All the pieces matter: relevance, redactions and open justice

Public lawyers, in particular, may have encountered government departments or others redacting the names of ‘junior officials’ on grounds of ‘relevance’ or ‘data protection’, when disclosing documents in litigation. Anecdotally, at least, that has been an increasing trend in recent years. The judgment of Swift J in FMA and Others v SSHD [2023] EWHC 1579 (Admin) contains a very clear – and welcome – statement that this approach is not appropriate.

Continue reading

Standing on the doorstep: UT affirms burden and standard of proof orthodoxy

ICO Enforcement Notices and Monetary Penalty Notices (“MPNs”), and the resulting appeals to the FtT, are the bread and butter of information law litigation. Readers of Panopticon would be forgiven for thinking that issues such as the burden and standard of proof in such appeals would be uncontentious. But not so, according to the appellant in Doorstep Dispensaree Ltd v Information Commissioner [2023] UKUT 132 (AAC).

Continue reading

GDPR and privacy damages: causation and quantum

Personal data of a private and sensitive nature can, of course, end up being used in ways that are both distressing and tangled – in the sense that it is not altogether clear who (if anyone) to hold responsible, in law and in fact. The recent judgment of Chamberlain J in Ali v Chief Constable of Bedfordshire [2023] EWHC 938 (KB) is a must-read case study for anyone needing guidance in navigating thickets of causation and quantum (spoiler: award of £3k for UK GDPR breaches; the same award would have arisen for misuse of private information and under Article 8 ECHR in these circumstances). Continue reading

Subject access disputes: exemptions, closed procedures and more

As noted by Panopticon earlier today, the CJEU has been busy pronouncing on subject access request principles. The drift has, in general, been pro-data subject. In the UK, however, subject access case law has not necessarily been one-way pro-disclosure traffic, as is evident from the robust and careful judgment handed down this week by Mrs Justice Farbey in X v Transcription Agency and Master James. Continue reading

Subject access requests: what do you need to provide?

Dear Sir/Madam, I hereby make a subject access request, please give me copies of documents and specify everyone you gave my data to, yours sincerely.

Response: okay, you can have some data, but no documents and we only need to tell you about ‘categories’ of recipients, not specific recipients.

Reply: not good enough, Article 15 GDPR entitles me to more detail.

Who is right? The CJEU has had a busy few months shedding some light on these kinds of issues, thanks mainly to a slew of Austrian referrals, with its latest contribution coming last week. Continue reading