Costs and Vexatiousness: Upper Tribunal Updates

August 3rd, 2018 by Christopher Knight

The procedural exemptions in sections 12 and 14 of FOIA are some of the most commonly used, and most commonly litigated, provisions of the legislation. Unsurprisingly, they have led to a disproportionate degree of appellate involvement. More surprisingly, they continue to do so. Three recent Upper Tribunal decisions add to that body of jurisprudence which ought to be considered by authorities faced with burdensome requests. This post is, as a result, quite burdensome itself.

Read more »


Identifiability and the Unmotivated Intruder

August 3rd, 2018 by Christopher Knight

It is not uncommon for public authorities who hold statistical data to decline to disclose specific figures in categories for which the number is fewer than five, on the basis of a fear that the number of affected people is sufficiently small that they are reasonably identifiable. In other words, they rely on section 40(2) FOIA to withhold the number. Read more »


Have You Found Jesus? The CJEU Has

August 3rd, 2018 by Christopher Knight

When opening the door to the Jehovah’s Witnesses it is probably uncommon for householders – even for the erudite and very pretty readers of this blog – to respond that although they have not found Jesus, they have found a copy of the register of data controllers, on which the Witnesses do not seem to appear. Read more »


Data Protection in the CJEU: Developments

August 2nd, 2018 by Christopher Knight

Three updates for data protection watchers about cases with a wide-ranging potential impact in the Luxembourg courts. Read more »


Mixed Data in the Court of Appeal

July 2nd, 2018 by Rupert Paines

Hot off (Thursday’s) press comes the CA judgment in DB v GMC [2018] EWCA Civ 1497, which will now be the leading case on the treatment of mixed personal data.

Read more »


TLT in the Court of Appeal

June 18th, 2018 by Anya Proops QC

The judgment of Mitting J in the case of TLT is now routinely invoked in the context of discussions over how you go about quantifying the value of a distress damages claim where there has been a data breach. In TLT, the Home Office had accidentally disclosed online a spreadsheet containing data relating to asylum seekers and their families. As you may recall, Mitting J awarded TLT compensation of £12,500 on the basis that he had suffered distress as a result of the disclosure akin to a moderate psychiatric injury. This award was made in circumstances where the judge had concluded that the disclosure had resulted in TLT having a rational fear that he would be targeted by the Iranian authorities, to the point where he had felt compelled to relocate his entire family. The judge also held that, whilst they were not named in the spreadsheet, TLT’s wife and daughter (TLU and TLV) were also entitled to distress damages as their identity and the fact that they were seeking asylum could readily be inferred from the disclosed data. Read more »