ARZ15 v Minister for Immigration

FEDERAL CIRCUIT COURT OF AUSTRALIA

REPRESENTATION

ORDERS

1. The application be dismissed.

PEG 196 of 2015

Applicant

And

First Respondent

Second Respondent

FERGUS MCCORMICK, DEPARTMENT OF IMMIGRATION AND BORDER PROTECTION

Third Respondent

REASONS FOR JUDGMENT

Background

1. This is an application filed on 6 May 2015 in the Perth registry of the court seeking declaratory and injunctive relief in relation to an assessment of non-refoulement obligations owed by Australia to the Applicant in an International Treaties Obligations Assessment (ITOA) dated 14 April 2015 conducted by the Third Respondent, an officer of the Department of Immigration and Border Protection (the Department).  The ITOA found that the circumstances of the Applicant’s case did not engage Australia’s non-refoulement obligations.

2. In October 2015 orders were made by consent adjourning the matter until after determination of the then pending application for special leave to appeal to the High Court from SZSSJ v Minister for Immigration and Border Protection (2015) 234 FCR 1; [2015] FCAFC 125. Subsequently the matter was transferred to the Sydney registry.

3. The Applicant, a citizen of Nepal, first arrived in Australia in February 2008 as the holder of a student visa which ceased in May 2010. Thereafter he remained unlawfully in Australia. On 21 March 2013 the Applicant was detained under s.189(1) of the Migration Act 1958 (Cth) (the Act). He is no longer in detention.

4. On 24 April 2013 the Applicant lodged an application for a protection visa.  The application was refused.  He unsuccessfully sought review by the Refugee Review Tribunal.  On 13 January 2014 he sought judicial review of the Tribunal decision.  His application was dismissed on 4 June 2014 (see SZTTR v Minister for Immigration & Anor [2014] FCCA 1196).

5. In February 2014 information was published on the Department’s website in a manner that enabled personal information about the Applicant and other applicants for protection visas in immigration detention as at 31 January 2014 to be accessible for a short period of time (as described by the High Court in Minister for Immigration and Border Protection v SZSSJ (2016) 259 CLR 180; [2016] HCA 29 at [3]-[4]). It is convenient to refer to this disclosure as the “data breach”.

6. On 12 March 2014 the Second Respondent, the Secretary of the Department, wrote to the Applicant in relation to the data breach.  The Secretary explained that a routine report released on the Department’s website had unintentionally enabled access to some personal information about people in immigration detention on 31 January 2014 for a short period of time before the information was removed from the website.  The letter informed the Applicant that as he was in immigration detention at that time, some of his personal information may have been accessed.  In addition to apologising for inadvertently allowing potential unauthorised access to the Applicant’s personal information, the Secretary informed the Applicant that the information in question was “your name, date of birth, nationality, gender, details about your detention (when you were detained, reason and where) and if you have other family members in detention” and that it did not include his address or any former address, telephone numbers or other contact information, information about protection claims which he or anyone else may have made or other information such as health information.

7. This letter also informed the Applicant that the Department would assess any implications for him personally “as part of its normal processes” and that he may raise any concerns he may have during those processes.

8. A supplementary courtbook includes a copy of the data in relation to this Applicant that was the subject of the data breach.  Consistent with what was said in this letter, it states the Applicant’s name, age, gender and country of nationality, the length of his detention, the immigration centre in which he was detained, the fact that he was an overstayer and that he had held a student visa.

9. On 9 April 2014 the Applicant filed another application in this court naming the Minister as the Respondent and seeking relief in relation to the data breach.  He was given leave to discontinue those proceedings on 8 August 2014.  No issue is taken in the present proceedings in relation to the fact of those prior proceedings.

10. In the meantime, on 27 June 2014 the Department wrote to the Applicant repeating the substance of the letter of 12 March 2014 in relation to the nature and extent of the data breach.  The letter noted that the Applicant had filed an application for judicial review (on 9 April 2014) which suggested he believed he may be adversely affected by the data breach and may have claims which engaged Australia’s protection obligations.  It invited him to put in writing any concerns he may have regarding the impact of the data breach on him personally.  The letter asked “[i]f you have any particular concerns about the impact of the data breach on your ability to return to your home country or country of usual residence, please provide the Department with specific reasons and details for those concerns” (emphasis in original).

11. The Applicant was given 14 days to provide such information.  He was informed that if he did not respond within 14 days it would be assumed he had no further information to provide regarding the data breach and that the implications therefrom would then be assessed on the basis of the claims he had made in his (then current) application for judicial review and he would be advised of the outcome.

12. On 10 July 2014 the Applicant responded.  He claimed that the data breach had breached the Act and was a crime.  He submitted that as the Department had disclosed his name and other personal details “to the world on the internet” it could not lawfully investigate its own breach of privacy as this would be a conflict of interest.  He made other submissions, including, relevantly: “As the department disclosed my name and other personal details on the internet, there is no possible way of determining who has accessed and/or saved my personal information.  There is no way of knowing who I could face a real risk of harm from as it may go well beyond the authorities, insurgents and paramilitaries in my home country, including foreign security and intelligence agencies”.

13. On 14 January 2015 another officer of the Department wrote to the Applicant notifying him that the Department had commenced an International Treaties Obligations Assessment (ITOA) to assess whether the circumstances of his case engaged Australia’s non-refoulement obligations as a result of the data breach.  This letter was in substantially the same form as a letter discussed by the High Court in SZSSJ at [19] and [25].  It explained that any protection claims the Applicant may have in relation to the breach of his personal data would be assessed through the ITOA.  It referred to the earlier letter of 27 June 2014 and to the Applicant’s response of 10 July 2014 and informed him that the information he had provided in his response would be considered through the ITOA process.  The letter explained the process and stated that the assessment would have regard to relevant provisions in the Act, even though it was not an assessment of a protection visa application.  The Applicant was advised that the process would also consider new information and/or changes in his circumstances or country of nationality since his protection claims were assessed.

14. The letter also stated that the Applicant would receive procedural fairness during the ITOA process, that the assessor would ask him to comment on any adverse information which was credible, relevant and significant and that he would be given a reasonable opportunity to respond before the ITOA was finalised. 

15. In addition, the Applicant was given the opportunity to provide further information he would like to have taken into consideration in the ITOA.  It was confirmed that he would not be removed from Australia before the assessment was complete and he had been provided with reasons.

16. On 28 January 2015 the Applicant responded.  He referred to the fact that the Department possessed all the information in relation to the data breach, in particular an unabridged report from KPMG said to provide details such as IP addresses and the extent of access to the information.  It appears that this was a reference to an investigation and report by external consultants, KPMG, in relation to the data breach as discussed in SZSSJ at [5]-[6].  The Applicant took issue with the fact that the Department had not released the unabridged report.  He contended that procedural fairness could not be afforded to him during the ITOA process without access to such material and that if he was not given access to the information then the only course of action open to the Department was to recognise him as a refugee “sur place”.  He reiterated that the Department had breached the Act in disclosing his name and personal details on the internet and that this was a criminal act.  He referred to complaints that had been made to the Federal Police and the Office of the Australian Information Commissioner.

17. The Applicant also submitted that the departmental decision-maker would be in “a position of conflict of interest” in determining whether there was a real chance of serious or significant harm to him on return to Nepal due to his name and personal details having been placed on the internet by the decision-maker’s employer.  It was submitted that in the absence of full disclosure of the information in the possession of the Department the decision-maker could not undertake an assessment and that the Applicant could not make any submissions without full disclosure to him of this information.   

18. On 5 February 2015 the Third Respondent (the officer who conducted the ITOA) wrote to the Applicant, again in terms apparently similar to those used in correspondence described by the High Court in SZSSJ (at [26]).  In response to the claim that the Applicant would be denied procedural fairness unless the Department disclosed all relevant information in relation to the data breach (in particular the full KPMG report), the officer explained that although KPMG had found that there were relatively few internet users who had accessed the “document”, the possibility that authorities in another country may have accessed the information could not be discounted.  The Applicant was advised that in these circumstances officers were instructed, when assessing protection claims in relation to the data breach, to assume that the authorities in the claimant’s receiving country may have accessed personal information released on the Department’s website.  He was also advised that assessors would refer to the claimant’s personal circumstances and country information to determine whether the data breach would affect the individual if returned to their country of origin.  The officer expressed the view that releasing the IP addresses, the unabridged report or other information related to the data breach was not required for the Applicant to participate in this process.

19. This letter also addressed the Applicant’s complaint that departmental officers were placed in a situation of a conflict of interest.  It was pointed out that the ITOA process did not require an assessment of whether the Department had erred in disclosing the information and that whether or not the claimant engaged Australia’s protection obligations was not dependent on a finding as to whether the Department had made an error in disclosing the information.

20. The assessor also addressed the Applicant’s concern that, as a result of the unauthorised disclosure of his personal information, there was “no way of knowing who [he] may face a real risk of harm from… [and] that it may go well beyond the authorities, insurgents and paramilitary groups in Nepal, as well as foreign security and intelligence agencies”.  The letter pointed out that the Applicant had provided no specific claims as to why any particular group or individual would seek to harm him if he returned to Nepal.  It drew his attention to the fact that in these circumstances the assessor may consider that any risk of harm would be the result of the Applicant’s identification as an asylum seeker in Australia.  It also drew the Applicant’s attention to the absence of any country information to support the claim that returnees and failed asylum seekers were subjected to harm upon return to Nepal.  The letter advised him that taking this information into consideration, together with the lack of any specific claims regarding the Applicant’s fear of harm in this regard, the assessor may not consider that the Applicant had a real chance of experiencing either serious or significant harm upon return to Nepal. 

21. The Applicant was invited to comment on this information and the consideration that he would not face harm in Nepal as a result of his personal information being inadvertently revealed on the departmental website and his subsequent return to Nepal.  He was advised that if he did not respond within the specified timeframe of 14 days an assessment would be made based on the information currently before the Department.

22. The Applicant replied, briefly, by email of 19 February 2015 advising that he believed Australia had non-refoulement obligations to him.  He stated that he could not comment on “anything” until the Department released the full report about the data breach.

The ITOA

1. The assessor finalised the ITOA on 14 April 2015.  He found that Australia’s non-refoulement obligations were not engaged in the Applicant’s case. 

2. In the ITOA, the assessor referred to the Applicant’s migration history, the data breach and the claims made by the Applicant in the correspondence described above.

3. The assessor stated that the claims that would be assessed in the ITOA were whether the website disclosure had exacerbated the risk of harm the Applicant feared in Nepal as had been articulated in his protection visa application; whether he feared harm from persons including the authorities in his home country, including foreign security and intelligence agencies, terrorist organisations or criminal syndicates; whether he had been denied procedural fairness; and whether there was a conflict of interest in a departmental officer conducting the ITOA.

4. After discussing the basis for Australia’s non-refoulement obligations, the assessor recorded that it had been put to the Applicant (in the letter of 5 February 2015) that there was no country information to support the claim that returnees and failed asylum seekers were subjected to harm upon return to Nepal and no reports of mistreatment of returned asylum seekers to Nepal, irrespective of whether the source of such harm was the government or another actor.  While the ITOA referred to reports of mistreatment “by” returned asylum seekers to Nepal, it is clear, read in context, that this is a typographical error and is intended to be a reference to reports of mistreatment “of” returned asylum seekers.

5. The assessor recorded that the Applicant had responded to this information, stating that he believed Australia had non-refoulement obligations to him but that he could not comment further until the Department released the full report about the data breach.

6. The assessor made findings of fact, referring first to the prior “comprehensive” assessment of the Applicant’s claims for protection during the protection visa process, by both the delegate and the Tribunal.  It was noted that both the delegate and the Tribunal had raised serious concerns about the genuineness of the Applicant’s stated fear of persecution and had been of the view that he did not have a well-founded fear of persecution for a Convention reason.  In particular, his claims to be of interest to the Youth Communist League or to have been involved in any altercation with the League were not accepted.

7. The assessor recorded that there was no evidence before the Department to indicate that there had been any change in the Applicant’s circumstances since his protection claims were assessed and that he had not provided any new information to contradict the Tribunal’s findings. 

8. On that basis, on the evidence before him the assessor considered that the Tribunal’s findings “continue[d] to be valid and effective” in relation to the Applicant’s protection claims. 

9. The assessor considered the Applicant’s request that he be afforded procedural fairness and given access to the complete report regarding the website disclosure.  It noted that he had been advised (in March and June 2014) about the nature and extent of the disclosure.  The assessor referred to a report of the Office of the Australian Information Commissioner (the OAIC) which had been drawn to the Applicant’s attention in the letter of 5 February 2015 and which recorded the categories of personal information relating to detainees said to have been “compromised” in the website disclosure incident.  On this basis the assessor found that the Applicant was fully aware of the details of the website disclosure and had been afforded procedural fairness.

10. As to the claimed conflict of interest, the assessor reiterated that he considered the Applicant had been afforded procedural fairness, noted the absence of any finding by the OAIC that the Department was unable to assess protection claims arising from the website disclosure due to a conflict of interest and concluded that there was no conflict of interest in a departmental officer conducting the ITOA.

1. The assessor then addressed the Applicant’s fear of being harmed as a consequence of the website disclosure.  The ITOA referred to the Applicant’s submission that there was no way of knowing from whom he could face a real risk of harm and that it may go well beyond the authorities in Nepal, including foreign security and intelligence agencies, terrorist organisations and criminal syndicates.  However the assessor also had regard to the fact that it had been put to the Applicant that he had provided no specific claims as to why any particular group or individual would seek to harm him if he returned to Nepal and that given the lack of specific claims his circumstances would be assessed in conjunction with country information regarding the situation for returnees to Nepal.  It was noted that the Applicant had also been informed that there was no country information to support the claim that returnees or failed asylum seekers were subjected to harm or specific mistreatment on return to Nepal and that he had been given the opportunity to comment on the fact that the assessor may in these circumstances find that he did not have a real risk of experiencing serious or significant harm upon return to Nepal.

2. The assessor had regard to the fact that the Applicant’s response did not provide any additional information to clarify his fear of harm in relation to the website disclosure or any country information regarding circumstances in Nepal.  The assessor continued:

   There is no evidence before the department to indicate that the claimant has ever been of interest to security and intelligence agencies, terrorist organisations and criminal syndicates.  Neither is there any evidence before the department to indicate that the claimant has a profile or that he has ever been involved in any activities or undertakings that would bring the claimant to the adverse interest of these organisations and agencies.

   Consequently, I consider the claim that foreign security and intelligence agencies, terrorist organisations and/or criminal syndicates would use the claimant’s information, which includes his name, date of birth, nationality, gender and detention details to target and harm him to be unsubstantiated.

3. The assessor assessed Australia’s non-refoulement obligations under the Refugees Convention, having regard to the Applicant’s claimed fear of harm in Nepal on the basis of the data breach and a claimed possible risk of harm from entities beyond the Nepalese authorities.  The assessor found that the Applicant’s claims in relation to the inadvertent publishing of his personal information in February 2014 were “unsubstantiated, speculative and implausible” and dismissed them in their entirety.  The assessor was not satisfied that there was any other ground (either expressly or squarely raised) to satisfy him that there was any other basis for finding that the Applicant feared harm for any Refugees Convention reason in Nepal. 

4. In these circumstances the assessor found that it was unnecessary to consider whether any harm feared was serious harm and systematic and discriminatory conduct such as to amount to persecution under the Act. 

5. Having dismissed the entirety of the data breach claims, in the absence of any evidence to indicate that there had been any change in the Applicant’s circumstances since his protection claims were assessed or any new information to contradict the Tribunal’s findings, the assessor found that there was not a real chance the Applicant would be persecuted for a Refugees Convention reason in Nepal, that his fear of persecution was not well-founded, that he was not a refugee within the meaning of the Refugees Convention and that Australia did not have non-refoulement obligations to him under the Refugees Convention as amended by the 1967 Protocol.

6. The assessor also considered Australia’s non-refoulement obligations under the International Covenant on Civil and Political Rights (ICCPR) and Convention against Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment (CAT) (referring to the test in ss.36(2)(aa) and 36(2A) of the Act which was said to reflect Australia’s interpretation of these obligations).  The assessor acknowledged the Applicant’s claim that as a consequence of the website disclosure he could face a real risk of harm on return to Nepal.  He found that as he had dismissed these claims in their entirety they could not be relied on to engage the complementary protection provisions in the Act and that the Applicant had not made any other claims that would engage Australia’s complementary protection obligations.  The assessor found that the harm claimed was not significant harm and was not satisfied that the Applicant had a real chance of being subjected to significant harm in Nepal.  The assessor concluded that he was not satisfied that the Applicant was a person in respect of whom Australia had non-refoulement obligations under the CAT and ICCPR.

The Application

1. The Applicant sought review by application filed in this court on 6 May 2015.  The relief sought therein and the 19 grounds of review (considered below) are expressed in the same or similar form as in other applications that have been considered by this court (and the Federal Court on appeal) on many occasions (see for example AKD15 v Minister for Immigration & Ors [2016] FCCA 2740 (appeal dismissed in AKD15 v Minister for Immigration and Border Protection [2017] FCA 166); AKR15 v Minister for Immigration & Ors (2015) 297 FLR 224; [2015] FCCA 1734; CDM16 v Minister for Immigration & Anor [2016] FCCA 2758; ALY15 v Minister for Immigration & Ors [2017] FCCA 406 (appeal dismissed in ALY15 v Minister for Immigration and Border Protection [2017] FCA 281); AMQ15 v Minister for Immigration & Ors [2017] FCCA 686; AIK15 v Minister for Immigration & Ors [2017] FCCA 1044; BTA15 v Minister for Immigration & Ors [2017] FCCA 417 (appeal dismissed in BTA15 v Minister for Immigration and Border Protection [2017] FCA 422); and BNC15 v Minister for Immigration & Ors [2017] FCCA 2094).

2. The Respondents filed detailed written submissions.  The Applicant did not file written submissions and in oral submissions did not address the grounds of review or relief sought beyond expressing his concern that the assessor had not considered whether or not the data available for access as a result of the data breach could have been accessed by any number of people and had not identified any people who had accessed the information about him.  This concern is addressed below.

3. Before considering the grounds of review I note that some of the orders sought raise issues as to the jurisdiction of the court.

4. The Applicant, who is self-represented, seeks the following orders:

   An order that the decision of the tribunal (sic) or Minister be quashed.

   A writ of mandamus directed to the tribunal (sic) or Minister, requiring them to determine the applicant’s application according to law.

   XA declaration that the recommendation of the Third Respondent was not made in accordance with law, by reason of the ground/s of this application.

   XAn injunction restraining the Minister, by himself or by his Department, officers, delegates or agents, from removing the applicant pursuant to s198 or s198AD of the Act other than according to law and consistently (sic) with the declarations in orders 2-4.

   XA declaration that it is not reasonably practicable for the First or Second Respondents, their officers or agents, to remove the applicant from Australia within the meaning of s198 or s198AD of the Migration Act unless and until consideration has been given by the Minister of Australia’s non-refoulment (sic) obligations (under the Refugee Convention; the Convention Against Torture; and the International Covenant on Civil and Political Rights) arising from the release of the applicant’s personal information in or about February 2014 in respect of the applicant, according to law.

   XA declaration that the representation that an assessment of any implications for the applicant personally by the Second Respondent as part of the Department’s normal processes made on 12 March 2014 (“the 12 March 2014 representation”) involves a representation that the power vested in the Second Respondent by s61 of the Constitution will be used in favour of the applicant.

   XCosts.

5. First, insofar as there is a reference to a decision of the Tribunal, the Tribunal decision of 4 June 2014 is not the subject of these proceedings.  Rather, as explained elsewhere in the application, the Applicant sought review of what was described as “[a] future decision or other action by the Minister or an officer under the Migration Act concerning an unauthorised maritime arrival, following the making (sic) a recommendation by (sic) case officer of IMA Protection NSW, Department of Immigration and Border Protection”.  He also referred to the assessor who conducted the ITOA on 14 April 2015.

6. Insofar as the Applicant seeks review in relation to and/or an injunction restraining his removal from Australia under s.198AD of the Act (and a declaration in that respect), or any other relief on the basis he was an “unauthorised maritime arrival”, this is misconceived.  The Applicant was not an “unauthorised maritime arrival” as defined in s.5AA of the Act. He arrived by air as the holder of a student visa. In any event, this court is barred from making orders in respect of removal under s.198AD because of s.494AA(1)(e) of the Act.

7. To the extent that the Applicant seeks an injunction in relation to removal under s.198 of the Act, the Court has jurisdiction to review conduct preparatory to a decision as to whether an applicant is to be removed from Australia under s.198 (see ss.474(2) and (3)(h)). Although s.197C(2) of the Act provides that for the purposes of s.198 it is irrelevant whether Australia has non-refoulement obligations in respect of an individual non-citizen and the officer referred to in s.198 of the Act is not bound to await a non-refoulement assessment before removing a person (see s.197C and SZSSJ at [15]-[16]), for the reasons given by Judge Smith in AKR15 at [54]-[58] in similar circumstances, given that the correspondence from the Department suggests that the result of the ITOA will be relevant in “progressing the applicant’s immigration status” (AKR15 at [58]) there is an arguable connection between an ITOA and the consideration of the exercise of one of the Minister’s powers under ss.48B or 417, or, for that matter, s.195A of the Act. As in AKR15, it is “not beyond argument” that a decision to remove a detainee such as the Applicant under s.198 of the Act would require consideration of whether the Minister was considering the exercise of such powers. These matters would suffice to raise the Court’s jurisdiction (see AKR15 at [58]). However, an ITOA has been conducted in relation to the Applicant and, as discussed below, that assessment was according to law. Hence there is no basis, in these proceedings, for this aspect of the relief sought.

8. It was not disputed that this Court has jurisdiction under s.476(1) of the Act to hear and determine the matters in relation to which the Applicant seeks relief on the ground that the ITOA process was not procedurally fair, as a challenge to conduct undertaken by a departmental officer under the Act for the purpose of assisting the Minister’s consideration of the exercise of a non-compellable power (see s.474(7) of the Act). Such jurisdiction is not excluded by s.476(2)(d) of the Act (SZSSJ at [66]-[73]).

9. The High Court confirmed in SZSSJ (at [55]) that the question of whether the Minister had made a personal procedural decision to consider whether to exercise such a power in a case or particular class of cases was a question of fact.  The Applicant in this case was, relevantly, in the same position as the applicant in SZSSJ in this respect and, similarly, it can be inferred that the Minister had made such a personal procedural decision prior to the commencement of the Applicant’s ITOA. The material before the Court is such as to warrant such an inference. On that basis, as the Respondents accepted, subject to the discussion below (in particular of s.61 of the Commonwealth of Australia Constitution Act (Cth) (the Constitution)), this Court has jurisdiction in relation to the ITOA. The ITOA process was conduct undertaken by the Third Respondent preparatory to the making of a substantive decision for the purpose of assisting the Minister in the exercise of his non-compellable powers under ss.48B, 195A or 417 of the Act.

10. The Respondents accepted (consistent with the approach taken by the High Court in SZSSJ) that procedural fairness is required in this process.  However, as the Respondents submitted, and for the reasons that follow, in this case it has not been established that there was any failure to accord procedural fairness.

Grounds of Review

1. As indicated, the grounds in this application are in the same form as those considered in many other decisions of this Court, with the exception of the reference to Nepal as the Applicant’s country of citizenship.  Grounds 1 to 7 are as follows:

   1. The applicant is a citizen of Nepal.

   2. The applicant claimed that Australia owed protection obligations in respect of him.

   3.  The process by which the claims of the applicant that Australia owed protection obligations in respect of him/her was completed.

   4. The applicant is a person in respect of whom the Second Respondent, his servants or agents held personal information within the meaning of the Privacy Act 1988;

   5. The First Respondent is an APP entity and the Second Respondent was at all material times responsible for the direction and control of the Department of Immigration and Border Protection which is an APP entity for the purposes of the Privacy Act 1988.

   6. In or about 11 February 2014, the First and or Second Respondent by their servants or agents released the applicant’s personal information by publishing it on the world wide web.

   7. The applicant’s personal information so released included his name, date of birth, nationality, gender, details about the applicant’s detention (when detained, the reason for the detention and where) and also the details of the identity of any family members in detention.

2. As has been remarked upon in other cases (see for example BTA15 at [10] and BNC15 at [5]), these grounds set out factual assertions which are generally uncontroversial. There is nothing in these grounds which involves an assertion of or identifies any error in the ITOA. These “grounds” do not provide any basis for the relief sought by the Applicant.  Rather they appear to be intended to provide the basis for the assertion in ground 8 which, again, is in the same terms as “template” grounds considered in other proceedings in this court.  It is as follows:

   8. The release of the applicant’s personal information by the First and or Second Respondents, their servants or agents, was contrary to law.

   Particulars

   1. The release of the personal information was an interference with the privacy of an individual for the purposes of the Privacy Act 1988;

   2. Further and in the alternative, the release of the personal identifier information, or the information derived from personal identifier (sic), is contrary to s336E of the Act in that conduct (namely the act which caused the disclosure to occur as opposed to the disclosure itself) was intentional or reckless and the disclosure was not a permitted disclosure.

3. Ground 8 (seen in the context of “grounds” 1 to 7) involves assertions about a breach of the Privacy Act 1988 (Cth) and a criminal offence under s.336E of the Act. None of these anterior matters bear upon the lawfulness of the ITOA process or on any decision to remove the Applicant from Australia. In AKR15 Judge Smith held that the matters raised in an identically worded ground did not engage the jurisdiction of this court except insofar as they provided a factual basis for the contention that the Applicant was denied procedural fairness in connection with the data breach (see AKR15 at [59]). This reasoning has been applied in later cases (see BTA15 at [12]).  In my opinion this view is correct, or at least not plainly wrong, and I would follow it.  Ground 8 is not made out.

4. Ground 9 is:

   The release of the applicant’s personal information has caused the applicant to have a well founded fear that his removal from Australia and return to [country of origin] (sic) will involve a breach of Australia’s non-refoulment (sic) obligations under the Refugee Convention; or the Convention Against Torture; or the International Covenant on Civil and Political Rights.

5. While the Applicant’s country of origin has not been inserted in this ground, it was clearly intended to refer to Nepal.  This ground involves a contention that the Applicant has a well-founded fear arising from the data breach on the basis that removal to Nepal, his country of origin, will involve a breach of Australia’s non-refoulement obligations.  However this is a factual assertion without identification of any error of law in the ITOA.  It is also contrary to the findings of the assessor.  It is not for this court to determine whether the Applicant’s removal will involve a breach of Australia’s non-refoulement obligations.  The bare assertion in ground 9 gives no basis for any relief by this court (see to the same effect AKR15 at [60], ALZ15 v Minister for Immigration and Border Protection [2015] FCCA 1947 at [50], AFH15 v Minister for Immigration and Border Protection [2016] FCCA 99 at [54] and CDM16 at [26]-[28]). Otherwise this ground amounts to no more than an impermissible attack on the merits of the ITOA.

6. Grounds 10 to 13 are as follows:

   10. On 12 March 2014, the applicant received a letter from the Second Respondent (“the 12 March 2014 letter”).

   Particulars

   3. The document was in writing and handed to the applicant and the applicant relies on the entirety of the letter as though it were pleaded herein.

   11. The 12 March 2014 letter contained a representation as follows (“the 12 March 2014 Representation”):

   “The department will assess any implications for you personally as part of its normal processes. You may also raise any concerns you have during those processes.”

   12. The department, to which reference is made in the 12 March 2014 Representation, and the Second Respondent, are and have at all material times been emanations of the Executive for the purposes of s61 of the Constitution of the Commonwealth and authorised to make the representation.

   13. The exercise or refusal to exercise a power in relation to an individual adversely to his interests and based on his personal characteristics and circumstances pursuant to s61 of the Constitution is conditioned by an obligation to accord procedural fairness to the person.

7. These grounds are to be seen in light of the fact that one of the orders sought by the Applicant is a declaration that the representation in the Second Respondent’s letter of 12 March 2014, that an assessment of any implications for the Applicant personally would take place, involved a representation that s.61 of the Constitution would be used in favour of the Applicant.

8. As pointed out in submissions for the Respondents, this application was filed prior to the decision of the High Court in SZSSJ in which it was concluded that obligations of procedural fairness are owed in circumstances where an ITOA is undertaken for the purpose of the exercise of a statutory power (see SZSSJ at [77]-[78]).  However, to the extent that it was suggested that these grounds may no longer be pressed in light of this conclusion, the Applicant maintained the grounds in his application, although he did not address them.

9. Section 61 of the Constitution provides that “[t]he executive power of the Commonwealth is vested in the Queen and is exercisable by the Governor-General as the Queen's representative, and extends to the execution and maintenance of this Constitution, and of the laws of the Commonwealth.”

1. Insofar as they appear to assume that the letter of 12 March 2014 conveyed a representation that executive power pursuant to s.61 of the Constitution would be exercised in relation to the Applicant, these grounds are misconceived. That letter did not convey such a representation. Rather, it stated that the implications for the Applicant would be assessed as part of the Department’s “normal processes” (which included the ITOA).

2. Further, although these grounds refer to s.61 of the Constitution, as has been decided in a number of cases they do not raise any live constitutional question (see SZWCP v Minister for Immigration and Border Protection [2015] FCCA 802 at [3], SZWCH v Minister for Immigration and Border Protection (No.3) [2015] FCCA 1128 at [5], AKR15 at [61] and BTA15 at [20] which are in point because the 12 March 2014 letter appears to be in the same terms as the letter sent to other persons affected by the data breach). As these grounds do not give rise to a live constitutional issue it is not necessary to consider the appropriateness of a notice under s.78B of the Judiciary Act 1903 (Cth). Moreover the question of whether the Applicant has been afforded procedural fairness in the ITOA process is a question that is severable from any underlying question connected with the Constitution. For the reasons set out below, no lack of procedural fairness has been established. These grounds are not made out (see to the same effect AKR15 at [61], BTA15 at [21] and also see AKW15 v Minister for Immigration & Ors [2016] FCCA 2648 at [19]).

3. Ground 14 is as follows:

   14. On 25 July 2014 the Department of Immigration and Border Protection commenced an International Treaties Obligations Assessment (ITOA) in order to assess whether the circumstances of his case engaged Australia’s non-refoulement obligations. this (sic) process was instigated as the applicant’s previous ITOA decision was affected by the Full Federal Court of Australia’s decision in Minister for Immigration and Citizenship v SZQRB [2013] FCAFC 33.

4. Again this is a template ground.  The ITOA was commenced on 14 January 2015 (not 25 July 2014) and there is no evidence of any previous ITOA in respect of the Applicant.  In any event, even if there had been a previous ITOA assessment affected by the decision in Minister for Immigration and Citizenship v SZQRB (2013) 210 FCR 505; [2013] FCAFC 33, that would be irrelevant to any relief sought in these proceedings (see AKR15 at [62] and BTA15 at [24]).  Ground 14 does not allege any error in the ITOA and is not made out.

5. Ground 15 is:

   15. On [date of ITOA decision] (sic) the delegate (sic) made a finding that non-refoulement obligations are not engaged in the applicant’s case.

6. Read as intended to be a reference to “the assessor” and to the date of 14 April 2015 on which the ITOA was completed, this ground does no more than assert an uncontroversial fact in relation to the ITOA.

7. Ground 16 is as follows:

   16. In the ITOA assessment the delegate (sic) denied the applicant procedural fairness.

   Particulars

   The delegate (sic) accepted that he was in detention on 31 January 2014 and his personal details may have been unintentionally disclosed online;

   The delegate (sic) did not disclose any of the information held by the Department to the applicant in relation to the data breach for comment;

   The delegate (sic) as the employee of the Department that disclosed the applicant’s name and personal details on the internet did not bring an impartial mind to the decision-making process and is in a conflict of interest; and

   The ITOA process is not an appropriate and fair process for determining the applicant’s data breach claim.

8. This ground appears to be the crux of the application.  It is asserted that the Applicant was denied procedural fairness on the basis that the assessor did not disclose “any” of the information held by the Department in relation to the data breach for comment and on the basis that the assessor was biased.  In addition, this ground involves a general assertion that the process was not fair.

9. As the Respondents submitted, the allegation of complete non-disclosure is incorrect.  It is clear that the Department did disclose information in relation to the data breach to the Applicant and gave him the opportunity to comment.  It wrote to the Applicant, both in March and in June 2014, advising him of the categories of information disclosed as a result of the data breach.  Its disclosure in that respect is consistent with the copy of the data disclosed in the data breach in relation to the Applicant which appears in the supplementary courtbook.  In addition, on 5 February 2015 the assessor informed the Applicant about the personal information disclosure and the fact that, when assessing protection claims in relation to the data breach, case officers were instructed to assume that the authorities in the Applicant’s receiving country may have accessed personal information released on the Department’s website.  The assessor explained the basis on which this approach was to be taken.  As the Respondents submitted (and also see BTA15 to the same effect), this ground must fail in light of the facts of this case and the approach taken to such arguments in SZSSJ.  The High Court considered, but rejected, similar arguments in relation to alleged breaches of procedural fairness associated with the data breach and ITOA procedure adopted in SZSSJ.

10. When regard is had to all of the letters sent to the Applicant, it is clear that (as the High Court considered in relevantly similar circumstances in SZSSJ at [86]) the Applicant was put on notice of the nature and purpose of the assessment of Australia’s non-refoulement obligations to him and of the issues to be considered in the ITOA process.  The assessor raised with the Applicant specific issues in relation to his claims.  He was given (and took) the opportunity to comment.  In these circumstances the Applicant was not deprived of the opportunity to submit evidence or to make submissions relevant to the subject matter of the ITOA process (see SZSSJ at [92]).

11. Insofar as the Applicant intended to assert that the Department was under an obligation to reveal all that it knew about the data breach (in particular the full KPMG report), such an assertion was also addressed in SZSSJ.  As the High Court observed at [83]:

    Ordinarily, affording a reasonable opportunity to be heard in the exercise of a statutory power to conduct an inquiry requires that a person whose interest is apt to be affected be put on notice of: the nature and purpose of the inquiry; the issues to be considered in conducting the inquiry; and the nature and content of information that the repository of power undertaking the inquiry might take into account as a reason for coming to a conclusion adverse to the person. Ordinarily, there is no requirement that the person be notified of information which is in the possession of, or accessible to, the repository but which the repository has chosen not to take into account at all in the conduct of the inquiry.

12. Relevantly, in SZSSJ the High Court was of the view that, regrettable as the data breach was, the circumstances did not warrant a departure from those ordinary requirements and that no further disclosure of the reason for or matters surrounding the data breach (such as might have been contained in the unabridged version of the KPMG report) was required because of the assumptions made by the assessor in the Applicant’s favour (see SZSSJ at [90]-[92]).  The same may be said in this case.

13. Nonetheless, there is an obligation to afford the ordinary requirements of procedural fairness to the Applicant in the ITOA process.  However it has not been established that there was any failure to accord such procedural fairness.  There is nothing to suggest that the Department had any information that was credible, relevant and significant to the ITOA process that it did not disclose to the Applicant and give him the opportunity to address (and see BTA15 at [35] and cases cited therein).

14. Nor is there any evidentiary foundation for an allegation of actual or apprehended bias on the part of the assessor, the Third Respondent.  The High Court addressed a similar argument in SZSSJ at [84], but reached the view that the fact that the Department was responsible for the data breach provided no foundation for apprehending that an officer of the Department tasked with assessing the consequences of the data breach for an individual applicant would not bring an impartial and unprejudiced mind to the conduct of the assessment.  In addition, the High Court found at [84] that this circumstance did not provide “a principled foundation for converting the ordinary requirement of procedural fairness that an affected person be given notice into a duty that the Department reveal “all that it knows” about the Data Breach.”

15. An allegation of bias is a serious matter.  It must be distinctly made and clearly proven.  There is nothing in the material before the court, in particular in the departmental letters or in the ITOA reasons, to establish a state of mind such that the assessor was so committed to a conclusion already formed as to be incapable of alteration whatever evidence or arguments may be presented or a reasonable apprehension of bias assessed from the perspective of the appropriately informed lay observer (see the principles and authorities considered in BTA15 at [36]-[40]).

16. Moreover, as pointed out by Judge Smith in AKR15 at [72], once the nature of the assessor’s role is properly understood, it cannot be said that there is any logical connection between the employment of the assessor by the Department and the possibility that he or she might depart from the “true course of decision making”.  Relevantly, the assessor was not asked to make (and nor did he make) any determination about responsibility for the data breach.  On the contrary.  As he informed the Applicant, the assessor was instructed to accept that the data breach occurred and that it may have resulted in the Applicant’s details being known to foreign entities.  Further, the assessor considered the particular claims made by the Applicant in that respect in determining whether the data breach gave rise to any protection obligation owed by Australia in respect of the Applicant.  There is nothing in the circumstances of this case to establish either actual or apprehended bias. 

17. Nor does the evidence before the court support the general, but unparticularised, assertion of unfairness in the use of the ITOA process for determining the data breach claim.  As the Respondents observed in submissions, the procedure followed in the ITOA in this case appears to have been substantially the same as that considered by the High Court in SZSSJ.  Having regard to the evidence before the court about the ITOA process, the information brought to the Applicant’s attention, his opportunity to comment and the approach taken in the assessment as set out above, there is nothing in the material before the court such as to establish a lack of procedural fairness.

18. I have had regard to the Applicant’s oral submissions (reiterating the concern he expressed in his response to the Department’s letter of 27 June 2014) to the effect that there was no way of determining who had accessed or saved his information and that there was no way of knowing from whom he could face a real risk of harm, as such persons may go well beyond the authorities, insurgents and paramilitaries in his home country, including security and foreign intelligence agencies. 

19. However, as set out above, in the letter of 5 February 2015 the assessor raised this issue with the Applicant, pointed out that he had provided no specific claims as to why any particular group or individual would seek to harm him if he returned to Nepal and put him on notice that in such circumstances the assessor may consider that any risk of harm would be as a result of the Applicant’s identification as an asylum seeker.  The assessor put relevant country information in that respect to the Applicant.  He gave him the opportunity to comment. 

20. The Applicant did not provide a meaningful comment in response to this aspect of the assessor’s letter of 5 February 2015.  In the ITOA the assessor addressed the issue of whether the Applicant feared harm from persons including the authorities, foreign security and intelligence agencies, terrorist organisations or criminal syndicates having regard to the absence of specific claims, the country information, the response to this information and the absence of any information before the Department to indicate that the Applicant had ever been of interest to security and intelligence agencies, terrorist organisations or criminal syndicates or to indicate that he had a profile or had ever been involved in any activities or undertakings that would bring him to the adverse interest of these organisations and agencies.  On the basis of these findings the assessor considered the Applicant’s claim that foreign security and intelligence agencies, terrorist organisations and/or criminal syndicates would use his information, including his name, date of birth, gender and detention details, to target and harm him to be unsubstantiated. 

21. Such an approach was reasonably open to the assessor on the evidence before him.  It has not been established that there was any lack of procedural fairness in the ITOA.  The arguments founded upon an asserted denial of procedural fairness are not made out.

22. Grounds 17 and 18 are as follows:

    17. The Federal Court of Australia in the matter of SZWAJ v Minister for Immigration and Border Protection [2015] FCA 26 Justice Greenwood considered the Secretary’s letter dated 12 march (sic) 2014 and stated as follows:

    “It may well be that the things I have just described define the scope of the debate about the construction to be attributed to the second-last paragraph of the Department’s letter and whether it, on one construction, fairly gives rise to the suggestion that there is a departmental process, whether it be an ITOA process or otherwise, which would apply to the particular addressee as an individual as part of a normal process of the Department of dealing with the circumstances affecting that individual by reason of the data disclosures (that is, dealing quite specifically with the implications for the individual of the data disclosures) rather than general processes such as a protection visa application.

    It is not clear to me whether the proper balance in the construction of the paragraph in issue lies but even if one assumes or accepts that the ITOA process has a reasonably well defined methodology which renders it not susceptible of application in this particular case, nevertheless, there seems to me to be at least an arguable question that the paragraph in the letter gives rise to a possible process other than simply subsuming the data disclosure questions within what would normally be a protection visa application.”

    18. There is utility for the applicant in being granted the declarations in the orders sought in these proceedings for the purposes of any statutory process to be undertaken by the First Respondent pursuant to [boat arrivals with no process — s46A or s195A][RRT decisions — s48B or s417](sic) arising from the disclosure of the applicant’s personal information.

23. First, the quotation from SZWAJ v Minister for Immigration and Border Protection (2015) 146 ALD 589; [2015] FCA 26 in ground 17 does not provide any basis for any relief sought by the Applicant. In this case the Applicant was provided with an ITOA process in relation to the disclosure of his personal information as a result of the data breach. This was not a case in which data disclosure questions were simply subsumed consideration of a protection visa application (cf SZWAJ at [10]). As pointed out by Judge Lucev in BTA15 at [46], what was contemplated by the Federal Court in SZWAJ was “exactly what was provided to the applicant in this case” (and see the discussion by Judge Lucev of the circumstances in SZWAJ at [44]-[48]). As in SZWAJ, the ITOA process was clearly part of a normal departmental process and the Applicant had the benefit of that process.

24. There is also no basis for ground 18, which asserts that there is utility in the Applicant being granted the declarations sought for the purpose of any process to be undertaken by the Minister pursuant to his non-compellable powers arising from disclosure of the Applicant’s personal information.  The assessor concluded that Australia’s non-refoulement obligations were not engaged in relation to the Applicant.  There is no evidence that the Minister is presently considering the exercise of those powers.

25. Ground 19 is:

    There is a likelihood that the Respondents will purport (sic) that it is reasonably practicable to remove the applicant pursuant to s198 or s198AD of the Act irrespective of whether an assessment of Australia’s non-refoulment (sic) obligations in relation to the February 2014 disclosure of the applicant’s personal information has been carried out in a way which (sic) the applicant is accorded procedural fairness.

26. Insofar as there is a reference to s.198AD, as indicated above, that provision applies to an unauthorised maritime arrival who is detained under s.189. This Applicant is not an unauthorised maritime arrival, having arrived by air as the holder of a student visa.

27. Section 197C makes it clear that any decision to remove the Applicant under s.198 of the Act without a further assessment of non-refoulement obligations would not in itself involve any error of law. More generally, an assessment of whether Australia has non-refoulement obligations to the Applicant as a result of the data breach has taken place. It has not been shown that there has been any denial of procedural fairness in that process. As in BTA15 at [51] the concern expressed in this ground is therefore rendered otiose.  This ground is not made out.

28. I have considered the material before the court as well as the “template” grounds raised in the application.  As discussed above, apart from obstacles to relief of the nature sought by the Applicant in a case such as the present, the grounds relied on do not support the application for any of the relief sought by the Applicant.  Nor does the material before the Court identify or establish any jurisdictional or other error such as to warrant the grant of any such relief.  No denial of procedural fairness or other ground of review has been established.  The application must be dismissed.

I certify that the preceding eighty-five (85) paragraphs are a true copy of the reasons for judgment of Judge Barnes

Associate: 

Date:  9 February 2018