2. Right to Record Abuses to Report Them and Data Protection Policies

2 – RIGHT TO RECORD ABUSES TO COMPLAIN PUBLICLY AND DATA PROTECTION POLICIES
 

RIGHT TO RECORD ABUSES TO COMPLAIN PUBLICLY AND DATA PROTECTION POLICIES

XNet, responding to a call for action of the International Witness Organization and as part of the investigation of the United Nations Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, David Kaye, has investigated the legal framework, case law and practices regarding the “Right to Record” in Spain: the right of individuals to record and make available to the public the actions of public officials (police or others) or other systemic actors operating in towards the public while performing their duties (utility corporations) in the event of possible abuses or wrongdoing.

The conclusion is there is high degree of legal insecurity and a lack of protection for people who try to monitor and document the actions of public authorities or the powers that be.

In summary, the situation is as follows:

A right not guaranteed by law

In Spain, when abuses or malpractices are committed, there is virtually no legal certainty for recording or publishing recordings of the actions of public officials or other systemic actors operating in front of the public while performing their duties.

Freedom of information is relatively protected so that it does not collide with other fundamental rights recognised in Article 18 of the Spanish Constitution, such as the right to honour, privacy and self-image, when it comes to public officials:

Article 8.2 of Organic Law 1/1982: “Illegitimate interference (…) shall not be generally regarded as such where there is a relevant historical, scientific or cultural interest. In particular, the right to one’s self-image shall not prevent (…) capturing, reproduction or publication (…) in the case of persons exercising a public office or a profession of notoriety or public projection and the image is captured during a public event or in places open to the public.

From a general perspective, there is no structured legal certainty provided by legislation and it depends largely on the ad hoc case law. From an analysis of existing case law, it can be concluded that recordings can be considered lawful when:

• They are carried out outside the individuals’ intimate or private sphere.

• If consent has been given or whoever records it is part of the conversation.

• If they are carried out for a legitimate purpose. This refers simply to recordings to be used as evidence in legal proceedings, to report a crime, or within the scope of a business relationship, but it does not contemplate, for example, the purpose of reporting abuses.

In general, case law exceptions are very fragile and the publishing of the recordings is easily penalized, only with some exceptions in the case of the media.

At the time of the initial publication of this report, we criticised the particular treatment of law enforcement agencies, while the Law on the Protection of Citizen Security, passed in 2015 and better known as the “Gag Law”, did not specifically mention the act of recording, it introduced the at least “narrative” approach of sanctioning the unauthorised use of recordings of public servants’ -police in this case- images in some cases, penalising the use of recordings, that is to say, disseminating them, with fines of up to 30,000 euros in cases in which it was considered it might endanger the personal safety of agents or their families, protected facilities or jeopardise the success of an operation. Between 2016 and 2018, a total of 113 sanctions were dealt out under this concept for a total amount of 70,552 euros(1). It should be noted that the law talks of “use”, but it can be easily extrapolated de facto to extend it to the recording itself.

Indeed, in this regard it should be noted that on 17th October 2018 the Ministry of the Interior issued an instruction stressing that simply taking images or processing an officer’s data did not constitute an offence if it did not represent a risk or danger to them, their family, facilities or police operations (State Secretariat for Security Instruction 13/2018 of 17 October on the practice of external body searches, the interpretation of certain infringements and procedural issues relating to Organic Law 4/2015 of 30 March on the protection of public security).

However, the Instruction also recognised “the possibility of identifying the person who has taken the images, in order that, where appropriate, the State may take any appropriate actions to safeguard the rights of the law and order forces involved, or apply any administrative or criminal sanctions in the event of any subsequent irregular use of the data or images described”, which made little sense, as the taking of images mentioned above did not constitute an administrative infraction, so, it was difficult to justify identifying just in case a hypothetical infraction relating to use of such material is committed in the future(2).

All this in spite the UN has addressed this issue on numerous occasions(3), even with the recent Resolution by the UN Human Rights Council of June 2018, which recognizes the right to record and use recordings explicitly within the framework of “The promotion and protection of human rights in the context of peaceful protests”.

In general, the international framework to fight against corruption, abuses and the protection of whistleblowers, where Xnet has pioneered(4), promotes the need for citizens to be able to collect and disseminate publicly, even directly and without intermediaries, evidence without suffering reprisals, but, as can be seen, the Spanish practice and legal framework are strongly dissuasive, not only as regards the use of recordings but also for the mere act of recording.

We updated this report on November 19, 2020 following the ruling of the Constitutional Court (https://www.tribunalconstitucional.es/NotasDePrensaDocumentos/NP_2020_108/NOTA%20INFORMATIVA%20N%C2%BA%20108-2020.pdf) according to which – precisely in line with what we are defending – it declares as unconstitutional the clause of the Gag Law that allowed sanctioning the unauthorized use of images of public servants – police in that case -.
 

Furthermore, the secrecy of communications entails even greater complexity, with interception, recording and/or publishing of third-party conversations unauthorised, and the potential threat of prison sentences (up to 5 years in the case of publishing).

While we must be very precise so that the motivation to uncover bad practices is not used as an excuse to violate people’s privacy or to slander them, this precaution should not prevent the public reporting of abuses.

 

Data protection policies are the main obstacle to the right to the use of recordings

Contrary to popular belief, neither the so-called “Gag Law” nor the rights to honour and self-image are or have been the most monolithic obstacles to recording and making available to the public abuses by public servants or workers of systemic corporations.

Data protection policies are the main obstacle to the right to record and mainly to disseminate abuses because in this context, recordings always violate data protection rights if the legislation is interpreted considering all recordings and acts of publishing as a processing and transfer of personal data.

The Spanish Data Protection Agency (AEPD), as part of its responsibilities, has developed criteria in its decisions, resolutions and legal reports (specifically legal report 0077/2013) in which it dictates that the recording of images or conversations of public employees carrying out their work, and the publishing of those images without their consent, is illegal, as it is considered a transfer of their personal data.

The AEPD applied data protection regulations to an individual, despite the fact that in principle it is intended to be applied to corporations since the exception for domestic use applies to individuals, based on an extended application of the legal doctrine that since 2003 at a European level tends to render individuals responsible(5) in situations in which the information they disclose, believing themselves to be protected by the right to freedom of expression, has repercussions for society, something beyond their control.

Xnet understands and supports punishment for individuals publicly communicating personal information about third parties when collected in a private and intimate context, without informing them or obtaining their consent. This has sometimes been done by the AEPD in accordance with this doctrine (e.g. intimate photographs or private conversations(6)). The priority channel established by the AEPD(7) for this purpose and the campaign #PuedesPararlo are laudable initiatives in speeding up and making economically sustainable the preservation of people’s privacy.

On the other hand, however, Xnet considers it necessary to differentiate between cases in which the recordings of individuals have been captured in the performance of a service to the public, in a public place or at public events, in order to protect freedom of information and to enable the reporting and publishing of recordings of abuses, wrongdoing and in the public interest.

It is therefore essential that Article 85 of the RGPD be correctly transposed.

We would like to emphasise that it would be very harmful to any democracy if it were to use the first case – that of the violation of rights in the publishing of intimate information – to prevent the second case – that of freedom of information in the public interest – from being used to publish abuses.

 

Presumption of veracity

Finally, it is important to point out that in Spain there is a presumption of veracity regarding the information issued by public officials considered to be authorities (Article 77.5 of Law 39/2015, on Common Administrative Procedure of Public Administrations), and this is also included in the “Gag Law” in Article 52 (Organic Law 4/2015, of 30 March, on the protection of public safety), as regards the probative value of the declarations made by the authority’s agents).

Xnet does not want to question the relevance of this fact here, but if anything, it should be noted that, in fact, it is even more necessary to allow recordings by individuals in order to gain evidence against possible abuses and irregularities.

We believe it is important that in order to avoid physical and verbal aggressions against those working with the public, recordings of the environment or sound and users in these work areas need to be permitted. Similarly, and in reciprocity, we also need to enable recording by the public and consumers in order to enable them to report any possible aggressions, abuses, malpractice and irregularities committed by the workers or institutions and corporations that serve them. In both cases, in order to preserve the presumption of innocence, in the event of publishing, necessary measures must be taken to ensure that the person recorded cannot be recognised and that any parts of the recording that relate to private events that are not used to clarify the details of the potential abuse cannot be published.

 

RECOMMENDATIONS

As a result of the analysis carried out, in order to ensure and protect the right of individuals to record the actions of those working for Public Administrations or systemic corporations, in line with international human rights laws, XNet recommends:

• Correcting the balance of consent and ensure legal certainty for the public.

Promote regulations and laws, for example, to amend the recently approved Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights, so that the consent of civil servants or corporate workers is not required to openly capture their image and voice, in performance of their duties, when the purpose of such recordings is to oversee the proper functioning of public institutions, to report abuses of power, malpractice and abuses of defenceless users, or irregularities committed by those who serve the public. This processing of personal data may be legitimised by other legal groundings for processing provided for both by the Law on Data Protection (Article 8) and the General European Data Protection Regulation (Article 6.1, letters c, e and f): compliance with legal obligations applicable to the public, the performance of tasks carried out in the public interest and the satisfaction of legitimate interests.

Standardize the use of recording systems in a reciprocal and non-unidirectional way (that is, at the moment, only institutions and corporations record and this possibility is not provided to the public and consumers), in open spaces where services are provided to the public and phone calls to institutions and services, as a preventive measure against the commission of aggressions and irregularities, the recordings and its dissemination being only justified when abuses, wrongdoing and malpractices are committed by service providers or users.

• Protect public interest and freedom of expression and information with regards to the dissemination of the recordings. Harmonise them with the presumption of innocence.

Repeal Article 36.23 of Law 4/2015 on Citizen Security.

Promote regulations that guarantee the possibility of disseminating recordings of public officials or professionals of public notoriety or projection, public servants and officials, as well as workers of corporations that act in public or of users of these services to denounce situations of malpractice, irregularities, abuses or aggressions, respecting other fundamental rights. In other words, preserving the personal data of the person recorded and hiding/camouflaging their voice and image, or other personal data that could identify them in the dissemination. In both cases, and in order to preserve the presumption of innocence, in the case of broadcasting, the necessary measures must be taken to ensure that the person recorded cannot be recognised and that parts of the recording that are inherent to private facts that are not useful in clarifying the possible abuse cannot be broadcast, especially when the offence that is to be exposed has not been proven or made public by the competent authorities and media.

Update on 20/11/2020: on 19/11/2020 the Constitutional Court declares unconstitutional the “unauthorised” clause of article 36.23 of the Law on Citizen Security (Ley de Seguridad Ciudadana or Ley Mordaza). Press release:
https://www.tribunalconstitucional.es/NotasDePrensaDocumentos/NP_2020_108/NOTA%20INFORMATIVA%20N%C2%BA%20108-2020.pdf

• Approval of the Xnet’s Proposition of Law of Integral Protection of Whistleblowers, first European transposition of the Directive (EU) 2019/1937, of 23 October 2019, of the European Parliament and of the Council on the Protection of Persons who report infractions, registered in the Congress of Deputies: https://xnet-x.net/en/template-law-full-protection-whistleblowers/

We believe in the deterring and preventive effect of these measures.

BEST PRACTICE RECOMMENDATIONS FOR INSTITUTIONS

PRIOR TO THE AMENDMENTS TO THE LAW IN ORDER TO CREATE A MORE FAVOURABLE FRAMEWORK FOR THE RESPECT OF FUNDAMENTAL FREEDOMS

• Establish clear interpretative criteria and inform citizens about them so that they may know the limits existing between the freedom of expression and information and the right to the protection of personal data and thus facilitate the exercise of these freedoms in cases where it is in the public interest while protecting the fundamental right to the protection of personal data and the right of defense where appropriate.
Both for their protection and to protect the presumption of innocence, the public should be informed that unless there is express consent, in the event of recording and publishing recordings in which the staff of Public Administrations or systemic corporations or their users appear, they need to disseminate only those parts that contain information of relevance to the general interest; not to publish conversations or parts of conversations that contain information that clearly belongs solely to the personal sphere of the person recorded and is not relevant to the event/abuse that they wish to publish; to edit images and voice, as well as any other personal data, so that the person recorded cannot be recognized (disguise the voice, pixelate the face, etc.); publishing cannot be vexatious. The important thing are the acts being reported. Often abuses are not caused by the person who is simply a functionary, but by the structure where he or she works.

• Raise awareness among public officials, high-profile professionals and staff working for Public Administrations or systemic corporations, that disclosure of acts that take place when they serve the public can be highly beneficial for general democratic health and improving the functioning of their organizations.

• Promote an environment in which there is consent for the capture of recordings of the general functioning of both service providers and users.

• The competent authorities of each Autonomous Community may contribute to the standardization of these best practices by issuing reports, orders and binding acts in their favor, within the scope of their competences.

___________________________________________________________