Recently, TLT was successful in the High Court in seeking the dismissal of a Part 8 claim issued against Lloyds Bank (the Bank) in which the Customer sought disclosure from the Bank following various Data Subject Access Requests made by the customer in Lees v Lloyds Bank plc  EWHC 2249 (Ch).
Both prior to the issue of possession proceedings, and following the issue of possession proceedings, the customer made multiple Data Subject Access Requests (DSARs) to the Bank to which the Bank responded on a number of occasions. However, the customer was not satisfied by the Bank’s responses.
The customer subsequently issued a Part 8 claim against the Bank in the High Court in which among other things he sought the Court’s assistance in relation to the Bank’s alleged failure to provide data contrary to the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (EU) 2016/679 (GDPR).
The Judge, Chief Master Marsh, found that the Bank had responded to each of the Customer’s DSARs and that, in each case, its answer was an adequate response to the DSAR submitted by the Customer. The Customer had been seeking to uncover evidence that would assist him in the possession proceedings.
The Chief Master made it clear (obiter) that the Court has a discretion whether or not to make an order in circumstances where there is a failure to provide a proper response to a DSAR, but in this instance, the Court’s view was that the Bank had responded appropriately to the Customer’s DSARs. Further, the Court considered that even if the Bank had not responded adequately to the DSARs, there would have been good reasons for declining to exercise the Court’s discretion to make an order that the Bank should respond to the DSARs. These reasons included:
It is not uncommon for lenders to receive numerous and repetitive DSARs from Customers, particularly from those Customers with whom they may be involved in litigation.
It can be time consuming and resource intensive for lenders to comply with such requests, especially if the Customer challenges the adequacy of the response(s) they receive from the lender and makes further DSARs.
The decision in this case will likely be welcome to lenders who are receiving numerous and repetitive DSARs from a Customer, particularly where there is a collateral purpose behind the requests such as to obtain documents to be used in litigation between the lender and the Customer.
There is some potential divergence between the position the Court has taken and guidance issued by the UK’s data protection regulator. The Information Commissioner’s Office (ICO) takes the view that DSARs are “purpose agnostic” and that organisations cannot refuse to respond to DSARs where they are made for a collateral purpose. Whilst the GDPR makes allowances for data controllers to refuse to respond to DSARs that are “manifestly unfounded or excessive”, current ICO guidance suggests that the bar to demonstrate this is high.
It is not currently clear whether the obiter comments of the Court would prevail over the ICO’s guidance. Lenders should therefore be aware that, whilst the judgment may assist them in front of the courts, the regulator may have different expectations as to when DSARs made for a collateral purpose must be responded to.
By Sanjeev Ahuja and Emma Erskine-Fox
This publication is intended for general guidance and represents our understanding of the relevant law and practice as at October 2020. Specific advice should be sought for specific cases. For more information see our terms & conditions.
What next for International data transfers? WebinarRead more
Data protection, fraud and cybersecurity update webinarRead more
How will the office of the future work? WebinarRead more
Flexible working: the impact on our towns and cities webinarRead more
New ICO guidance on handling DSARsRead more
The impact of flexible working on our towns and citiesRead more
Brexit: transition & beyondRead more
TLT launches Intelligent Drafting solution powered by ClarilisRead more
Uber case highlights risks of automated decisions about employeesRead more
The way people shop is constantly evolving, from the growth of online and the changing use of stores...Read more
Helping you navigate your business through the risks and opportunities that Brexit will bring.Read more
Green finance is gaining speed, driven by global climate change pressures and the recognition of the vital role which sustainability plays in a resilient financial services sector.Read more
As businesses adjust to new ways of working and plan for an uncertain future, we keep track of the emerging legal and regulatory issues.Read more
Keep on top of the employment law issues that matter most to you and your business with our new podcast.Read more
Keeping you up to date with the latest guidance on regulatory change and legal impact of the coronavirus pandemic.Read more
While future trading relationship with the EU is negotiated, we will be in a 'status quo' transition period until 31 December 2020. Follow our latest updates.Read more
Our Senior Managers Regime hot topic features news and insight to help banks, building societies, investment firms and UK branches of foreign banks prepare for the new regime.Read more
The clock is ticking for firms to prepare for moving from LIBOR to sterling risk-free rates. Follow our insights and events for strategic advice.Read more
Data protection law is changing rapidly and mistakes can lead to significant financial penalties and reputational damage. We can help you secure your data and use it to its maximum potential.Read more
Our litigation team can deal with cyber or data protection litigation matters including claims by third parties and data subjects.Read more