The High Court has allowed an appeal against two decisions of the Full Federal Court relating to the procedural fairness implications for asylum applications following a ‘data breach’. On 10 February 2014, a ‘data breach’ incident occurred, in which the names and personal details of over 9,000 asylum seekers were made publicly available on the Department of Immigration and Border Protection’s website. That breach carried a risk that authorities in the countries from which applicants claim to have fled may become aware of the fact that the applicants sought protection in Australia, which may in turn lead to additional risks of harm if they are returned. Specifically, the respondent asylum seekers, who are facing removal from Australia, contended that the Department’s procedures for assessing the consequences of the data breach in their cases (the ‘International Treaties Obligations Assessments’ or ITOAs: see at [9]) contravened the rules of procedural fairness. The FCAFC ruled in favour of the asylum seekers, holding that the rules of procedural fairness applied to the Department’s procedure for responding to the breach, and that the Department broke those rules by requiring that the appellants make submissions about the impact of the breach without first disclosing to them what the Department knew about the breach: the ITOA process was not adequately explained and the unabridged report into the breach was not procided. The FCAFC also held that s 197C of the Migration Act 1958 (Cth), which purports to prevent a detaining officer from taking into account an applicant’s non-refoulement rights in deciding whether the applicant should be removed from Australia, did not apply to these cases (and in any case would not have prevented the Minister from considering those obligations) (at [36]ff), and that the privative clause provision in s 474(7), purporting to bar the jurisdiction of federal courts in reviewing these decisions, did not prevent a federal court considering the matter or requiring the Minister to consider not removing the applicants (see at [60]ff). Before the High Court, the Minister sought to challenge each of these rulings.
A unanimous Court (French CJ, Kiefel, Bell, Gageler, Keane, Nettle and Gordon JJ) held that the FCAFC was correct in holding that the Federal Circuit Court had jurisdiction to consider the matter, and that the asylum seekers were owed procedural fairness in the processing of their applications, but that the FCAFC erred in holding that procedural fairness was denied in this matter.
On the question of jurisdiction, the Court held that the FCCA’s jurisdiction to hear and determine matters seeking declaratory or injunctive relief on the grounds of procedural unfairness was not excluded by s 476(2)(d) of the Act. Here, while the ITOA was an act preparatory to the making of a substantive decision by the Minister, and was defined as a ‘decision’ under s 474(3)(h), to conclude that this jurisdiction was excluded by s 476(2)(d) would required conflating the meaning of ‘decision’ in s 474(3)(h) with the meaning in s 474(7) regarding a Minister’s decision (at [66]–[67]). The structure of s 474 goes against that conclusion: s 474(3) is a generic definition, while s 474(7) operates to specify statutory decisions of the Minister (see [68]): while s 476(2)(d) means the FCCA could not hear a challenge to the Minister’s personal decision not to exercise or not consider whether to exercise a non-compellable power is affected by jurisdictional error (this could be heard only by the High Court due to s 75(v) of the Constitution: at [71]), the FCCA can hear a challenge to an officer’s preparatory acts, like the holding of an inquiry to inform the Minister prior to the Minister making a substantive decision (see [69]–[71]).
In holding that procedural fairness was required in the ITOA process, the Court reiterated that it is settled that procedural fairness is an implied condition of the exercise of statutory power due to the common law principle that a statute conferring a power that can affect the interest of an individual is presumed to carry a condition that the power is exercised in a way that affords procedural fairness to that individual, unless that presumption is clearly displaced by the statute (at [75]). Because the ITOA process was undertaken by an officer of the Department that was apt to prolong the detention of the respondents, that process has contributed to the length of their detention, and thus requires procedural fairness (see at [76]–[79]).
Finally, the Court held, contrary to the FCAFC, that procedural fairness was properly afforded in this matter due to the operation of several ‘basic principles’. First, that a court reviewing a decision on the ground of jurisdictional error must only declare and enforce the law that determines the limits and governs the exercise of administrative power, and that it holds not jurisdiction ‘simply to cure administrative injustice or error’ (at [81]). Secondly, that procedural fairness requires a procedure that is reasonable in the circumstances to afford a hearing to a person with an interested likely to be affected by the exercise of the statutory power, and that that procedure cannot lead to a ‘practical injustice’ to the person’s opportunity to put forward his or her case (at [82], [83]). While the Data Breach was ‘extraordinary’, ‘regrettable’ and that the Department was ‘responsible for its occurrence’ nonetheless it does not mean that the officer assessing the consequences of the breach for an individual applicant would not be impartial and unprejudiced, or that the Department needed to go beyond the ordinary requirements of providing information to an affected person and reveal ‘all that it knows’ about the breach (at [84]). Nor was the process itself procedurally unfair: the applicants were put on notice of the nature and purpose of the assessment and of the materials relevant to the procedure (see [86]–[88]), and neither the lack of a correct legal mischaracterisation of the ITOA process (at [89]), a number of gaps in knowledge about who may have accessed the data, nor the failure to provide the unabridged report on the breach (at [90]–[92]) amounted to depriving the respondents of an opportunity to be heard.
High Court Judgment | [2016] HCA 29 | 27 July 2016 |
Result | Appeal allowed | |
High Court Documents | SZSSJ and SZTZI |
|
Full Court Hearing | [2016] HCATrans 133 | 7 June 2016 |
Special Leave Hearing | [2016] HCATrans 55 | 11 March 2016 |
Appeal from FCAFC | [2015] FCAFC 125 | 2 September 2015 |
Judgments, FCCA | [2014] FCCA 1271 | 12 May 2015 |
[2014] FCCA 1148 | 28 April 2015 |