Audit Scotland is, without question, a Public Authority. Article 8 is,
therefore, very clearly engaged.
This is how I see it.
The employee has a right to the privacy of their banking arrangements
UNLESS the requirement for compulsory disclosure is
(a) in accordance with law;
and
(b) necessary in a democratic society and proportionate.
What this means is, that first of all, Audit Scotland must have
statutory powers which explicitly allow the compulsion that is
apparently placed on the employee.
If they do not have powers, the employee does not have to provide the
requested information. If sanctions are applied in those circumstances,
I would suggest that those sanctions would be ultra vires and therefore
unlawful.
Even if Audit Scotland do have statutory powers, those powers must be
necessary in a democratic society.
Article 8 is a qualified Convention right, so justification of
necessity is possible.
Prevention and detection of crime is one of those justifications which
could easily permit qualification of the right. However I fail to see
how mere bank account data is necessary in these circumstances. In any
event, surely there would have to be some form of reasonable suspiction
of an offence to exercise compulsion for the prevention and detection of
crime?.
Finally, even if you can show that the interference with the Convention
right is both according to law, and necessary, it must still be
proportionate. This is often called the 'sledgehammer' criterion. (i.e.
what you must not use for the purposes of accessing the edible part of
nuts).
So if the interference is disproportionate (and in the absence of
reasonable suspicion it would appear to be) then the interference with
the Convention right is unlawful.
And the powers of compulsory disclosure, if they exist in in secondary
legislation, may potentially be quashed.
Does this help?
Nigel
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|