Determination of the appeal
21 The appellant's case, as presented, was predicated on an assumption that the "normal processes" described in the 12 March 2014 letter were the same in her circumstances as was the case in the SZSSJ and SZTZI litigation in both the Full Court and the High Court. A similar assumption underlay her reliance on another Full Court decision in SZTXY v Minister for Immigration and Border Protection [2014] FCAFC 142 (SZTXY). As the Minister emphasised, these assumptions are incorrect.
22 In SZSSJ Full Court, when the pro forma 12 March 2014 letter was received, SZSSJ had had his protection visa application refused and he had exhausted all possibilities of merits and judicial review in respect of that decision. The only prospect he had of remaining lawfully in Australia was if the Minister exercised one of his non-compellable powers under ss 48B, 195A or 417 of the Migration Act.
23 In the case of SZTZI, her visitor's visa had expired and she was taken into immigration detention in September 2013. In October 2013 she applied for a protection visa. That application was refused in November 2013 by the Minister's delegate, which decision was then affirmed by the Tribunal in January 2014. Like SZSSJ, SZTZI was in immigration detention at the time of the Data Breach and was subsequently told that an ITOA was being conducted in relation to her case. She was invited to make submissions in that process.
24 I accept the Minister's central submission that, at the time of the Data Breach, the appellant was in a very different and earlier stage in the consideration of any non-refoulement obligation Australia owed to her. In contrast with the position in the other proceedings, there was no evidence that the Minister had commenced considering the exercise of his dispensing powers under any of the non-compellable powers identified above. Significantly, apart from the two letters dated 12 March 2014 and 19 June 2014 which did not in terms refer to those powers, there was no evidence before the primary judge which indicated that the Minister had made "a personal procedural decision" to consider whether or not to exercise any of those dispensing powers (see SZSSJ High Court at [83]). That is to be contrasted with the evidence which supported the finding in SZSSJ Full Court at [75] relating to the commencement of the ITOA process.
25 I accept the Minister's submission that the findings as to the lack of procedural unfairness in SZSSJ High Court were all directed to the ITOA process in circumstances where a factual finding had been made by the Full Court, which was not challenged on appeal, to the effect that consideration of the exercise of those dispensing powers had commenced.
26 It is critical to note that, in the proceeding here, the Data Breach occurred prior to the appellant applying for a protection visa. The processes which then ensued before both the Minister's delegate and the Tribunal provided the appellant with an opportunity to say whatever she wished to say concerning the implications of the Data Breach for her entitlement to protection. Subject to relevant provisions in the Migration Act the statutory processes of considering and determining her application for a protection visa, both by the delegate and on review by the Tribunal, attracted procedural fairness obligations. The appellant did not point to any aspect of those processes which involved procedural unfairness to her. Nor is her case strengthened by her reliance on SZSSJ High Court because of the findings made there concerning the different process which had commenced in respect of the aggrieved persons in those proceedings.
27 The significance of the fact that a person affected by the Data Breach has had an opportunity to make submissions and adduce evidence as to its significance to the particular person through the processes for considering and determining a visa application is highlighted in other decisions of this Court in SZVEY v Minister for Immigration and Border Protection [2015] FCA 394 at [14] per Bennett J and DZAEH v Minister for Immigration and Border Protection [2016] FCA 54 at [31]-[33] per Barker J, both of which support the approach taken by the primary judge here.
28 For completeness, it should also be stated that, given the appellant's circumstances, the only potentially relevant dispensing power in relation to her was that contained in s 195A of the Migration Act. In any event, for the reasons given above, no appealable error has been established in respect of the primary judge's findings on this matter.
29 The appellant's reliance upon SZTXY in support of ground 1 is also misdirected. In upholding that appeal, the Full Court made no reference to any representation made in the same pro forma letter. Rather, the appeal was upheld on the basis that the FCCA had not considered s 198 of the Migration Act because the Minister raised the relevance of that provision for the first time at the appeal level. The decision does not assist the appellant here.
30 Ground 2 of the notice of appeal claims that the primary judge erred in finding that there was no arguable case that the 12 March 2014 letter involved a commitment by the Secretary to initiate a Departmental process to ascertain the effect on the appellant individually of the Data Breach and that this commitment went no further than permitting the appellant to raise those issues in any other process already open to her.
31 There are several reasons why this ground must also be rejected. First, the primary judge did not find that there was no arguable case that the Department would assess the impact of the Data Breach on the appellant as an individual. Rather his Honour found at [25] that there was no arguable case that the Department would "undertake anything more than giving the applicant an opportunity to make submissions about the consequences to her" of the Data Breach (emphasis added). In circumstances where that particular opportunity had been given to the appellant, and which she took advantage of, there was no reasonably arguable case that the appellant had been denied procedural fairness so as to warrant the grant of an interlocutory injunction to prevent her removal.
32 Secondly, as the Minister pointed out, there was no evidence below to support any claim that the Department's "normal processes" as they applied to the appellant involved something other than, for example, the processes associated with the making of a valid application in Australia for a visa, including a protection visa. In the appellant's case, for her to remain lawfully in Australia she had to obtain a visa. It was only after receipt of the 12 March 2014 letter that the appellant applied for a protection visa and, in the context of the process relating to the consideration and determination of that application (together with the subsequent review by the Tribunal under Pt 7 of the Migration Act), the appellant had the opportunity to make submissions and adduce evidence as to the effect of the Data Breach on her claims for protection. The former process is appropriately regarded as a "normal process" of the Department and the appellant availed herself of the opportunity presented by it. She also availed herself of the opportunity to have the Tribunal review the delegate's decision. In the particular circumstances appertaining to the appellant, the primary judge did not err in finding that the appellant's case in this respect was not reasonably arguable. Different considerations could arise in respect of other detainees who were affected by the Data Breach, as is demonstrated by the proceedings relating to SZSSJ and SZTZI and the relevance to them of the ITOA process, which is another "normal process" of the Department for a person in their particular circumstances. It is possible that the particular circumstances of other persons who are affected by the Data Breach may well be different from those here or in those other cases. Accordingly, it will be important to pay close attention to the relevant circumstances in any particular case.
33 For completeness, it might be noted that senior counsel for the respondents acknowledged that there is evidently a factual error in SZSSJ High Court at [3] and [4] where it is suggested that the Data Breach affected only applicants for a protection visa. The Data Breach involved the disclosure of information of 9,258 persons who were in immigration detention, including but not limited to persons who were applicants for protection visas. This point is demonstrated by the appellant's own circumstances because the Data Breach affected her as a person who was in immigration detention even though, at that time, she was not an applicant for a protection visa.
34 On its face, ground 3 of the notice of appeal adds nothing to the earlier two grounds. It is singularly uninformative and nothing was said on the appellant's behalf in either written or oral submissions which gave it meaningful content. It too is rejected.