25 May 2019 was GDPR’s first birthday. Since its introduction, privacy and data protection issues have continued to dominate public debate and regulators have signalled that large fines for non-compliance are imminent. Now is an opportune time to review your privacy and data protection regimes. We have more regulatory guidance and case law than we
Data subject access requests
Data Subject Access Requests – Stick to What’s Reasonable, Proportionate, and Has the Proper Motive, Says UK Court
In August, the High Court, in Dawson-Damer & Ors v Taylor Wessing [2015] EWHC 2366 (Ch), refused an application to compel a UK law firm (“TW”) to comply with a data subject access request (“DSAR”) under the Data Protection Act 1998 (“DPA”). Applying his findings from an earlier judgment (Elliott v Lloyds TSB (2012)), His Honour Judge Behrens (i) took account of the motive behind the DSAR and (ii) held that any search responsive to a DSAR did not have to go beyond what was reasonable and proportionate.
The court application and the original DSAR were made by Mrs Dawson-Damer (“DD”), the beneficiary of a Bahamian trust who is suing the trustee, the Grampian Trust Company, in the Bahamas in its refusal to make distributions for the benefit of her adopted children (among other things). TW have been Grampian’s English solicitors for 30 years, holding more than 50 historical paper files, as well as more recent computerised ones. A DSAR was made to TW requesting a copy of all personal data held about DD (DSARs were also made for DD’s children). The firm refused, claiming the exemption for legal professional privilege would apply to the majority of documents held, and that it would be disproportionate and unreasonable to expect TW to search through in order to determine what – of 30 years’ of accumulated material – was privileged or not. TW also said that the extent of any legal privilege was a matter of Bahamian law, not English, and that this could only be established in the proceedings brought by DD in the Bahamas.
Continue Reading Data Subject Access Requests – Stick to What’s Reasonable, Proportionate, and Has the Proper Motive, Says UK Court
NGOs may rely on UK’s Journalism Exemption
The UK Information Commissioner’s Officer (the “ICO”), in a letter to Global Witness (in Steinmetz and others v Global Witness) (the “Letter”), stated that non-media organisations may rely on the special-purposes exemption for journalism in s32 of the Data Protection Act 1998 (the “DPA”), to withhold personal data in response to…