The case is of interest for the Upper Tribunal’s construction of section 11(1) of the Freedom of Information Act 2000 (“FOIA”).

The appeal concerned a request for information that was held in audio form by the second respondent, the Maritime and Coastguard Agency (the “MCA”). The appellant, Mr Walawalkar, on behalf of Liberty Investigates, requested distress calls made to the coastguard over a period of a week from people in the English Channel. Mr Walawalkar requested that the calls be provided in transcribed form if the audio calls could not be disclosed.

Section 11(1) FOIA provides as follows:

(1) Where, on making his request for information, the applicant expresses a preference for communication by any one or more of the following means, namely–

(a) the provision to the applicant of a copy of the information in permanent form or in another form acceptable to the applicant,

(b) the provision to the applicant of a reasonable opportunity to inspect a record containing the information, and

(c) the provision to the applicant of a digest or summary of the information in permanent form or in another form acceptable to the applicant,

the public authority shall so far as reasonably practicable give effect to that preference (emphasis added).

The key question in this appeal was whether the “so far as reasonably practicable” test in section 11(1) FOIA is an “all or nothing” test or a “sliding scale”. The former would require the MCA to comply with Mr Walawalkar’s preference for transcribed calls only if it was reasonably practicable to give effect to his preference in relation to all the information sought (namely to transcribe all the audio calls sought in his request). The latter would require the MCA to comply with his preference only up to the extent that it was reasonably practicable to do so, and therefore in principle could require the MCA to transcribe some, but not all, of the audio calls.

As the Judge observed at [81], the issue of the meaning of “so far as reasonably practicable” in section 11(1) is an issue of statutory interpretation. The Judge placed little weight on case law deployed by the parties, since this case law was not directly concerned with the question of interpretation raised in this appeal ([87]). The Judge took as his starting point the need to construe the words of section 11(1) in their statutory context. For this proposition, the Judge cited the authoritative judgment of Lord Hodge DPSC on statutory interpretation in R (on the application of O) v Secretary of State for the Home Department [2022] UKSC 3, [2023] AC 255 at [29]-[31] (“O”)). The Judge observed that ICO’s guidance on “Means of communicating information (section 11)” was “one party’s view about the meaning and scope of section 11”. He doubted whether it “has even a secondary role in deciding the intended scope of a legal provision” ([81], citing [30] of O).

Taking the words “so far as reasonably practicable” in isolation, the Judge considered Mr Walawalkar’s “sliding scale” construction of those words to be tenable ([82]). However, the “key consideration … [was] to construe the relevant phrase within the context of FOIA as a whole” ([82]).

The Judge considered section 11 to be “one stage removed from the (constitutional) right to information found in section 1 of FOIA” ([82]). Section 11 “is not about the substance of the right or even the right to be communicated with the requested information”, but “simply the means by which the information is to be communicated” ([82]).

For the Judge, the “touchstone for determining the meaning” of “so far as reasonably practicable” was the object of that provision in the statutory context of the FOIA ([83]). The object of the request is the information, not a part or subset of that information, requested. The Judge endorsed the ICO’s argument that “the information” was a unitary concept throughout the FOIA, and noted that this point could be tested by considering the application of section 12 FOIA and its costs cap ([84]):

“Assuming the information would otherwise be disclosable under section 1 of FOIA, section 12 of FOIA only makes sense, in terms of calibrating the cost of complying with the request for information, if the section 12 estimate is based on the cost of providing all the information requested. Were it otherwise and section 12 involved a sliding scale of compliance, estimating a cost of complying on the basis of as much of the requested information up to the “appropriate limit”, section 12 would have no useful application as it would always oblige a public authority to comply with the request in respect of as much of the information requested up to the appropriate limit.”

The Judge further noted that the cost estimate in section 12 is about complying with “the request” and that is “a request for (all) the information of the description specified in the request” ([84]). Whilst the appellant’s interpretation of “so far as reasonably practicable” in section 11(1) was tenable taking that provision on its own ([82]), his “sliding scale” interpretation was not a tenable interpretation of section 12. As the Judge noted at [85], where the amount of information requested breaches, or is likely to breach, the costs cap in section 12, the advice and assistance duty in section 16 might apply to require the public authority to advise the requestor to make a less wide-ranging request.

The Judge found further evidence for the information being requested under section 1(1)(b) being a unitary concept in the absolute exemption in section 2(2)(a) FOIA: “The absolute exemption referred to in section 2(2)(a) applies if or to the extent that the information is subject to an absolute exemption”.

Accordingly, the Upper Tribunal concluded that the words “so far as reasonably practicable” in section 11(1) FOIA provide an “all or nothing standard”. If it is not reasonably practicable to provide a requestor with all the information he or she requested in the requestor’s preferred form, the public authority will not be obliged to provide that information, or any part of that information, in that preferred form.

Of course, section 11(1) FOIA is not an exemption from the right in section 1(1)(b) FOIA (see section 1(2)). The first step in the analysis is to assess whether the requestor has the right to the requested information under the relevant exemptions. Once that question is answered, the question arises under section 11 as to how the information is to be communicated. Following this judgment, the question of whether the requestor’s preferred means is “reasonably practicable” should be answered on an all or nothing basis: it does not matter that it might be reasonably practicable to communicate some or part of the information in the requestor’s preferred means. But, importantly, even if the public authority correctly concludes that it would not be reasonably practicable to communicate the requested information by the requestor’s preferred means, this conclusion will not relieve the public authority of its obligation under section 1(1)(b) FOIA.

The Information Commissioner was represented by Ben Mitchell and the Maritime and Coastguard Agency was represented by Heather Emmerson.

A copy of the judgment can be found here.

On 20 March 2025, the day after the Bar Tribunal and Adjudication Service held its public sanctions hearing in relation to Mr Navjot (“Jo”) Sidhu KC, the Independent Press Standards Organisation (“IPSO”) published its decision of 5 March 2025 dismissing the complaint which Mrs Luna Sidhu, the wife of Mr Sidhu, had made against The Times on 28 November 2024.

Clause 2 of the Editors’ Code of Practice (“the Code”) provides: Continue reading →

Does subject access have to be taxing?

Blockbuster High Court judgments about subject access requests are a rarity. The judgment of Mrs Justice Heather Williams in Ashley v The Commissioners for His Majesty’s Revenue and Customs [2025] EWHC 134 (KB) (27^th January 2025) gives us considerable food for thought.  Overall, it is good news for those making subject access requests.  For controllers, it is a sobering illustration of how onerous their obligations can be.

Mr. Ashley is a well-known businessman and entrepreneur.  Between February 2014 and October 2016, HMRC undertook an enquiry into his 2011/12 tax return (“the Enquiry”).  The Enquiry was conducted by HMRC’s Wealthy and Mid-Size Business Compliance Unit (“the WMBC”).  In October 2016 HMRC issued a closure notice, with a finding that Mr. Ashley had sold certain properties at an overvalue, giving rise to a taxable benefit on which there was a substantial tax liability.  Following Mr. Ashley’s appeal, the closure notice was withdrawn on 21^st October 2022.

On 13^th September 2022 Mr. Ashley made a subject access request (SAR) to HMRC under UK GDPR Article 15.  He sought all information held in relation to him by HMRC since the commencement of the Enquiry.  Initially HMRC refused to provide any data at all in response.  Following the issue of proceedings regarding the SAR, HMRC provided four schedules of personal data processed by the WMBC, and a separate schedule of personal data processed by the Valuation Office Agency (“VOA”), an executive agency within HMRC.  Mr. Ashley continued to maintain that HMRC had not properly complied with his SAR.

His claim was heard in December 2024.  By the end of the hearing, the agreed issues for the Court to resolve were (in summary) as follows:

Issue 1 – whether the SAR was limited to personal data regarding the Enquiry as processed within the WMBC, or whether it also extended to data as processed by the VOA.

Issue 2 – the extent to which data relating to the Enquiry amounted to Mr. Ashley’s personal data.

Issue 3 – whether HMRC was obliged to search for Mr. Ashley’s personal data as processed by the VOA.

Issue 4(a) – this involved consideration of various matters, including what the parties referred to as the “First Tax Exemption”, i.e. the exemption in paragraph 2 of Schedule 2 to the Data Protection Act 2018 (“DPA 2018”).  This exemption relevantly provided that the GDPR provisions as to the right of subject access did not apply to personal data processed for the purpose of the assessment or collection of a tax or duty or similar imposition, to the extent that the application of the subject access provisions would be likely to prejudice that matter.

Issue 4(b) – whether HMRC was in breach of its obligation to provide Mr. Ashley’s personal data in a concise, transparent and intelligible manner.

Below, I summarise how the Court resolved each issue.

Issue 1 was about the scope and interpretation of the SAR.

The Court approached this as an objective question, requiring consideration of the terms of the SAR read in its context, but without applying exacting standards of precision.  HMRC was a data controller for the VOA, and the terms of the request were broad enough to encompass Mr. Ashley’s personal data in respect of the Enquiry that was processed by the VOA.  HMRC’s internal practice of treating the main part of HMRC and the VOA as separate entities for the purposes of subject access requests could make no difference to the proper interpretation of Mr. Ashley’s request.  In all the circumstances, the Court construed the SAR as extending to data processed by the VOA.

Issue 2 was about what information “related to” Mr. Ashley for the purposes of the definition of personal data in UK GDPR Article 4(1).

For Mr. Ashley, it was submitted that all documentation processed by HMRC as regards the Enquiry constituted his personal data.  The Enquiry had considered the valuation of 32 specific properties disposed of by Mr. Ashley.  It was contended on his behalf that all the data relating to these 32 properties, including material about comparable properties taken into account by HMRC during the Enquiry, constituted Mr. Ashley’s personal data.  It was said that all of this material was central to HMRC’s investigation and inextricably intertwined with Mr. Ashley’s personal tax liability.

HMRC argued for a more limited approach, arguing that not all the information relating to how HMRC arrived at its valuations of the 32 properties constituted Mr. Ashley’s personal data.

The Court considered the far-reaching proposition advanced for Mr. Ashley, that all the data processed by HMRC in the context of the Enquiry’s assessment of his tax liability amounted to Mr. Ashley’s personal data, because of the nature of that exercise and its potential effect on him.  The Court rejected this approach as being too broad.  The question was whether particular pieces of information held by HMRC related to Mr. Ashley, rather than whether the overall exercise that HMRC were embarked upon related to him:  see the decisions of the CJEU in in Nowak v Data Protection Commissioner [2018] 1 WLR 3505 (“Nowak”) and FF v Ősterreichische Datenschutzbehörde [2023] 1 WLR 3674 (“FF”).

Following Nowak, the “relating to” requirement was satisfied where “the information, by reason of its content, purpose or effect, was linked to a particular person”.  In applying this test, the “content”, “purpose” and “effect” of the information were disjunctive ways in which it might be linked to an individual. However, in many instances these features were likely to overlap, and the position would be strengthened where a link existed in more than one of these senses.

The Court held that HMRC would need to reconsider the SAR, applying the above approach.

In relation to the 32 properties, the Court considered that the valuations of these were Mr. Ashley’s personal data.  The 32 properties were owned by Mr Ashley and HMRC’s valuations were directly relevant to its assessment of his potential liability to pay tax.  However, it did not follow that all the data generated by HMRC in arriving at those valuations was also his personal data.  For instance, it was difficult to see how details about comparable properties that Mr Ashley did not own and had no link to would be information relating to Mr Ashley. Similarly, it was difficult to see how information relating to HMRC’s processes would be information relating to him. On the other hand, data relating to the 32 properties themselves, used in HMRC’s assessment of their value, was likely to be Mr. Ashley’s personal data.

Issue 3 was about the extent of HMRC’s obligation to search.  The Court concluded that this obligation extended to data held by the VOA.  HMRC had not established that a requirement for it to search such data would be disproportionate.

Issue 4(a), in the light of the above findings, raised only one further point, namely whether HMRC was entitled to rely on the First Tax Exemption in relation to a certain (very limited) part of the personal data at issue.

The Court held that HMRC had not shown that the application of the subject access provisions would be likely to prejudice the assessment or collection of tax. “Likely” connoted a very significant and weighty chance of prejudice, to be established convincingly by evidence rather than assertion. The suggestion that the relevant data would provide an insight into HMRC’s position as to the settlement of future tax liabilities was, at best, merely speculative.

Issue 4(b) was about the requirement for personal data responsive to a SAR to be provided in a concise, transparent and intelligible form (see UK GDPR Article 12(1)).  The Court considered whether HMRC was required to provide anything more than a copy of the personal data, i.e. whether it was also required to provide contextual information. Relying on FF, the Court concluded that HMRC was obliged to provide contextual information where that was necessary for that personal data to be intelligible, in the sense of enabling the data subject to exercise their GDPR rights effectively.  Providing a documentary extract consisting of the Claimant’s name or his initials or other entirely decontextualised personal data was unlikely to suffice.

Overall, the decision is good news for those making subject access requests.  The approach taken to the meaning of personal data is a relatively wide one, though not as broad as Mr. Ashley had sought.  The requirement to provide contextual data is highly case-specific, but in future data controllers will find it hard to justify providing heavily redacted documents with only a few visible snippets of personal data.

Among Counsel, there was an 11KBW monopoly.  Anya Proops KC, leading Zac Sammour, acted for Mr. Ashley.  James Cornwell acted for HMRC.

At the coalface of EIR: investigative journalists win Whitehaven mine case

Rarely has a decision provoked so much ire as the last government’s approval of a new coal mine in Whitehaven in Cumbria. And not just from the usual green suspects: lesser-known eco-warriors the CBI thought it was a terrible idea, as did poor old Alok Sharma (remember him?), a member of the self-same government – perhaps because it fell to him to defend this lunacy to a sceptical world, while hosting the COP 26 climate change summit in Glasgow in 2021.

The decision was, inevitably, challenged in court, and one of the judicial review claimants sought disclosure of the ministerial submission – a briefing from civil servants to Secretary of State prior to the approval decision. Disclosure was refused in the litigation – an important part of the context in this EIR case, about a request for the same information.

The FTT has now granted the appeal against the Commissioner’s decision that the submission could be withheld under reg. 12(4)(e) EIR (Amin v IC [2025] UKFTT 221 (GRC)).

Continue reading →

Following a 2-day Part 8 trial, Heather Williams J has handed down a lengthy and important judgment concerning the application of the concept of “personal data”, the extent of searches required by Article 15 UK GDPR, the provision of contextual information and the proper approach to the application of the “tax exemption” under paragraph 2 of schedule 2 to the DPA 2018.

Michael Ashley v Commissioners for His Majesty’s Revenue and Customs [2025] EWHC 134 (KB) concerned a claim brought by the well-known British businessman, Mike Ashley, against HMRC for breach of his subject access rights under the UK GDPR. Mr Ashley made a subject access request (“SAR”) in the context of a (then) ongoing tax dispute. HMRC initially maintained that all of Mr Ashley’s personal data were exempt and therefore not disclosable. When it did subsequently provide Mr Ashley with some data, Mr Ashley contended that its response was incomplete and inadequate. He argued that HMRC failed: properly to construe his SAR; to conduct adequate searches when responding to it; properly to apply the concept of personal data and the tax exemption; and to provide him with copies of his personal data in a sufficiently contextualised manner so as to render them intelligible.

Heather Williams J found in Mr Ashley’s favour on each of those points, albeit rejecting his wider argument that all data relating to HMRC’s assessment of his tax liability in respect of the tax enquiry amounted to his personal data. Her judgment contains useful guidance for practitioners dealing with SARs at every stage of the process from construing a SAR when first made, to providing copies of the personal data in a manner that is intelligible and transparent for the data subject. More widely, the judgment contains important guidance as to how the foundational concept of “personal data” is to be construed and applied in practice.

The judgment is here.

Anya Proops KC and Zac Sammour acted for Mr Ashley. James Cornwell acted for HMRC.