The judgment is already publicly available - see:
http://www.courtservice.gov.uk/judgmentsfiles/j2136/durant-v-fsa.htm
Durant (as will R v Lord - which is equally important) will form a part
of our DATA PROTECTION UPDATE sessions in Manchester, Glasgow and London
in January (if you want details, please reply).
Below is MY analysis so far.
DURANT DECISION NARROWS SCOPE OF DATA PROTECTION IN UK
After more than four months of deliberation the Court of Appeal on 8th
December issued a decision in the case of Durant -v- Financial Services
Authority ([2003] EWCA Civ 1746). The key results of the verdict are:
* a narrow construction of the definition of personal data which
will also applies to automatically processed personal data,
* a narrow construction of the definition of relevant filing
system in which "specific information" is only regarded as "readily
accessible" within the meaning of the Act in circumstances where the
indexing system permits the controller to know in advance whether
particular material will be found in a particular place in a file;
* a wide discretion of the Court as to whether to order access to
personal data covered by the Act.
Mr Durant originally exercised his right under section 7 of the 1998 Act
by making a request to the Financial Services Authority (FSA) for access
to information concerning the FSA's investigation into his complaint
about Barclays Bank - his "personal data", as he claimed. Although he
received some personal data under the Act, the FSA withheld information
in manual files on the grounds that the information was not "personal
data" even though some of this information could be accessed by the FSA
with ease and was held n a file under his name.
In the Edmonton County Court on 20 October 2002, Mr Durant failed to
obtain an order requiring the FSA to produce these personal details. The
Court concluded that the personal information held by the FSA was not in
the correct structure as required by the definitions found in the Data
Protection Act. It was the appeal against this decision which was heard
at the Court of Appeal in the summer of 2003.
The Court of Appeal first of all considered what the Act meant by
"personal data", and decided that a narrow construction of the words
"relates to" was to be preferred to a wide one in order to set a limit
on the burden that the Act would otherwise impose on "data controllers"
- those who have to give effect to an individual's right to access
personal data processed by them. It achieved this by taking a restricted
view of what the Act means by "data which relate" to an individual (the
data subject to use the jargon of the Act).
To be personal data, the Court of Appeal determined that the data must
"focus" on the data subject or "be information which affects his
privacy" (para 28). This was illustrated by Lord Justice Buxton who
declared that "Mr Durant's letter of complaint to the FSA and the FSA's
investigation of that complaint did not relate to Mr Durant but to his
complaint" (para 80). It followed that the FSA's investigation into Mr
Durant's complaint could not be personal data concerning Mr Durant (even
if these data were automatically processed) as "The 1998 Act would only
be engaged if, in the course of investigating this complaint, the FSA
expressed an opinion about Mr. Durant personally, as opposed to an
opinion about his complaint" (para 80).
The Court then decided to consider the definition of "data", and in
particular the meaning of "relevant filing system" which relates to
non-computerised information. The court determined that this only covers
very sophisticated filing systems containing highly structured files
which are similarly organised to computer-held information
The outcome is that to be subject to the Data Protection Act, manual
files containing personal data require a level of sophisticated file
structuring, searchability and indexing. One wonders whether many manual
information systems has this level of functionality. To make this clear,
the Court determined that the ability of an organisation and its staff
"to readily identify and locate whole files, even those organised
chronologically and/or by reference to his and other names is not
enough" (para 53) to be subject to the Act.
The Court also endorsed the wide view of the discretion under section
7(9) claimed by the judge in Edmonton's lower court - to the effect that
even if a data subject does establish that a data controller is
withholding information which counts as his personal data, a court is
not obliged to order the data controller to give it to him.
In the case of the Edmonton Court, the judge stated that as he did not
think Mr Durant would benefit from access to personal data, he would
have usedhis discretion not to order access to personal data. Certainly
the Court of Appeal expressed dislike of the notion that a litigant
might use the entitlement under the Data Protection Act as an
alternative to the route of the discovery of documents procedure. This
lays open the possibility that data controllers who do not want to
provide access to personal data, will refuse access, hoping to have the
discretionary ear of a sympathetic judge in a court of law.
Lord Justice Buxton rounded off the Court's disapproval of the Mr
Durant's case by saying that the proceedings were "misconceived", had
imposed "a wholly unjustifiable burden and expense" and that any future
litigant should "carefully scrutinise" this judgement. Anyone who is
contemplating court action by exercising their rights under the Data
Protection Act has been warned that they take great financial risks by
challenging those data controllers who in court, might now successfully
argue that the information about the data subject's complaint were not
personal data relating to a data subject.
In this regard, their Lordship's opinion has a chilling effect on the
right of access and on data protection as a whole. Many will now
question whether or not the UK law is compliant with Directive 95/46/EC.
______________________________E-mail confidentiality __________________________________ This message is intended for the addressee only. It is private, confidential and may be covered by legal professional privilege or other legal or attorney/client privilege. If you have received this message in error, please notify us and remove it from your system. If you require assistance, please contact our London office (telephone +44 (0) 20 7490 4000). Masons is an international law firm with offices in London, Bristol, Edinburgh, Glasgow, Leeds, Manchester, Brussels, Dublin, Hong Kong, Shanghai and Singapore. Further information about the firm and a list of partners is available for inspection at 30 Aylesbury Street, London EC1R OER or from our Web site at www.masons.com
This e-mail has been scanned for all viruses by Star Internet using MessageLabs SkyScan services. For more information visit: www.star.net.uk.
_________________________________________________________________________________________
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|