Privilege and Data Protection - A New Conflict?

The Court of Appeal’s judgment has potentially far reaching consequences in the application of both data protection and disclosure/privilege principles by the UK Courts in the trust scenario following its recent judgment on 16 February 2017 in Dawson-Damer & Ors v Taylor Wessing LLP [2017] EWCA Civ 74. 

The beneficiary of a trust made a subject access request under the Data Protection Act 1998 for personal data relating to her held by a firm of solicitors who acted as the solicitors for the trustees of certain Bahamian trusts. In its role as adviser to the trustees, the solicitors firm held “personal data” relating to the beneficiary within the definition of the DPA 1998. 

The subject access request was refused by the firm, on the basis that any data that they held was privileged. The beneficiary applied to the High Court for a declaration that the firm had failed adequately to comply with the subject access request, and accordingly should be ordered to do so.

Initially, the High Court rejected the beneficiary’s case on the basis that:

1. the personal data and documents requested would be privileged from inspection in any proceedings in the Bahamas (pursuant to the terms of Bahamian trust law), they were covered by legal professional privilege and therefore the firm was correct not to disclose them in England; and
2. In any event it was not reasonable or proportionate to require the firm to carry out a search for the documents and data that might be covered by the subject access request

The High Court focussed in particular on the perception that the application by the beneficiary had a “collateral purpose” – the judge felt that the application was designed to circumnavigate the problems that beneficiary would have obtaining these documents in the Bahamas, and considered that the purpose of the DPA was not to facilitate such an exercise. 

However, the Court of Appeal has unanimously rejected this reasoning and has sent the application back to the High Court for re-consideration. The Court of Appeal found that:

1. The personal data and documents were not exempt from the subject access request because of the legal professional privilege exemption in the DPA: that exemption applied only to such privilege as a matter of English law. It was incorrect that because the disclosure may well be covered by privilege as a question of Bahamian law that disclosure could be refused: the relevant test is one of privilege under UK law, and the issue as to whether such privilege arises needs now to be considered by the High Court afresh. Neither was it relevant that disclosure was unlikely in accordance with trust law principles: the Court was clear that in order to rely on the legal professional privilege exemption, the data had to be able to fall within that definition, and not a trust law definition and here it did not; 
2. The burden of proving that any search would be disproportionate fell on the firm itself. Because the firm had failed to comply with the data request on the basis that the data was privileged, it could not be said that it had carried out a reasonable search and consequently it was unable to prove that it would be disproportionate for them to comply;
3. The Court found that as the DPA is motive-blind there was no rule preventing an applicant under the DPA from obtaining documents where there might have been a “collateral purpose”: whilst the collateral purpose here may be correct (i.e. that beneficiary was seeking personal data and documents that might assist her in a claim against the trustees in the Bahamas), it was incorrect to refuse to comply with the request on the basis that the beneficiary might use the personal data in that way.)