SZSSJ v Minister for Immigration and Ors (No.2)

FEDERAL CIRCUIT COURT OF AUSTRALIA

REPRESENTATION

ORDERS

1. The application be dismissed.

2. The applicant pay the first and third respondents’ costs as agreed or taxed.

SYG 557 of 2014

Applicant

And

First Respondent

Second Respondent

Third Respondent

REASONS FOR JUDGMENT

Introduction

1. The applicant is a citizen of Bangladesh who arrived in Australia on a student visa on 27 May 2005.  He was placed in immigration detention on 3 October 2012 and has not held any Australian visa since then.  In February 2014 the applicant’s name and other personal details, together with personal details of other immigration detainees, were disclosed on the public website of the Department of Immigration and Border Protection (“Department”). 

2. As a result of the release of his personal information, on 7 March 2014 the applicant commenced this proceeding seeking a number of declarations and injunctions against the first respondent (“Minister”).  On 20 June 2014 I dismissed the applicant’s application on the basis that he had failed to identify a migration decision which enlivened the jurisdiction of this Court: SZSSJ v Minister for Immigration & Anor [2014] FCCA 1379. On appeal, the Full Court of the Federal Court held that the applicant had raised matters which were sufficiently arguable to attract this Court’s jurisdiction under s.476 of the Migration Act 1958 (“Act”): SZSSJ v Minister for Immigration & Border Protection [2014] FCAFC 143. Their Honours remitted the matter to this Court for determination of the applicant’s amended application dated 13 June 2014.

3. I subsequently granted the applicant leave to file a second further amended application.

4. For the reasons which follow, the application will be dismissed.

Background facts

1. The applicant applied for a protection visa on 16 October 2012.  His application was refused by a delegate of the Minister and that decision was affirmed by the second respondent (“Tribunal”) on 19 February 2013.  The applicant’s applications for judicial review of the Tribunal’s decision were unsuccessful.

Data breach

1. As already noted, in February 2014 the applicant’s name and other personal details, together with the personal details of other immigration detainees, were disclosed on the Department’s public website (“data breach”).  Following that event the third respondent (“Secretary”) wrote to the applicant on 12 March 2014 relevantly stating:

   The information that it was possible to access was your name, date of birth, nationality, gender, details about your detention (when you were detained, reason and where) and if you have other family members in detention.

   The information did not include your address (or any former address), phone numbers or any other contact information.  It also did not include any information about protection claims that you or any other person may have made, and did not include any other information such as health information.

   The department will assess any implications for you personally as part of its normal processes.  You may also raise any concerns you have during those processes.

2. On 27 June 2014 the Department wrote again to the applicant and noted that he had already been informed that any implications for him arising out of the data breach would be assessed as part of its normal processes.  The applicant was invited to provide, within fourteen days of receiving the letter, specific reasons and details of any concerns he had about the impact of the data breach on his ability to return to Bangladesh.  The letter noted that the applicant had commenced an application for judicial review in this Court arising out of the data breach, which suggested that he believed that he had been adversely affected by the data breach and might have claims which would engage Australia’s protection obligations.  The applicant was advised that if he did not respond within the allocated time then the implications for him arising out of the data breach would be assessed on the basis of the claims he had made in his judicial review application.  He was also advised that if the assessment of his claim resulted in a decision adverse to him and he had no ongoing matters before the courts or the Department, then he would be expected to depart Australia.

3. The applicant responded to that letter on 4 July 2014.

International Treaties Obligations Assessment (“ITOA”)

Notification of ITOA

1. On 1 October 2014 the Department wrote to the applicant advising him that on 30 September 2014 it had commenced an ITOA in relation to him in order to assess whether his circumstances engaged Australia’s non-refoulement obligations.  The applicant was advised that his claims arising out of the data breach would be assessed through that ITOA.  He was advised that in conducting his ITOA the Department would consider his 4 July 2014 response, the information he had provided in his data breach proceeding in this Court and the subsequent appeal to the Federal Court and the information he had provided in protection claims he had made for the purposes of previous assessments.  The applicant was also advised that the ITOA would consider Australia’s non-refoulement obligations under the United Nations Convention relating to the Status of Refugees 1951, amended by the Protocol relating to the Status of Refugees 1967, the Convention against Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment 1984, the International Covenant on Civil and Political Rights 1966 and its Second Optional Protocol, aiming at the abolition of the death penalty 1989 and various provisions of the Act which contained concepts relevant to the non-refoulement obligations.  The applicant was invited to provide within fourteen days any further information which he wanted considered.

Applicant’s responses to notification

1. The applicant responded to the ITOA notification by letter dated 13 October 2014. 

2. On 1 December 2014 the applicant’s then-solicitors wrote to the respondents’ solicitors stating that the 27 June and 11 October 2014 letters were insufficient to discharge the Department’s procedural fairness obligations because they failed to provide information held by the Department necessary to enable the applicant to make meaningful submissions on the data breach and did not identify the nature and content of the “process” by which an assessment of Australia’s non-refoulement obligations towards the applicant would be made or the applicant’s involvement in that process.  The applicant’s then-solicitors sought from the Department a full and unabridged copy of a KPMG report on the data breach entitled “Privacy Breach – Data Management”, all information on the IP addresses which had been used to access the data during the data breach and any other information on which a decision could be made that Australia’s non-refoulement obligations would not be engaged.

Invitation to comment

1. On 23 December 2014 an officer of the Department wrote to the applicant inviting him to comment on certain information the Department was considering in relation to his ITOA.  The applicant was given fourteen days after the date he would be taken to have received the letter to respond. 

2. On 20 January 2015 the applicant’s then-solicitors provided a response noting that the applicant’s requests for further information held by the Department had not been answered.  The applicant’s then-solicitors reiterated the applicant’s claims and submitted that the data breach and the publication on the internet of the Tribunal decision in relation to his protection visa application, individually or cumulatively, increased the risk of him being harmed in Bangladesh because they both disclosed personal information about him which could identify him and his protection claims.  

3. On 12 February 2015 the respondents’ solicitors responded to the applicant’s submissions of 1 December 2014 and 20 January 2015.  They stated that the Minister did not accept that it was necessary, in order to afford the applicant procedural fairness, to provide him with the unabridged KPMG report, information about the IP addresses which had been used to access data during the data breach and all information in the Department’s possession with respect to the impact of the data breach and information in relation to the applicant and the data breach.  Annexed to that letter was a copy of the portions of the Department’s Procedures Advice Manual (“PAM 3”) relevant to ITOAs. 

4. The letter from the respondents’ solicitors also advised the applicant that he was not considered to be available for removal from Australia until his claims had been assessed.  It referred to a departmental policy provided to decision-makers dealing with claims related to the data breach which provides:

   When assessing protection claims in relation to the privacy data breach, case officers are instructed to accept that the claimant’s personal information released on the department’s website may have been accessed by the authorities in the receiving country.  The reason for this approach is that, although the KPMG privacy breach review found that there were relatively few internet users who accessed this document, it is not possible to discount the possibility that the authorities in another country may have accessed this document.  Accordingly, an assessment of protection claims in relation to the privacy data breach should be undertaken on the assumption that this information may have been accessed by the authorities in the receiving country.

5. The parties agreed that the applicant’s ITOA has not concluded.

Evidence

1. Amongst the evidence adduced in this proceeding was the affidavit of Deirdre Marie Russack affirmed on 20 March 2015.  Ms Russack, who is the Director of the Protection Visa Procedures section of the Onshore Protection Branch of the Department, relevantly deposed:

   I know from my experience that Departmental officers who are involved in carrying out ITOAs are officers trained to assess protection visa applications.  They are all trained in the Department’s policy on ITOAs and have access to the written policy on the Department’s LEGEND.com database, which is also publicly accessible.  Annexed to this affidavit and marked “DMR-8” is a copy of the Department’s policy in relation to ITOAs, dated 16 December 2014.  As stated at Parts 7-10 of that policy, officers conducting ITOAs must accord a person procedural fairness.

   As stated at paragraph 7 above, the applicant’s ITOA was commenced on 30 September 2014.  As at 30 September 2014, an earlier version of the Department’s policy in relation to ITOAs was in place.  This earlier version of the policy was available to the public on the Department’s LEGEND.com database.  The re-issued policy on ITOAs, dated 16 December 2014, now applies to the processing of the applicant’s ITOA.

The remitted proceedings

1. The applicant sought the following orders in his second further amended application:

   1.A declaration that:

   a.in requiring the Applicant, by its letter dated 27 June 2014 (the 27 June Letter) to “put in writing any concerns [he] may have regarding the impact of the data breach to [him] personally” within 14 days from the receipt of the letter, without providing the Applicant any information about the “normal process” or the impact of the Data Breach, the Minister and/or the Secretary did not afford the Applicant procedural fairness; and

   b.in requiring the Applicant, by its letter dated 1 October 2014 (the 1 October Letter) to “provide further information which [he] would like to have taken into consideration in this ITOA” within 14 days from the date the Applicant was “taken to have received this letter”, without providing the Applicant any information about the ITOA process or the impact of the Data Breach, the Minister and/or the Secretary did not afford the Applicant procedural fairness.

   2.An injunction restraining the First Respondent (the Minister) and/or the Third Respondent (the Secretary), by himself or by his officers, agents and delegates, from removing the Applicant from Australia under s 198 of the Act until consideration has been given to Australia’s non­ refoulment obligations to the Applicant (under the Refugee Convention, the Convention Against Torture, the International Covenant on Civil and Political Rights and the Act) from:

   a.the release of the Applicant’s personal information in or about February 2014 (the Data Breach); and/or

   b.the publication of the decision record of the Second Respondent (the Tribunal) dated 19 February 2013,

   according to law.

   3.Costs

   4.Such further or other order as the Court thinks fit.

Declarations

1. The applicant sought two declarations.  The first was connected with the 27 June 2014 letter and the applicant’s concern that that letter had not given him information about the impact of the data breach on him or information on what the Department’s normal processes were.  The second was connected with the letter of 1 October 2014.  The applicant’s concern was that that letter failed to give him information about the ITOA process or information about the impact of the data breach. 

2. In relation to the issue common to both letters, the impact of the data breach upon the applicant, it was not for the Department to inquire into whether the data breach had any implications for him.  It was for the applicant to satisfy the relevant decision-maker that it did.  The procedural fairness obligation for which the applicant contended does not exist. 

3. The first declaration sought by the applicant also referred to the Department’s “normal processes”.  In the applicant’s case, the normal process which was going to be undertaken by the Department was the ITOA.  The evidence indicated that ITOAs operate according to the rules of procedural fairness and according to published procedures.  The question therefore was whether the applicant’s ITOA has operated other than in accordance with the rules of procedural fairness and its published procedures, not whether the applicant was aware of those procedures.  The fact that an applicant may not be aware of how ITOAs operate, particularly in circumstances where such information is publicly available, does not amount to a denial of procedural fairness. 

4. In any event, the ITOA has not concluded and since the service of Ms Russack’s affidavit the applicant has been aware of all the information he says he did not know.  It is not too late for him to put further information and arguments before the ITOA.  In those circumstances particularly, I do not find that the applicant has suffered a denial of procedural fairness. 

5. The same considerations apply to the declaration sought in relation to the 1 October 2014 letter but even more so to the extent that a copy of the relevant part of PAM 3 was sent to the applicant’s then-solicitors by the respondents’ solicitors earlier this year.

Injunction

1. The second prayer in the second further amended application sought an order restraining the Minister and the Secretary from removing the applicant from Australia under s.198 of the Act until consideration has been given to Australia’s non-refoulement obligations. However, s.197C of the Act provides:

   197C Australia’s non‑refoulement obligations irrelevant to removal of unlawful non‑citizens under section 198

   (1)For the purposes of section 198, it is irrelevant whether Australia has non‑refoulement obligations in respect of an unlawful non‑citizen.

   (2)An officer’s duty to remove as soon as reasonably practicable an unlawful non‑citizen under section 198 arises irrespective of whether there has been an assessment, according to law, of Australia’s non‑refoulement obligations in respect of the non‑citizen.

   Consequently the relief sought by the applicant is not available. 

2. Further, the relief the applicant sought was based on a hypothetical situation and indeed a hypothetical situation which the evidence indicates will not come about, namely that the Minister or the Secretary will attempt to remove the applicant from Australia before the ITOA process has been concluded.  I am not persuaded that the applicant’s fear of a sudden removal from Australia before the ITOA is finished is a realistic one and so there is no basis to grant the injunction sought.   

3. The applicant also expressed concern that if he were unsuccessful in the ITOA he could be removed from Australia suddenly and without notice.  Again, the evidence did not indicate that such a fear was well-founded.  Pages 150 and 151 of Ms Russack’s affidavit set out pages from PAM 3 which deal with the minimum notice of removal.  Paragraph 84.1 of PAM 3 indicates that in ordinary circumstances notification should occur at least seven days prior to removal:

   to allow the person time to raise concerns about their planned removal.

4. Paragraph 85 of PAM 3 does provide for removal notification of between forty-eight hours and seven days, but that is available in circumstances where it is appropriate to avoid unnecessarily extending time in detention.  Consequently, it is apparent that some good reason must be demonstrated to reduce the notification time to something less than seven days.  Paragraph 86 of PAM 3 provides for removal following less than forty-eight hours’ notification.  However, the manual states:

   Only in exceptional circumstances may removal officers give a removee less than 48 hours’ notice.  Requests for waiver of the 48 hour notification for involuntary removals must include a strong justification for the significantly reduced notification period.

5. It has not been suggested that the applicant has any particular features or characteristics which would render him liable to pre-emptory removal.  I am not persuaded that his fear that he would be so removed is well-founded and thus there is no justification to grant the injunction he sought on that basis. 

Conclusion

1. The applicant has not demonstrated that it is appropriate that the Court make the declarations or grant the injunction which he seeks and the application will be dismissed.

I certify that the preceding twenty-nine (29) paragraphs are a true copy of the reasons for judgment of Judge Cameron

Associate: 

Date:  5 May 2015