Recently, TLT was successful in the High Court in seeking the dismissal of a Part 8 claim issued against Lloyds Bank (the Bank) in which the Customer sought disclosure from the Bank following various Data Subject Access Requests made by the customer in Lees v Lloyds Bank plc [2020] EWHC 2249 (Ch).
Both prior to the issue of possession proceedings, and following the issue of possession proceedings, the customer made multiple Data Subject Access Requests (DSARs) to the Bank to which the Bank responded on a number of occasions. However, the customer was not satisfied by the Bank’s responses.
The customer subsequently issued a Part 8 claim against the Bank in the High Court in which among other things he sought the Court’s assistance in relation to the Bank’s alleged failure to provide data contrary to the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (EU) 2016/679 (GDPR).
The Judge, Chief Master Marsh, found that the Bank had responded to each of the Customer’s DSARs and that, in each case, its answer was an adequate response to the DSAR submitted by the Customer. The Customer had been seeking to uncover evidence that would assist him in the possession proceedings.
The Chief Master made it clear (obiter) that the Court has a discretion whether or not to make an order in circumstances where there is a failure to provide a proper response to a DSAR, but in this instance, the Court’s view was that the Bank had responded appropriately to the Customer’s DSARs. Further, the Court considered that even if the Bank had not responded adequately to the DSARs, there would have been good reasons for declining to exercise the Court’s discretion to make an order that the Bank should respond to the DSARs. These reasons included:
It is not uncommon for lenders to receive numerous and repetitive DSARs from Customers, particularly from those Customers with whom they may be involved in litigation.
It can be time consuming and resource intensive for lenders to comply with such requests, especially if the Customer challenges the adequacy of the response(s) they receive from the lender and makes further DSARs.
The decision in this case will likely be welcome to lenders who are receiving numerous and repetitive DSARs from a Customer, particularly where there is a collateral purpose behind the requests such as to obtain documents to be used in litigation between the lender and the Customer.
There is some potential divergence between the position the Court has taken and guidance issued by the UK’s data protection regulator. The Information Commissioner’s Office (ICO) takes the view that DSARs are “purpose agnostic” and that organisations cannot refuse to respond to DSARs where they are made for a collateral purpose. Whilst the GDPR makes allowances for data controllers to refuse to respond to DSARs that are “manifestly unfounded or excessive”, current ICO guidance suggests that the bar to demonstrate this is high.
It is not currently clear whether the obiter comments of the Court would prevail over the ICO’s guidance. Lenders should therefore be aware that, whilst the judgment may assist them in front of the courts, the regulator may have different expectations as to when DSARs made for a collateral purpose must be responded to.
By Sanjeev Ahuja and Emma Erskine-Fox
This publication is intended for general guidance and represents our understanding of the relevant law and practice as at October 2020. Specific advice should be sought for specific cases. For more information see our terms & conditions.
The way people shop is constantly evolving, from the growth of online and the changing use of stores...
Read moreHelping you navigate your business through the risks and opportunities that Brexit will bring.
Read moreThe widespread disruption and closure of businesses caused by the Covid-19 pandemic and the subsequent national and local lockdowns has brought into sharp focus the question of available insurance cover for losses under...
Read moreWatch our video series for information on the legal issues that are affecting the real estate sector. Each...
Read moreThe pandemic has had a deep and long-lasting effect on the leisure, food & drink sector, forcing operators to embrace new ways of attracting and servicing customers.
Read moreThe pandemic has forced the majority of the workforce into a world of remote working. As a result, our cities are evolving.
Read moreOur countdown to Brexit and beyond podcast series looks at the impact for businesses on both sides of the pond of any free trade agreement between the UK and Europe and the UK and the US. This
Read moreThere's a growing demand for retailers to do more to attract the Purple Pound – the collective spending power of disabled shoppers, estimated to be worth around £274bn. We look at the opportunities, the legal issues and...
Read moreGreen finance is gaining speed, driven by global climate change pressures and the recognition of the vital role which sustainability plays in a resilient financial services sector.
Read moreAs businesses adjust to new ways of working and plan for an uncertain future, we keep track of the emerging legal and regulatory issues.
Read moreData protection law is changing rapidly and mistakes can lead to significant financial penalties and reputational damage. We can help you secure your data and use it to its maximum potential.
Read moreOur litigation team can deal with cyber or data protection litigation matters including claims by third parties and data subjects.
Read more