Dawson-Damer v Taylor Wessing LLP [2017] EWCA Civ 74

A recent decision of the Court of Appeal in the UK suggests that beneficiaries seeking trust information may be able to get around trust law restrictions by filing a data subject access request under data protection legislation.

The case of Dawson-Damer v Taylor Wessing LLP [2017] EWCA Civ 74 concerned beneficiaries of a Bahamian trust who were challenging the validity of certain distributions in the Bahamian Courts.

Taylor Wessing LLP (English legal advisers to the trustee) provided a detailed response to the claims, and the claimants subsequently filed a DATA SUBJECT ACCESS REQUEST (A DSAR) on Taylor Wessing under the English Data Protection Act 1998 (the DPA). 

This DPA provides data subjects with a right of access to information that is processed by a data controller in respect of them.

Significant Development For Trustees

Dawson-Damer v Taylor Wessing LLP [2017] EWCA Civ 74  is a major development for trustees. However, its impact in Jersey and Guernsey may thankfully be limited as our data protection laws explicitly recognise the applicable trust law rules limiting disclosure.

The critical facts

In the first instance decision, the English Court declined to enforce the DSAR on some grounds, including that the DSAR provisions of the DPA were not intended to assist claimants in litigation and to get around other restrictions on entitlement to information.

However, the Court of Appeal has overturned that decision and enforced the DSAR. The judgment touches on three main areas:

1. First, did the material fall within a relevant exemption. The DPA provides an exemption from disclosure of material that is subject to legal professional privilege and Taylor Wessing claimed the material fell within this exception. The Court of Appeal held that this exemption should be narrowly construed and would only extend to documentation that could be withheld as being privileged under English law. It rejected an argument that this exemption should be extended to restrictions arising under foreign law trust principles. The DPA does not expressly include an exemption to mirror applicable trust law rules, and the Court made it clear that Parliament would have needed to expressly include such an exemption if that was the intention.
2. Second, it was argued that the DSAR would involve disproportionate effort, the DPA also creating an exception in that regard. The Court of Appeal held that the question of excessive effort must be considered across the entire DSAR process (not just the actual supply of information as had been suggested), but it was for the data controller to evidence why the amount of information would be disproportionate. In this case, Taylor Wessing did not provide this information, and so the claim failed.
3. Third, it was claimed that the purpose of the request was for litigation in the Bahamas, and was an improper purpose.

The Court of Appeal noted

• that the DPA was “purpose-blind” and
• while the fact litigation was ongoing may be a relevant factor for consideration by the Court in exercising its discretion whether to enforce a DSAR; this does not mean a DSAR submitted to assist in litigation was an abuse of process or could be ignored.

The Court upheld the DSAR in this case and ordered disclosure.

Other cases

In an earlier Court of Appeal decision in Durant v Financial Services Authority [2004] FS 573, it was commented that the DSAR provisions were not there to assist data subjects documents that may assist him in litigation or complaints against third parties’.

This Court of Appeal decision

• Was taken by many to mean that DSARs arising from a complaint or litigation were unlikely to be enforced. However, in this case, the Court of Appeal stated that the earlier comment in Durant concerned the definition of “personal data” and so a claimant could not claim something was “personal data” just to obtain that information for litigation. However, it did not create a general prohibition on DSARs which were submitted to assist in litigation.
• Appears to echo the position taken recently in the Jersey case of Alwitry v The States Employment Board and another [2016] JRC 050, wherein a DSAR was upheld notwithstanding it was made as part of a complaint process.

Jersey and Guernsey,

In Jersey and Guernsey, the data protection laws include specific DSAR exemptions which mirror applicable trust law provisions restricting disclosure (Article 29 of the Trusts (Jersey) Law 1984 and Section 38 of the Trusts (Guernsey) Law 2007).

There is no equivalent exemption in the DPA, and the DPA makes it clear that DSAR rights apply notwithstanding any rule of law prohibiting disclosure other than where covered by an exemption.

As such, trustees in Jersey and Guernsey should be in a better position in defending DSARs from beneficiaries and while certain information may still fall to be disclosed if it falls outside the Trust law restrictions, the DSAR option does not present an easy route around long-standing trust law principles.

The trust exemption featured in the Jersey and Guernsey data protection law was lobbied for by the trusts industries precisely to ensure that the limits on disclosure requirements of a trustee could not be avoided by way of a data subject access request, a loophole which this case demonstrates is capable of being exploited in other jurisdictions.

CLOSE

Trustees will still, however, need to exercise caution where information is handed over to parties who may not be able to rely on the Jersey or Guernsey law exemptions. It will also be interesting to see if these exemptions are carried over into the new laws which will be consulted on in 2017 to implement the provisions of the General Data Protection Regulation in the Islands.