Overview
The Court of Appeal’s ruling in Dawson-Damer v Taylor Wessing offers beneficiaries rights of access to personal data held by trustees and their legal advisers. This is a landmark case in which our clients, the claimants, obtained a judgment that clarifies the provisions of the Data Protection Act and provides individuals with greater access to confidential information held on them by English solicitors.
In Depth
In the recent case of Dawson-Damer v Taylor Wessing, the Court of Appeal issued a ruling about the right of beneficiaries who are Data Subjects under the Data Protection Act (DPA) to personal data held by the London-based solicitors for the trustees.
The DPA is the United Kingdom’s implementation of the EU Data Protection Directive (Directive 95/46/EC), which is designed to protect the privacy of all personal data collected for or about EU citizens, especially with regard to the processing, use or exchange of such data. It also provides a right of access of “Data Subjects” to their personal data held by “Data Controllers”.
An individual’s right to access data is regarded as a fundamental right, sufficient to require a data controller to provide full details of any personal data held about the subject. The DPA sets out a number of exemptions to that right, including a Legal Professional Privilege (LPP) exemption: if a document, or the data it contains, are privileged against the applicant, the document (or data) need not be disclosed. Unless one of the relevant exemptions is engaged, a data controller is obliged to comply with the request and provide the applicant with his or her personal data.
In Dawson-Damer v Taylor Wessing, the claimants, who are (or have been) beneficiaries of certain Bahamian trusts, had discovered that substantial funds had been paid out of one of the trusts for the benefit of others, potentially in breach of trust. Prior to issuing proceedings, they served a Subject Access Request under the DPA on a number of people, including individual fiduciaries and their London solicitors, Taylor Wessing.
Some of the fiduciaries disclosed relevant information, but Taylor Wessing refused to do so on the following grounds:
- All of the documents in their possession were protected from disclosure by LPP, which should be interpreted widely to include more restrictive interpretations under foreign law.
- Reviewing their files would involve disproportionate effort.
- The Court should not order disclosure when the requesting individual has a “collateral reason” for wanting the data—e.g., to obtain disclosure for the purpose of litigation.
The Court of Appeal rejected all three arguments and held as follows:
- Not all documents in lawyers’ file would be privileged. It was incumbent upon the lawyers to inspect their files and determine which documents were privileged and which were not. The LPP exemption would extend only to LPP as it is understood by English law; in particular, the Court should not have regard to foreign law on privilege and should not extend the exemption to data which may be “confidential” under principles of trust law (e.g., under the rule in Schmidt v Rosewood) but is not privileged.
- Taylor Wessing is obliged to explain why it considers that an inspection of the relevant files would involve disproportionate effort; simply asserting this without putting forward evidence in support of its position was not sufficient.
- The motivation of a Data Subject is not prescribed by the DPA, and the DPA does not contain an exemption for “collateral purpose”. The Court of Appeal accepted that individuals may have a number of reasons for wanting to receive their personal data, and held that it was inappropriate to deny them this important right by reason of their perceived motivation.
This is a landmark case which provides trust beneficiaries a right to access information which may not be made available to them under the established trust law routes.
It is also a wake-up call for lawyers and their clients, whether fiduciaries, employers or corporations. Data controllers must take care to understand the extent and limits of LPP, and to ensure that they comply with their duties under the DPA on the receipt of a Subject Access Request. The position under the DPA is likely to be transformed further in May 2018, when the General Data Protection Regulation will come into force (Brexit notwithstanding) and introduce greater DPA compliance burdens on persons who are not resident in the United Kingdom but wish to offer goods or services to individuals in the United Kingdom.
Ziva Robertson (Partner) and Catrin Hughes (Associate) of McDermott Will & Emery represented the Claimants, the Dawson-Damer family, in this matter.
For further information or legal advice, please contact Ziva Robertson.