Subject Access Request risk: limits in sight?

A recent High Court case took a very robust stance on the issue of DSARs (Data Subject Access Requests) being used to fuel litigation.

An individual can make a DSAR to request access to any of his/her personal information. In Dawson-Damer v Taylor Wessing (2015), the Court refused to order compliance with a DSAR against the law firm. The real purpose of the request was to obtain access to documents and information to assist with the applicants’ ongoing litigation. “Context is everything”, said Counsel for Taylor Wessing. There was no suggestion that the applicants wanted to use the DSAR to check the accuracy of the personal data held about them. The Judge was of the opinion that the DSAR would not have been made had it not been for the legal proceedings. This, in light of previous case law (Durant v FSA), was clearly not a proper purpose, he said.

Of course, this doesn’t mean that the ICO takes this view (we know they don’t!). And individuals are still  free to complain to the ICO, as well as to the Court, for breaches of DSAR provisions. However, it will be interesting to see if in due course the ICO adjusts its approach. That being said, the Judge himself indicated that the Court of Appeal, where the case is going next, make take a different viewpoint. Watch this space!