Skip to Main Content

Find Case LawBeta

Judgments and decisions from 2001 onwards

Secretary of State for the Home Department & Anor v TLU & Anor

[2018] EWCA Civ 2217

Case No: A2/2016/3976
Neutral Citation Number: [2018] EWCA Civ 2217
IN THE COURT OF APPEAL (CIVIL DIVISION)

ON APPEAL FROM THE HIGH COURT OF JUSTICE

QUEEN’S BENCH DIVISION

The Honourable Mr Justice Mitting

[2016] EWHC 2217 (QB)

Royal Courts of Justice

Strand, London, WC2A 2LL

Date: 15/06/2018

Before :

LORD JUSTICE GROSS

LORD JUSTICE MCFARLANE

and

LORD JUSTICE COULSON

Between :

(1) SECRETARY OF STATE FOR THE HOME DEPARTMENT

(2) HOME OFFICE

Appellants

- and –

(1) "TLU"

(2) “TLV”

Respondents

Oliver Sanders QC and Michael Deacon (instructed by the Treasury Solicitor for the Appellants

Hugh Tomlinson QC and Sara Mansoori (instructed by Bindmans) for the Respondents

Hearing dates : 17 May 2018

Judgment

LORD JUSTICE GROSS :

INTRODUCTION

1.

A hallmark of today’s world is the ease with which departments of State and large private organisations can collect, store and utilise vast quantities of data. In the asylum and immigration context of the “family returns process”, this appeal highlights the perils of the misuse of private and confidential data, and the processing of personal data in breach of the statutory requirements.

2.

The Appellants (“the Home Office” and “the SSHD”) appeal from the judgment and order of Mitting J, dated 24th June, 2016 (“the judgment” and “the order” respectively), providing that judgment be entered for each of the then Claimants (including “TLT”), together with the now Respondents (“TLU” and “TLV”) and that the Home Office pay damages to TLT and TLU in the amount of £12,500, to TLV in the amount of £2,500, plus costs and interest in the case of TLU.

3.

The appeal is brought with the permission of the Single Lord Justice on the issue of liability. Permission to appeal was refused on quantum though, as noted below, depending on the outcome on liability, it might be necessary to revisit a question of quantum.

4.

The essence of the matter appears with clarity from the opening paragraphs of the judgment, which I gratefully adopt:

“1.

The Home Office publishes quarterly statistics about the family returns process, the means by which those with children who have no right to remain in the United Kingdom are returned to their country of origin. As of October 2013 it comprised three phases: assisted return….; required return….., and ensured return…. The published statistics identify the number of families in each category and the outcome. They contained nothing which identified them or could have led to their identification.

2.

The published statistics were based on a spreadsheet which contained two tabs. The first, a sheet with nothing but the statistics, whose publication was intended; the second a large spreadsheet with the raw data on which the first was based. The latter contained a substantial amount of personal and official details, including the name of the lead family member; his or her age and nationality; whether they had claimed asylum; the office which dealt with their case, from which the general area in which they lived could be inferred, and the stage which they had reached in the family returns process. I will refer to this as ‘the spreadsheet’.

3.

On Tuesday, 15 October 2013, the Home Office published family return process statistics, for the period 1 April 2013 to 30 June 2013, by uploading them onto the UKBA website on a page headed ‘Key Data on Family Return Process’… ”

5.

Unobjectionably, the page included a link to the spreadsheet and its first tab, setting out the statistical details for the period, as intended.

6.

Unfortunately, however, as the judgment explained, the second tab was also accessible:

“By error, the page on which this was displayed contained a further link to the spreadsheet. It contained details of 1,598 lead applicants for asylum or leave to remain. It is common ground that clicking onto that link would automatically download the spreadsheet onto the inquirer’s computer.”

7.

It was common ground that the error was discovered on 28 October 2013 and the spreadsheet immediately taken down. By then, at least one unknown individual had downloaded and saved the spreadsheet. Additionally, the web page hosting the spreadsheet, headed “Key Data on Family Return Process”, was accessed – and therefore downloaded – by non-Home Office internet protocol IP addresses within the United Kingdom on 27 occasions by 22 different IP addresses and by 1 in Somalia.

8.

The judgment recorded that, on 24 November 2013, a person who had downloaded both the “Key Data on Family Return Process” page and the spreadsheet, uploaded the spreadsheet onto a US website, an electronic depositary aimed at the professional and business community. In the event, it was taken down on 18 December 2013. Apparently, the relevant web page was accessed on 86 occasions but the spreadsheet was not downloaded.

9.

The upshot of the error was the notification of the Information Commissioner’s Office (“the ICO”) on 6 December 2013, closely followed by a statement in Parliament on 12 December 2013. Individuals, still in the United Kingdom, who had been named in the spreadsheet were notified in January 2014. The Judge remarked on the “entirely proper” steps taken by the SSHD to remedy the data breach and it is fair to the Home Office to record the ICO decision that no regulatory action was called for on this occasion.

10.

TLT was one of the “primary claimants” – i.e., he was one of the lead family members named in the spreadsheet. In the case of TLT and the other primary claimants, the SSHD admits the posting of their details on the Home Office website amounted to a misuse of their private and confidential information and to processing their personal data in breach of the first, second and seventh principles set out in Schedule 1 to the Data Protection Act 1998 (“the DPA”). It was further accepted on behalf of the SSHD that:

“10.

…subject to proof, damages are recoverable by these claimants for ‘distress’ at common law and that, unless the judgement of the Court of Appeal in Vidal-Hall v Google Inc….is overturned or qualified by the Supreme Court, I am bound to hold that damages for distress are also recoverable by them under s.13 of the Data Protection Act 1998.”

11.

TLU is the wife of TLT; she has a different surname. TLV is the teenage daughter of TLT, with the same surname as TLT. TLU and TLV were not named in the spreadsheet and have been referred to by the Appellants as “secondary claimants”. Liability is in dispute with regard to TLU and TLV.

12.

It is convenient to underline the nature of the information included in row 1101 of the second tab of spreadsheet. A Home Office reference number was given. It identified TLT, including both his forename and his surname. It stated that his nationality was Iranian. His date of birth and age were recorded. It spoke of assisted return being pursued. As to “removal case type”, the spreadsheet stated “Family with Children – Voluntary”. It acknowledged that asylum had been claimed.

13.

The judgment (at [21] and following) set out the family’s immigration history; their credibility and reliability as witnesses (namely, honest, unexaggerated and reasonably accurate); and their concerns, fears and belief. None of this is in dispute. In brief:

i)

TLT, TLU and TLV arrived in the United Kingdom, lawfully, in 2010. Their home in Iran was searched and their personal belongings and documents were seized. Thereafter, they claimed asylum here.

ii)

Their (then) 17 year old son had arrived with them. On turning 18, he claimed asylum on his own account. That claim was rejected and he was removed to Iran in 2012. TLT and TLU heard from relatives in Iran that he (the son) had been detained and tortured – and released after paying a bribe.

iii)

TLT was notified of the data breach on 12 January 2014.

iv)

At the time the spreadsheet was published, TLT, TLU and TLV were appealing the Home Office’s initial refusal to grant them asylum. They thus all faced the threat of removal to Iran, if their asylum claim was unsuccessful. (In the event, in May 2014, their appeal was successful.)

v)

In March 2014, TLU received messages from a family member in Iran, reporting that another family member had been detained by the Iranian authorities and questioned about “you”. It was said that the Iranian authorities claimed to have documents showing that TLT and his family had claimed asylum. TLT and TLU were asked by another family member to supply copies of their identity documents and passports and they did so, whereupon the family member (who had been detained) was released. As the Judge observed (at [25]), this was consistent with the fears expressed by and the belief of, TLT, TLU and TLV, that the Iranian authorities had accessed the information on the spreadsheet published by the Home Office. Importantly, the Judge went on to say this (loc cit):

“Their belief is genuine and it is not irrational. It is not far-fetched that a well-resourced Iranian intelligence agency would monitor UK Government websites by the simple expedient of refining any search by reference to the nationality of those referred to, Iranian. It was not irrational for TLT, TLU and TLV to believe that the Iranian intelligence agency might have been able to match up their details on the spreadsheet with those held in one of their own databases.”

vi)

TLT’s and TLU’s concerns led the family to relocate from the area in which they had lived for some four years, with inevitable disruption – which would not have occurred but for their concerns as to the consequences of the disclosure.

vii)

The Judge observed (at [28]) that the effects of the disclosure on TLT and TLU had been “serious”:

“…. At a time when they had not been recognised as refugees TLT and TLU feared genuinely for their own safety if returned to Iran like their son. They genuinely believed that their security while in the United Kingdom was compromised….. In addition, they had genuine and not irrational fears for the safety of their relatives….in Iran….. To describe the totality of their experiences as ‘distress’ is a misstatement and an understatement, and I use the word only because it is the label under which damages are assessed in cases of this type.”

viii)

TLV’s position was different, in that she was protected by her youth and (at [30]) “by the care which her parents took to shield her from knowledge of what was happening”. Even so, she experienced “genuine concern”, together with the disruption already described.

THE JUDGMENT

14.

The issue on liability before the Judge was whether TLU and TLV, as so-called “secondary claimants”, not named in the spreadsheet, could, subject to proof of ‘distress’ recover damages at common law or under the DPA.

15.

The Judge answered this question with a firm “yes”. He was satisfied that TLU and TLV could sue for both the common law and statutory torts. As he succinctly expressed it (loc cit):

“12.

…The family returns process had, as its object, the return of families with children under 18 who no longer had leave to be in the United Kingdom to their country of origin. The data collected related to that process. It was collected under the name of a lead applicant, in this case TLT….but it applied to all of them. The fact that they had claimed asylum with TLT was just as much private and confidential information about them as it was about him. Their identity could readily be inferred from his name, as could the general area in which, like him, they lived in the United Kingdom. Further, the Home Office held personal data similar to that held about TLT.”

16.

The Judge continued as follows:

“14.

This data was ‘used’ and therefore processed by transferring some of it – the fact that TLT had family members, including children who had claimed asylum and had reached a particular stage in the family returns process – to the spreadsheet. It was then further processed by the disclosure produced by the posting of the spreadsheet to the Home Office website. Anyone with knowledge of the family, by reference to TLT’s name, would be able to identify them. They were not anonymised or, in Scots legal terminology, ‘Barnardised’, so as to render dissemination of statistical information about them permissible because it was no longer personal data….. The processing of data in the name of TLT about his family members was just as much the processing of their personal data as his. Further, and for the same reasons, such processing also misused their personal and confidential information. TLU and TLV are therefore entitled to bring their claims and to be awarded damages, if appropriate, as is TLT on the same legal basis as him.”

THE ISSUES

17.

The principal issues on the appeal are these:

i)

Did the spreadsheet contain TLU’s and TLV’s private and/or confidential information? (“Issue I: Misuse of private information/breach of confidence”)

ii)

Did the spreadsheet contain TLU’s and TLV’s personal data? (“Issue II: Personal data”)

iii)

Even if the information on the spreadsheet did not contain TLU’s and TLV’s personal data (but only that of TLT), are TLU and TLV, in any event, entitled to damages for the distress they suffered under s.13 of the DPA for the admitted contravention of TLT’s rights under the DPA by the Home Office/SSHD? (“Issue III: TLU’s and TLV’s entitlement to damages under s.13 of the DPA”)

18.

As was or became apparent, though Issues I and II were conceptually distinct – Issue I involving a common law tort and Issue II the statutory provisions as to data protection – on the facts of this case their outcome was overwhelmingly likely to be the same. Further, Issue III would only arise for decision if TLU and TLV failed on both Issues I and II.

THE LEGAL FRAMEWORK

19.

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (“the Directive”) deals, inter alia, with “the protection of individuals with regard to the processing of personal data”. The Recitals include the following:

“ (26) Whereas the principles of protection must apply to any information concerning an identified or identifiable person; whereas, to determine whether a person is identifiable, account should be taken of all the means likely reasonably to be used either by the controller or by any other person to identify the person; whereas the principles of protection shall not apply to data rendered anonymous in such a way that the data subject is no longer identifiable….”

20.

Insofar as relevant, the Articles of the Directive provide as follows:

“ Article 1

Object of the Directive

1.

In accordance with the Directive, Member States shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data.

Article 2

Definitions

For the purposes of the Directive:

(a)

‘personal data’ shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly……

Article 22

Remedies

Without prejudice to any administrative remedy for which provision may be made….Member States shall provide for the right of every person to a judicial remedy for any breach of the rights guaranteed him by the national law applicable to the processing in question.

Article 23

Liability

1.

Member States shall provide that any person who has suffered damage as a result of an unlawful processing operation or of any act incompatible with the national provisions adopted pursuant to this Directive is entitled to receive compensation from the controller for the damage suffered….”

21.

The DPA was enacted in this country to give effect to the Directive. S.1 contains “basic interpretative provisions”. “Data” is defined as:

“…information which –

(a)

is being processed by means of equipment operating automatically in response to instructions given for that purpose;

…..

(e)

is recorded information held by a public authority and does not fall within any of paragraphs (a) to (d); ”

A “data subject” means “an individual who is the subject of personal data”. In turn, “personal data” means:

“ …data which relate to a living individual who can be identified –

(a)

from those data, or

(b)

from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller… ”

22.

S.7 deals with the right of access to personal data. S.7(1)(a) provides that an individual is entitled “…to be informed by any data controller whether personal data of which that individual is the data subject are being processed by or on behalf of that data controller”. The individual is further entitled, pursuant to s.7(1)(c)(i) to have communicated to him in an intelligible form “the information constituting any personal data of which that individual is the data subject”. However, s.8(2)(a) provides that the obligation imposed by s.7(1)(c)(i) need not be complied with if “the supply of such a copy is not possible or would involve disproportionate effort”.

23.

S.13 deals with “compensation for failure to comply with certain requirements”. S. 13(1) and (2) provide as follows:

“(1)

An individual who suffers damage by reason of any contravention by a data controller of any of the requirements of this Act is entitled to compensation from the data controller for that damage.

(2)

An individual who suffers distress by reason of any contravention by a data controller of any of the requirements of this Act is entitled to compensation from the data controller for that distress if –

(a)

the individual also suffers damage by reason of the contravention, or

(b)

the contravention relates to the processing of personal data for the special purposes.”

24.

S.14 furnishes various remedies to data subjects to address concerns as to the accuracy, amongst other things, of their personal data held by data controllers.

25.

Some references were made to authority; it will be convenient to address those when dealing with the individual Issues to which I now turn.

ISSUE I: MISUSE OF PRIVATE INFORMATION/ BREACH OF CONFIDENCE

26.

(1) The rival cases: For the Home Office, Mr Sanders QC submitted that row 1101 of the spreadsheet contained information relating to TLT but did not convey anything about TLU or TLV. The fact that TLU and TLV were involved in the family returns process was not disclosed by row 1101 and could only be derived from extraneous data. Accordingly, the Judge had wrongly expanded the scope of the raw data tab and the Home Office’s potential liability. The number of potential claimants should be limited to the 1,598 lead applicants and should not extend to an unknown number of other family members. A “robust and realistic” approach was required. The names were either on the spreadsheet or they were not. As TLU and TLV were not named on the spreadsheet, no private information relating to them had been misused by the posting of the spreadsheet on the Home Office website. That was an end to the private law tort claim.

27.

For TLU and TLV, Mr Tomlinson QC submitted that the short answer to this Issue lay in the Judge’s findings of fact (at [12] and [14] of the judgment, set out above). If necessary to go further, Mr Tomlinson emphasised that the spreadsheet contained quarterly statistics for the “family returns process”. Mr Tomlinson reserved an interesting argument (on which we did not hear him) that “identifiability” was not an ingredient of the cause of action. However, on the assumption that it was, then, as the Judge held, the identities of TLU and TLV could readily be inferred from the information published in the spreadsheet. There was no serious dispute that TLU and TLV had a reasonable expectation of privacy or confidence in the information in question. As Mr Tomlinson summarised TLU’s and TLV’s case on this Issue in his skeleton argument:

“ ….the Spreadsheet did contain information that related to and was about TLU and TLV, including the fact that they had made an application for asylum; when that application had been made; the general area where they were living; and details about their status in the Family Returns Process. They had a reasonable expectation of privacy and confidence in respect of their information in the Spreadsheet. There is no need for them to show that they were ‘identifiable’ by third parties from the information and, in any event, as found by the Judge, they were. The erroneous publication of it on the Home Office website was a misuse of their private and confidential information.”

28.

(2) Discussion: To my mind, this Issue is short, straightforward and essentially one of fact. The starting point must be the Judge’s findings of fact, especially at [12], [14], [25], [28] and [30] of the judgment. I would be slow to interfere with those findings of fact, reached after conducting a trial and hearing evidence over a number of days – and my approach to the particular findings would be the same, even assuming (without deciding) that they may involve an element of mixed fact and law. For my part, the Judge’s findings are unimpeachable, so that they comprise both the starting point and the finishing point on this Issue; I do not think that the Home Office, despite the excellence of Mr Sanders’ submissions, came near the requisite high threshold for successfully challenging them.

29.

If necessary to go further, then my approach is guided by evolving legal policy in this area. In R (Catt) v ACPO [2015] UKSC 9; [2015] AC 1065, Lord Sumption JSC furnished, with respect, an illuminating thumbnail sketch of the development of the law’s protection of privacy:

“2.

Historically, one of the main limitations on the power of the state was its lack of information and its difficulty in accessing efficiently even the information it had. The rapid expansion over the past century of man’s technical capacity for recording, preserving and collating information has transformed many aspects of our lives. One of its more significant consequences has been to shift the balance between individual autonomy and public power decisively in favour of the latter. In a famous article in the Harvard law Review for 1890 (‘The Right to Privacy’, 4 Harvard LR 193), Louis Brandeis and Samuel Warren drew attention to the potential for ‘recent innovations and business methods’ to undermine the autonomy of individuals, and made the case for the legal protection not just of privacy in its traditional sense but what they called ‘the more general right of the individual to be let alone’. Brandeis and Warren were thinking mainly of photography and archiving techniques. In an age of relatively minimal government they saw the main threat as coming from business organisations and the press rather than the state. Their warning has proved remarkably prescient and of much wider application than they realised. Yet although their argument was based mainly on English authority, the concept of a legal right of privacy ….fell on stony ground in England. Its reception here has been relatively recent and almost entirely due to the incorporation into domestic law of the European Convention on Human Rights.”

30.

Today, as summarised by Lord Nicholls in Campbell v MGN Ltd [2004] UKHL 22; [2004] 2 AC 457, at [14], the essence of the tort in question is encapsulated as “misuse of private information”; the focus is now on the values underlying privacy. In his speech, Lord Hoffmann put the matter this way:

“51.

The result…has been a shift in the centre of gravity of the action for breach of confidence when it is used as a remedy for the unjustified publication of personal information…..the new approach takes a different view of the underlying value which the law protects. Instead of the cause of action being based upon the duty of good faith applicable to confidential personal information and trade secrets alike, it focuses upon the protection of human autonomy and dignity – the right to control the dissemination of information about one’s private life and the right to the esteem and respect of other people. ”

31.

I return to the facts. As it seems to me, the detailed information in the spreadsheet concerning TLT as the lead family claimant, in the context of the family returns process, meant that TLU and TLV could readily be identified by third parties. As is unchallenged, their belief, that that is precisely what happened (judgment, at [25]), was both genuine and not irrational. It follows that, despite the names of TLU and TLV not appearing on the spreadsheet, Mr Tomlinson’s submission (recorded above), that the spreadsheet contained information relating to and about TLU and TLV, was well-founded. Plainly, having regard to the law’s policy of protecting the values underlying privacy (discussed above) – and as is admitted by the Home Office in the case of TLT – TLU and TLV had a reasonable expectation of privacy and confidentiality in respect of their information in the spreadsheet. Without belabouring the point, that information went (inter alia) to their identities and their claims for asylum. In the circumstances, I have no hesitation in concluding that the Home Office’s publication of the spreadsheet misused TLU’s and TLV’s private and confidential information. I would dismiss the appeal on Issue I.

ISSUE II: PERSONAL DATA

32.

(1) Overview: On the facts of the present case, it would be surprising if the conclusion on Issue II differed from that to which I have come on Issue I – and, indeed, I have no real doubt in coming to the same conclusion, albeit by a somewhat different route.

33.

(2) The rival cases: For the Home Office, Mr Sanders rightly underlined that the meaning of “personal data” in the DPA was key to “two sets of rights and duties”: first, “subject access rights” and the data controller’s corresponding obligations (see, especially, s.7 DPA); secondly, the obligation to comply with the “data protection principles”, contained in Schedule 1 to the DPA. With these considerations in mind, Mr Sanders focused on the definition of “personal data” in s.1(1), DPA. The essence of his submission was that the data processed in the spreadsheet did not “relate to” TLU and/or TLV on the true construction of those words. A narrow interpretation of the words “relate to” was required, inter alia, to permit straightforward compliance with subject access requests under s.7, DPA. There was no warrant for extending the meaning of those words to cover “implied data”. Mr Sanders placed particular reliance on the decision of this Court in Durant v Financial Services Authority [2003] EWCA Civ 1746; [2004] FSR 573.

34.

For TLU and TLV, Mr Tomlinson again submitted that the Issue was concluded by the Judge’s findings of fact. In any event, on the basis of the Directive, the DPA and authority, he contended that the data processed in the spreadsheet did indeed “relate to” TLU and TLV. The question was simple: was there information on the spreadsheet about TLU and TLV? The answer of “yes” was equally simple and compelled the conclusion that the information on the spreadsheet related to them. No question of “implied data” arose: the identities of TLU and TLV were ascertainable from the data on the spreadsheet, as family members of TLT. Further and as to subject access requests, there was no particular difficulty in locating personal data relating to an individual asylum applicant in a family returns process, not least given the reference number on the spreadsheet common to the family’s case. In any event (though inapplicable here), s.8(2), DPA, provided a safeguard in respect of requests involving disproportionate effort.

35.

(3) Discussion: In my judgment, the submissions on behalf of the Home Office face insuperable hurdles; the strength of the argument is overwhelmingly the other way.

36.

Once again, I can see no proper basis for departing from the Judge’s findings of fact (especially at [12] and [14]), relating as much to TLU’s and TLV’s personal data (under the DPA) as they did to the misuse of their private and confidential information under Issue I.

37.

If necessary to go further, then the starting point is the statutory definition of “personal data” (set out above). There can be no doubt that the information held by the Home Office concerning TLU and TLV comprised “data” (as defined).

38.

For that data to comprise “personal data” it must “relate to” a living individual, “who can be identified”, directly by way of limb (a) of the definition, or indirectly, by way of limb (b) of the definition: see, Vidal-Hall v Google Inc [2015] EWCA Civ 311; [2016] QB 1003, at [108]. As is to be expected given the statutory background, this approach reflects Art. 2(a) of the Directive. Further and in that regard, para. (26) of the Recitals understandably highlights that the “principles of protection” should take account of “all the means likely reasonably to be used” by any third party to identify the person – a point which has particular resonance in the present case, as appears from [25] of the judgment. Staying with the question of identification, it seems beyond serious argument to the contrary that, at the least, TLU and TLV could be identified from the data in the spreadsheet and the other information as to the family returns process in the possession of the Home Office. (See too, Common Services Agency v Scottish Information Comr [2004] UKHL 47; [2008] 1 WLR 1550, at [24].) Accordingly, limb (b) of the definition is satisfied, as to identification. No question of “implied data” arises.

39.

There remains the question of whether the data “related to” TLU and TLV, essentially the foundation for Mr Sanders’ submissions on this Issue. However, unless driven to read the words “relate to” in some strained manner, which I do not think I am, the natural meaning of the statutory language points to the Home Office possessing data and other information relating to TLU and TLV, from which they could be identified. It can hardly be said that information as to the identity of TLU and TLV, together with the fact that they claimed asylum, is capable of being other than data “relating to” them. To put it colloquially, it was about them. As a matter of statutory language and without more, I would therefore be minded to reject Mr Sanders’ key submission on this Issue.

40.

I cannot, however, leave matters there and must turn next to Durant v Financial Services Authority (supra), upon which Mr Sanders placed significant reliance. The case concerned a subject access request. The somewhat unpromising background for the claim was that the appellant had lost proceedings brought against Barclays Bank and was seeking disclosure of information held by the Respondent (“the FSA”) in the belief that the records in question might assist him to re-open the litigation or to secure an investigation into the Bank. The appellant failed in the County Court and appealed to the Court of Appeal. He contended that the definition of “personal data” in s.1(1), DPA was very wide and inclusive. The appeal was dismissed.

41.

For very practical reasons, with respect, Auld LJ was anxious to establish a narrow meaning for “personal data”. That said, the touchstones in the passage which follow tell strongly against the conclusions for which Mr Sanders contended. Auld LJ said this:

“27.

…the purpose of s.7 [DPA], in entitling an individual to have access to information in the form of his ‘personal data’ is to enable him to check whether the data controller’s processing of it unlawfully infringes his privacy and, if so, to take such steps as the Act provides….to protect it. It is not an automatic key to any information, readily accessible or not, of matters in which he may be named or involved. Nor is to assist him, for example, to obtain discovery of documents that may assist him in litigation or complaints against third parties. As a matter of practicality and given the focus of the Act on ready accessibility of the information ….it is likely in most cases that only information that names or directly refers to him will qualify. In this respect, a narrow interpretation of ‘personal data’ goes hand in hand with a narrow meaning of ‘a relevant filing system’….But ready accessibility is not the starting point.

28.

….not all information retrieved from a computer search against an individual’s name or unique identifier is personal data within the Act. Mere mention of the data subject in a document held by a data controller does not necessarily amount to his personal data. Whether it does so in any particular instance depends on where it falls in a continuum of relevance or proximity to the data subject as distinct, say, from transactions or matters in which he may have been involved to a greater or lesser degree. It seems to me that there are two notions that may be of assistance. The first is whether the information is biographical in a significant sense, that is, going beyond the recording of the putative data subject’s involvement in a matter or an event that has no personal connotations, a life event in respect of which his privacy could not be said to be compromised. The second is one of focus. The information should have the putative data subject as its focus rather than some other person with whom he may have been involved or some transaction or event in which he may have figured or have had an interest, for example, as in this case, an investigation into some other person’s or body’s conduct that he may have instigated. In short, it is information that affects his privacy…..A recent example is….that ‘personal data’ covered the name or a person or identification of him by some other means, for instance by giving his telephone number or information regarding his working conditions or hobbies. ”

42.

I am unable to accept that in the use of the words “…it is likely in most cases that only information that names or directly refers to him will qualify” (as personal data), Auld LJ was doing more than state a broad, practical working assumption. On no view was he seeking to reformulate the statutory test, whereby personal data encompasses data and other information from which an individual could be directly or indirectly identified (as discussed above). Thus read, I would in any event be satisfied that the data in the spreadsheet, albeit by inference, “directly refers” to TLU and TLV. But matters do not end there.

43.

At [28], in deciding whether or not information constituted “personal data”, Auld LJ posed the question of where it fell “in a continuum of relevance or proximity to the data subject” – and, in this regard, he referred to “two notions” which might be of assistance. The first, was whether the information was “biographical in a significant sense”. The second was one of “focus”. As it seems to me:

i)

The reference to “a continuum of relevance or proximity to the data subject” highlights the fact sensitive nature of the decision.

ii)

The question of whether the information was “biographical in a significant sense” admits of only one answer in the present case – as much with regard to TLU and TLV as it did with regard to TLT. In the context of immigration and asylum, it is difficult to think of information which might have been more “biographical” than that which the spreadsheet contained with regard to TLU and TLV, other than naming them in terms.

iii)

The question of “focus” cannot sensibly be taken to mean that only a single individual can be in focus. Instead, it again contemplates a “continuum” or spectrum. In the present case, involving a family returns process, it seems manifest to me that TLU and TLV were as much in “focus” as TLT, with whom they shared the same file number allocated to their case. If the position was otherwise, it is not at all apparent why TLT would have been the “lead” claimant for the family. On any view, as Mitting J observed when refusing permission to appeal, the data had “…anyone identified by reference to TLT as its focus….”.

44.

Accordingly, I am unable to accept that Durant v Financial Services Authority assists the Home Office on this appeal. To the contrary, properly applied, it powerfully reinforces the case for TLU and TLV, that the spreadsheet contained data which related to them and from which they could be identified directly or indirectly – and thus comprised their personal data.

45.

I have not overlooked the understandable concern expressed by Mr Sanders as to subject access requests. On the facts here, however, those concerns are of no real weight. As Mr Tomlinson put it in his skeleton argument:

“…a member of staff asked to locate personal data relating to an individual asylum applicant in a family returns process who carried out a search in relation to TLU or TLV, using the reference number common to the family’s case, would inevitably turn up the raw entry in respect of TLT as lead applicant and therefore the data in relation to the whole family… ”

46.

For all these reasons, I would dismiss the appeal on Issue II.

ISSUE III: TLU’s AND TLV’s ENTITLEMENT TO DAMAGES UNDER S.13 OF THE DPA

47.

As already foreshadowed, Issue III would only arise for decision if TLU and TLV failed on both Issues I and II. As it is, they have succeeded on both those Issues, so that Issue III does not arise.

48.

Issue III is potentially one of some nicety. On the hypothesis (contrary to my earlier conclusions) that TLU’s and TLV’s private information had not been misused and their personal data (as distinct from TLT’s) was not contained in the spreadsheet, it would follow that they were not “data subjects” but “merely” individuals advancing a claim under s.13, DPA. The question would then arise as to whether the ratio of Vidal-Hall v Google Inc (supra) extended to this factual situation, so that s.13(2) must be disapplied. That issue is best left for resolution to a case where a decision is required and I do not propose to express any view on it.

QUANTUM

49.

Equally, it is unnecessary to take time on the single area of quantum which Mr Sanders sought to reopen, namely, whether the Judge’s award of damages should be revisited if solely based on TLU and TLV succeeding on Issue III, having failed on Issues I and II. That situation has simply not arisen.

OVERALL CONCLUSION

50.

The data error here had serious consequences, which should not be minimised. It was, however, neither the first nor will it be the last of such human errors, whether made by government departments or others. For my own part, I had some sympathy with the practical concerns expressed by Mr Sanders on behalf of the Home Office, seeking to narrow the class of those to whom the department might incur liability. However, on the facts of the present case, I regard as untenable the submission that liability was not incurred to TLU and TLV. This was a family returns process and, to repeat the Judge’s well-founded conclusion:

“The processing of data in the name of TLT about his family members was just as much the processing of their personal data as his. Further, and for the same reasons, such processing also misused their personal and confidential information.”

51.

For the reasons given, I would dismiss the appeal.

LORD JUSTICE McFARLANE:

52.

I agree.

LORD JUSTICE COULSON:

53.

I also agree.

Secretary of State for the Home Department & Anor v TLU & Anor

[2018] EWCA Civ 2217

Download options

Download this judgment as a PDF (306.6 KB)

The original format of the judgment as handed down by the court, for printing and downloading.

Download this judgment as XML

The judgment in machine-readable LegalDocML format for developers, data scientists and researchers.