DYD16 v Minister for Immigration

FEDERAL CIRCUIT COURT OF AUSTRALIA

REPRESENTATION

THE ORDERS OF THE COURT ARE AS FOLLOWS:

1. The Application filed in this Court on 16 December 2016 is dismissed.

2. The Applicant is to pay the First Respondent’s costs of the proceeding in the sum of $8,000.

3. Pursuant to Rule 36.03(b) of the Federal Court Rules 2011 (Cth) the Applicant have up to and including 17 December 2018 to file any Notice of Appeal from orders 1 and 2 above in the Federal Court of Australia.

SYG 3597 of 2016

Applicant

And

First Respondent

Second Respondent

REASONS FOR JUDGMENT

EX TEMPORE

(Revised from Transcript)

Introduction

1. The Applicant is a male citizen of Sri Lanka, of Sinhalese ethnicity, aged 22 years, having been born on 3 April 1996. 

2. By Application filed in this Court on 16 December 2016, he seeks to quash and have re-determined the decision of the Second Respondent, the Immigration Assessment Authority (IAA), dated 20 November 2016 under Part 7AA of the Migration Act 1958 (Cth) (the Act), which affirmed the decision of the Delegate (Delegate) of the First Respondent, the Minister for Immigration and Border Protection (Minister), dated 19 August 2016 refusing to grant to him a Safe Haven Enterprise (Class XE) (Subclass 790) visa (Protection visa).

Background

1. The Applicant arrived in Australia on 27 October 2012. On 6 January 2016 the Minister, under s.46A(2) of the Act, lifted the bar precluding the Applicant from making a valid application for a visa under s.46A(1), so as to permit him to apply for a visa of a specified class, which he did by making the application for the Protection visa on 23 March 2016.

2. The Applicant was a “fast track applicant” as defined in s.5(1) of the Act, because he was an unauthorised maritime arrival:

   (a)who entered Australia after 13 August 2012, but before 1 January 2014; 

   (b)he was not taken to a regional processing centre; 

   (c)to whom the Minister had given written notice lifting the bar imposed by s.46A(1); and

   (d)who made, as he did, a valid application for a Protection visa.

3. I do not consider that it is necessary to generally detail and recite the provisions of Part 7AA of the Act because that task has been comprehensively performed by the Full Court of the Federal Court of Australia in Minister for Immigration and Border Protection v AMA16 [2017] FCAFC 136 (AMA16) per Griffiths J at [11] – [27], with the agreement of Dowsett and Charlesworth JJ. This statement in AMA16 of the nature and scope of Part 7AA was cited with evident approval by the Full Court of the Federal Court of Australia in Minister for Immigration and Border Protection v BBS16 [2017] FCAFC 176 per Kenny, Tracey and Griffiths JJ.

Decision of Delegate

1. The Decision Record of the Delegate was dated 19 August 2016, and the interview between the Delegate and the Applicant took place on 25 July 2016.  On 10 February 2014, there had occurred what is called the ‘Data Breach’.  In Minister for Immigration v SZSSJ (2016) 259 CLR 180, the High Court summarised the ‘Data Breach’ at 187 – 188 [3] – [4] as follows:

   [3] The Data Breach occurred on 10 February 2014. The Department routinely publishes statistics on its website. This time the particular electronic form of the document in which the statistics were published included embedded information which disclosed the identities of 9,258 applicants for protection visas who were then in immigration detention. The document containing the embedded information remained on the website until 24 February 2014.

   [4] On any view, the Data Breach was very serious. The information disclosing the identities of the applicants for protection visas embedded in the document published by the Department was information protected from unauthorised access and disclosure by criminal prohibitions in Pt 4A of the Migration Act 1958 (Cth).

2. By a submission to the Delegate, which the Delegate in his Decision Record says was received on 25 July 2016, the Applicant’s then lawyer and registered migration agent submitted in relation to the data breach as follows: 

   In March, our client received a letter from the Department of Immigration and Border Protection stating that a routine report released on the department’s website unintentionally enabled access to some personal information about people who were in immigration detention on 31 January 2014. This information was accessible online for a period of time before it was removed from the department’s website.

   …

   This incident is a clear and significant breach of privacy, ultimately affecting the safety of our client and his family. Although this breach was unintentional, personal information of our client was accessible on the public domain, obtainable by the Sri Lankan Police Department, Sri Lankan Army, Sri Lankan Government authorities and community gang members. As a result, it would be extraordinarily unsafe for our client to travel back to Sri Lanka and have these members of his community harm him knowing that he sought refuge in another country. It would be a breach of human rights to force our client into a situation that was possibly worsened by a mistake of the department.

3. Further, at Court Book page 114, the then lawyer and registered migration agent summarised the Applicant’s claimed fears of persecution and set them out in three paragraphs which are largely reproduced in Ground 2 of the Application filed in this Court, to which I will refer below.

4. In the result, the Delegate found that the Applicant was not a refugee and did not satisfy the complementary protection criterion, and refused to grant the Protection visa to the Applicant. The Delegate expressly referred to and noted the claim of the Applicant about the consequences of the data breach in his Decision Record. 

Decision of IAA

1. On 25 August 2016, the Minister referred the Delegate’s refusal of the Protection visa to the IAA.  In its Decision Record of 25 November 2016 at [3] the IAA set out the Applicant’s claims to fear harm and persecution. 

2. From [6] – [16] of its Decision Record, the IAA set out the problems which the Applicant claimed that he would suffer from if he returned to Sri Lanka. At [17] – [21] of its Decision Record, the IAA considered problems that it perceived in relation to the Applicant’s claims in terms of credibility, inconsistency and evasiveness.

3. At [23] the IAA specifically referred to the claim by the Applicant in relation to the data breach:

   [23] The applicant claims to have left Sri Lanka in October 2012 to travel to Australia as a passenger in a boat organised by a smuggler. He does not have a passport. The applicant was one of a number of asylum seekers whose information was published by the Department of Immigration and Border Patrol in 2014 due to a data breach on its website. I find that, if he were to return to Sri Lanka, he will be considered a failed asylum seeker who departed illegally by the Sri Lankan authorities.

4. In the result, at [26] – [29] the IAA expressed its view that the Applicant would not suffer any problems if he returned to Sri Lanka and at [29], stated as follows:

   [29]I am satisfied that the applicant will not face a real chance of harm from D, his gang or the Sri Lankan authorities, due to the family’s dispute with D in 2008 or for any other reason on return to Sri Lanka now or in the reasonably foreseeable future.

5. The IAA accepted at [30] of its Decision Record that on his return to Sri Lanka the Applicant would be considered to be a failed asylum seeker who had departed Sri Lanka illegally.  However at [37] the IAA found that the Applicant, who is Sinhalese, had no links to the LTTE, and based on the IAA’s earlier findings to which I have referred, found that he was of no adverse interest to the Sri Lankan authorities for any reason. 

6. Taking into account the IAA’s earlier findings in that regard and the country information, as well as the data breach that occurred in 2014, the Tribunal did not accept that the Applicant, as a failed asylum seeker, would be at risk of adverse attention from the current Sri Lankan authorities when he arrived in Sri Lanka. 

7. Accordingly, the IAA affirmed the decision of the Delegate not to grant a Protection visa to the Applicant. 

Grounds of Attack on IAA Decision in this Court

1. The Grounds in the Application filed in this Court relied upon by the Applicant are as follows:

   1. The Applicant’s personal information was published online in 2014 due to a data breach on the Department of Immigration and Border Control website.

   2. This breach placed the Applicant in greater danger than he otherwise would be of being:

   a. Killed, harmed or mistreated by the Sri Lankan Army, Police and Sri Lankan Government Authorities;

   b. Indefinitely imprisoned by the Sri Lankan Army, Police and Sri Lankan Government Authorities; and

   c. Killed, harmed or mistreated by a named person (“D”) and other gang members who have power and control in the community.

   3. The Immigration Assessment Authority’s review of the Applicant’s matter, conducted on 25 November 26 (provided in Affidavit of [the Applicant] dated 14^th December 2016,) did not address or consider the added danger posed to the Applicant as a result of the 2014 data breach.

   4. In Paragraphs 23 and 37 of the Immigration Assessment Authority’s review of the Applicant’s matter, conducted on 25 November 2016, no reasons were provided as to why the 2014 data breach posed no added danger to the Applicant. 

2. In substance, whilst there are four Grounds, they all relate to the allegation concerning the data breach in 2014, namely to the effect that the IAA failed to address or consider one of his claims and because of the data breach he was “in great danger” if he returned to Sri Lanka.

Consideration

Ground 1

1. Ground 1 comprises merely a factual allegation and does not constitute any meaningful assertion of jurisdictional error and, accordingly, fails to establish jurisdictional error and is not made out. 

Ground 2

1. In my view, this Ground essentially merely argues with the adverse findings of the IAA.  The IAA had found that the Applicant would not face any danger or problems if he returned to Sri Lanka and, accordingly, it is not logical to assert or reason that if he returned to Sri Lanka he would be in any “greater danger” by reason of the data breach. In my view, the IAA meaningfully considered and had regard to the Applicant’s claims, which are summarised in sub-paragraphs (a), (b) and (c) to Ground 2, but came to a view and conclusion adverse to the Applicant in relation to them.

2. At [29] of the Decision Record of the IAA, the claims of the Applicant were rejected and, on that basis, the data breach which had occurred in 2014, was found to be essentially irrelevant.  In my view, Ground 2 is not made out.

Ground 3

1. In my view, Ground 3 fails at a factual level.  At [23] of its Decision Record the IAA expressly recognised the claim in relation to the data breach. It then considers from [26] – [27] the Applicant’s claims to fear harm if he were to return to Sri Lanka and those claims were rejected by the IAA, in particular finding at [29] that the Applicant would not face a real chance of harm from the parties which he had he would suffer harm from “or for any other reason on return to Sri Lanka now or in the reasonably foreseeable future”.

2. Then at [37] the claim in relation to the data breach is again expressly recognised by the IAA but, for the reasons there stated, including the data breach, the IAA did not accept that the Applicant would be at risk of adverse attention upon his arrival in Sri Lanka. 

3. In my view, the IAA in its Decision Record gave meaningful consideration to the Applicant’s claims in relation to the data breach but, in the result, came to the view that the Applicant would not suffer any adverse consequences from the data breach.  Ground 3 fails to establish jurisdictional error.

Ground 4

1. This Ground complains that the IAA gave “no reasons” as to why the data breach posed no added danger to the Applicant.  In my view, the IAA did discharge its obligation to give reasons for the decision that it came to in relation to the data breach.  It first found that on no basis would the Applicant be harmed if he returned to Sri Lanka and it accordingly followed as a matter of logic that the data breach could not add anything or cause greater danger to the Applicant when it had been found at the inception that he would not suffer from any harm.

2. Paragraph [37] of the Decision Record of the IAA indicates that it had considered country information, that it took into account its earlier findings that the Applicant would not suffer harm upon return to Sri Lanka for any reason and in effect that the data breach did not add to or augment any risk of adverse attention if the Applicant returned to Sri Lanka. 

3. In my view, the IAA in its Decision Record did provide reasons as to why the 2014 data breach posed no danger to the Applicant and, in my view, Ground 4 also fails to establish jurisdictional error.

Conclusion

1. In these circumstances, the Application filed in this Court on 16 December 2016 is to be dismissed. 

I certify that the preceding twenty-eight (28) paragraphs are a true copy of the reasons for judgment of Judge Dowdy

Date: 26 November 2018