SZWAJ v Minister for Immigration

FEDERAL CIRCUIT COURT OF AUSTRALIA

REPRESENTATION

ORDERS

1. The application for an interlocutory injunction is dismissed.

2. The applicant pay the respondents costs.

3. To the extent necessary, leave is granted to appeal from these orders.

SYG 163 of 2015

Applicant

And

First Respondent

Second Respondent

REASONS FOR JUDGMENT

(revised from transcript)

1. Before the Court is an application for an interlocutory injunction to restrain the first respondent from removing the applicant from Australia pursuant to a power conferred under section 198 of the Migration Act 1958 (Cth)(Act). 

2. It is not controversial that in applications of this type the onus is on the applicant to establish that the applicant has a reasonably arguable case or a prima facie case.  If the applicant is successful in persuading a court that he or she has a reasonably arguable case, then the Court considers whether the balance of convenience favours the granting or the not granting of an injunction. 

3. In the application that is before me, the only real issue is whether there is a reasonably arguable case because, if no injunction is granted, the practical effect will be for the applicant to lose the right to relief which she claims.  Before I turn to what the claim for relief is, I will set out very briefly the facts.

4. It appears that, at least in January 2014, the applicant, who is a national of India, was in detention. In that month, a routine report released on the website of the Department of Immigration and Border Protection (Department) unintentionally enabled access to some personal information about people who were in immigration detention on 31 January 2014.  This information was accessible online for a short period of time before the report was removed from the Department’s website.  The information was not visible as part of the report and was not easily accessible.  However, the information that it was possible to access was the names, date of birth, nationality, gender and details about persons who were in detention.  It is not in issue that data concerning the applicant before me of this sort was unintentionally released on 31 January 2014. 

5. By letter dated 12 March 2014 the Department informed the applicant of the release of personal information, which included information concerning the applicant, explaining what had occurred and the type of information that had been unintentionally made available. The letter contained the following statement, which is of some importance to the matters that I have to deal with today:

   The department will assess any implications for you personally as part of its normal processes.  You may also raise any concerns you have during those processes.

6. By letter dated 19 June 2014 the Department reminded the applicant that in March 2014 she had been notified that she had been affected by a routine report released on the Department’s website.  The letter stated as follows:

   Currently you do not hold a permanent visa to remain in Australia and may be liable for removal.  If you have concerns regarding the impact of the data breach in your case, then you are invited to put those concerns to the department in writing.  If you have any concerns about the impact of the data breach on your ability to return to your home country or country of usual residence, you should give specific reasons as to why you cannot return.  Please provide this information to the department, in writing, 14 days from the receipt of this letter ... If you have any questions about this process then please speak to your case manager.

7. The applicant responded by email sent by a migration agent. That email was sent on 27 June 2014. The migration agent stated that he was writing in response to the Department’s letter dated 19 June 2014 relating to the unauthorised access of personal information that was released on the Department’s website. The agent said he wished to bring to the Department’s attention the Privacy Act 1988, which he described as the key law designed to protect rights and prevent the misuse of personal information collected by government agencies.

8. The agent submitted that there clearly had been a breach of privacy, and it was a very serious breach having regard to the details to which access had been granted, namely, the applicant’s date of birth, nationality, gender, and details as to why she was detained and where.  The migration agent then stated as follows:

   I confirm that we have many concerns about the impact of the breach on the ability for the Applicant to return to her home country.  During the time that personal and private information was made public on the Department’s website, this gave the public access and could really have a negative impact on the client if people from the Indian Government accessed this information. Especially when we have submitted a 866 Protection Visa Application for the client who is fearful she will be persecuted in India by her family, community and religious elders. I confirm that the Applicant has been shunned and casted out by everyone in her community, who have threatened to punish and even kill her.  I confirm that my client is viewed as a traitor to the Sikh adherents [sic] and her community.  I submit that the breach of her private information puts the client at further risk to the Indian authorities, to which people of her village belong and have connections with. 

   I kindly submit that the Applicant cannot return to India and there is an imminent threat that she may be persecuted and exposed to severe bodily harm if she is to return to India.  I kindly request that you take all of the above into consideration.

9. Although in that email the migration agent referred to an application for a protection visa having been filed, the applicant did not make an application for a protection visa until 1 July 2014.  That application was, of course, initially addressed by a delegate of the first respondent, who made a decision on 11 August 2014.  The effect of the decision was to reject the applicant’s claim for a protection visa.

10. At page 4 of the delegate’s decision under the heading “Submission made by migration agent in relation to data breach”, the following is recorded:

    The applicant’s migration agent submits that the applicant’s bio data details, reason for detention and place where she is being detained were made available on the Internet. It is submitted that the Department did not take all the necessary measures to protect the applicant’s information and has failed to satisfy the Privacy Act.

    Concerns about the impact of the data breach remain regarding her ability to return to India. During the time the data was available on the Internet, it gave the public access and could have a negative impact on the applicant if people from the Indian government accessed this information, particularly as a Protection visa application has been lodged.  The applicant fears persecutory harm from her family, community and religious elders for being a traitor to the Sikh religion.  The data breach makes the applicant vulnerable as people in her village have connections to the Indian government.

11. The applicant then applied to the second respondent, the Refugee Review Tribunal (Tribunal), for a review of the delegate’s decision.  The Tribunal on 17 October 2014 affirmed the delegate’s decision.  The reasons for decision of the Tribunal deal with the applicant’s claim concerning the data breach.  It deals with it in that part of its reasons commencing at paragraph 36.  At paragraph 36, the Tribunal notes that it accepts that information may have been available online and publicly available for a short period of time regarding the applicant’s name, date of birth, nationality, gender, details about her detention, such as when she was detained, the reason and where, and if she had family members in detention.

12. The Tribunal found that this information may have been downloaded in India.  At paragraph 37 the Tribunal noted that the applicant’s agent made submissions by way of email to the Department to the effect that the applicant would be adversely affected.  Although not stated, it seems clear that the reference there to an email from the applicant’s migration agent is a reference to the email to which I refer above, being the email sent on 27 June 2014.

13. At paragraph 38 the Tribunal noted that the applicant herself did not maintain this claim, and the Tribunal found that this was a claim the applicant made up in her protection visa application form.  The Tribunal therefore concluded that it did not accept that the applicant faces any harm due to the data breach for these reasons. 

14. At paragraph 40 the Tribunal notes that it was concerned about the applicant’s claims that the data breach may affect her if she returns to India and gave the reasons for its concerns, and it stated a number of them. First, the Tribunal noted that, despite being given numerous opportunities to tell the Tribunal what she feared if she returns to India, the applicant did not mention this claim.  She only raised the matter after a break.  The Tribunal noted that, if the applicant had a genuine fear of harm because of the data breach, she would have told the Tribunal when asked. 

15. The Tribunal then noted that, after the applicant had raised the issue, the Tribunal discussed with the applicant why she thought the data breach would cause her problems. According to the reasons for decision, the applicant stated that, if she wants to apply to live anywhere else, she can not do it.  She now cannot apply to go to 25 countries.  The Tribunal noted that it was not satisfied that the applicant would be unable to apply to travel to another country because of the data breach, and, in any event, it found that it did not consider that it amounted to serious harm if it were the case. 

16. The Tribunal also records that the applicant said that people in India may look at her in a different way because she has been in detention. She said that that would be so because everyone had access to the internet in India and so someone may know this information.  The Tribunal dealt with that by saying that that was speculative, but nevertheless asked what the applicant thought would happen if people knew.  She said that people will deal with her in a bad way because she has been in detention.  And when she was asked who would deal with her in a bad way[1], she did not provide a response.  The Tribunal also noted that, when the Tribunal suggested that her evidence did not indicate that she would suffer serious harm or significant harm as a result of the data breach, she said she understands and she did not want to say anything further.

    [1] When delivering oral reasons, I incorrectly said that the Tribunal asked “why that would be so” instead of  “who would deal with her in a bad way” which I have substituted in these reasons.

17. At paragraph 41, the Tribunal concluded as follows:

    The Tribunal is not satisfied that the information which may have been accessed in India (or elsewhere) would lead to the applicant suffering serious or significant harm.  The Tribunal is not satisfied on the evidence before it that there is a real chance of serious harm, or a real risk of significant harm to the applicant arising out of the data breach and possible awareness in India (or Canada) that she was in immigration detention in Australia. 

18. There is no issue that the applicant has not applied to this court for judicial review of the Tribunal’s decision, and that the time for her making that application has expired, subject to her obtaining an order extending the time for making such application. 

19. I now turn to what is submitted is the case that arises on these facts.  The central element of the case is said to be that passage from the letter dated 12 March 2014, which I have earlier set out and which I will repeat again:

    The department will assess any implications for you personally as part of its normal processes.  You may also raise any concerns you have during those processes.

20. It is submitted that that statement in the letter was a representation to the effect that the Department would consider the consequences of the data breach insofar as the applicant is concerned. It is submitted that that representation has not been honoured or put into effect and that, until such time as it is put into effect and completed, section 198(5) of the Act cannot be engaged because, until such time as that process is completed, it cannot be said that it would be reasonably practicable to have the applicant, as an unlawful non-citizen who is in detention, removed pursuant to that section.

21. The Minister’s answer to that case is that, to the extent that the letter dated 12 March 2014 did make a representation, it was a representation to the effect that the Department would do what it would normally do to persons in the position of the applicant.  The relevant process, as events turned out, in relation to this applicant was to deal with the applicant’s application for a protection visa in which she included as part of her claim the consequences which she claims would flow to her by reason of the release of her personal information.

22. The Minister submits that this process has been fulfilled both in terms of a delegate dealing with the application for a protection visa and also by the Tribunal reviewing the delegate’s decision and, in the course of that review, considering the applicant’s claims dealing with the unauthorised release of her personal data.  The applicant’s reply to the Minister’s answer is that the process that the applicant underwent when lodging and pursuing her application for a protection visa was different to the process that the Department represented it would undertake.

23. A number of questions arise from the statement of the competing positions.  The first question is whether there is a reasonably arguable case that the Department made a representation.  In my opinion, there is no question that there is a reasonably arguable case that some sort of representation was made. 

24. The second question is what sort of representation.  And it is here, I think, that there is some difficulty for the applicant.  I do not understand the submission to be that what was represented by the Department was that it would undertake in relation to this applicant what is defined under a Departmental policy as an International Treaties Obligations Assessment (ITOA). At one point, the submission was made it was simply not clear precisely what process the Department had in mind that might be the subject of further inquiry at a trial. 

25. In my opinion, there is no arguable case that the Department would undertake anything more than giving the applicant an opportunity to make submissions about the consequences to her of the unauthorised release of her personal information. 

26. If that is the case, there is no reasonably arguable case that the Department did not afford the applicant an opportunity to deal with what she claimed to be the adverse consequences of the unauthorised data release, and that the applicant took advantage of the opportunity offered to her first by raising the matters that were of concern to her through her migration agent in the email to which I have referred earlier, but, more importantly, by her being given an opportunity and her taking that opportunity, albeit apparently somewhat reluctantly, before the Tribunal. 

27. I am also satisfied that there’s no reasonably arguable case that the applicant’s concerns were not properly assessed by reference to the criteria that one would expect complaints of this sort to be dealt with. 

28. So, in those circumstances, my overall conclusion is that there is no reasonably arguable case for the relief that is sought in this application for an interlocutory injunction, and, in those circumstances, I propose to dismiss it.

I certify that the preceding twenty-eight (28) paragraphs are a true copy of the reasons for judgment of Judge Manousaridis

Associate: 

Date:  28 January 2015