Appeal No: CA/2022/001011
ON APPEAL FROM THE HIGH COURT OF JUSTICE
KING’S BENCH DIVISION (DIVISIONAL COURT)
Lord Justice Singh and Mr Justice Jeremy Johnson
Royal Courts of Justice, Strand
London WC2A 2LL
Before:
SIR GEOFFREY VOS, MASTER OF THE ROLLS
LORD JUSTICE DINGEMANS
and
LADY JUSTICE ELISABETH LAING
BETWEEN:
THE KING (on the application of the GOOD LAW PROJECT)
Claimant/Appellant
and
(1) THE PRIME MINISTER
(2) THE SECRETARY OF STATE FOR HEALTH AND SOCIAL CARE
(3) THE MINISTER FOR THE CABINET OFFICE
(4) THE SECRETARY OF STATE FOR BUSINESS, ENERGY AND INDUSTRIAL STRATEGY
Defendants/Respondents
Phillippa Kaufmann KC, Joseph Barrett, Rupert Paines, and Raphael Hogarth (instructed by Rook Irwin Sweeney LLP) for the Claimant/Appellant (Good Law Project)
Sir James Eadie KC, Christopher Knight and Ruth Kennedy (instructed by Government Legal Department) for the Defendants/Respondents (the Ministers)
Hearing dates: 8-9 November 2022
……………………………………
JUDGMENT
This judgment was handed down remotely at 10:30am on 1 December 2022 by circulation to the parties or their representatives by e-mail and by release to the National Archives.
………………….
Sir Geoffrey Vos, Master of the Rolls, Lord Justice Dingemans and Lady Justice Elisabeth Laing:
Introduction
This case concerns both the duties owed in relation to public records under the Public Records Act 1958 (the PRA), and certain policies issued by Government departments in relation to the use and preservation of electronic communications. Section 3(1) of the PRA (section 3(1)) establishes a duty on “every person responsible for public records … to make arrangements for the selection of those records which ought to be permanently preserved and for their safe-keeping”.
The Good Law Project directed the court’s attention to 13 guidance notes and policies (the policies) issued (but many of which were not made public) by Government departments and by the Keeper of the National Archives (the Keeper) acting under section 3(2) of the PRA (section 3(2)). It contended that most of those policies (with the exception of what came to be referred to as the Dunn note) lawfully mandated ministers and officials to use neither private emails nor private electronic communications devices and methods in undertaking Government business. It was submitted that there was uncontested evidence before the court that Ministers and officials had violated: (i) the clear injunction in the policies against the use of private emails and communications, and (ii) the policy that if, exceptionally, such communications occurred, public records containing substantive discussions in the course of conducting Government business should be transferred to, and retained on, an official Government system. The Good Law Project sought declaratory relief without specifying the terms of that relief until the second day of the hearing before us. It then made clear that it sought a declaration that eight of the policies (the eight policies) “were enforceable as a matter of public law, in that a public body subject to one or more of those policies [was] required to comply with them absent good reason not to do so”. It also sought specific declarations of unlawfulness as to 27 enumerated breaches of those policies by ministers and officials.
The issues on this appeal are: (i) whether or not the duty under section 3(1) extended to the preservation of records before they are selected, (ii) whether there was a duty to comply with the eight policies as to the use and preservation of electronic communications enforceable against the Ministers by the Good Law Project on an application for judicial review (a duty to comply with the policies), (iii) whether a note dated 23 July 2021 issued to ministers of the Department of Health and Social Care (DHSC) by its second permanent secretary Shona Dunn (the Dunn note), was unlawful, (iv) whether the Good Law Project had standing to bring this claim, and (v) whether any, and if so what, relief should be granted on this appeal.
The Divisional Court ([2022] EWHC 960 (Admin), [2022] 1 WLR 3748) decided, in broad outline, that: (i) the duty under section 3(1) did not extend to making arrangements for the preservation of records before they were selected, (ii) the policies issued as to the use and preservation of electronic communications were not enforceable in law, (iii) the Dunn note, insofar as it can be said to have been specifically dealt with at all by the Divisional Court (and we were told that the Dunn note was not the focus of the submissions below), was not unlawful, (iv) it did not need to decide the question of standing, and (v) it should grant no relief.
The Good Law Project focused its submissions on the second issue arguing that the eight policies were legally enforceable, but it maintained its submission that the duty on “every person responsible for public records” under section 3(1) included a duty to preserve those documents before they were selected and deposited with the National Archives.
The Good Law Project submitted that the policies were prepared in the exercise of public powers, in the public interest and for the benefit of the public (see Lords Sales and Burnett in R (A) v. Secretary of State for the Home Department [2021] UKSC 37, [2021] 1 WLR 3931 (A v. SSHD) at [2]-[3], and Mandalia v. SSHD [2015] UKSC 59, [2015] 1 WLR 4546 (Mandalia) at [29]). A duty to comply with the policies should not be limited to classes of policy that have an impact on individual rights. There was a general public interest in having an effective operating democracy.
The Ministers submitted that none of the policies and guidance relied upon was enforceable in law based on the principles in A v. SSHD at [2]-[3] and [38]-[40]. They supported the six reasons for that conclusion which were given by the Divisional Court, namely that: (i) the policies in question “govern the internal administration of Government departments and [did] not involve the exercise of public power”; they were not, in any sense, about individual cases or the rights of an individual, (ii) the contention that the policies were legally enforceable did not sit easily with the fundamental principle of public law that guidance need not be slavishly followed, (iii) Parliament itself often sets out the extent to which policies and guidance must be taken into account by a public authority, and making such policies legally enforceable would make no sense of such provisions, (iv) there were a raft of other measures which could be taken to provide appropriate accountability (such as an Information Commissioner’s investigation, a complaint to the Parliamentary Commissioner for Administration, internal disciplinary proceedings, and ministerial responsibility to Parliament), (v) the risk that, if such policies were regarded as legally enforceable, public authorities would be deterred from adopting them, and (vi) enforceable policies should be only those that are the epitome of Government policy (see R (Friends of the Earth Ltd) v. Secretary of State for Transport [2020] UKSC 52, [2021] 2 All ER 967 (Friends of the Earth) at [105]-[107]) as is required by the principle of legal certainty.
In addition to the reasons given by the Divisional Court, the Ministers submitted that the policies were not legally enforceable because (a) they concerned the practicalities of Government communications and were attempts to provide guidance in a fast-developing technological area, where different communications methods were adopted and dropped within short timescales; that pointed towards the need for flexibility and made it inappropriate for the policies to be legally binding and for the courts to intervene; (b) if there were a duty to comply with the eight polices, it would mean that the courts would become involved in impermissible micro-management of the executive; and (c) if the statutory guidance given by the Keeper under section 3(2) was not legally enforceable, it was hard to see why guidance or policies as to an earlier stage in the process of record preservation should be.
In relation to the proper construction of the PRA, we have decided as appears below that the specific duty on “every person responsible for public records” under section 3(1) is limited in the way that the Divisional Court held it to be. The duty is only to “make arrangements for the selection of those records which ought to be permanently preserved and for their safe-keeping”, not to make arrangements for the preservation of records before they are selected. That said, however, the Keeper is empowered under section 3(2) to give, and has actually given, important guidance as to the actions to be taken in preparation for the selection process to be undertaken under section 3. Making arrangements “for the selection of those records which ought to be permanently preserved” necessarily involves considering which public records might fall into that category and what should be done in relation to such records in the period leading up to the actual selection process. Section 1 of the PRA makes this clear. When dividing responsibilities, section 1(1) provides that the Secretary of State for the Department of Digital, Culture and Sport (DCMS) shall “supervise the care and preservation of public records”. Section 1(2) provides that the Advisory Council on Public Records (now the Advisory Council on National Records and Archives (ACNRA)) shall “advise the Secretary of State on matters concerning public records in general”. We think that both the National Archives Records Collection Policy (last reviewed in October 2019) (which the Divisional Court regarded as made under section 3(2)), and the Cabinet Office and National Archives Guidance on the Management of Private Office Papers of June 2009 (which the Divisional Court did not regard as made under section 3(2)) are guidance properly issued under section 3(2).
We have decided that there is no duty to comply with the eight policies broadly for the reasons given by the Divisional Court and elaborated upon by the Ministers in their submissions. The Dunn note was not therefore unlawful. In the circumstances, we do not think it necessary to say much about the highly context-specific question of standing as explained by the Supreme Court in AXA General Insurance Limited v. HM Advocate [2011] UKSC 46, [2012] 1 AC 868 (AXA) at [63] and [170]-[171], and Walton v. Scottish Ministers [2012] UKSC 44, [2013] 1 CMLR 28 (Walton) at [92]-[95] and [152]-[153]. We will not be granting any relief, and also wish to make clear that the process followed in this case has been unsatisfactory for a number of reasons (see issue 5 below).
This judgment will proceed by summarising the essential factual background (from the Divisional Court’s judgment), the statutory background, the essential content of the eight policies, the Dunn note, and then dealing with the five issues already mentioned.
Essential factual background
Full details of the relevant background are set out in the judgment of the Divisional Court. This short summary provides context for the legal matters in issue. The Good Law Project was incorporated in 2020 and its objects are defined to include promoting compliance with the law by public and private actors.
The Secretary of State (Secretary of State) for DCMS has responsibility for supervising the care and preservation of public records. The Minister for the Cabinet Office has policy responsibility for the Freedom of Information Act 2000 (the FoIA) and for government records management.
The evidence showed that ministers, special advisors and other civil servants in the Cabinet Office are provided with Government computers, tablets, smart phones and email accounts. Emails are automatically exported to a repository. The computers, phones and tablets come installed with apps. Work generated on these apps is saved to an encrypted repository, save that communications on Google Chat, which is intended for “ephemeral, logistical or social communications” are automatically deleted after 24 hours. Other pre-approved apps can be downloaded from the Government online store. So far as relevant to the appeal this includes WhatsApp. The Cabinet Office’s Departmental Records Officer is responsible for reviewing materials in the repository for possible transfer to departmental archives. Records from the departmental archives are considered for transfer to the National Archives after 15 years.
The evidence showed that staff in the DHSC are supplied with a corporate laptop. Only DHSC approved apps can be used. Staff may also be provided with corporate mobile phones and tablets according to business need. Those devices have access to authorised apps, which do not include WhatsApp. Staff are permitted to download apps which have not been specifically authorised.
The evidence also showed that the then Prime Minster had used a private email account to edit speeches, and after editing would send the speeches to a Government email address so that the changes could be actioned. A former Prime Minister, Secretary of State for Health and Social Care, the Chief Scientific Advisor, the Chief Medical Officer, the Cabinet Secretary, the Director of Communications and the Chief Advisor to the Prime Minister were in a WhatsApp group which exchanged messages around the time of the first national lockdown and the introduction of regulations under the Public Health (Control of Disease) Act 1984. These messages came to light when the Chief Advisor published them in a blog.
The 27 alleged breaches of policy, contended by the Good Law Project to be unlawful, which were listed in the draft order produced in the morning of the second day of the appeal (see paragraph 2 above) included the use of this WhatsApp channel and the failure to preserve these messages on Government systems. Other alleged breaches included the use of WhatsApp on other occasions, the sending of SMS messages and private emails, the use of Signal (an encrypted messaging app), and the failure to preserve the messages. It was apparent from Answers to Requests for Further Information that some of the messages about which complaint was made had not been transferred to Government repositories and had only come to light because of blogs by the former Chief Advisor.
The authorised Cabinet Office instant chat app automatically deletes messages after 24 hours. This is because the messages are intended to be messages for the here and now, such as reporting that the writer will be late for a meeting. It is recognised that conversations starting on instant messaging platforms may need to be retained, and a suggested workaround is taking a screenshot of messages to send to the repository.
On 6 July 2021 the Information Commissioner announced an investigation into the use of private correspondence channels in the DHSC saying “the use of private correspondence channels does not in itself break freedom of information or data protection rules. But my worry is that information in private email accounts or messaging services is forgotten, overlooked, autodeleted or otherwise not available when a freedom of information request is later made”. The Information Commissioner said that this would frustrate the freedom of information process and put at risk the preservation of official records of decision making.
Statutory background
Public Records Act 1958
Section 1 of the PRA provides as follows:
The Secretary of State shall be generally responsible for the execution of this Act and shall supervise the care and preservation of public records.
There shall be an Advisory Council on Public Records to advise the Secretary of State on matters concerning public records in general and, in particular, on those aspects of the work of the Public Record Office which affect members of the public who make use of the facilities provided by the Public Record Office.
The Master of the Rolls shall be chairman of the said Council and the remaining members of the Council shall be appointed by the Secretary of State on such terms as he may specify.
(2A) The matters on which the Advisory Council on Public Records may advise the Secretary of State include matters relating to the application of the Freedom of Information Act 2000 to information contained in public records which are historical records within the meaning of Part VI of that Act.
The Secretary of State shall in every year lay before both Houses of Parliament a report on the work of the Public Record Office, which shall include any report made to him by the Advisory Council on Public Records.
Section 1(1) does not specify “the Secretary of State” in question. The effect of the Transfer of Functions (Information and Public Records) Order 2015 (2015 SI No 1897) and other legislation is that it is the Secretary of State for the DCMS.
Section 2 of the PRA allows the Secretary of State [for the DCMS] to appoint the Keeper to take charge under her direction of the National Archives and its records therein. Section 2 also sets out the Keeper’s statutory powers and duties.
Section 3 of the PRA provides as follows:
It shall be the duty of every person responsible for public records of any description which are not in the Public Record Office or a place of deposit appointed by the Secretary of State under this Act to make arrangements for the selection of those records which ought to be permanently preserved and for their safe-keeping.
Every person shall perform his duties under this section under the guidance of the Keeper of Public Records and the said Keeper shall be responsible for co-ordinating and supervising all action taken under this section. …
Public records selected for permanent preservation under this section shall be transferred not later than 20 years after their creation either to the Public Record Office or to such other place of deposit appointed by the Secretary of State under this Act as the Secretary of State may direct:
Provided that any records may be retained after the said period if, in the opinion of the person who is responsible for them, they are required for administrative purposes or ought to be retained for any other special reason and, where that person is not the Secretary of State, the Secretary of State has been informed of the facts and given his approval. …
Public records which, following the arrangements made in pursuance of this section, have been rejected as not required for permanent preservation shall be destroyed or, subject in the case of records for which some person other than the Secretary of State is responsible, to the approval of the Secretary of State, disposed of in any other way.
Any question as to the person whose duty it is to make arrangements under this section with respect to any class of public records shall be referred to the Secretary of State for his decision …
Section 5(3) of the PRA provides that:
It shall be the duty of [the Keeper] to arrange that reasonable facilities are available to the public for inspecting and obtaining copies of those public records in the Public Record Office which fall to be disclosed in accordance with the Freedom of Information Act 2000.
Section 10(1) provides that “public records” has the meaning in Schedule 1, and “records” includes not only written records but “records conveying information by any other means whatsoever”.
Paragraph 2 of Schedule 1 to the 1958 Act identifies the public records concerned as follows:
Subject to the provisions of this paragraph, administrative and departmental records belonging to Her Majesty, whether in the United Kingdom or elsewhere, in right of Her Majesty’s Government in the United Kingdom and, in particular, – (a) records of, or held in, any department of Her Majesty’s Government in the United Kingdom, or (b) records of any office, commission or other body or establishment whatsoever under Her Majesty’s Government in the United Kingdom, shall be public records. …
Freedom of Information Act 2000
The FoIA makes provision for a general right of access to information held by public authorities on the making of a written request. The detailed provisions of the FoIA did not feature prominently in the arguments before us. A code of practice was, however, issued under section 46 of FoIA on 15 July 2021 to provide guidance on the keeping, management and destruction of public records.
The eight policies
It was common ground between the parties that the eight policies were lawfully made. The relevant powers used by the executive to make the eight policies were different for the respective policies and included: powers contained in sections 3(1) and 3(2), the Royal Prerogative, and common law powers. We will address the eight policies in the order in which they are set out in schedule 1 to the Good Law Project’s draft order.
(1) The first policy is the Cabinet Office and National Archives “National Archives Guidance on the Management of Private Office Papers” dated June 2009. It applies to ministers and Permanent Secretaries and their respective offices. It deals with the handling of records and what records should be created. The guidance applies to “all information which is created in any medium” including instant messages in ministers’ private offices. The Guidance explains which events need to be recorded (at page 4) as follows: “The records that need to be created by the Private Office will largely be concerned with the meetings and telephone conversations relating to official business that take place during the normal course of a Minister’s day. In general records should be created of all meetings/events which take place with Ministers and/or officials present where decisions are taken on departmental or government policy and/or there is follow up action required ...”.
The language of this policy is directory, not mandatory: it uses, for example, the term “in general”. It describes two models which could be used as best practice at page 7 of the policy.
(2) The second policy is the “Security of Government Business” note. This policy was not disclosed in full because it included advice on security matters that were not relevant to this case. Relevant extracts were referred to in a witness statement. It is a note addressed to ministers and was issued after the December 2019 General Election. The Ministerial Code includes a requirement that ministers should ensure that they follow this policy. The material part of the Security of Government Business policy provides: “Your personal IT will not be as secure as Departmental IT. You should not use your personal devices, email and communications applications for Government business at any classification”.
It was apparent that this policy is concerned more with security than with preservation and storage of documents, but because it provided that ministers should not use their own email it became an important part of the Good Law Project’s case. Submissions on behalf of the Ministers highlighted that the policy was advisory, and recommended a course of action with “should not”, rather than requiring a course of action with “must not”.
(3) The third policy was the Cabinet Office “Guidance to Departments on the Use of Private Email” dated June 2013 (Cabinet Office Private Email Guidance). It provides: “This guidance principally deals with emails but it applies equally to other forms of communications and records which deal with departmental business”. At paragraph 7 under the heading “Use of non-Government email systems for Government business”, it says that: “Civil servants and Ministers are generally provided with access to Government email systems. Other forms of electronic communication may be used in the course of conducting Government business. Departments’ security policies will apply when generating and communicating information”.
The Cabinet Office Private Email Guidance therefore appears to contemplate the use of private emails, but makes such use subject to Departmental security policies. The Good Law Project submit that such security policies include the Security of Government Business policy (at (2) above) which gives advice to the effect that private emails should not be used.
(4) The fourth policy is the DHSC “Information Management Policy” dated December 2020. This provides (at pages 22 and 23 of the policy):
You should not use a personal email account for business conducted on behalf of the department. Auto-forwarding of emails is not permitted and is disabled in Open Service. Any exception to this rule is in exceptional circumstances only and requires agreement of the DHSC Information and Security Team. … You are required under the Public Records Act to save emails that are needed to demonstrate decisions, actions and use of resources for the record. Such emails should be placed on the records management system, Information WorkSpace (IWS). … Information WorkSpace and shared drives: The Department’s policy is that material that needs to be retained for the record should be stored in IWS, if the format of the material is able to be placed there…
It was common ground that this policy applied to ministers at the DHSC.
(5) The fifth policy is another DHSC policy. This is the “Department of Health and Social Care Acceptable Use of ICT Policy” dated October 2020. It provides: “behaviours expected by and required of users”. The policy noted that breaching the guidance “may result in disciplinary action being taken against the individual concerned”. The policy provides: “Using enabled DHSC mobile devices, staff will be able to download applications from the Apple store to the DHSC mobile device for their use on the device itself. Although the download of apps will be at the discretion of the user …”.
Staff are directed not to download certain materials nor to circumvent management or security controls. Users are told:
Only use systems, applications, software and devices which are approved, procured and with configuration managed by DHSC when undertaking official business (including work-related email), and apply DHSC standards and guidance in their use.
Only use approved DHSC devices connected to DHSC network(s) when undertaking official business. …
Ensure no official information is stored on devices without DHSC security controls.
(6) The sixth policy is the Cabinet Office “Information and Records Management Policy” dated February 2021. This provides at page 8 that:
Approved Records Repositories Information and records will only be stored in approved repositories in accordance with Departmental Security policies and held in appropriate formats and systems based on their security classification. … Non authorised repositories must not be used including personal email, and the DRO must be consulted at an early stage of any technology change that will have an impact on information and records. [The underlining is in the original.]
This policy contains a standards framework, which includes requirements that no official work should be stored only in a personal drive, laptop or in an email account. An effect of the policy is to make clear that policy work should not be left in email accounts.
(7) The seventh policy is the “WhatsApp on No 10 Phones” policy dated March 2021. This provides that:
You may now use WhatsApp on your No10 phone, with some limitations. This is to enable more effective and agile working and to minimise the need to use personal phones for work purposes. …
On our No10 phones WhatsApp can be used for things like: - Confirming who is in the office - Confirm a time for a meeting - Confirm receipt of a document …
WhatsApp chat should NOT:- Include any discussion about detailed policy or policy development - Confirm the PMs location, dates, route or future travel plans. If you find a chat is unexpectedly developing into a more sensitive conversation, you should move the chat onto the No10 IT system and continue it there …
Staff are required to save a record of any conversations that should form part of the OFFICIAL record or otherwise may give rise to any FOI, Public Records Act or similar data protection legislation requirements such as GDPR …
The policy makes it clear that WhatsApp is not intended for discussion about detailed policy or policy development. It recognises that such chat might develop, in which case it should continue on a secure system and staff are required to save a record of any conversations that should form part of the official record.
(8) The eighth policy is the Cabinet Office “Information and Records Retention and Destruction Policy” dated February 2021. This policy was issued by the Cabinet Office at the same time at the sixth policy. It provides at paragraph 1.1 that: “Under the Public Records Act 1958, we are required to capture, identify and permanently preserve any information, which demonstrates accountability”. It was common ground between the parties that this was not an accurate statement of the effect of the PRA.
This policy makes the following provision in respect of instant messaging:
Instant Messaging is provided to all staff and should be used in preference to email for routine communications where there is no need to retain a record of the communication. Instant messages history in individual and group chats must be switched off and should not be retained once a session is finished. If the content of an instant message is required for the record or as an audit trail, a note for the record should be created and the message content saved in that. For example, written up in an email or in a document created in a word processor which is itself saved into the relevant drive. Contents of instant messaging are subject to FOI and Data Protection searches and the Public Records Act.
Mention was also made at the hearing before us of the National Archives Records Collection policy originally produced in 2012 and last reviewed in 2019, but this did not feature on the schedule of policies which the Good Law Project sought to have declared as enforceable in law. This policy was set out in the judgment of the Divisional Court and identified records that the National Archives sought to collect and preserve. Another policy which had been referred to below was the Code of Practice issued under section 46 of FoIA referred to at [27] above. It states that compliance with its terms provides authorities with a high level of confidence that they can comply with the requirements of FoIA.
It is relevant to refer to some of the features of these eight policies. First these policies are directed to ministers and civil servants. Secondly, although the Good Law Project referred to the eight policies as policies, it was apparent that some of the policies were expressed to be “guidance” and other policies might more reasonably have been described as “arrangements” within the meaning of section 3(1). Thirdly the policies have developed at different times and have attempted to deal with new media, as appears from the references to Signal and WhatsApp. Some of the policies have a more limited application, for example the DHSC policies apply only to the DHSC.
Finally it is not possible to read the eight policies as a coherent whole. For example, the issue of whether ministers can use private emails appears to have different answers depending on the policy which is read. The Security of Government Business policy at (2) provides that ministers should not use private emails. Other policies however expressly contemplate the use of private emails, for example the Cabinet Office Private Email guidance at (3) above, albeit with a reference to the fact that Departments’ security policies would apply when generating and communicating information. If this is intended to be a reference to the Security of Government Business policy, this suggests that either the direction not to use private emails in the Security of Government Business Policy is advisory only, as was contended on behalf of the Ministers, or that the policies are internally inconsistent. We make the last observation because if there were a strict prohibition on the use of private emails, there would be no need to say anything more than they must not be used. The Good Law Project’s draft order seeks a declaration that all of the eight policies are enforceable, but does not confront these apparent inconsistencies.
The Dunn Note
The Dunn note was issued by the DHSC’s Second Permanent Secretary to ministers at the DHSC. It provided guidance on the use of private devices and email accounts. The Dunn note recorded that departmental guidance was that official systems should be used for communicating classified information. It went on to report the part of the Cabinet Office Private Email Guidance which provided that “other forms of electronic communications may be used in the course of conducting Government business”.
The Dunn note referred at paragraph 11 to the Security of Government Business policy to the effect that private email should not be used, but stated “Cabinet Office ministers have been clear in Parliament in recent weeks that the Government position is as outlined in the published guidance from 2013” which was a reference to the Cabinet Office Private Email Guidance.
Issue 1: Was the Divisional Court right that there is no duty under section 3(1) to preserve public records prior to selection?
The duty under section 3(1) is to make arrangements for the selection of those records which ought to be permanently preserved and for their safe-keeping. The duty is only to “make arrangements for the selection of those records which ought to be permanently preserved and for their safe-keeping”, not to make arrangements for the preservation of records before they are selected. In our judgment Parliament did not impose any general duty in section 3(1) to retain public records, and Parliament did not specify that any records were to be retained pending their selection.
We do not accept that the absence of any such implied duty to retain public documents undermines the scheme of the PRA. One of the difficulties with finding an implied duty to retain records pending their selection is that the implied duty would have to apply to all records, which would overwhelm the Departments of State and the National Archives. If, however, the implied duty did not apply to all records, it is not possible to discern a principled basis from the PRA for limiting the implied duty to only some classes of the documents.
As it is, the scheme of the PRA is to establish at a high level the duty to make arrangements for the selection and then preservation of records, and to provide a central role for the Keeper, and for the respective departments, to make arrangements for that selection and preservation of records. There is a large measure of discretion provided to those making the arrangements. The measure of discretion provided to those making the arrangements has meant that arrangements can be made to deal with the substantial changes to ways of working and communicating that have taken place in recent years. If practices develop which would undermine the scheme of the Act, the Keeper is empowered to give guidance to ensure that those practices cease.
As we have already said, the Keeper has given guidance as to the way in which preparation for the selection process is to be undertaken. Both the Cabinet Office and National Archives Guidance on the Management of Private Office Papers and the National Archives Records Collection Policy constituted guidance issued under section 3(2). In making arrangements for the selection of those records which ought to be permanently preserved, there will necessarily be consideration of which public records might fall into that category and what should be done in relation to such records in the period leading up to the actual selection process. As we have also said, this is made clear by section 1, which imposes an obligation on the Secretary of State for the DCMS to supervise the care and preservation of public records, and provides for the ACNRA to advise her on matters concerning public records in general.
Accordingly, we conclude that the Divisional Court was right to say that there is no duty under section 3(1) to preserve public records prior to selection.
Issue 2: Was the Divisional Court right to decide there was not an enforceable duty in public law to comply with the eight policies?
A duty to comply with policies has been described in terms that the executive should comply with its policies unless there was good reason not to do so: see R (WL(Congo)) v. Secretary of State for the Home Department [2011] UKSC 12, [2012] 1 AC 245, and Mandalia at [29]-[31]. It was, however, also common ground at the conclusion of the hearing that not every failure by the executive without good cause to comply with every policy made by the executive would be unlawful. This is because some policies, especially internal administrative policies, will be relevant only to the executive. The question in this case, which the Divisional Court identified, is whether there is a duty to comply with the eight policies.
Government policies take many forms and are made in many different contexts. They can range from setting out the way in which decision-makers exercise discretionary powers which affect the public, or a section of the public, or individuals, under the Immigration Acts and Immigration Rules (see Mandalia) to setting out when radiators in a building should be switched on. As was noted in A v. SSHD at [3], “policies are different from law. They do not create legal rights as such”. The fact that the executive cannot create laws by making policies is based on sound constitutional reasons relating to the separation of powers. It is for the legislature, and for neither the executive nor the judiciary, to make the law. The legislature sometimes grants the executive the power to make secondary legislation (subject to Parliamentary approval), and it is the function of the judiciary to interpret primary and secondary legislation in deciding cases that are brought before the courts.
The Good Law Project submits that there is a duty to comply with policies “formulated in the exercise of public power”. It was accepted that although this test might be wide, the courts had means of exercising restraint through devices such as standing, the grant of permission, and the exercise of discretion as to remedies. The Divisional Court rejected at [103]-[108] the wide submission made by the Ministers below, that Lord Diplock’s speech about what qualifies as a subject for judicial review in Council of Civil Service Unions v. Minister for the Civil Service [1985] AC 374 at 408 should be regarded as definitive in modern public law. Lord Diplock had said that a decision must have “consequences which affect some person (or body of persons) other than the decision-maker, although it may affect him too” by altering rights or obligations of another enforceable by or against him in private law or by depriving him of some benefit or assurance.
We agree with the Divisional Court that Lord Diplock’s description has been overtaken by later case law. Nevertheless, the fact that the policy directly affects the public will be a relevant factor to consider when deciding whether there was a duty to comply with the policy. Mandalia was an unusual case. The appellant in that case wished to take the benefit of an instruction to caseworkers which had not been published. Lord Wilson recognised that, on those facts, the doctrine of legitimate expectation could not give the instruction legal effect. Instead, he relied on a reference by Laws LJ in R (Nadarajah) v. Secretary of State for the Home Department [2005] EWCA Civ 1363 to a broad requirement of good administration “by which public bodies ought to deal straightforwardly and consistently with the public”. This formulation suggests that some form of dealing with the public might be expected to engage the duty of compliance.
We do not find that there is a duty to comply with the eight policies. As noted at [10] above, we agree broadly with the reasons given by the Divisional Court. These are policies to “govern the internal administration of Government departments and do not involve the exercise of public power”, and are not about individual cases or the rights of an individual. They are directed to ministers and civil servants, and not to the public. Indeed, one of the policies warns that individuals might be subject to disciplinary action in the event of a failure to follow it, which is a different kind of enforcement based on a contract of employment.
The proposition that the policies were enforceable by the Good Law Project on an application for judicial review does not sit easily with the fundamental principle of public law that guidance need not be slavishly followed. It is apparent that the eight policies were formulated at different times and cannot be read as a coherent whole. Any attempt to follow all these policies would lead to difficulty. This explains why further guidance has been provided, for example in the Dunn note. It is for the executive to decide whether a greater degree of consistency between the policies would be helpful, and it is not the constitutional role of the courts to attempt to micro-manage how the executive conducts its affairs in the selection and preservation of documents, or in the use of communications technology by ministers and officials.
Parliament often sets out the extent to which policies and guidance must be taken into account by a public authority. To conclude that there is a duty to comply with the eight policies would be incongruous in the absence of any such provisions in the PRA or in other legislation. As we have already noted, the relevant powers in the PRA provide considerable discretion as to how the arrangements are to be made. Those statutory provisions do not impose any duties to comply with the guidance once produced. This is not, therefore, a promising background against which to find that the Good Law Project can enforce these policies against the Ministers on an application for judicial review. The Good Law Project’s argument seeks to derive from internal policies absolute duties not to use certain methods of communication and to preserve communications, which are not duties Parliament has imposed in the PRA or elsewhere.
There is a series of other measures which could be taken to provide appropriate accountability in this context, such as an Information Commissioner’s investigation, a complaint to the Parliamentary Commissioner for Administration, internal disciplinary proceedings, and ministerial responsibility to Parliament.
It is important to record that some policies may be reviewed by the courts in a variety of different circumstances. These include situations where courts: (1) determine whether parts of certain policies have been lawfully made by the executive, see R (DSD) v. Parole Board [2018] EWHC 694 (Admin), [2019] QB 285 at [197]-[200]; (2) interpret the true meaning of the policy (see R (SK (Zimbabwe)) v. Secretary of State for the Home Department [2011] UKSC 23, [2011] 1 WLR 1299 at [36]; (3) determine whether policies have misstated the law which would lead others into legal error which might lead to their quashing (see A v. SSHD at [46]) - it was not suggested that the misstatement of the effect of the PRA in the eighth policy about Information and Records Retention and Destruction (see [43] above) meant that the policy should be challenged on these grounds in this case; (4) determine whether a decision-maker has taken a policy into account as a material consideration (see A v. SSHD at [34]); and (5) take account of policies in employment proceedings (see generally R (FDA) v. Prime Minister [2021] EWHC 3279 (Admin), [2022] 4 WLR 5).
There is, in our view, a real risk that, if policies such as the policies in issue in this appeal were regarded as legally enforceable, public authorities would be deterred from adopting them, notwithstanding the benefits that they can help to bring in terms of consistency, absence of arbitrariness and equal treatment. This risk is specifically identified in A v. SSHD.
In our view, the types of policy that are likely to attract a duty to comply are those that are the epitome of Government policy, as appears from Friends of the Earth at [105]-[107]. As noted above, some of the policies were expressed to be “guidance” and others might reasonably have been described as “arrangements” within the meaning of section 3(1). This strongly suggests that the eight policies, taken on their own or as a whole, are not the sort of policies which are or should be subject to a duty to comply enforceable by way of a claim for judicial review.
In our judgment, wherever the line is to be drawn, there was not an enforceable duty in public law to comply with the eight policies.
Issue 3: Was the Dunn note unlawful?
The Good Law Project submits that the Dunn note was irrational in that its terms were inconsistent with other policies that remained in force, and it created an obvious and serious risk to security in relation to matters of great sensitivity. The Ministers submit that the Dunn note was an attempt to provide guidance to ministers about the use of IT when conducting Government business. It attempted to reconcile conflicting guidance set out in other documents and provide clarity to ministers. It was an internal facing document.
In our judgment the decision to issue the Dunn note was not irrational. The note dealt with the inconsistency with the Security of Government Business policy and referred to statements by ministers in Parliament as to the application of the Cabinet Office Private Email Guidance. Issues of security in matters of great sensitivity are, particularly where the rights of an individual are not involved, very much for the executive to address. The decision to issue the Dunn note to attempt to address the security issues and to reconcile apparently inconsistent guidance was therefore lawful.
Issue 4: Does the Good Law Project have standing to bring the claim?
It was common ground that the law as to standing was set out in the judgments of the Supreme Court in AXA and Walton. The application of these general principles to individual organisations and cases is fact-sensitive. In circumstances where the application for judicial review has not succeeded on appeal, it is not necessary to say anything further on this issue.
Issue 5: Should any, and if so what, relief be granted on this appeal?
In the light of our conclusions, both the appeal and the Good Law Project’s claim for judicial review should be dismissed. We should, however, record that when permission to apply for judicial review was granted the Good Law Project had made a serious allegation (based on claims from the former Chief Advisor) that fake meeting records and notes were being made. Such conduct, if proved, would have been unlawful on a number of different public law grounds. The conduct was not, however, proved and the allegation was dropped without clear notice to the Ministers or to the court, as appears from [15]–[18] of the judgment of the Divisional Court.
Thereafter the focus of the claim shifted to the breach of the eight policies. It was not, however, clear, at least until the draft order was produced on the second day of the appeal, exactly what relief was being sought. It is true that the particulars of the policies and the evidence suggesting breaches of the policies were not available at the time that the claim form and statement of facts and grounds were prepared. It is, however, also right to note that the policies and the evidence about breaches were disclosed by the Ministers and became known during the proceedings. The Good Law Project amended its statement of facts and grounds accordingly. But the claim for relief remained unparticularised in the amended Statement of Facts and Grounds. The fact that a claimant is unable or unwilling to particularise the relief that they seek, may be an indication that the claim should not be pursued.
Conclusions
For the detailed reasons set out above: (1) we find that there is no implied duty to retain records under the PRA; (2) there is no duty on the Ministers to comply with the eight policies which is enforceable by the Good Law Project by way of proceedings for judicial review; (3) the Dunn note was lawful; (4) it is not necessary to address the issue of standing; and (5) we dismiss the appeal and the claim for judicial review.