Brown Rudnick for claimants, Pannone for defendant

The defendant, a private investigator instructed by a firm of solicitors, had refused to comply with a subject access request ("SAR") made by the claimant, on a number of grounds. (Under section 7 of the Data Protection Act 1998, an individual can make such a request to a data controller who has processed the individual's personal data). Warby J considered the following grounds raised by the defendant:

(1) The defendant had sought to argue that the SAR was not valid because the claimant's solicitors had not given sufficient evidence that they were acting on behalf of the claimant. Section 7(3) of the Act provides that where a data controller "reasonably requires" further information in order to satisfy himself as to the identity of the person making a request, and has informed him of that requirement, the data controller is not obliged to comply with the request unless he is supplied with that further information. The judge held that this was not a valid objection on the facts of this case: "Where the requester is not the data subject it may be reasonable to look for proof of authority. But if the requester is a firm of solicitors which confirms its authority in the SAR itself, no more should ordinarily be required".

(2) The defendant also argued that it was entitled to rely on the privilege exemption. Schedule 7 paragraph 10 of the Act exempts personal data covered by legal professional privilege. The defendant sought to rely on the scale of the data in question and argued that it would be disproportionate to require it to seek legal advice on the privilege exemption in respect of each and every page which it holds. The judge rejected that argument, and the defendant's lack of any attempt to analyse which data was covered by the exemption. In any event, certain pre-existing documents had been given to the investigators and so would not be caught by litigation privilege.

(3) The judge also rejected the defendant's main argument that the court should not exercise its discretion to enforce compliance with the SAR on the basis that the application was a misuse of the Act and was being brought to gain an illegitimate procedural advantage in overseas criminal proceedings brought against the claimant by the defendant's client.

Warby J held that the Act does not require an individual to justify or explain its request and said that "It seems to me that in general terms the court…should not enquire into or permit investigation of the purpose for which a SAR has been made". He held that dictum by Auld LJ in Durant v FSA [2003] was not authority for the proposition that a data controller can rely on purpose as a ground for refusing to respond. In any event, there was said to be nothing inherently improper in the purpose of obtaining early access to information that might otherwise be obtained via disclosure.