Police Law Blog European Decisions Statutory Materials

Disclosure and Data Protection

Police officers who bring employment tribunal claims often seek disclosure of documentation prior to, or shortly after, the issuing their claim, by making a subject access request pursuant to Section 8 of the Data Protection Act 1998 in the hope that they may uncover information which assists their case. Responding to such requests can be difficult and time-consuming. The legislation is complex and, in the digital age, the sheer number of documents, which of course includes electronically held data, can be overwhelming. The question is often asked ‘on what basis can the information be withheld?

One basis for withholding a document is that the document in question is subject to legal professional privilege and the Court of Appeal reaffirmed this exception in its recent judgment in the case of Dawson v Taylor Wessing LLP [2017] EWCA Civ 74. Paragraph 10 of Schedule 7 of the Data Protection Act 1998 provides that ‘personal data are exempt’ from disclosure through a subject access request ‘if the data consist of information in respect of which a claim to legal professional privilege could be maintained in legal proceedings’. The finding on appeal turns on factors which would not be present in a police case (both the fact that those making the subject data request were beneficiaries of a trust of which the defendant solicitors firm had been trustee and the fact that the trust was situated in the Bahamas where rules relating to disclosure are different to those in England and Wales); however, in their judgment the Court of Appeal usefully confirmed that the purpose of the request was irrelevant to the question of whether a document should be disclosed in considering whether the exception applied. The fact that an officer may be using a subject access request as part of the proverbial ‘fishing expedition’ is not grounds for refusing the request”.

The Court of Appeal referred to the earlier, well-known, decision of Durant v Financial Services Authority [2003] EWCA Civ 1746; [2004] FSR 573. In that case, information of which the Claimant had sought disclosure through a subject access request was successfully withheld on the basis that it did not constitute ‘personal data’. As Auld LJ pointed out in that case (para 31), ‘Mr Durant does not get to first base in his claim’ for disclosure of such information for that reason. In passing, he also commented that the purpose of a subject access request is not to assist the requester in obtaining discovery of documents that may assist him in litigation or complaints against third parties’ (para 27). That comment has to read against the narrow definition LJ Auld gave of personal data in that judgment. At paragraph 27, he states that “only information that names or directly refers to” the requester will qualify. The usefulness of that dicta appears to be in doubt following Dawson.

The upshot of the above is that it is permissible to scrutinise subject access requests to consider whether the documents requested do fall within the very narrow definition of personal data as defined in Durant. However, as confirmed in Dawson, there is no broad-brush exception which prevents disclosure based on the purpose of the request. If the data in question does constitute personal data, then one of the exceptions – of which legal professional privilege is one – must be made out. In other recent cases involving the police (which arose in a criminal but not civil context), the exemption for the purpose of detection of crime and the apprehension or prosecution of offenders was unsuccessfully invoked in Koloko v Commissioner of Police of the Metropolis [2015] EWHC 600, QB; [2015] 1 WLR 3702, QBD but successfully invoked in Lin v Commissioner of Police for the Metropolis [2015] EWHC 2484, QB. In Koloko, it was confirmed that the existence of collateral proceedings is not a basis for refusing disclosure. The focus needs to be on the wording of the relevant exemption itself.

Every case turns on its own facts. Each refusal to disclose must be based upon careful scrutiny of the provisions of the Data Protection Act 1998 itself and not on the purpose or motive of the request.