fishing expedition for information about the plaintiff. It is, however, often treated as just that and defendants often ask all sorts of questions about the plaintiff’s family and domestic circumstances, personal and employment history and medical affairs whether or not they have a bearing on the case.

The (non-data protection) law on particulars

Mr Justice Hogan delivered a significant judgment (Armstrong v. Moffatt) on replying to notices for particulars in 2013. The judgment provides a good run-through of the law on particulars but Hogan J was notably critical of the practices which had developed in recent years of defendants seeking a huge range of information, and of plaintiff solicitors going along with these requests.

Not least in personal injury cases, the particulars sought in many cases had reached something of an art form. Quite often no possible detail or dimension of a [claim] remained unexplored at the hands of pleaders who at times seemed to revel in this glorious new art form. It was by no means uncommon to find notices for particulars stretching to twenty or more paragraphs, often replete with individual sub-paragraphs. Most litigants (or, perhaps more accurately, their solicitors and junior counsel) simply yielded dutifully to these requests, as it was often more convenient and expedient to do so rather than to take a stand on principle. In retrospect, the courts should, perhaps, have been more prepared to strike out many of the pre-rehearsed requests as oppressive and, in some cases, as constituting quite simply an abuse of process …  [M]any of the requests in this and similar cases are either irrelevant or not permissible in law as particulars are nonetheless steadfastly advanced shows that many pleaders have simply gone astray in their enthusiasm to interrogate every possible detail of their opponent’s claim.

While the judgment did not mention and was not based on data protection law it was, in effect, a call to action addressed to solicitors on both sides: stop requesting so much information in notices for particulars, and stop acquiescing to excessive requests.

Unfortunately, it has not been heeded. The practice certainly varies from solicitor to solicitor but some insurance defence solicitors continue to issue lengthy notices for particulars, often with very surprising questions about the plaintiff’s personal life and family circumstances that do not appear to have any bearing on the case. Moreover, judges have not always accepted arguments against providing replies to particulars on the basis of Hogan J’s judgment.

A similar issue arises in the context of voluntary discovery, which involves the handing over of full records rather than just replying to questions. I would  hope that solicitors are generally more restrictive when it comes to discovery, but solicitor Dervila McGirr quite rightly criticises the reliance on discovery “on the usual terms”, particularly in relation to extensive requests for highly sensitive medical records, and the impact on client privacy. There should be little if any basis for operating “on the usual terms”. Each request for information or documentation should be considered on its own terms.

It is important to note that in these situations, a solicitor acts as the “agent” of her/his client. I won’t digress into the field of agency law but a solicitor acting as agent of the client has a certain amount of latitude to do things on behalf of a client with their authority (whether explicit or implied). Delivering replies to particulars is one of those things, but how far does a solicitor’s authority go? Surely not to hand over personal data wholesale. However, in personal injuries cases at least, the client must swear an affidavit of verification confirming the accuracy of the information in the replies to particulars so the client necessarily has to have reviewed what is in the document. You could, therefore, argue an express authority to hand over the information (after all, the client confirmed the contents), but does it end there?

Which is where data protection comes in

Quite simply, if a defendant is not entitled to certain information in the course of obtaining further and better particulars, what right does a plaintiff’s solicitor have to provide the information? The obligations of the Data Protection Acts (and the GDPR/Data Protection Bill) mean that a solicitor should consider whether the defendant is entitled to the particulars sought. If not, the information (which will often be sensitive personal data) should not be disclosed to the defendant.

A client may have reviewed the contents of replies to particulars and confirmed them in an affidavit of verification, but have they consented to the release of the personal data or expressly authorised it? Consent is notoriously problematic in data protection, and for sensitive personal data (which many replies to particulars in personal injuries cases are) it must be explicitly given. If a solicitor puts draft replies to particulars in front of a client, asks that they be checked for accuracy and that an affidavit of verification be sworn, at what point was the client given a clear explanation of the processing involved (the disclosure to the other side)? The key explanation should involve advice as to whether or not the client is required to disclose the particulars. And this is, I suspect, where many would fall into difficulty.

What is the consequence?

This issue does not appear to have been the subject of a judicial decision or complaint to the Data Protection Commissioner (yet), but this is true of many persistent issues in data protection.

A possible explanation is the lack of serious consequence to date. There has, possibly, been too much deference to exemptions and exceptions in the Data Protection Acts relating to litigation and connected services. And while the Acts (section 7), impose a duty of care to data subjects under the law of torts, the utility of that provision was almost entirely hollowed out by a High Court decision in 2013 (Collins v. FBD). Section 7 was never satisfactory and the Collins decision made it worse, requiring that  a plaintiff had to show specific loss in order to claim damages – i.e. the fact that the duty of care owed to them was breached in some way alone was not enough to obtain compensation. Eoin O’Dell’s excellent paper on compensation for GDPR breaches expertly outlines the issues with Collins, forcefully concluding:

the decision … in Collins is quite simply wrong – as a matter of principle, as a matter of national law, and as a matter of European law

In addition, judges sometimes order that replies to particulars be given which should not be ordered – many plaintiff personal injuries solicitors will probably have had this experience in the past. While, under the Acts, this may cure data protection issues for the plaintiff’s solicitor (because there is now a legal obligation to disclose the personal data) the GDPR, again, changes the landscape.

Which is where the GDPR comes in

Mr Justice Frank Clarke (Chief Justice) has recently commented in a number of forums about the challenges the GDPR raises for the judiciary and the need for privacy training among judges. Future disputes about particulars and discovery are likely to involve increased reliance on data protection concerns and the GDPR when before the courts. All of this should mean a more restrictive disclosure regime than has often existed in Ireland, despite the decision in Armstrong v. Moffatt on particulars and the changes in relation to discovery outlined by McGirr.

In the context of voluntary particulars and discovery, while O’Dell points out that the decision in Collins would not survive further challenge, it will be made redundant by the GDPR which requires that someone whose rights under the Regulation have been infringed must be entitled to seek compensation for both material and non-material rights (section 112 of the Data Protection Bill 2018 purports to implement this).

It is difficult to see how a solicitor is fairly processing personal data by unnecessarily disclosing it in these circumstances. This has been the case for many years, but a key change with the GDPR is that breach of data protection rights will no longer be mere technical, regulatory breaches but actionable ones that could give rise to compensation.

And, legal provisions aside, there is a very obvious and natural objection that someone might have to sending out all manner of personal information (including information about other family members or cohabitees) to third parties where it is not necessary to do so. Defence solicitors need to be robustly challenged on notices for particulars, or plaintiff solicitors may find themselves struggling to justify the unnecessary disclosure of their client’s personal data to insurance companies.

Unanswered questions in the Garda FCPS report

Unanswered questions in the Garda FCPS report

Over the past 24 hours the media has focussed on one of the two reports published by An Garda Síochána yesterday. The report into mandatory alcohol testing checkpoints is important and the discrepancy in testing remarkable, but no-one was wrongly prosecuted or convicted as a result of the errors involved. This is exactly what happened due to problems with the Fixed Charge Processing System (FCPS), the subject of the second report. Unfortunately, the report only explains how summonses were wrongly issued, not how so many resulted in convictions before the issue was spotted.

The report details a number of failings which led to the wrongful prosecution and conviction of thousands of citizens. In short: a massive IT system was rolled out with too many people involved in its operation, no training provided to its users and updates applied to it on a piecemeal basis. Some of the reasons for these issues are the type of thing that can happen with any IT system but are remarkable given that the system involved is part of the State’s criminal justice apparatus, with serious consequences for citizens. For example:

  • “This problem should have been foreseen but was not.” (p.35)
  • “Members of An Garda Síochana were not given any formal instruction on the FCPS or the issuing of Fixed Charge Notices (FCN‘s) between 2004 and 2016.” (p.36)
  • “A [Fixed Charge Processing Office] FCPO home page exists [on the Garda Portal] but this does not contain all related and necessary information … There is currently no one place that Garda personnel can go and get comprehensive, clear, concise and up to date direction on using the FCPS.” (p.36)
  • A Manual Summons Report, which was intended to inform prosecuting gardaí that a fixed charge offence would not lead to a summons being issued automatically and would need manual intervention “remains largely unknown by district staff members and there is still much confusion about same.” (p.37)
  • “From the day this system was created there was a lack of functionality between the two core systems i.e. FCPS and Pulse.” (p57)

This report comes on the back of, and refers to, a report by the Garda Síochána Inspectorate on the FCPS in 2014 which said that fixes to various issues in the system had resulted in a “technically deficient, managerially uncoordinated, ineffecient and excessively resourced support unit” (p.9 of that report).

The new report identified a number of issues that required a solution but the one that remains unexplained and is difficult to comprehend, is where convictions were imposed for driving without an NCT certificate where the accused had already paid a FCN.

The crucial point here is that one cannot be convicted of Fixed Charge Offence if a FCN has not issued in advance. If no FCN was issued or received by the accused, or if it was issued and was paid, the accused has a full defence to the charge. So why did we not encounter thousands of people in court between 2014 and 2016 giving evidence that they had paid their FCNs?

Gardaí first became that there was a defect in the FCPS in respect of the NCT offence on 6 February 2016 and set about examining and rectifying the issue. Separately, on 26 April 2016 a Garda Sergeant contacted the Garda Information Services Centre to report that a defendant in a particular District Court had appeared on foot of a summons for driving without an NCT certificate when it transpired that the defendant had (a) received a FCN in advance and (b) had paid the fine. The summons should have never issued but, in the event, the defendant had a full defence and the charge was struck out. What beggars belief is that this was the first time the issue arose in a court.

The report gives us only one aggregate figure for convictions arising out of the various issues identified: 14,700 (p.33). It is not clear whether this 14,700 relates only to NCT convictions or to the full range of FCOs. The issues outlined in page 33 are different from those in page 56. How many of the 14,700 convictions referred to were cases where the FCN had been paid, or is there a different statistic entirely for that issue? The report is not just unclear, but confused.

Bear in mind that a court conviction for driving without an NCT carries 5 penalty points, and 12 penalty points leads to disqualification (7 for learners and novices). A second conviction for driving without an NCT carries an automatic 2 year disqualification. So, in almost 15,000 convictions, were there none where the accused was at risk of disqualification or was in fact disqualified? How was it that no-one came to court before 26 April 2016 to say that they had already paid a FCN and should not have been prosecuted? How was there not at least one driver who learned of a conviction and then appealed it because they had already paid the fine?

Are we to accept that thousands of drivers received notification that they had been convicted of an offence and received penalty points and, possibly, a disqualification from driving even though they had already paid a FCN, and they did nothing?

The failure to address this aspect of the examination means that the following further detail is needed:

  • Of the 14,700 cases identified, how many were prosecutions where the FCN had been paid?
  • Of those cases, how were the summonses served and have the declarations of service been examined?
  • How many of those convictions were recorded in the absence of the defendant?
  • How many of those convictions resulted in the disqualification from driving of the defendant?

A note in the report, after a review of previous reports into the FCPS, states:

The recommendation that the process becomes totally automated using technology to ensure more consistent results is a common theme throughout all these reports. (p.43)

That is well and good, but some of the problems that have arisen are the result of automation and technology. They can be fixed, but a greater degree of care is required in designing and implementing these systems. If Amazon’s order fulfillment system gets a code wrong you might “The Pelican Brief” on DVD instead of in paperback, if the Gardaí’s system gets a code wrong you might get a criminal record.

Average personal injury awards did go up in 2014, not claims

What will this mean for Ireland Inc?
What will this mean for Ireland Inc?

For over a year now the Irish insurance industry has been spinning dramatic price hikes in car insurance as being the result of claims – those awful people injured in car accidents who dared to claim against insurance are the fault, along of course with their lawyers.

It is quite obvious that there are multiple factors at play in the car insurance market. New regulatory rules, bad investments, bad management and years of overly-aggressive competition are clearly the major factors now biting the industry. But it is far easier to blame lawyers, demonise claimants and pretend whiplash is an imaginary injury.

But two things have taken the wind out of the insurance industry spin: the Injuries Board using actual research and statistics to counter the allegations and the dramatic intervention of the Competition and Consumer Protection Commission.

One spin in particular, though, will not die: the suggestion that there was a huge jump in court injury awards from 2013 – 2015. On RTÉ’s Nine News last night (5 October 2016, from 1:43) Kevin Thompson, CEO of Insurance Ireland, made the claim again:

We’ve also seen a 33% increase in the level of awards in the Circuit Court from 2013 – 2015.

This is amazing. Injury awards suddenly up by one third! But this claim, often made by insurance industry spokespeople, raises two obvious questions: (1) why did this happen in the Circuit Court?; and (2) what happened between 2013 and 2015?

The answer is simple. In 2013, the Courts and Civil Law (Miscellaneous Provisions) Act 2013 was introduced. It, among other things, raised the jurisdiction of the Circuit Court, so that court could deal with some higher-value claims. So yes, average awards went up.

The District and Circuit Courts have upper limits on the compensation they can award and until 2014, when the law took effect, the maximum the Circuit Court could award was €38,092.14. That odd figure is £30,000 in old money, hinting that the limit had not been changed in a very long time. In fact, since the late 1990s many argued for an increase in jurisdiction for the District and Circuit Courts to address inflation and the changing nature of litigation. In 2010 I wrote that such a change was long overdue and would help to reduce legal costs. The government had introduced a law in 2002 to allow them to change jurisdiction limits but failed to do so, partly due to insurance industry lobbying.

Increasing the jurisdiction of the lower courts allows them to hear a range of cases that they are more than capable of dealing with, at a lower cost. So, increasing court jurisdiction limits should reduce legal costs.

The increase in Circuit Court jurisdiction in 2014 raised maximum personal injury awards by that court by €21,907.86 – around 57%. This is a significant increase and one which has an immediate impact on statistics, particularly average awards. There is no reason that a Circuit Court judge would award more than a High Court judge in a particular case, so there should be no award inflation. But the average Circuit Court injuries award will naturally increase. Likewise, at High Court level, the average award increases because the lower value awards up to €60,000 are taken out.

So, it is not at all surprising that there was an increase in Circuit Court compensation levels from 2013 to 2015 – the jurisdiction level increased 57% but the average award only 33%. Average award levels limited to one court jurisdiction are of little use in considering the overall levels of compensation awarded or general claims activity.

What the insurance industry does not say, and cannot say, is that this 33% was a result of overall compensation inflation.

HSE abolishes new national fee for calculating loss of earnings

 

hsePersonal injuries compensation is usually assessed by the Injuries Board, though many claims end up in court afterward. Both the Injuries Board and the courts calculate compensation on the basis of general damages, a somewhat unscientific amount awarded for pain and suffering, and special damages, which are made up of specific expenses.

A common claim special damages claim in a personal injuries case is for loss of earnings. The injured party will get a certificate from their employer calculating what earnings were lost due to the injuries suffered and the certificate will be used as evidence to support their claim. Recently,  the HSE started charging its own employees €123 for providing a certificate of loss of earnings. This was surprising as while providing the certificate involves some work for the employer, they should have the information readily available and providing it seems part of the ordinary obligations of an employer to an employee.

When I first came across the charge it I queried it with the HSE, who said it was a new standardised fee. I asked the Injuries Board if they would include such a fee in calculating special damages for a claim and they said they would not. So the injured party would either have to pay the fee themselves or risk not having an accurate loss of earnings claim.

Last week, the Injuries Board wrote to me to say that they were taking the issue up directly with the HSE.

In the meantime I had made a freedom of information request to the HSE about the introduction of the fee, with an interesting result. It appears that the HSE began to consider introducing this standardised fee in March 2013. They thought about it at a number of meetings in 2013/2014 and tax advice was taken which confirmed that vat would apply to the fee. They went ahead and introduced it.

There was a gap in documentation after 2014 until 21 September 2016 (two weeks ago), when the general manager of national payroll for the HSE sent an internal email as follows:

Following a review of the charge for Loss of Earnings calculations, it has now been agreed to abolish same effective immediately.

It does seem odd that a process was engaged in over two years to discuss and decide on the national standardised fee, but the review of it which lead to its abolition appears to have come out of nowhere and the only document about it is an email confirming the decision.

But nevertheless, the abolition of the fee is welcome (although, the email says that any existing charges which have been billed remain). Fees of this nature are unnecessary hidden costs in personal injuries claims. When the insurance industry complains about legal costs, it never breaks down the costs and it is worth drawing some attention to the State costs involved.

Insurer spin on compensation working, despite evidence

"Claim? But what about our international reputation!"
“Claim? But what about our international reputation!”

The insurance industry is taking advantage of the current interregnum to step up its media campaign against paying compensation to injured parties. This is a concerted campaign with almost daily media reports of the damage allegedly high compensation levels and legal costs are doing to the insurance industry, the economy and even Ireland’s foreign direct investment. It appears to be working, despite all evidence suggesting that other factors are causing premiums to increase.

Today is the turn of the Small Firms Association, who claim that compensation “culture” is now “out of control”. According to the SFA:

Since 2011 insurance costs have risen by 30 per cent, the association said, with a large part of the jump occurring within the past 12 months.

What you won’t find anywhere, however, is evidence to suggest that this huge hike in premiums has been caused by compensation, or how “compensation culture” is “out of control”. On the contrary, all indications are that the main reasons for insurance increases have nothing to do with compensation. Industry spin is having the desired effect, however, with even Minister for Jobs, Enterprise and Innovation appearing recently to come around to the industry point of view.

I recently requested documents from the Department of Jobs, Enterprise and Innovation on representations by the insurance industry and in the documents released were records relating to two industry meetings where the Minister was lobbied on insurance costs.

The first meeting was with executives from Axa and was requested through Fine Gael Councillor Anthony Lavin, who is also a customer care manager with Axa. It took place on 8 October 2015. A further meeting took place with Insurance Ireland, the industry body, and was arranged through PR consultants.

The Minister’s briefing materials included a National Competitiveness Council report on insurance costs. Recent newspaper articles have referred to this report and its reference to legal costs supposedly being “sticky”, but generally do not point out other important aspects of the report.

  • The industry frequently says motor claim awards are too high but “64% of PIAB [Injuires Board] awards for motor injury claims are for <€20,000 … the cost of processing a claim through the PIAB is at historically low levels”.
  • The review of the book of quantum “could result in higher costs, and ultimately higher premiums.”
  • Legal costs “proved extremely sticky” apart from “a brief period in 2013”. The evidence for these comments is not referred to.

Minutes of the meeting record that the Minister made a number of counter arguments to Axa on compensation concerns, for example that medical negligence cases skewed comparisons of compensation payments and that the level of awards by PIAB was “fairly consistent” from 2010-2014, with the majority of awards being under €20,000. He said it would be helpful if the industry provided more information on “untracked cases”. These are mostly cases that are settled between claimants and insurers with the result that the State agencies do not learn what the outcome is.

Given that Axa and the industry are seeking a number of reforms that would require them to be given more statistical information by PIAB and the Courts Service, it is peculiar that the industry continues to be remarkably reticent on providing details on untracked cases. The note of this meeting states that Axa agreed to “work with Insurance Ireland with a view to supplying” this type of data.

Axa appeared to focus on what were effectively four case studies of recent court cases where the awards exceeded what the insurers had valued the cases at. Axa were not, in fact, the insurer in any of these cases. A limited number of court awards are not, of course, representative of most claims and indeed the note of the meeting between the Minister and Insurance Ireland on 6 November 2015 stats that about 20% of claims go to PIAB, of which about 40% are rejected and settled and “[a] small number of cases are finalised by the Courts.”

 

Axa, along with many other parties, has made submissions to DJEI on the operation and implementation of the PIAB legislation, which has been ongoing for some time. A significant suggestion is that the limitation period for personal injury claims be reduced to one year (at the moment the limitation period is two years). This proposal was already considered when the legislation was introduce to establish PIAB and the government decided against a one year limitation period.

It was felt at the time that such a short limitation period would exclude many valid claims or that it would drive people into dealing with lawyers and claims at a time when they might still be receiving treatment or in recovery. A one year limitation period would be extraordinarily restrictive, its only aim and affect being to reduce the liabilities of insurance companies by excluding valid, genuine claims.

A further surprising proposal is to allow PIAB to award “some form of Legal fees to lawyers that will allow for a higher acceptance rate of awards.” The insurance industry’s objective in having PIAB established was to drive a wedge between injured parties and solicitors, who might provide claimants with independent, expert advice. This was to be achieved by the law providing that no legal fees would be awarded by PIAB (except in limited situations, and even then in very small amounts). The industry repeatedly claims that, despite PIAB being intended to be a “lawyer free zone”, over 90% of claimants are represented by solicitors (again no evidence is publicly available to support this claim). Axa’s proposal appears to accept that the right of people to seek professional representation is still exercised in most cases, despite the cost implication at present.

The above documents and some others are available here on Scribd. They suggest that government departments and the National Competitive Council do not necessarily share the views of the industry and are aware of other factors affecting the insurance industry.

However, since the Minister’s meetings with the industry late last year, during which he did not appear to accept what was being said on compensation and PIAB at face value, he has since sought “judicial buy-in” for the as-yet incomplete revisions to the book of quantum and makes the same points on insurance costs put forward by industry representatives.

The bulk of media reporting and commentary on insurance premium hikes remains focused on and obsessed with compensation, with little being said or asked about Solvency II, RSA, FBD and other industry-specific issues.

New podcast: Adventures in Information

artworkYou might be interested in a new podcast I’m making called Adventures in Information.

On the surface it’s about freedom of information, but also data protection, politics and, primarily, anything interesting that has been found out using freedom of information.

I’ll be talking to a diverse range of people involved in (or enthusiastic about) FOI, from journalists to solicitors and advocates/agitators.

Tune in! You’ll find all the information you need on the podcast website, including links to the podcast page on iTunes and the RSS feed to subscribe using other apps. You can also play the episodes directly there.

Episode 1 is now available – I talk to Simon McGarr about the Department of Education’s primary online database and how all is not as it may seem.