covid banner

Phone Hacking – the law not the news

The recent and unprecedented phone hacking scandal has drawn attention to the need for clarity in this area, as growing numbers of potential claims come to the fore. As is well known, English law does not recognise a general right of privacy although it has developed various ways of protecting privacy in particular circumstances.

Phone hacking can amount to either a criminal or a civil offence, but the police may not take action in some cases, leaving it to individuals to seek a civil remedy. Even where criminal cases are successful, there has been no compensation for the individual arising from the criminal prosecution.

The lead cases in the area of privacy, being that of Naomi Campell and Max Mosely, may provide guidance as to the approach likely to be taken by the courts in phone hacking claims. Where truly private material has been intercepted or obtained without consent, and there is no public interest justification, the claimant will have a right to damages, but the level of damages is difficult to predict and so far, the courts have not awarded exemplary damages.

A number of test cases are due to be heard in January.

The Law

Regulation of Investigatory Powers Act 2000 s1 RIPA 2000

Under RIPA it is a criminal offence to intentionally and without lawful authority intercept any communication in the course of transmission.

Landlines, mobiles, emails, texts and pager messages are covered by this provision with interception meaning to make information available to someone other than the sender and intended recipient.

There is however debate as to the interpretation of ‘in the course of transmission’ and its application to voicemail messages. It is widely accepted that unopened voicemails, being those awaiting collection that have not yet been delivered, are included but it is unclear whether those that have been listened to would be covered.

Previously a narrow view has sometimes been taken that the legislation only applies to unread voicemail, thus leading to the conclusion that there is no offence under RIPA if the voicemail has already been heard. This approach leaves the law in a curious position where the determination of whether an offence has been committed is based on the technical arguments of the way in which voicemail systems operate, rather than focusing on whether the voicemail has been intercepted.

The narrow interpretation has been challenged by the suggestion that a voicemail is stored on the server of the service provider rather than the handset. Accordingly each time a message is listened to, communication is made with the server, and this is in the course of transmission, irrespective of whether it had previously been listened to.

Despite the importance of the interpretation of this section, particularly in light of the current scandal based on hacking into voicemail messages both read and unread, the courts have not yet considered the issue.

There is a maximum custodial sentence of two years and/or a fine. In cases where the offence is committed by a company, where the organisation have permitted the company to commit the offence, or negligently failed to prevent the company committing the offence, that person or persons would be liable together with the corporate body.

Computer Misuse Act 1990 – s1 CMA

This is a key antihacking measure, which provides that the person is guilty of an offence if he secures unauthorised access to computer material or enables such access to be secured. Although “computer” is not defined in the Act it is generally accepted that a mobile phone is a computer together with the server that stores the voicemails, alternatively voicemail could also be considered a programme under the Act.

On summary conviction, the offence is punishable by a fine and/or imprisonment for a term of up to twelve months. On conviction on indictment, the offence is punishable by a fine and/or imprisonment for a term of up to two years.

This statute may be used to prosecute phone hackers in the future as it is specifically drafted to deal with circumstances such as those where voicemails have been deleted.

Data Protection Acts – 55 DPA 1998

The DPA states that it is an offence to knowingly or recklessly obtain, disclose or procure the disclosure to another of personal data, or information contained in it, without the consent of the data controller unless for the purpose of preventing or detecting crime. The defence of public interest would be available but the occasions of genuine public interest will be rare.

The penalty is currently limited to a fine and in practice these have been for small amounts, despite the Information Commissioner’s Office having the ability to impose fines of up to £500,000 for serious/significant breaches of any data protection principle. The Information Commissioner has called for a maximum two year prison sentence to bring this offence in line with that under RIPA and CMA, and in fact this is already on the statute books.

Another issue is that although the Information Commissioner’s Office has the power to prosecute those responsible for phone hacking, it lacks the resources to prosecute the national press, and those cases brought have been vigorously defended.

Breach of Confidence

A breach of confidence arises where the necessary degree of confidence is present, information is provided in circumstances that import an obligation of confidence and there is unauthorised use or disclosure of that information with at least the risk of damage.

Invariably, hacking into an individual’s voicemail will provide grounds for a claim for breach of confidentiality and privacy.

Whether it is unlawful will depend on whether the test in Campbell v MGN Ltd [2004] is satisfied. The test is whether an individual has a reasonable expectation of privacy in the intercepted communication and, if so, should the interest of the individual yield to the right to freedom of expression.

The reasonableness of the expectation of privacy of your personal voicemails is indisputable provided it is not trivial or available elsewhere and only if there is an overriding right to publish the contents will the individual lose their right to privacy. The public interest threshold has been set high by Mosley v News Group Newspapers Ltd [2008], therefore only where there is a genuine public interest will this serve as a defence.

We have specialist expertise to advise you in privacy claims and related matters including defamation, breach of confidence, copyright, data protection and security, harassment or nuisance.

For further information please contact Dominic Green
t: 0207 227 7411
© RadcliffesLeBrasseur
October 2011


This briefing is for guidance purposes only. RadcliffesLeBrasseur LLP accepts no responsibility or liability whatsoever for any action taken or not taken in relation to this note and recommends that appropriate legal advice be taken having regard to a client's own particular circumstances.