MEDIA & COMMUNICATIONS LIST
Royal Courts of Justice
Strand, London, WC2A 2LL
Before :
RICHARD SPEARMAN K.C
(sitting as a Deputy Judge of the King’s Bench Division)
Between :
(1) JOSEPH PACINI
(2) CARSTEN GEYER
Claimant | |
- and - | |
DOW JONES & COMPANY INC. | Defendant |
Hugh Tomlinson KC and Aidan Wills (instructed by Withers LLP) for the Claimants
Catrin Evans KC and Ben Gallop (instructed by Pinsent Masons LLP) for the Defendant
Hearing dates: 15 October 2024
This judgment was handed down remotely at 10.30am on 29 October 2024 by circulation to the parties or their representatives by e-mail and by release to the National Archives.
Richard Spearman KC
INTRODUCTION
This is the trial of preliminary issues in this data protection claim pursuant to the Order of HHJ Richard Parkes KC (sitting as a Judge of the High Court) dated 12 July 2024. That Order was made following HHJ Richard Parkes KC’s dismissal of the Defendant’s application to strike out the claim for the reasons given in his judgment dated 3 July 2024 ([2024] EWHC 1709 (KB)), from which the substance of the following narrative concerning the background to this trial is gratefully adopted. In essence, the claim is about the right to have personal information erased, or corrected by being brought up to date. It would appear that the current trial is the first in which the Court has been called upon to determine as a preliminary issue the “meaning” of personal data alone (as opposed to together with the trial of the preliminary issue of “meaning” in a claim for defamation), to say nothing of being the first in which the Court is required to address, in the context of such a trial, the “repetition rule” developed in the law of defamation.
THE CLAIMANTS
The Claimants, Joseph Pacini and Carsten Geyer, are investment bankers. According to the Amended Particulars of Claim (“APOC”), they were formerly senior executives of the XIO group of companies (“XIO Group”), a global alternative investments business with offices in London, Hong Kong and Shanghai. They were two of the four founding partners of XIO Group, and worked in the XIO businesses between 2014 and 2020. Mr Pacini was Chief Executive Officer and Mr Geyer was Head of Europe.
XIO’s European business was based in London, where its UK arm was XIO (UK) LLP (“XIO UK”). XIO UK employed most of XIO’s senior investment executives. XIO Group appears to have been the entity that controlled the other XIO operations, in which Mr Pacini and Mr Geyer also held positions (in XIO HK and XIO UK respectively).
Mr Pacini and Mr Geyer are presently the Co-Managing Partners of SGT Capital LLC (“SGT”), and they each reside in Switzerland.
THE CLAIM
By a Claim Form issued on 16 March 2023, the Claimants complain of two articles written by Simon Clark and published by the Defendant (“Dow Jones”), which owns and publishes the Wall Street Journal (“WSJ”) worldwide on its website at WSJ.com. One article was published on the website on 16 March 2017 (“the First Article”) and the second on 31 January 2018 (“the Second Article”). Both Articles continue to be accessible online to WSJ.com subscribers.
The Claimants sue in data protection. They allege breach of the General Data Protection Regulation, as maintained by the European Union (Withdrawal) Act 2018 (the UK General Data Protection Regulation, or “UK GDPR”) and of the Data Protection Act (“DPA”) 2018, and claim compensation in accordance with UK GDPR Art 82 and/or DPA 2018 s168, a declaration that the personal data processed are inaccurate, and a compliance order under DPA 2018 s167, requiring erasure of the data and the taking of the steps prescribed by Arts 17(2) and 19 of the UK GDPR.
THE STRIKE-OUT APPLICATION
By application notice dated 22 August 2023, Dow Jones applied for an order striking out the claim pursuant to CPR 3.4(2)(b). Following that, the Claimants made a number of concessions. That resulted in the grounds of the application being narrowed to the contention that the claim is purely tactical and an abuse of process (a) because it is a statute-barred defamation complaint dressed up as a data protection claim, and brought as it is to avoid the rules which apply to defamation claims, and (b) on the basis identified by the Court of Appeal in Jameel v Dow Jones & Company Inc [2005] QB 946.
That application was heard by HHJ Richard Parkes KC on 12 December 2023, and was dismissed for the reasons set out in his detailed judgment referred to above.
THE ARTICLES
The First Article, first published on 16 March 2017, reads as follows (I have added paragraph numbers to assist in the discussion below):
DID XIE ZHIKUN'S NEARLY $1 BILLION GO MISSING? A PRIVATE-EQUITY MYSTERY
[1] Chinese investor says he backed XIO Group big-time; it says he didn't, and now he has filed suit
[2] When Chinese billionaire Xie Zhikun toured Europe in the summer of 2015, his hosts took him to the Aston Martin factory in the English Midlands, to the women's tennis final at Wimbledon and to dinner at London's Connaught Hotel, where he was presented with a portrait of himself painted in tea, according to people who helped organize the visit.
[3] Mr Xie and his chaperones on the trip, executives at London private-equity firm XIO Group, stopped in on companies the firm was buying, according to current and former employees of XIO and an agenda of the trip reviewed by The Wall Street Journal, as well as visiting investment prospects like the sports-car maker they code-named "Project Bond" after its most famous client, the fictional British spy James Bond.
[4] Now, that seemingly friendly relationship is in tatters. The billionaire says it was his money—nearly $1 billion—that seeded XIO and allowed it to buy its first two companies. But XIO wasn't returning his phone calls, he says. In court papers filed in the Cayman Islands, where companies at the center of the dispute are incorporated, Mr Xie is accusing XIO executives of a conspiracy to defraud him out of his cash.
[5] XIO says it doesn't have Mr Xie's money and never did. An XIO spokesman didn't respond to questions about whether any entity affiliated with Mr Xie has been an investor and XIO has denied his allegations.
[6] Mr Xie is one of the rising number of wealthy Chinese making overseas investments even as Beijing imposes tighter capital controls. He is spreading across the world billions of dollars of the fortune he made in forestry and finance, according to company filings and people familiar with the matter. XIO, founded in Hong Kong in 2014, has a brief history in private equity but made a splash last year when it bought California-based automotive-research firm J.D. Power for $1.1 billion.
[7] 'Xie Zhikun is not an investor with XIO and never has been' —XIO Chief Executive Joseph Pacini
[8] In legal filings and documents reviewed by the Journal, Mr Xie says he invested a substantial sum in XIO in 2014—and he wants it back.
[9] XIO Chief Executive Joseph Pacini said in an email that "Xie Zhikun is not an investor with XIO and never has been," and denied his allegations. He declined to discuss the European tour. He said other investors—not Mr Xie—provided $3.2 billion to the firm in 2014.
[10] Mr Xie, 56, couldn't be reached for comment. A Beijing-based spokesman for his company, Zhongzhi Enterprise Group, declined to comment. A spokeswoman for Mr Xie's legal representatives in the Cayman Islands at law firm Maples and Calder declined to comment.
[11] The tussle erupted in December. A representative of Mr Xie sent two letters, which the Journal has reviewed, to XIO's office in the Shard skyscraper in London. One letter says that in 2014 Mr Xie provided 5.8 billion yuan— $940 million at the time—to help set up XIO and to fund the acquisitions of two medium-size companies. The letter demands answers about what happened to what it described as Mr Xie's "very significant" investment following six months of "unanswered requests for information and documents." The second letter asks further questions about what happened to Mr Xie's money.
[12] Apparently unsatisfied, Mr. Xie in February sued in a Cayman Islands court, accusing XIO Chairwoman Athene Li and CEO Mr Pacini of receiving "secret profits" from the alleged fraud.
[13] Ms Li declined to comment.
[14] Mr Xie, an imposing figure well over 6 feet tall, is known in China for his wealth and philanthropic support for the arts and sciences. His pop-star wife, Mao Amin, regularly sings at shows and on state television, but Mr Xie keeps a lower profile. In 1995 he founded Beijing-based Zhongzhi, whose website states that it has 1 trillion yuan ($145 billion) of assets. Mr Xie's investments range widely and include electric vehicles and trusts that lend money, according to company filings.
[15] Along with J.D. Power, XIO owns German and Israeli assets, according to its website. XIO brought in U.S. investment firm BlackRock Inc. to invest alongside it for the J.D. Power deal, according to people familiar with the transaction. BlackRock declined to comment. In December, XIO said it agreed to buy Meitav Dash, a publicly traded Israeli fund company that manages about $33 billion.
[16] XIO was founded in Hong Kong in 2014 by Ms Li, a Chinese executive, Mr Pacini, an American former BlackRock executive, and two other partners. Ms Li is based in China and Mr. Pacini in London.
[17] Mr Pacini moved to Asia in 2007 with J.P. Morgan Chase & Co. and joined BlackRock there in 2012 before setting up his own firm with Ms Li. He said working at J.P. Morgan and BlackRock brought him into contact with the chairmen of big Asian companies eager to invest in new places.
[18] "These organizations are massively flush with cash," Mr Pacini said in an interview in September. "They are very hungry for stable investments."
[19] Mr Xie says in a court filing in the Cayman Islands that in April 2014 he entrusted Ms Li and Mr Pacini to handle his investments in XIO and Dorsey Ventures Ltd., a Cayman corporation.
[20] According to another filing from Mr Xie in the same court, Ms Li is the legal owner of Dorsey, and he and Ms Li have a "share entrustment agreement" that specifies that he is the actual owner. Such agreements are commonly used by wealthy people who want to put money into shell companies without being identified in corporate records. The filing demands that Dorsey make no transfer of shares or payment of dividends without "the order of Xie Zhikun." The letters Mr Xie sent to XIO in December also mention Dorsey, saying Ms Li was supposed to manage its daily operations as well as "deal with the investments of XIO."
[21] XIO made its first acquisitions in 2015 when it paid more than $300 million, according to people familiar with the deal, for Compo Expert, a German fertilizer company, and $510 million for Lumenis, an Israeli medical-laser company.
[22] That summer, XIO chaperoned Mr Xie on the tour of Europe and Israel by private jet, according to people familiar with the visit. The trip's agenda refers to Mr Xie as an "LP," which is private-equity parlance for an investor in a fund. XIO staff also accompanied Mr Xie on shopping trips to stores including Harrods in London, where he spent thousands of dollars, the people say.
[23] During the visit, Mr Xie was described as "Chairman of XIO Fund Advisory Board" in an email reviewed by the Journal that XIO co-founder Carsten Geyer sent to arrange a meeting with a banker. Mr Geyer declined to comment.
The Second Article, published on 31 January 2018, reads as follows (again, I have added paragraph numbers to assist in the discussion below):
HOW J.D. POWER WAS ACQUIRED BY A CHINESE COMPANY SHROUDED IN MYSTERY
[1] Hong Kong's XIO Group, which acquired the U.S. auto-rating firm in 2016, is now embroiled in a dispute about the source of XIO's funding
[2] A plan for the sale of the car-rating business J.D. Power was a month old when the seller, New York-based information giant S&P Global Inc., grew uneasy. It wasn't quite sure to whom it had agreed to sell the company.
[3] "I wanted to raise a point with you that is causing our team here some concern," S&P Global executive Jason Gibson wrote on May 19, 2016, to the purchaser, a firm called XIO Group that had been set up in Hong Kong and was planning to do the deal through an offshore private-equity fund. Mr Gibson emailed that he hadn't received information he expected about who owned XIO and where it was getting the money for the purchase.
[4] The sale went through. XIO acquired J.D. Power four months later for $1.1 billion. The deal left a U.S. company famed for enhancing transparency—shining a light on the automotive and other industries—owned by a private company that was soon embroiled in a largely hidden dispute in China over its funding.
[5] Most XIO employees knew little about where its funding came from. Some advisers to XIO received differing accounts.
[6] The J.D. Power deal was completed amid a wave of overseas acquisitions by cash-rich, privately owned Chinese companies. Some of them have unclear ownership structures that bankers and lawyers say can be a source of confusion. XIO provided full details of its investors to everyone involved in the U.S. regulatory approval process for J.D. Power, a spokesman for XIO said.
[7] Purchases of foreign assets by Chinese companies exploded in 2016 to a record $217 billion. Though China's government has sought to rein these in, the buying continues, at a slower pace.
[8] XIO was among the new buyers Western bankers and lawyers started hearing about. A year after it was founded in Hong Kong, XIO opened its headquarters office in London's Shard skyscraper in 2015. A Shanghai-based fund company called Shanghai Li Hong Investment Center invested hundreds of millions of dollars from mainland China in one of XIO's acquisitions, according to a public document at China's Ministry of Commerce. XIO controls Shanghai Li Hong, the XIO spokesman said.
[9] XIO quickly developed the capacity to do billion-dollar deals. Yet its executives and a billionaire Chinese tycoon are fighting over its assets in lawsuits in two jurisdictions, with details hidden from public view.
[10] "Beneficial ownership of companies is difficult to understand in China," said Bruno Raschle, vice chairman of Zurich-based private-equity firm Schroder Adveq. "You never know who is really behind a company—an individual or the government—or sometimes the government using individuals or making use of individuals."
[11] Chinese acquirers around which ownership questions have swirled include the conglomerate HNA Group Co. The Swiss Takeover Board found in November that when HNA bought a Swiss airline-catering firm called Gategroup in 2016, HNA failed to disclose that two of its owners held their stakes on behalf of HNA's co-founders. HNA said it respected the Swiss board's authority.
[12] "Many companies in China mistakenly believe that extreme secrecy is a form of discretion," said Abel Halpern, a former partner of U.S. private-equity firm TPG who is setting up a business to advise Chinese companies investing outside China.
[13] "Such activity can put a black mark on Chinese capital as an asset class," Mr. Halpern said. "If people believe Chinese capital is tainted by deliberately opaque structures, then such capital is viewed with suspicion and mistrust."
[14] In China, tracing ownership of companies can be complicated by a practice called guanxi, the cultivation of relationships and unwritten favors. This can come into play when wealthy Chinese purchase international assets as a way to move money overseas without their government's knowledge, said lawyers and bankers familiar with the practice.
[15] Because of the risk that acquisitive companies with unclear ownership could be conduits for money laundering and tax evasion, the U.K. in 2016 published an open register of companies' beneficial ownership. European Union countries agreed in December to create public registries listing such information. Three bills in the U.S. Congress would require companies to disclose their beneficial owners.
[16] Nine of 10 senior executives said it was important to know the ultimate owner of companies they do business with, in a 2016 survey of 2,800 executives in 62 countries by EY (formerly Ernst & Young).
[17] "If legitimate companies like J.D. Power are being bought up or interacting with anonymous companies, it opens the door to increased liabilities about which we have no idea," said Gary Kalman, executive director of the Financial Accountability & Corporate Transparency Coalition, a Washington-based nonprofit that campaigns against corruption.
[18] Goldman Sachs Group Inc. won't advise XIO because of concerns about how it is funding deals, according to a person familiar with Goldman's decision-making.
[19] The spokesman for XIO said it works with "the most reputable global investment banks" and hasn't asked Goldman to advise on an acquisition.
[20] It is common practice for private-equity firms not to publicly disclose their investors, the spokesman said. "Honoring nondisclosure agreements and client confidentiality is a basic tenet in following international standards accepted by leading global alternative investment firms," he said.
[21] Addressing criticisms made of anonymous companies, the XIO spokesman added: "Private equity funds have made an incontestable contribution to the global economy."
[22] When XIO sought to buy J.D. Power in early 2016, it had competition from better-known companies. XIO faced pressure to convince owner S&P Global that XIO was a credible bidder for the auto-research company, according to people involved in the acquisition process.
[23] XIO Chairwoman Athene Li and Chief Executive Joseph Pacini enlisted Thomas Borer, a well-connected former Swiss diplomat. To vouch for XIO to S&P Global, Mr. Borer introduced XIO to John Negroponte, who had worked for S&P Global when it was called McGraw-Hill and later was U.S. director of national intelligence under President George W. Bush. Mr Borer, Mr Negroponte and S&P Global declined to comment.
[24] In April 2016 S&P Global announced it had agreed to sell J.D. Power to XIO, "a global alternative investments firm."
[25] XIO would make the purchase using a fund based in the Cayman Islands, which doesn't require firms to publicly disclose their investors. It was during the following month that S&P Global's Mr. Gibson asked XIO for its ownership and funding details as the seller prepared to seek U.S. government approval for the deal, according to emails reviewed by The Wall Street Journal.
[26] An XIO executive responded that Mr. Gibson should have received the information from XIO's legal adviser, Skadden, Arps, Slate, Meagher & Flom LLP. Mr. Gibson wrote back that he had received an email from Skadden, but "the part they did not share are the missing financials and ownership pieces."
[27] "We will not hold up the filing on this matter, but as it's a joint filing we would expect to be able to review," he wrote.
[28] That email was forwarded within XIO to its general counsel. She emailed colleagues she was "not sure why MG has not shared these with the team but will chase up now." MG is Michael Gisser, then head of Skadden's Asian operations and an adviser to the XIO founders.
[29] Mr. Gisser said he is retired from Skadden and declined to comment, as did Skadden.
[30] XIO wouldn't comment on the correspondence. "In the context of the acquisition of J.D. Power, all of the parties (including law firms, advisers and government agencies) who were part of the U.S. regulatory approval process were provided full details of XIO Group's diversified institutional investor base," the XIO spokesman said.
[31] A spokesman for S&P Global wouldn't discuss Mr. Gibson's email. S&P Global is "comfortable that the level of due diligence that we performed in connection with our sale of J.D. Power to XIO Group was appropriate," said spokesman David Guarino.
[32] In June 2016, as XIO was working on getting U.S. government approval for the deal, its general counsel resigned. She left in part because she didn't believe she had sufficient information about XIO's investors to do her job properly, according to former employees, some of whom were employed at XIO at the time.
[33] XIO's spokesman said the general counsel left to pursue a master's degree in business administration and continued to support XIO. The former counsel now works at a U.S. private equity firm.
[34] An XIO executive working on the J.D. Power deal departed not long after. The two were among at least 14 investment professionals who have left XIO since the firm started in 2014, according to the professionals and to websites including LinkedIn.
[35] The spokesman for XIO called its staff turnover "lower than average."
[36] Within XIO, only its four founding partners know who the investors are, and no other current or former employees have any knowledge about them, the spokesman said. He said XIO is "legally bound by Cayman confidentiality law" not to disclose its investors without their permission. He added this is normal for private-equity funds based on the Caribbean island, where "many private equity vehicles are domiciled."
[37] Nine of the former XIO employees who left said they were skeptical that XIO had a fund containing money from many separate institutions, which is what they said they were led to believe when they joined. The former employees, at least three of whom worked on the J.D. Power deal, said XIO was more secretive about its investors than other firms where they have worked.
[38] XIO staff appeared on one occasion to give differing accounts of who funds its deals. When a Moody's Investors Service credit officer met with XIO staff after the deal announcement to discuss debt ratings for J.D. Power, he was told XIO's investors were Chinese, according to the Moody's officer, Edmond DeForest.
[39] A Deloitte accountant got a different response weeks later when he referred to XIO's "China resident investors" in an email to XIO that was reviewed by the Journal. "There may be a misconception. The investors into the XIO fund are not primarily Chinese," XIO partner Carsten Geyer replied.
[40] The Deloitte accountant, Anthony Passalaqua, declined to comment.
[41] As the summer of 2016 progressed, XIO contacted financial firms to ask if they would also invest in J.D. Power. On Aug. 8, XIO's Mr Pacini emailed British pension fund Hermes Investment Management about a "co-Investment opportunity with J.D. Power," saying investors could make as much as 2.9 times their money through a resale within three years. Hermes was interested but decided not to invest, in part because it couldn't get comfortable with the lack of information it received about XIO, a person familiar with the talks said.
[42] BlackRock Inc., the world's largest asset manager and a former employer of XIO CEO Mr Pacini, did invest with XIO, people familiar with the acquisition said. So did Beijing-based China Life Insurance Group, according to an investment manager at the insurer.
[43] The deal for J.D. Power gained approval by the Committee on Foreign Investment in the United States. XIO said the agency's review finished in 30 days. The committee declined to comment.
[44] XIO completed the acquisition on Sept. 7, 2016, but mystery over its funding didn't end.
[45] China Goes Global. Takeovers by Chinese companies outside China were still strong in 2017 even though they fell from a record they year before. [Followed by two charts entitled “Value of overseas deals” and “Number of deals”]
[46] A New York investment banker who had advised XIO on the acquisition met later that year with a Chinese businesswoman named Carol Xie, who shocked the banker by saying her father's investment group had bought J.D. Power—a notion the banker hadn't heard before— according to a person familiar with the meeting. Her father is Xie Zhikun, a prominent Beijing tycoon.
[47] Within months, Mr Xie was in full warfare with XIO. As the Journal reported in March 2017, Mr Xie insisted he had given the firm almost $1 billion to do deals. XIO said he had not, and demanded he stop telling people he was affiliated with the firm.
[48] In a message reviewed by the Journal, XIO's Ms Li wrote to her lawyers saying Mr Xie had repeatedly tried "illegally" to sell a company XIO owned. The company was Lumenis Ltd, a medical-equipment maker XIO bought in 2015. Mr Xie has asserted that his money funded the acquisition.
[49] A representative of Mr Xie wrote to XIO on Dec. 30, 2016, demanding an explanation of how XIO's investments were performing and how the J.D. Power deal was funded. "We have never received the level of information which we should have," said the letter, which the Journal reviewed. "This is a very unsatisfactory situation and not one that we can allow to continue."
[50] In February 2017, Mr. Xie sued in a Cayman Islands court, accusing XIO's Ms Li and Mr Pacini of agreeing to take his money and then receiving "secret profits" in an alleged fraud. He also sued Ms Li in Hong Kong.
[51] A spokesman for Mr Xie declined to comment, as did a lawyer for Ms Xie.
[52] At a meeting in 2017, which was not attended by Mr Xie, Ms Li likened Mr. Xie's contention that he had entrusted money to XIO to a man unexpectedly claiming paternity of a child, said a person who was present.
[53] XIO has said it raised a $3.2 billion investment fund in 2014 with a diversified group of investors it didn't name that included fund managers and insurance companies, including some from Asia.
[54] XIO says Mr Xie isn't one of its investors and never was.
[55] After buying J.D. Power, XIO hired new executives for the California-based company and expanded its operations with the purchase of National Appraisal Guides Inc., a U.S. publisher of vehicle pricing data. XIO is "tremendously proud of the success of J.D. Power and its premier position of 'voice of the consumer,' " the XIO spokesman said.
[56] In July, XIO had J.D. Power borrow $180 million more, in part to fund the acquisition. This made J.D. Power's debt "very high," Moody's said. In July it downgraded J.D. Power's credit deeper into non-investment-grade territory, to B3 from B2.
[57] Another purpose of the borrowing was to enable J.D. Power to pay dividends of about $100 million, according to Moody's. XIO declined to name the investors who would receive these dividends.
THE PRE-ACTION CORRESPONDENCE
HHJ Richard Parkes KC said (at [16] of his judgment): “The pre-action correspondence repays study”. He discussed that correspondence in detail, as it was relevant to the strike-out application that was before him, not least because it made repeated complaints of defamation. However, it is unnecessary to rehearse it for the purposes of the present trial. It is sufficient to record his observations (at [30]) that: “Notwithstanding the various threats and demands made in this lengthy correspondence, no proceedings were ever issued against Dow Jones by any XIO entity or by SGT. No proceedings at all were issued until the present litigation was commenced by the Claimants in respect of the two Articles in 2023, and even then not in defamation”.
On 1 February 2023 (2½ years since their last letter of 27 July 2020 on behalf of the Claimants and SGT), Withers wrote again on behalf of the Claimants, who were described as former Partners of XIO Group (and as CEO and Head of Europe of XIO respectively). That letter was expressed to be a Pre-Action Letter of Claim written in accordance with the Pre-Action Protocol for Media and Communication Claims. It stated (among other things) that (i) “This is not a privacy and/or defamation claim aimed at attempting to silence criticism but a data protection claim to remove our client’s (sic) inaccurate personal data”, (ii) the Claimants’ personal reputations within private equity were “significantly” damaged by the publication of the Articles, causing substantial losses including a loss of potential business, (iii) this harm was continuing, and (iv) the Articles continued to cause the Claimants “considerable harm and distress”. The complaint was of breach of the UK GDPR, from the continued publication of data in the Articles which was out of date, inaccurate and damaging to the Claimants’ reputations. Dow Jones replied on 13 February 2023 refusing to erase the Claimants’ data.
THE PROCEEDINGS
Proceedings were issued on 16 March 2023, exactly 6 years after the original publication of the First Article, and were served by letter dated 10 July 2023, less than a week before the validity of the Claim Form expired.
The APOC complain of the publication of the Articles, each of which is said to contain personal data of which the Claimants are the data subjects (“the Personal Data”).
The Personal Data are pleaded at paragraphs 11 to 14 of the APOC in terms which HHJ Richard Parkes KC described (at [40] of his judgment) as “strongly reminiscent of the pleading of meaning in a defamation case”. The pleading reads as follows:
“(11) The First Article contains personal data and Criminal Offences Data of which Mr Pacini is the data subject as follows:
That there were reasonable grounds to suspect that Mr Pacini was party to a conspiracy to defraud Xie Zhikun of nearly $1billion, and had received 'secret profits' as a result.
(12) The First Article contains personal data and Criminal Offences Data of which Mr Geyer is the data subject as follows:
That there were reasonable grounds to suspect that Mr Geyer was party to a conspiracy to defraud Xie Zhikun of nearly $1billion.
(13) The Second Article contains personal data of which each of the Claimants is the data subject as follows:
That there were reasonable grounds to suspect that each Claimant had deliberately failed to provide proper disclosure of the true identity of investors in JD Power to the vendor and the US authorities and had concealed the fact that XIO was an investment vehicle for Xie Zhikun;
(14) The Second Article contains personal data of which Mr Geyer is the data subject as follows:
That Mr Geyer falsely informed a Deloitte accountant that the investors into the XIO entity purchasing JD power were not primarily Chinese.”
At paragraph 16, the APOC pleads that the Personal Data are incorrect or misleading as to matters of fact, in the following respects:
“(1) The Claimants were not party to any conspiracy to defraud Xie Zhikun and Mr Pacini did not make any “secret profit” from any such conspiracy.
(2) There were no reasonable grounds to suspect that the Claimants were party to any conspiracy to defraud Xie Zhikun or that Mr Pacini had made any secret profit.
(3) The allegations of wrongdoing made against the Claimants by Xie Zhikun were made in various legal proceedings – all of which were, by a settlement deed dated 4 August 2020, discontinued. There was no admission or finding of liability for conspiracy to defraud on the part of the Claimants.
(4) The Claimants had not failed to provide proper disclosure of the true identity of investors in J D Power to the vendor or to the US Authorities.
(5) The Claimants had made full disclosure to the Committee on Foreign Investment in the United States, including providing a list of all XIO's partners and investors and potential investors.
(6) XIO was not an investment vehicle for Xie Zhikun;
(7) The investors into the XIO entity which was purchasing J D Power were not from mainland China were not affiliated with the Chinese government and they were not introduced by or affiliated with Xie Zhikun.”
The Particulars of Claim were amended on 17 November 2023. Before amendment, they alleged at paragraph 19 that Dow Jones had failed to process the personal data lawfully or fairly. By amendment, the allegation of unlawful processing, and the supporting Particulars, which alleged that both the Articles were defamatory of the Claimants, were deleted. The Particulars of Breach of the UK GDPR, as amended, read as follows:
“(1) In breach of Article 5(1)(a), the Defendant has failed to process the Personal Data lawfully or fairly. In this respect the Claimants will rely in particular on the following facts and matters:
(a) The First Article refers to allegations of a serious nature and includes Criminal Offences Data.
(b) The First Article relates to allegations which never resulted in a criminal charge or arrest.
(c) The Second Article makes serious and damaging allegations of impropriety against the Claimants including, in particular of suspected failure to provide proper disclosure to the Committee on Foreign Investment in the United States.
(d) The Articles are both defamatory of each of the Claimants.
(2) In breach of Article 5(1)(d), the Defendant failed to ensure that the
Personal Data was accurate or to erase or rectify inaccuracies in the Personal Data without delay after becoming aware of them. Paragraph 16 above is repeated. The true factual position has been known to the Defendant since (at the latest) its receipt of the PAP Letter.(3) In breach of Article 5(1)(d), the Personal Data was kept in a form which permitted identification of the Claimants for longer than was necessary for the purposes for which the Personal Data was processed. Insofar as the First Article was reporting on legal proceedings brought by Xie Zhikun in the Grand Court of the Cayman Islands (Cause No FSD 25 of 2017), it was no longer necessary to process the Personal Data in the First Article after those proceedings were discontinued on 27 November 2020.
(4) In breach of Article 10, the Defendant published the Criminal Offences Data in the Article without justification under any of the conditions in Parts 1 to 3 of Schedule 1 to the DPA 2018.
(5) In breach of Article 17, the Defendant has failed to give effect to the Claimants’ exercise of their rights of erasure (by way of the PAP Letter) by removing the Articles from WSJ.com. The Claimants rely on the following:
(a) Even if (contrary to the Claimants' primary case) the Defendant's initial decisions to publish each of the Articles was justified, their continued publication is no longer justified once the Defendant had received the PAP Letter.
(b) Further and in the alternative, by the PAP Letter, the Claimants objected to the processing of the Personal Data in the Articles. There were no overriding legitimate grounds for continuing the processing.
(6) In breach of Article 21 the Defendant has failed to give effect to the Claimants’ exercise of their right to object to the processing involved in the publication of the Articles as set out in the PAP Letter. There are no compelling legitimate grounds for the continuing publication of the Articles.
(7) If and insofar as the Defendant contends that the processing of the Claimants’ personal data in the Articles is for “special purpose of journalism” set out in paragraph 26 of Schedule 2 to the DPA 2018, and without prejudice to the burden of proof (which lies on the Defendant) the Defendant is not entitled to rely on any exemption from the listed UK GDPR provisions in that it is not reasonable for the Defendant to believe that:
(a) Application of the listed UK GDPR provisions would be incompatible with the purposes of journalism;
(b) The continuing processing of the Personal Data by publication is in the public interest. In particular, it is not reasonable to believe that the continuing processing of inaccurate and/or out of date personal data is in the public interest.
If and insofar as the Defendant had such reasonable beliefs when (it) published each of the Articles, it could no longer hold such beliefs once it became clear that the Personal Data was (sic) inaccurate and out of date.”
Under the heading of Remedies, the APOC now claim:
“(20) By reason of the Defendant's wrongful processing of the Personal Data as pleaded above, the Claimants have suffered damage to their reputations, and have been caused anxiety, humiliation and distress for which the Defendant is liable to pay compensation to the Claimant'.
(21) In support of their claims for compensation under s168 of the DPA 2018 the Claimants will rely on the following:
(1) The loss of control of and autonomy over the Personal Data occasioned by the publication of the Articles.
(2) the fact that the Defendant has continued to publish and maintain the Articles despite being put on notice of the Claimants' objections in the PAP Letter.
(3) The fact that the Articles have been repeatedly mentioned by prospective investors in XIO and SGT as requiring further due diligence and therefore being an obstacle to investment. This has caused additional work and distress for the Claimants.”
The prayer for relief seeks compensation pursuant to Art 82 of the GDPR/UK GDPR and/or s168 of the DPA 2018, a declaration that the Personal Data are inaccurate, and a compliance order pursuant to s167 DPA 2018, requiring (a) the erasure of the Personal Data and any similar data, and (b) that Dow Jones takes the steps set out in Art 17(2) and Art 19 of the GDPR/UK GDPR (i.e. notification to controllers processing the data, and notification to publishees of the personal data of any rectification or erasure ordered).
The amendments to the Particulars of Claim followed a letter from Dow Jones’ solicitors dated 25 July 2023 in which it was contended that (i) the claim was purely tactical and amounted to an abuse of process and (ii) in any event the pleading was defective, in particular because it complained that the Articles were defamatory, without setting out the facts and matters required to make good a claim in libel. In response to that letter, and after service of the strike-out application, the Claimants by letter dated 12 September 2023 agreed to make the amendments to paragraphs 19(1) and 20(1) of the Particulars of Claim which are recorded above. As mentioned above, that had the effect of narrowing the grounds on which the strike-out application was pursued by Dow Jones.
THE ISSUES TO BE TRIED
By paragraph 5 of his Order dated 12 July 2024, HHJ Richard Parkes KC directed a trial of the following preliminary issues pursuant to CPR r 3.1(2)(i) and (j):
The meaning of any personal data within the Articles complained of in the claim of which the Claimants are data subjects (the “First Issue”).
Whether any such data is criminal offence data within the meaning of Article 10 (the “Second Issue”).
By paragraph 7 of that Order, he ordered Dow Jones to file and serve a written notice of its case on each of those preliminary issues. Pursuant to that Order, on 30 July 2024, Dow Jones filed and served a notice of its case on those issues as follows:
“The meaning of any personal data within the Articles complained of in the claim of which the Claimants are data subjects.
1. In respect of the First Article (as defined in Paragraph 3 of the Amended Particulars of Claim):
a. The First Claimant’s personal data bear the meaning that the First Claimant was
one of the executives who had been accused by Mr Xie, in contested legal proceedings in the Cayman Islands, of receiving “secret profits” in an alleged
conspiracy to defraud, an allegation denied by the First Claimant, who said Mr Xie
is not and has never been an investor in XIO.
The Second Claimant’s personal data bear the meaning that the Second Claimant,
to arrange a meeting with a banker, sent an email that described Mr Xie as
“Chairman of XIO Fund Advisory Board”.
In respect of the Second Article (as defined in Paragraph 4 of the Amended Particulars of Claim):
The First Claimant’s personal data bear the meanings that (i) he was part of an
effort to enlist Thomas Borer, a well-connected former Swiss diplomat, to assist
XIO in persuading S&P Global that XIO was a credible bidder for J.D. Power;
on behalf of XIO the First Claimant contacted a financial firm, Hermes, to ask if
it would also invest in J.D Power; and (iii) the First Claimant had been one of those
accused by Mr Xie, in legal proceedings in the Cayman Islands, of receiving
“secret profits” in an alleged fraud, while XIO said Mr Xie is not and has never been
an investor in XIO.
The Second Claimant’s personal data bear the meaning that he replied to a Deloitte
accountant, who had referred to XIO’s “China resident investors”, by stating that
“There may be a misconception. The investors into the XIO fund are not primarily
Chinese”, which appeared to contrast with a Moody’s Investors Service credit
officer saying he had been told by XIO staff weeks previously that XIO’s investors
were Chinese.
Whether any such data is criminal offence data within the meaning of Article 10 UK GDPR.
The Defendant’s case is that the data is not criminal offence data. This contention will be developed in submissions prior to the preliminary trial on meaning.”
THE FORMULATION OF THE FIRST ISSUE
An Order in these terms derived from the relief that Dow Jones claimed before HHJ Richard Parkes KC in the alternative to its strike-out application. That alternative claim for relief, in turn, was made against the background of the way in which the Claimants’ case on Personal Data had been pleaded. As set out above, that case is pleaded in similar terms to a case on meaning in a claim for defamation. The explanation for that approach is to be found in three first instance decisions which both sides invited me to follow and apply when trying the First Issue, although they differed as to the results which they contended should follow from the application of that approach in this particular case.
The first decision in time is that of Warby J in NT1 and NT2 v Google LLC [2019] QB 344 (“NT1”), which Mr Tomlinson submitted was the “leading case” concerning “the Court’s approach to the meaning of personal data”. Specifically, in the context of the trial of the First Issue, s205(1) of the DPA 2018 provides that data is inaccurate if it is “incorrect or misleading as to any matter of fact”, and Mr Tomlinson submitted that NT1 sets out how the Court should assess whether personal data is “incorrect or misleading”.
In NT1, the Claimants were businessmen whose convictions for criminal offences were spent under the Rehabilitation of Offenders Act 1974. They brought claims under data protection law and for misuse of private information, seeking (among other things) orders for de-listing of details of their offending, convictions and sentences, requiring their removal from search results, on the basis that the information, in particular concerning their spent convictions, was old, out of date, irrelevant, of no public interest and/or otherwise an illegitimate interference with their data and/or privacy rights.
At [79], Warby J expressed criticism of the way in which the Claimants’ case on inaccuracy had been pleaded, commenting that the approach adopted by the Claimants “seems to beg the question of what sense a given word or phrase bears, when read in its context”. Warby J continued as follows:
“I cannot help feeling that in a context such as the present where the claimant sues in respect of media publications he should be expected to specify the meaning(s) he attributes to particular words or phrase[s], and which he says is inaccurate. A claimant should also give particulars of inaccuracy. Those are well-established requirements of a statement of case in a defamation or malicious falsehood claim, which are surely appropriate in this context for the same reasons.”
At [80], Warby J turned to consider “the right approach in principle” to the issue of accuracy. In the context of discussing the requirement that is now to be found in Art 5(1)(d) of the UK GDPR that personal data shall be “accurate”, Warby J recorded that “There has been some dispute about how to decide whether a published article is inaccurate for this purpose”. He then said “Two sources of law have been addressed”.
At [81], Warby J discussed the first of these sources, namely data protection law itself. He pointed out that this makes clear that data are inaccurate if they are incorrect or misleading as to any matter of fact, observing that “the reference to fact emphasises that this principle is not concerned with matters of comment, opinion or evaluation” and that “[t]he reference to misleading indicates that the court should not adopt too narrow and literal an approach”. (The core material provisions are now Art 4(1) and Art 5(1)(d) of the UK GDPR. Art 4(1) defines “personal data” as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”. Art 5(1)(d) provides that personal data shall be “accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay”.)
At [82], Warby J identified the domestic law of defamation as “[a] second source of possible guidance”. He continued:
“In a libel action, where truth is in issue, the court will first determine the single natural and ordinary meaning which the words complained of would convey to the ordinary reasonable reader. It is that which the defendant must then prove to be true. A claim for libel cannot be founded on a headline or other matter, read in isolation from the related text; the court must identify the single meaning of a publication by reference to the response of the ordinary reader to the entire publication”.
Also in [82], Warby cited the submission of Counsel for the Defendant “that any factual statement contained in the articles or the book extract must be read in its proper context, and that any complaint of inaccuracy must be assessed in the light of the ordinary and natural meaning of the article or book extract of which the offending statement is part”. At [83], Warby J indicated that he accepted those submissions, saying that the principles taken from the law of libel were not “artificial”, “have been developed over centuries to meet the needs of a cause of action that addresses issues arising from the publication of words and their impact on reputation”, had support in domestic authority, and “seem well-adapted to testing whether the words satisfy the Working Party criterion of giving ‘an inaccurate, inadequate or misleading impression of an individual’”.
At [84], Warby J went on to consider other implications of applying principles taken from the law of defamation in the context of claims concerning personal data:
“There is a further dimension to this. The law of defamation contains a rule (the “repetition rule”) which recognises that an accurate report of what a third party has said about a person may convey an inferential defamatory meaning which is false. The ordinary meaning of the statement “The prosecutor alleged that the defendant had defrauded the revenue” is that the claimant is guilty of fraud. That could turn out to be untrue. The same is true of the statement: “The jury found him guilty of fraud”. The policy of defamation law is to hold the publisher responsible for the inferential meaning, whilst protecting those who report accurately on court proceedings, and on certain other kinds of proceeding or statement such as parliamentary proceedings, even if the report conveys a false or inaccurate inferential meaning. The protection is absolute or qualified, according to the context. Some accurate reports are privileged “subject to explanation or contradiction”. The interpretative provisions of DPA Schedule 1, Part II contain some apparently relevant provisions for qualified exemption from the strict requirements of accuracy. They state, at para 7:
‘The fourth principle is not to be regarded as being contravened by reason of any inaccuracy in personal data which accurately record information obtained by the data controller from the data subject or a third party in a case where (a) having regard to the purpose or purposes for which the data were obtained and further processed, the data controller has taken reasonable steps to ensure the accuracy of the data, and (b) if the data subject has notified the data controller of the data subject’s view that the data are inaccurate, the data indicate that fact.’”
At [87], Warby J said:
“… It would be wrong to treat the two branches of the law as coterminous, as they not only have different origins but also serve different purposes. It is possible to give more weight to literal accuracy in the context of data protection law, with its broader aims and its wider and more flexible range of remedies. It is appropriate, however, to bear in mind domestic principles in order to ensure, as far as possible, that the law has the coherence to which Lord Sumption JSC referred in Khuja’s case [2019] AC 161.”
The second decision in time is Aven v Orbis Business Intelligence [2020] EWHC 1812 (QB) (“Aven”), another decision of Warby J. In that case, when considering “the right approach to the ascertainment of whether information contains the personal data of an individual” (see [26]), Warby J reaffirmed the approach that he had adopted in NT1, which he summarised as follows at [29]:
“I concluded that the right approach was to look at the articles and book extracts as a whole, and interpret any element of them by reference to the meaning that the ordinary reader would take from that element, read in its full context. My reasons were set out in detail at [80-84]. It is unnecessary to set them out here. In summary I concluded, and it remains my view, that support for this approach can be found in aspects of the DPA itself, the work of the Article 29 Working Party, domestic authority on the application of the DPA and its predecessor (the Act of 1984), and the logic and common sense to be found in the law of meaning in defamation.”
The particular context in which the debate about the correct approach arose in that case concerned the following sentences in the Memorandum that was said to contain the Claimants’ personal data:
“Speaking to a trusted compatriot in mid-September 2016, a top level Russian government official commented on the history and current state of relations between President PUTIN and the Alpha Group of businesses led by oligarchs Mikhail FRIDMAN, Petr AVEN and German KHAN. The Russian government figure reported that although they had had their ups and downs, the leading figures in Alpha currently were on very good terms with PUTIN. Significant favours continued to be done in both directions, primarily political ones for PUTIN and business/legal ones for Alpha.”
The issue that Warby J was required to determine in that regard was whether these sentences contained the following data of which the Claimants were the data subjects: “That significant favours are done by President Putin for the Claimants and for President Putin by the Claimants”. The nub of the Claimants’ case was that the words quoted above concerning “significant favours” would, in context, be understood by any ordinary reader to refer to the three individuals identified by name as the leaders of the Alfa Group, and to mean that the significant favours were being done by and for those individuals. The nub of the Defendant’s case was that the words concerning “significant favours” did not contain any personal data about any of the Claimants, but instead contained information about Alfa Group, a corporate entity; that the Claimants were not identifiable from the sentences in question; and that even if they were that would not be enough to make the information personal data that “relates to them”. Warby J, in my view entirely unsurprisingly, preferred the Claimants’ case, holding as follows at [32]:
“Applying that approach, I find that Memorandum 112 did contain the information in claimants’ proposition (a) [i.e. “That significant favours are done by President Putin for the Claimants and for President Putin by the Claimants”]. The claimants are plainly identifiable from Memorandum 112; they are named. Any ordinary reasonable reader of the Memorandum would understand the statements about the giving and receipt of “significant favours” as referring not only to Alfa Group but also to the three individual claimants. That would be the result of reading the whole document, which an ordinary reader would do; but in order to explain this conclusion, it is not necessary to look beyond the immediate context of the words in numbered paragraph 1. The two immediately preceding sentences identify the claimants by name as leaders of the Alfa Group, and assert that they are on “very good terms” with Putin. The reader of the sentence that follows would naturally take its reference to favours being done “in both directions” as a statement that Putin does favours for the claimants, and they for him. The mention of Alfa at the end of the third sentence would be read as synonymous with the claimants. In my judgment, further, the information is personal data within the meaning of DPA s1.”
The third decision is that of Collins Rice J in Shah v Up and Coming Ltd [2020] EWHC 3472 (QB) (“Shah”), made on a trial of preliminary issues in a claim for defamation and breaches of data protection law. Those issues (see [3]) comprised three issues relating to the defamation claim, including determination of “the natural and ordinary meaning of the words and images complained of”, and one issue relating to the data claim, namely “what personal data relating to the Claimant are contained in the words and images complained of”. When addressing the data protection issue, Collins Rice J said at [61]:
“So far as the data protection element of this claim is concerned, the parties agreed that I should be guided by the indications in NT1 v Google LLC [2018] EWHC 799 (QB) at paragraphs 80-87. Where the issue is accuracy, that should be assessed in the light of the natural and ordinary meaning of the material complained of, drawing on the principles developed in the defamation context. The aim is to describe faithfully the information held. The two legal regimes are distinct but unjustifiable incoherence should be avoided. A less impressionistic and more full and literal, or granular, description of personal data may be justified where the regulatory regime of data protection is concerned, since it has to deal with more issues than public reputation or an impression created by a single viewing”.
In my view, although she expressed herself in slightly different language to that used by Warby J in NT1, Collins Rice J was not seeking to lay down any different approach, but merely to summarise in her own words the thrust of [80]-[87] of Warby J’s judgment.
Collins Rice J’s reference to an “impression created by a single viewing” is nevertheless, in my view, telling. That is one of the criteria which needs to be taken into account when determining meaning in the context of a claim for defamation. However, it is possible that some items of personal information would make little or no impression on the hypothetical reasonable reader, for example because they are peripheral to the thrust of the publication, or because they neither criticise nor compliment the data subject. In that case, they would form no part of the single meaning that falls to be ascribed to the publication in question for purposes of the law of defamation. However, that would not mean that, if they are inaccurate, they should be excluded from a data protection claim. This illustrates why the defamation approach cannot be transposed indiscriminately.
Applying defamation principles, including the guidance provided by Nicklin J’s encapsulation of the principles concerning “natural and ordinary meaning” distilled from the authorities and set out in Koutsogiannis v Random House Group [2020] 4 WLR 25 (“Koutsogiannis”), at [11]-[12], Collins Rice J concluded (at [38]) that the natural and ordinary meaning of the words complained of by the Claimant (which she did not consider to be defamatory of him) was as follows:
“[The Claimant] is Indian. He has twice been recorded taking part in political demonstrations in the UK, acting the roles of, respectively, a Baloch nationalist and a citizen of Pakistan. He and others were hired to do that by the Indian government. This is an example of rent-a-crowd tactics by the Indian government constituting thoroughly reprehensible, anti- Pakistan, political conduct on its part.”
With regard to the data protection issue, at [64] Collins Rice J said that the essence of the difference between the parties as to the personal data of which the Claimant was the data subject “is the imputation of personal bad faith and moral turpitude to the Claimant”. She continued:
“Consistently with my findings on meaning, I think a more accurate description of the personal data content of this item would be as follows.
1. The person shown in the video is identifiable as Mr Shah.
2. He is an Indian citizen, or of Indian heritage.
3. In November 2018 he took part in a political demonstration outside a restaurant in Wembley on the occasion of a dinner at which the Chief Justice of Pakistan was speaking. The purpose of the dinner was fundraising for an Indus dam project. The purpose of the demonstration was to object to that project. Mr Shah identified himself publicly with that purpose.
4. On that occasion he acted the part of a Pakistani citizen.
5. He, along with others, was hired and paid to do that by the Indian government as part of its rent-a-crowd tactics.
6. In April 2018 he took part in a political demonstration outside the Houses of Parliament on the occasion of the visit of the Indian Prime Minister. The purpose of the demonstration was to enlist UK and Indian government support for a Pakistan regional issue. Mr Shah identified himself publicly with that purpose.
7. On that occasion, he acted the part of a Baloch nationalist.
8. He, along with others, was again hired and paid to do that by the Indian government as part of its rent-a crowd tactics.”
In my view, in that case there was a clear difference in the formulation of the defamation issues on the one hand and the data issue on the other hand, and while Collins Rice J may have had regard to the “natural and ordinary meaning” of the Claimant’s personal data applying principles developed in the law of defamation, the data content that she identified in the items complained of was purely factual and nothing like a libel meaning.
THE PARTIES’ SUBMISSIONS ON THE FIRST ISSUE
As I have already indicated, both sides invited me to determine the First Issue by applying the approach suggested by Warby J in NT1. For the Claimants, Mr Tomlinson emphasised that, faced with a choice between “holistic” and “atomised” approaches to “the ascertainment of whether information contains the personal data of an individual”, the “holistic” approach is to be preferred (see Aven at [26]). For Dow Jones, Ms Evans accepted that when identifying “data” for the purpose of determining whether or not the same constitute “personal data” the Court must have regard to the full context. She emphasised, however, that both Warby J in NT1 at [87] and Collins Rice J in Shah at [61] had made clear that a more literal and “granular” approach may be appropriate when considering data issues, and that no decided case went so far as to say that the Court was required unhesitatingly to apply defamation law principles in the context of data claims.
Building on that premise, it was common ground between the parties that I should apply the principles for determining the natural and ordinary meaning of words complained of in libel as distilled by Nicklin J in Koutsogiannis at [12] and approved by the Court of Appeal in Corbyn v Millett [2021] EMLR 19 at [8]:
“The following key principles can be distilled from the authorities: ….
i) The governing principle is reasonableness.
ii) The intention of the publisher is irrelevant.
iii) The hypothetical reasonable reader is not naïve but he is not unduly suspicious. He can read between the lines. He can read in an implication more readily than a lawyer and may indulge in a certain amount of loose thinking but he must be treated as being a man who is not avid for scandal and someone who does not, and should not, select one bad meaning where other non-defamatory meanings are available. A reader who always adopts a bad meaning where a less serious or non-defamatory meaning is available is not reasonable: s/he is avid for scandal. But always to adopt the less derogatory meaning would also be unreasonable: it would be naïve.
iv) Over-elaborate analysis should be avoided and the court should certainly not take a too literal approach to the task.
v) Consequently, a judge providing written reasons for conclusions on meaning should not fall into the trap of conducting too detailed an analysis of the various passages relied on by the respective parties.
vi) Any meaning that emerges as the produce of some strained, or forced, or utterly unreasonable interpretation should be rejected.
vii) It follows that it is not enough to say that by some person or another the words might be understood in a defamatory sense.
viii) The publication must be read as a whole, and any ‘bane and antidote’ taken together. Sometimes, the context will clothe the words in a more serious defamatory meaning (for example the classic ‘rogues' gallery’ case). In other cases, the context will weaken (even extinguish altogether) the defamatory meaning that the words would bear if they were read in isolation (e.g. bane and antidote cases).
ix) In order to determine the natural and ordinary meaning of the statement of which the claimant complains, it is necessary to take into account the context in which it appeared and the mode of publication.
x) No evidence, beyond [the] publication complained of, is admissible in determining the natural and ordinary meaning.
xi) The hypothetical reader is taken to be representative of those who would read the publication in question. The court can take judicial notice of facts which are common knowledge, but should beware of reliance on impressionistic assessments of the characteristics of a publication's readership.
xii) Judges should have regard to the impression the article has made upon them themselves in considering what impact it would have made on the hypothetical reasonable reader.
xiii) In determining the single meaning, the court is free to choose the correct meaning; it is not bound by the meanings advanced by the parties (save that it cannot find a meaning that is more injurious than the claimant's pleaded meaning).”
In this regard, without apparent demur from Ms Evans, Mr Tomlinson relied on the guidance provided by the Court of Appeal in Chase v News Group Newspapers Limited [2003] EMLR 218 (“Chase”) at [45]:
“The sting of a libel may be capable of meaning [1] that a claimant has in fact committed some serious act, such as murder. Alternatively it may be suggested that [2] the words mean that there are reasonable grounds to suspect that he/she has committed such an act. A third possibility is that [3] they may mean that there are grounds for investigating whether he/she has been responsible for such an act.”
Mr Tomlinson, again without demur from Ms Evans, further submitted that, in accordance with the guidance given by the Court of Appeal in Tinkler v Ferguson [2019] EWCA Civ 819 at [9], I should read the Articles before reading the parties’ submissions.
In adopting that approach, I nevertheless consider that it is necessary for the Court to have some idea of the issues in the claim before reading the material complained of – for example, to note: who the Claimants are; that it is a data protection claim; and to get some sense of the ambit of the data complaint. Otherwise, there is a danger that the Court’s reading will lead to conclusions on meaning that are of no relevance to the claim.
The first point which divided the parties concerned the application of the “repetition rule”. As Nicklin J stated in Brown v Bower [2017] 4 WLR 197 (“Brown”) at [19]:
“The so-called “repetition rule” is a principle “deeply embedded” in the law of defamation (per Hirst LJ in Shah v Standard Chartered Bank [1999] QB 241, 261G). It has two, quite distinct, applications. First, it is a rule relevant to the determination of the single meaning that a statement bears. Second, it serves to limit the evidence that is admissible to prove the truth of a defamatory imputation.”
As appears from one of the authorities that Nicklin J cited in Brown, a pithy distillation of the rule is that “For the purpose of the law of libel a hearsay statement is the same as a direct statement, and that is all there is to it.” (Lewis v Daily Telegraph Ltd [1964] AC 234, Lord Devlin at 284). As Mr Tomlinson submitted, it is therefore no defence to an action for defamation for the defendant to “prove he was merely repeating what he has been told” (Stern v Piper [1997] QB 123, 128). As Simon Brown LJ explained (at 135-136), the repetition rule is: “a rule of law specifically designed to prevent a [court] from deciding that a particular class of publication—a publication which conveys rumour, hearsay, allegation, repetition, call it what one will—is true or alternatively bears a lesser defamatory meaning than would attach to the original allegation itself” (ibid, at 135-136). Further, both Mr Tomlinson and Ms Evans cited the judgment of Hirst LJ in Shah v Standard Chartered Bank [1999] QB 241, at 263, explaining that:
“… the repetition rule reflects a fundamental canon of legal policy in the law of defamation dating back nearly 170 years, that words must be interpreted, and the imputations they contain justified, by reference to the underlying allegations of fact and not merely reliance upon some second-hand report or assertion of them”.
Nevertheless, the rule is not absolute, as Nicklin J explained in Brown at [32]:
“When the authorities speak of rejecting submissions that words repeating the allegations of others bear a lower meaning than the original publication that is a rejection of the premise that the statement is less defamatory (or not defamatory at all) simply because it is a report of what someone else has said. That kind of reasoning is what the repetition rule prohibits when applied to meaning. The meaning to be attached to the repetition of the allegation has still to be judged, applying the rules of interpretation I have set out above, looking at the publication as a whole.”
Mr Tomlinson submitted that, in accordance with the judgment of Warby J in NT1, in particular at [84], when deciding on the meaning of personal data for the purpose of inaccuracy claims, the Court must apply the repetition rule.
Ms Evans did not attempt to rebut this submission root and branch, but instead argued that the repetition rule should be disapplied in data cases involving reports of court proceedings. Her principal submissions were as follows:
The repetition rule presents a potential difficulty in the context of reporting certain third party sourced information such as court proceedings. If required to justify reports of legal proceedings as true, a defendant would have to prove not that an allegation was made in the proceedings but that the allegation itself was true. This would render the reporting of legal proceedings in which allegations that are reputationally damaging are made all but impossible.
The rule, left unchecked, would in this way interfere with the constitutional principle of open justice. See Lord Diplock in Attorney-General v Leveller Magazine Limited [1979] AC 440, at 450: “As respects the publication to a wider public of fair and accurate reports of proceedings that have taken place in court the principle requires that nothing should be done to discourage this”.
The right to publish information about legal proceedings, and the public’s right to be told what happens in public court proceedings is also protected in the Article 10 jurisprudence of the European Court of Human Rights (see, for example, Bedat v Switzerland (2016) 63 EHRR 15, at [51]).
The law of defamation has accommodated these competing policy interests, since at least 1796, by treating as privileged fair reports of legal proceedings (see Curry v Walter (1796) 126 ER 1046). That common law protection was first put on a statutory footing by s3 of the Law of Libel Amendment Act 1888, the precursor to the modern law of qualified reporting privilege which is found in ss14-15 and Sch 1 of the Defamation Act 1996. In particular, para 2 of Sch 1 provides such protection for reports of proceedings in public “before a court anywhere in the world”.
In NT1 at [84], Warby J suggested that coherence between the law of data protection and defamation could be maintained because the repetition rule was ameliorated in the data context by the “apparently relevant” para 7 of Sch 1 to the DPA 1998.
However, that provision has no direct equivalent in the UK GDPR or the DPA 2018. Further, statutory reporting privilege under the Defamation Act 1996 does not apply directly as a defence to data protection claims.
Coherence in the law can, and indeed must, nonetheless be maintained by application of the flexible approach to meaning identified by Warby J in NT1.
In cases where reporting privilege might arise, the law should reflect the underlying policy of that defence by taking a more literal approach to meaning in the context of data protection claims and disapplying the repetition rule.
It was not entirely clear to me how these submissions, if correct, would fall to be applied on the trial of the First Issue, as Ms Evans’s Skeleton Argument stated: “This is not to say, and the Defendant does not submit, that the Court needs to determine at this trial of preliminary issues on data meaning whether the Articles in fact consist of court reports”. Ms Evans was right to accept that this factual issue could not be determined at this stage. At the same time, the submissions advanced by her are only of relevance in this case if and to the extent that the Articles do, in fact, consist of reports of court proceedings. This raised the spectre that, on her case, the First Issue could not be determined as a preliminary issue. (On Mr Tomlinson’s case, it could still be tried, because, according to him, the repetition rule applies whether or not reports of court proceedings are involved.)
Apart from pointing out this difficulty, and suggesting that, as the Court could not hold that there was in fact any reporting of court proceedings, it should determine the First Issue on the basis that there was no such reporting, Mr Tomlinson’s main submission in reply was that the position was not so stark as Ms Evans was suggesting, because there were other protections available within the data protection regime which mitigated the unavailability of a discrete protection for the accurate reporting of court proceedings.
As to the first point, as part of their case on inaccuracy the Claimants’ own case pleaded in the APOC refers to “legal proceedings brought by Xie Zhikun in the Grand Court of the Cayman Islands (Cause No FSD 25 of 2017)” and contends that “those proceedings were discontinued on 27 November 2020”. It therefore seems to me that it is not open to Mr Tomlinson to suggest that there were no proceedings for the Articles to report on. Nevertheless, I accept that it is still open to the Claimants to say that it cannot be assumed for the purposes of the present trial that any report on proceedings contained in the Articles is “fair and accurate”. Such points illustrate why preliminary issues “are too often treacherous short cuts” (Tilling v Whiteman [1980] AC 1, Lord Scarman at p25).
As to the second major point that he made in reply, Mr Tomlinson highlighted, in particular (i) the exemptions from the UK GDPR contained in para 26 of Sch 2 to the DPA 2018 in respect of (among others) “journalistic purposes” and (ii) the fact that, as observed by Warby J in NT1 at [85] and [86] “It is noteworthy that the remedial provisions of the DP Directive and the DPA afford the court a discretion, and considerable latitude” and “It is clear from these provisions that even where data are found to be inaccurate the court has a toolbox of discretionary remedies that can be applied according to the circumstances of the individual case”. In substance, these submissions amount to saying that while there may not be protection in data claims from liability for accurate court reporting (on the basis that the repetition rule applies, such that accuracy has to be tested by the reference to the truth or falsity of the reported allegations), protection is available, in appropriate cases, through other mechanisms.
As part of their submissions, both sides referred to the decision of Johnson J in AB v Chief Constable of British Transport Police [2022] EWHC 2749 (KB) (“AB”). That case concerned an appeal from a Circuit Judge, and (see [5]): “One of the issues raised by the appeal concerns the approach that a judge should take when deciding if police crime reports are accurate within the meaning of data protection legislation. Must the reports accurately describe what in fact occurred in the underlying incident; or should they instead accurately reflect the information provided to the police about the incident?”
Johnson J directed himself as follows at [30]:
“In order to decide whether personal data are accurate, so as to comply with DPP4, it is necessary first to decide what the personal data mean: NT1 v Google LLC [2018] EWHC 799 (QB); [2019] QB 344 per Warby J at [80]-[83]. When assessing meaning, it is necessary to interpret the words in context: NT1 at [83]. Once the meaning has been established, it is then necessary to establish the facts so as to decide whether that meaning is ‘incorrect or misleading as to any matter of fact’.”
When considering the issue of the meaning of the police occurrence summary reports (“OSRs”), Johnson J said at [70]: “The nature, context, and purpose of the OSRs are critical when deciding what they mean. That is because the same or similar words may mean different things depending on the context in which they are recorded.” He gave a number examples to illustrate this point, including the following:
“The record of antecedents that is produced to a criminal court discloses the previous convictions of the data subject. The data is accurate if it accurately records those convictions. If it erroneously records a conviction then the data is inaccurate, even if the data subject committed the offence. If it correctly records a conviction then the data is accurate, even if it can be shown that the data subject did not commit the offence.”
When giving this example, it seems to me that Johnson J took a literal approach towards the data in question. No doubt a Crown Court judge might understand a record of antecedents in the manner described. However, if such a record was repeated in a newspaper, it might be open to serious debate whether the hypothetical reasonable reader would do so. Yet there is no suggestion that this might affect the meaning of the data.
At [73], Johnson J said:
“The judge said that to the "ordinary reader" of an OSR, the "Modus Operandi" constitutes a description of what the data subject actually did. I agree that a member of the public, with no knowledge of the purpose of an OSR, or how it comes to be created, might well understand the MO to identify what the data subject actually did. But there was no evidence that the OSRs were published or otherwise communicated to members of the public. If they are kept in accordance with the appellant's policy, and guidance from the College of Policing, then they are only available to those with a proper policing purpose to access them. The "ordinary reader" of an OSR can be taken to be a person with an understanding of how OSRs come to be created and their underlying purpose. The reader knows that they are not a database of convictions or findings, that they simply record the information that has been provided to the police and the actions that the police have taken, and that the underlying allegation may or may not be true.”
Mr Tomlinson submitted that this decision reflected an application by Johnson J of conventional meaning principles derived from the law of defamation, in particular principle (xi) in Koutsogiannis that “The hypothetical reader is taken to be representative of those who would read the publication in question”. Ms Evans submitted that it reflected the adoption of a more literal approach to the issue of accuracy than application of the repetition rule would dictate, in order to accommodate the importance of reporting in a context where it was important that the relevant information should be disseminated.
I am not persuaded that either of these submissions is correct, because I am not persuaded that Johnson J applied defamation principles, let alone that he had regard to the repetition rule and any need to ameliorate the consequences of that rule in the context of OSRs. The direction that he gave himself at [30] seems to me not to depend on such principles. If that is right, I consider that Johnson J was correct to adopt the approach that he did. I do not consider that Warby J in NT1 was seeking to lay down principles of general application when determining the accuracy of data (for example, in health records or financial records). I consider that this is apparent from Warby J’s reference at [79] to “a context such as the present where the claimant sues in respect of media publications”.
DISCUSSION OF THE FIRST ISSUE
I confess to being troubled by the course that these proceedings have taken. I am concerned that either this reflects a departure from what was envisaged by the judgment of Warby J in NT1, or that, if it does not, that judgment may require further consideration.
It seems to me that “data” centrally concerns matters of fact, whereas “meaning” is centrally concerned with the message conveyed by the material in question. In many data cases, there will be no need to look beyond the immediate statement(s) of fact to ascertain what personal data are involved. In other cases, it will be necessary to do so. For example, if a publication states “Everyone who lives at X address is a crook” and, quite separately, “Y lives at X address”, it may not be difficult to conclude that the latter statement contains two items of personal information: (i) that Y lives at X address and (ii) that Y is a crook. The process by which that conclusion is reached involves giving a meaning to the second statement, and in carrying out the process of interpretation it may be appropriate to apply the test of what the second statement would mean to a hypothetical reasonable reader. It seems to me that this is probably what Warby J had in mind.
However, if this approach is applied indiscriminately it may lead to unsatisfactory results. For example, if a publication states that X has been sued for fraud in civil proceedings, and X complains that this is personal data that is inaccurate because it bears the meaning that there were “reasonable grounds to suspect” X of fraud, then, on the face of it, that complaint of inaccuracy may involve enquiring whether there were, in fact, reasonable grounds to suspect X of fraud. However, whether or not that is right does not depend on whether X has, in fact, been sued for fraud in civil proceedings: there may be reasonable grounds to suspect X of fraud even if he has not been sued in civil proceedings at all. A claim based on a gloss on the factual statement that has been made concerning X may therefore lead to a separate enquiry to whether that statement is, in fact, accurate.
Another potential difficulty arises because of differences between defamation law and data protection law. In defamation cases, whether a defence of truth or substantial truth concerning a publication which alleges “reasonable grounds for suspicion” can be made out depends on whether there were reasonable grounds for suspicion at the time of publication. Therefore, what matters is the factual matrix at the time of publication. In data protection cases, however, a claim for inaccuracy may be made on the basis that personal data are inaccurate at the time of the processing complained of, including because they have become misleading or out of date, regardless of whether they were accurate at the time of original publication. In that event, what matters is the factual matrix at the time when relief is sought. Accordingly, if a data claim is based on a defamation-style meaning of “reasonable grounds for suspicion” that would seem to give rise to the prospect of shifting sands, depending on what grounds exist as time goes on.
Such consequences are far removed from simpler questions such as (i) was it accurate in the first place to say that X had been sued for fraud and (ii) has that statement of fact become inaccurate or misleading or not been kept up to date by reason of later events? If the proper pleading of data protection claims results in such complications, then that has to be accepted; but it seems to me desirable to avoid that result as far as possible.
The starting point for the defamation approach to meaning is the “single meaning rule”. In Stocker v Stocker [2020] AC 593 at [34], Lord Kerr, speaking for the Supreme Court, said: “… it is clear that the single meaning approach is well entrenched in the law of defamation … whatever else may be said of it, it provides a practical, workable solution.”
Nevertheless, the rule has its detractors. In Ajinomoto Sweeteners Europe SAS v ASDA Stores Ltd [2011] QB 497, the Court of Appeal declined to transpose the rule into the law of malicious falsehood. Sedley LJ said at [32] that “With the help of counsel’s scholarship we have seen how a pragmatic practice became elevated into a rule of law and has remained in place without any enduring rationale”. He continued at [33]:
“But where it is capable of being applied, as it is in the present claim, the rule is productive of injustice. On the judge’s unchallenged findings, the meanings which reasonable consumers might put on Asda’s health-food packaging include both the damaging and the innocuous. Why should the law not move on to proof of malice in relation to the damaging meaning and (if malice is proved) the consequential damage without artificially pruning the facts so as to presume the very thing – a single meaning - that the judge has found not to be the case?”
Rimer LJ said at [43]:
“If the single meaning rule does achieve a fair balance in defamation law between the parties’ competing interests, that would appear to be the result of luck rather than judgment; and how the measure of such claimed fairness might be assessed may anyway be questionable. The application of the rule can also be said to carry with it the potential for swinging the balance unfairly against one party or the other, resulting in no compensation in cases when fairness might suggest that some should be due, or in over-compensation in others. No doubt it would keep the common law tidy if the single meaning rule were also applied in malicious falsehood claims, particularly because there will be cases in which a claim might be brought either in defamation or malicious falsehood. The common law has, however, never worried about tidiness. It has always been more concerned with meeting the justice of the particular case and developing itself accordingly.”
If, as seems plain from this decision, the refusal to extend the single meaning rule to claims for malicious falsehood is not regarded as giving rise to incoherence, I consider that at lowest it is not self-evident that refusing to extend it to data claims would do so.
There is also another and perhaps more tangential aspect to the issue of coherence, namely that, stated in the broadest terms, one of the central missions of the GDPR is to provide equivalent protection to data subjects throughout the EU. As the GDPR left it to Member States how to bring about implementation, including how to “reconcile the right to protection of personal data … with the right to freedom of expression and implementation”, there are always likely to have been differences between the implementation regimes in different Member States. Moreover, following the withdrawal of the UK from the EU, the courts have greater freedom to develop UK data protection law in ways that may depart from EU jurisprudence on the GDPR. Nevertheless, if substantial differences were to arise in the protection afforded to data subjects, that might raise difficulties as to whether the transmission of data to the UK is compatible with the GDPR, such that it should be permitted by the EU; and in any event it is perhaps at least worthy of consideration whether the transposition of the unique features of the English law of defamation into the data field is desirable in this context.
In my view, there is another, more important, point concerning data claims, of which the present case is an example, namely that they involve not only considerations of accuracy but also considerations of fairness. Further, for the reasons explained by the Court of Appeal in Ajinomoto, application of the single meaning rule may give rise to unfairness.
If the single meaning rule is applied for purposes of (i) identifying personal data and/or (ii) interpreting the ambit of that data, a question arises as to how that interrelates with the issue of fairness. In Slim v Daily Telegraph [1968] 2 QB 157, at 187 Salmon LJ cited a case in which “It was there held that the words complained of were incapable of meaning to ordinary men that the bank was in financial difficulties, yet they caused a run on the bank, whose customers, presumably, were ordinary men”. No doubt, that is an extreme example. However, what if the Court determines for the purposes of the claim of inaccuracy that the natural and ordinary meaning of the data is innocuous, but readers, or some readers, of the data in fact react to it in a manner that is very adverse to the data subject? Does that have the effect that when addressing the claim of unfair processing, the Court is tied to the natural and ordinary meaning that it has found in respect of the inaccuracy claim? If so, it seems to me that might produce an unduly fettered approach to the issue of fairness. Or does it have the effect that when addressing the issue of fairness, the Court is not precluded from having regard to the reality of the matter? If so, that would seem to me to be consonant with achieving the correct approach on the issue of fairness, but how comfortably would that sit beside the conclusion on inaccuracy?
A related issue arises with regard to the adoption of a test that centres around the “hypothetical reasonable reader”. In the law of defamation, the characteristics of such a person are determined at the time of publication. It seems to me that in the case of archive material dating back to 2017 and 2018 of the type with which the present case is concerned, in the real world the readers of that material may well have quite different characteristics from the broad swathe of readers to whom the Articles were originally published. The evidence before HHJ Richard Parkes KC (see [113]) of his judgment) was that page views of the First Article in the UK were only 63 in 2022 and 41 in 2023, and of the Second Article 44 in 2022 and 34 in 2023. At the same time, the evidence of the Claimants was that this degree of page viewing was causing them major problems.
If – which is obviously not a matter that is before me on the trial of the First Issue – that evidence transpires to be correct, it seems to me that it may well be that the persons, or many of the persons, who are viewing this data are doing so as part of targeted searches concerning the persons mentioned in the Articles, including the Claimants. As a matter of common sense, such readers, or many such readers, may differ from the broad swathe of readers of the original publications: they will be, or will include, persons who are contemplating doing investment management business with the Claimants, and may, among other things, be more sophisticated in their appraisal of the contents of the Articles than the general readership. Further and in any event, if it is right to suppose that they are seeking out the Articles for a specific purpose, they will, or may, read the Articles more closely and analytically than the typical reader of the initial publication.
In such circumstances, it is at lowest not obvious why adoption of the “hypothetical reasonable reader” test, taken from the law of defamation, is appropriate in a data case. At root, the concern is that rules developed in order to render manageable the trial of claims for damage to reputation, particularly in the era of trials involving both judge and jury, are not best adapted to the correct resolution of factual issues in data claims.
This was not a point that either side made with regard to the judgment of Johnson J in AB, but it seems to me consistent with the approach that was adopted in that case. Johnson J accepted that the general public might read the OSRs in the way found by the Circuit Judge. However, the OSRs were not published to the general public, but instead to a limited class of persons “with an understanding of how OSRs come to be created and their underlying purpose”, who would accordingly read them differently. It is true that because those persons were the only people to whom the OSRs were published at any time this approach can be said to accord with the “hypothetical reasonable reader” principle. However, if, in fact, the relevant (i.e. current) readership of publications such as the Articles have a particular level of understanding which differs from original publishees, it seems to me hard to justify, and to have the potential to lead to wrong conclusions on issues of accuracy and fairness, to simply shut that out of consideration.
Standing back from all these points, I am of the opinion that many of the issues canvassed before me might be better addressed when considering whether data are processed “fairly”. Fairness is a broad and flexible concept, and it is possible to take account of all the circumstances when determining it. To my mind, (i) the availability of redress under this heading and (ii) the consideration that the definition of “inaccuracy” extends to data that is “misleading” renders, or may render, sterile many of the issues that may arise concerning the “meaning” of data, and whether it suffices for the purposes of “accuracy” that the data are literally accurate or whether for those purposes the data require to be accurate in some other sense (such as flows from the application of the “repetition rule”).
Finally, I would make two comments on the decided cases to which I have been referred. First, nothing said above is intended to cast any doubt on whether they were decided correctly. Second, in my view none of the cases following NT1 involved applying the full panoply of defamation principles discussed by Warby J in that case: (i) The material part of Warby J’s decision in Aven seems to me have turned, and certainly to have been justified by, a straightforward reading of three consecutive sentences, which taken together had the effect that “The mention of Alfa at the end of the third sentence would be read as synonymous with the claimants”; (ii) As set out above, I consider that Collins Rice J in Shah did not set herself the task of deciding, and did not overtly decide, the “natural and ordinary meaning” of the data in that case applying principles developed in the law of defamation; and (iii) In AB, the principles which Johnson J derived from NT1 were (a) when assessing meaning, it is necessary to interpret the words in context, and (b) once the meaning has been established, it is then necessary to establish the facts so as to decide whether that meaning is ‘incorrect or misleading as to any matter of fact’, both of which seem to me plainly right but not to depend on defamation law principles.
I have felt it necessary to consider the above points because: (i) the First Issue is formulated as it is; (ii) as far as I am aware, no such issue has ever been tried before; and (iii) this is the first time the Court has been asked to try a preliminary issue of meaning in a data claim alone, let alone one which involves a debate about the repetition rule.
In light of the above discussion, and having regard to the parties’ submissions, the approach that I propose to adopt towards determination of the First Issue is as follows:
I will determine the single meaning of the data in issue, by considering the Articles as a whole, and interpreting each element of them by reference to the meaning that the hypothetical reasonable reader would take from it, read in its full context.
In carrying out that exercise, I will apply the principles for determining the natural and ordinary meaning of words distilled by Nicklin J in Koutsogiannis.
I will also adopt the approach approved by the Court of Appeal in Tinkler v Ferguson.
I will apply the repetition rule.
Specifically, I will not disapply the repetition rule to any element which purports to be a report of court proceedings, because I am not persuaded that such a disapplication accords with the judgment of Warby J in NT1 or is warranted by the arguments advanced by Ms Evans. In particular, on the premise that the repetition rule applies to publications for the purposes of data protection law, I do not consider that the provisions of para 7 of Sch 1 to the DPA 1998, to which Warby J referred in NT1 at [84], disapplied the repetition rule in that context with regard to the reporting of court proceedings (not least because those provisions contained the requirement that “if the data subject has notified the data controller of the data subject’s view that the data are inaccurate, the data indicate that fact”). However, even if they did, if they have not been replicated in subsequent legislation, there is, it seems to me, no sound legal basis on which it can be said that the Court should create the same or similar protection to make up for that which Parliament has apparently chosen to remove.
In applying the approach described above, I will have regard to the guidance provided (i) by Collins Rice J in Shah at [61]: “The aim is to describe faithfully the information held. The two legal regimes are distinct but unjustifiable incoherence should be avoided. A less impressionistic and more full and literal, or granular, description of personal data may be justified where the regulatory regime of data protection is concerned, since it has to deal with more issues than public reputation or an impression created by a single viewing”, and (ii) by Nicklin J in Brown at [32]: “When the authorities speak of rejecting submissions that words repeating the allegations of others bear a lower meaning than the original publication that is a rejection of the premise that the statement is less defamatory (or not defamatory at all) simply because it is a report of what someone else has said. That kind of reasoning is what the repetition rule prohibits when applied to meaning. The meaning to be attached to the repetition of the allegation has still to be judged, applying the rules of interpretation I have set out above, looking at the publication as a whole.”
DETERMINATION OF THE FIRST ISSUE
In my judgment, the meaning of the personal data contained within the First Article of which the Claimants are data subjects and about which they make complaint is as set out in the words underlined below (with the further words providing immediate context, and the words in italics comprising personal data about which no complaint is made):
[1] Xie Zhikun claims that he invested $940m in XIO Group in 2014, whereas XIO contends that he has never made any investment at all.
[2] The XIO Chief Executive, Joseph Pacini, has said in an email that “Xie Zhikun is not an investor with XIO and never has been”, has denied Xie Zhikun’s allegations, and has said that other investors, not Xie Zhikun, provided $3.2 billion to the firm in 2014.
[3] Xie Zhikun has commenced a civil claim in the Cayman Islands alleging that XIO executives have conspired to defraud him out of his investment, and that Joseph Pacini (and XIO Chairwoman Athene Li) received secret profits out of the alleged fraud.
[4] In the summer of 2015, during a visit by Xie Zhikun to Europe and Israel on which he was chaperoned by XIO, Carsten Geyer sent an email to arrange a meeting with a banker in which Xie Zhikun was described as “Chairman of XIO Fund Advisory Board”.
In my judgment, the meaning of the personal data contained within the Second Article of which the Claimants are data subjects and about which they make complaint is as set out in the words underlined below (with the further words providing immediate context, and the words in italics comprising personal data about which no complaint is made):
[1] The source of funding of XIO Group is unclear, and in particular there is a dispute between Xie Zhikun and XIO as to (i) whether (as he contends) he provided almost $1bn to XIO, and this was used to fund XIO’s acquisition of JD Power, or (ii) whether (as XIO contends) he did not and he has no affiliation with XIO.
[2] In the context of the JD Power acquisition, XIO Chief Executive Joseph Pacini enlisted Thomas Borer to satisfy S&P Global, the parent company of JD Power, as to whether XIO was a credible bidder for JD Power, and XIO and S&P Global claim respectively that (i) all interested parties were provided with full details of the ownership and funding of XIO and (ii) S&P Global carried out appropriate due diligence.
[3] According to XIO, only its four founding partners know who its investors are, and although a Moody’s credit officer was told by XIO staff that its investors were Chinese, Carsten Geyer, a partner in XIO, told a Deloitte accountant that the investors in the XIO fund are not primarily Chinese.
[4] After the acquisition, Xie Zhikun commenced a civil claim in the Cayman Islands, claiming that Joseph Pacini (and XIO Chairwoman Athene Li) agreed to take his money and received secret profits in an alleged fraud.
As is usual on the trial of a preliminary issue concerning meaning, the parties made both written and oral submissions on this topic. Such submissions cannot alter the view that the judge has already taken, adopting the approach endorsed in Tinkler v Ferguson. Nor should they trespass into the realm of “over-elaborate analysis”, as that is to be avoided in accordance with the principles distilled in Koutsogiannis. Their purpose would seem to be to afford the judge the opportunity to reconsider whether the judge’s initial reading of the publication in question does, on reflection, faithfully accord with those principles.
Mr Tomlinson’s overarching submissions with regard to each Article are that (i) it contains a “coherent narrative” and should be read adopting a “holistic” rather than an “atomised” approach and (ii) it is not “neutral” and instead contains information about suspected wrongdoing.
Mr Tomlinson’s principal further submissions on the First Article were as follows:
Mr Pacini
This Article identifies Mr Pacini as the “XiO chief executive” [9] and it is said that he and another named XiO executive was “entrusted” to “handle” Mr Xie’s “investments in XiO and Dorsey Ventures Limited” [19]. It is said that Mr Xie made a “very significant investment” (which is said to have been $940 million) [11].
The Article goes on to state that Mr Xie alleges that money he invested has disappeared without explanation [11]. The Defendant states that “XiO executives” (Mr Pacini and another executive are named) are accused by Mr Xie in legal/court filings/papers of “a conspiracy to defraud him out of his cash,” which is revealed in the same paragraph to be “nearly $1 billion” [4]. The Article goes on to state that Mr Pacini is accused of “receiving secret profits from the alleged fraud” [12].
The Article repeats extremely serious allegations of a large-scale fraud made by Mr Xie against Mr Pacini and it sets out facts relied on in making those allegations. That these allegations are said to have been made in legal or court papers (and in letters reviewed by the Defendant [11]) reinforces the impression that there must be substance in the grounds raised by Mr Xie.
The only conceivable “antidote” contained in the Article is (a) the inclusion of a bare denial from Mr Pacini in respect of Mr Xie’s allegations together with a quote from Mr Pacini to the effect that Mr Xie was not an investor [9], and (b) an assertion that XiO has denied Mr Xie’s allegations and stated that it never had Mr Xie’s money [5]. It is notable that the Article does not report that Mr Xie’s claim was discontinued in 2020. Given the gravity of the allegations and detail in which they are covered, the Article wholly fails to neutralise the bane.
Accordingly, with regard to Mr Pacini, this is a straightforward Chase Level 2 case.
Mr Geyer
The Article tells readers that XiO was founded by Ms Li, Mr Pacini and “two other partners” [16]. It subsequently describes Mr Geyer as a “XiO co-founder” [23] and it is clear that he is one of the “partners” referred to.
The Article states that “XiO executives” are accused by Mr Xie of “a conspiracy to defraud him out of his cash”, which is revealed in the same paragraph to be “nearly $1 billion” [4]. The reader would understand that, as a co-founder, Mr Geyer is a XiO executive and was, therefore, party to the alleged conspiracy to defraud.
The position is made clear by the last paragraph which states that Mr Geyer sent an email to arrange a meeting with Mr Xie in the context of his visit to the UK, describing him as the Chairman of the XiO Fund Advisory Board [23]. This confirms Mr Xie’s claims about his importance to XiO and suggests that XiO’s denials of his involvement are untrue.
In short, the Article also bears a Chase Level 2 meaning in relation to Mr Geyer.
Ms Evans’ overarching submissions with regard to the First Article are that (i) it is a neutral report of legal proceedings brought by Xie Zhikun against the XIO Group, and (ii) it is aptly summarised by the standfirst (i.e. [1]): “Chinese investor says he backed XIO Group big-time; it says he didn’t, and now he has filed suit”. Ms Evans’ overarching submissions with regard to the Second Article are that (i) it is a report of XIO’s acquisition of JD Power and of concerns raised at the time about a perceived lack of transparency over who really owned XIO, and (ii) it is an Article about the business, and its activities, in which the actions of individual executives or employees are not the focus.
Ms Evans’ principal further submissions on the First Article were as follows:
Mr Pacini
Claim and counterclaim are identified early on: Mr Xie’s in [4] and XIO’s in [5]. The claim is one set out “[i]n Court papers filed in the Cayman Islands” in which “Mr Xie is accusing XIO executives of a conspiracy to defraud him out of his cash”.
The reader is immediately told that XIO denies this and would understand this to be a report of contested legal proceedings.
Mr Pacini’s name appears just eight times in the Article. Four of these mentions are in the context of uncontested biographical details in [16]-[18]. He is also referred to in the pull quote, and in [9], in which he is recorded as saying that Xie Zhikun is not and never has been an investor with XIO. This information is “describe[d] faithfully” in the final part of the Defendant’s meaning (the task of the Court per Shah at [61]).
Otherwise, the only reference to Mr Pacini is in [12] which reports that Mr Xie had sued in a Cayman Islands Court accusing “Athene Li and CEO Mr Pacini of receiving “secret profits” from the alleged fraud” and [19] which reports some further detail of his claim. The ordinary reasonable reader would understand this to be a report of the same accusation made in “court papers” summarised higher up in [4].
The meaning of that data, in context, is that Mr Pacini is one of the executives (with Ms Li) who had been accused by Mr Xie, in contested legal proceedings in the Cayman Islands, of receiving “secret profits” in an alleged conspiracy to defraud, an allegation denied by Mr Pacini, who said that Mr Xie is not and has never been an investor in XIO.
Even if the Defendant were wrong in that primary submission, and the “repetition rule” applies, Mr Pacini’s meaning is plainly not a reasonable one. Read in context, the Article does not impute “reasonable grounds” for suspicion, as is obvious from the headline and also the standfirst (i.e. [1]).
It does no more, in reporting the proceedings, than set out the claims by Mr Xie and XIO’s denials of them. Ordinary reasonable readers of the WSJ in this jurisdiction would understand that civil claims may be brought without merit and that the merits would be determined by the court. XIO’s denial is not diluted but given equal prominence and the Article leaves entirely open the possibility that the denial is accurate.
At most, the Article’s repetition of Mr Xie’s allegation would be understood – in respect of Mr Pacini - at Chase Level 3, i.e. raising questions to be answered.
Mr Geyer
That allegation is plainly not one levelled – in any event – at Mr Geyer. He is referred to only briefly in [23] about an email which he sent to arrange a meeting with a banker.
The Article explains at [4] that the defrauding allegation in the “court papers” is an allegation levelled at “executives”. They are clearly identified in [12]. Mr Geyer is not one of them and no reasonable reading of the Article permits that inference. The leap which Mr Geyer’s meaning invites could only reflect unreasonable speculation by a reader avid for scandal. It is clear that the defrauding allegation does not contain Mr Geyer’s personal data.
Having carefully reflected on these submissions, they do not cause me to change my initial view concerning the meaning of the personal data contained within the First Article of which the Claimants are data subjects and about which they make complaint, for the following principal reasons:
I consider that the headline raises a question which the First Article does not profess to answer; and identifies a mystery that the First Article does not claim to resolve. This is reinforced by the text of [1], which simply summarises both sides of the issue.
It is often contended that the thrust of a publication is to set out details of allegations which are not counter-balanced by the inclusion a bare denial, and that such a denial may even suggest that there is, in truth, no answer to the allegations. However, I do not consider that this is how the hypothetical reasonable reader would understand the First Article. In particular: (i) the denials contained in the First Article are not bare denials, but instead contain a measure of detail; (ii) they are set out repeatedly; and (iii) I consider that the hypothetical reasonable reader – who Ms Evans suggested would be “reasonably sophisticated”, and who Mr Tomlinson suggested would have “a level of financial knowledge” – would not only (a) take on board the stark nature of the main issue identified in the First Article (i.e. whether Xie Zhikun had invested in XIO at all), and that no likely answer is suggested to this, but also (b) appreciate that there were limits to what XIO Group and its personnel could say in rebuttal of Xie Zhikun’s claims without breaching client, and its own financial, confidentiality.
I consider that the hypothetical reasonable reader would understand that the allegations of conspiracy to defraud made “in court papers” against “XIO executives” (see [4]) are the same allegations are as more fully explained in [12] and [19], both of which refer to Ms Li and Mr Pacini alone. I also consider that such a reader would understand that the allegations actually said to have been made in the court proceedings are of “receiving “secret profits” from the alleged fraud” (see [12]).
Accordingly, I consider that such a reader would understand these to be allegations (i) made against Ms Li and Mr Pacini alone and (ii) not of some wider fraudulent conduct by those individuals, but instead of those individuals personally receiving “secret profits”. A reader who did not take on board that the accusations said to be made in the “court papers” are limited in this way would be “avid for scandal”.
I also consider that, even applying the repetition rule, but considering the Article as a whole, the meaning to be attached to [4], [12] and [19], in context, is “this is what Xie Zhikun is alleging in his Cayman Islands civil claim” and nothing more.
I consider that the hypothetical reasonable reader would understand very clearly that Mr Geyer is not one of the “XIO executives” referred to in [4] of the Article. Mr Tomlinson suggested that the fact that Mr Geyer was mentioned in [23], the final paragraph of the Article, demonstrated the importance that the publisher attached, and that the reader would attach, to his involvement. I consider that the reverse is correct: in my view, the hypothetical reasonable reader would regard this mention of Mr Geyer as a makeweight point, added at the end for that reason. I also consider that such a reader would (i) regard it as extraordinary for there to be any “mystery” as described in the Article if Xie Zhikun had not had any involvement with XIO at all; (ii) understand that the role of “Chairman of the XiO Fund Advisory Board” does not imply that the individual concerned is an investor in XIO, and (iii) not understand this description of Xie Zhikun as undermining XIO’s denials set out in the Article.
Mr Tomlinson’s further submissions on the Second Article were as follows:
Both Claimants
This Article identifies Mr Pacini as the Chief Executive of XiO and as being involved in XiO’s bid to acquire JD Power from S&P Global, including through contacting financial firms to invest in JD Power [23] and [42]. Mr Geyer is named as a partner at XiO and the Article makes clear that he was aware of the identity of XiO’s investors [39]. On this basis, a reader would understand that the information in the Article relates to conduct of each of the Claimants.
The Article makes it clear that the company that sold JD Power to XiO, S&P Global, did not consider that it received proper information from XiO about (a) who owned XiO and (b) the source of the funds it used to purchase JD Power [2]-[3]. It is stated that “S&P Global’s Mr Gibson asked XiO for its ownership and funding details as the seller prepared to seek U.S. government approval for the deal…” but did not receive from XiO’s legal advisers “the missing financials and ownership pieces” [25]-[26].
A reader would plainly understand that this was improper and that executives and partners were not conducting themselves in a transparent manner. That impression is reinforced by repeated references to XiO’s lack of transparency (including in respect of its investors) towards its own employees (including its general counsel) and advisers [5], [32], [46].
The Article repeats an assertion from a banker who advised XiO on the acquisition of JD Power that he had been told (after the acquisition) by Carol Xie, the daughter of Mr Xie, that her father’s investment group had bought JD Power. This is stated to have been a “shock” to the banker and “a notion the banker hadn’t heard before” [46]. A reader would understand this to mean that senior figures at XiO had concealed the involvement of Mr Xie in the investment in JD Power even from its own advisors and, therefore, notwithstanding the acquisition having been approved, it is likely that they concealed that information from the vendor and/or US authorities.
Only limited antidote is provided. It is said that a XiO spokesman said that “XiO provided full details of its investors to everyone involved in the U.S. regulatory approval process for J.D. Power” [6]. XiO’s claim that relevant parties “were provided full details of XiO Group’s diversified institutional investor base” [30], immediately follows XiO’s unexplained (and therefore suspicious) refusal to comment on the correspondence.
The allegations are serious and are apparently corroborated by third parties. A reader would understand that there are reasonable grounds to suspect that the senior figures at XiO involved in the acquisition of JD Power deliberately failed to provide proper disclosure of the true identity of investors in JD Power to the vendor and the US authorities and had concealed the fact that XiO was an investment vehicle for Mr Xie.
Mr Geyer
The Article makes it clear that XiO’s investors are Chinese. This apparent from at least the following: (i) The headline: “How J.D. Power Was Acquired by a Chinese Company Shrouded in Mystery.” (ii) The fact that XiO’s staff told a Moody’s Investors credit officer that XiO’s investors were Chinese [38]. (iii) The reference to Mr Xie’s group having bought JD Power which is not criticised or questioned [46]. (iv) The Article being replete with references to mysterious, secret or hidden Chinese investment.
In this context, Mr Geyer’s statement to a Deloitte accountant that “The investors into the XiO fund are not primarily Chinese” [39] would be understood by a reasonable reader to be a straight falsehood.
Ms Evans’ further submissions on the Second Article were as follows:
Mr Pacini features as part of the narrative of the JD Power deal in [22]-[23] and [41]. His role, as reported, was in enlisting a well-connected former diplomat who was available to vouch for XIO as a credible bidder [23], and in seeking investment from a British pension fund [41].
This is reflected in the Defendant’s meaning 2(a)(i) and (ii).
Meaning 2(a)(iii) derives from [50], which is a short report of the Cayman Island proceedings in substantially the same terms as the First Article (as to which the Defendant’s submissions on the First Article apply). Notably, Mr Pacini does not contend that the allegation in this context imputes fraud.
There is no other reference in the Article to Mr Pacini, other than the uncontentious biographical detail in [42].
Mr Geyer appears only once in the Article, at [39], as part of a self-contained account of what may have been contrasting statements by XIO employees, on separate occasions, as to the nationality of XIO’s investors.
The Article does not allege that either account was wrong, saying only that “staff appeared on one occasion to give differing accounts of who funds its deals”.
There is no suggestion whatsoever that Mr Geyer’s account was “false”, and it would be apparent to the ordinary reasonable reader that the two responses may not have been contradictory at all (given the reference to “resident Chinese”). Mr Geyer’s meaning is unreasonable, and the data are accurately described in the Defendant’s meaning 2(b).
The Claimants’ overarching meaning in APOC [13] is similarly strained. It suffers from the fundamental problem that the imputation reached for (if even arguable) is in reality one aimed at the company and not these individual Claimants. To the extent the Article says anything about failures of transparency, those are failures attributed to XIO. These Claimants are not referred to in those parts of the Article which deal with disclosure of information to the seller of JD Power, nor to the US authorities.
Again, having carefully reflected on these submissions, they do not cause me to change my initial view concerning the meaning of the personal data contained within the Second Article of which the Claimants are data subjects and about which they make complaint, for the following principal reasons:
I consider that the hypothetical reasonable reader would clearly understand (a) that the “Chinese Company Shrouded in Mystery” referred to in the headline of the Article as having acquired JD Power is the same “Hong Kong’s XIO Group, which acquired the US auto-rating firm in 2016” which is referred to in [1] (i.e. it is XIO, not an investor in XIO), and (b) that the Article is not saying that XIO Group’s investors are Chinese, but instead that the source of XIO’s funding is unclear.
In reading the debate about that issue that is contained in the Article, I consider that such a reader would attach importance to the statement by an XIO spokesman in [36] that “Within XIO, only its four founding partners know who the investors are”, and that it is likely that such a reader would believe the statement of one the partners in XIO, Mr Geyer, at [39] that “The investors in the XIO fund are not primarily Chinese” in preference to apparently “differing accounts” from XIO staff (see [38]). Only a reader “avid for scandal” would read Mr Geyer’s statement as a “falsehood”.
I consider that the hypothetical reasonable reader would understand the discussion about the ownership and funding of XIO to be raising matters of concern about opacity, without suggesting one way or the other who was right in what [47] calls the “warfare” between Xie Zhikun and XIO. In particular, read in the context of the remainder of the Article, and for that matter even read in isolation, I do not consider that such a reader would understand from [46] that the report that a banker who had advised XIO on the acquisition was “shocked” by Xie Zhikun’s daughter putting forward “a notion the banker hadn’t heard before” should be taken to indicate that the banker gave credibility to the claim made by the daughter, let alone that the claim should be given credibility. I consider s/he would think “notion” connotes scepticism.
I consider that such a reader following through the narrative contained in the Article about the ownership and funding issues and concerns arising in relation to the acquisition of JD Power would attach importance to what is reported as being the final position that was reached, not only according to XIO (that “all of the parties … who were part of the US regulatory approval process were provided full details of XIO Group’s diversified institutional investor base” [30]), but also according to S&P Global (“the level of due diligence that we performed … was appropriate” [31]).
For these reasons, I answer the First Issue as set out in [83] and [84] above.
DETERMINATION OF THE SECOND ISSUE
The starting point is Article 10 of the UK GDPR, entitled “Processing of personal data relating to criminal convictions and offences”. This provides as follows:
“(1) Processing of personal data relating to criminal convictions and offences or related security measures based on Article 6(1) shall be carried out only under the control of official authority or when the processing is authorised by domestic law providing for appropriate safeguards for the rights and freedoms of data subjects. Any comprehensive register of criminal convictions shall be kept only under the control of official authority.
(2) In the 2018 Act —
(a) section 10 makes provision about when the requirement in paragraph 1 of this Article for authorisation by domestic law is met;
(b) section 11(2) makes provision about the meaning of “personal data relating to criminal convictions and offences or related security measures”.”
Section 11(2) of the DPA 2018 provides that:
“In Article 10 of the [UK GDPR] and section 10, references to personal data relating to criminal convictions and offences or related security measures include personal data relating to—
(a) the alleged commission of offences by the data subject, or
(b) proceedings for an offence committed or alleged to have been committed by the data subject or the disposal of such proceedings, including sentencing”.
The Explanatory Notes on section 11 of the DPA 2018 state at [104] that: “Subsection (2) contains a non-exhaustive definition of personal data relating to criminal convictions and offences or related security measures.”
THE PARTIES’ SUBMISSIONS
Mr Tomlinson further relied on the following guidance as to the law.
The Guidance provided by the Information Commissioner’s Office (“ICO”) notes that criminal offence data extends to data relating to suspicion or allegations of criminal activity, and explains that “‘Relating to’ [in Article 10 of the UK GDPR] should be interpreted broadly” and therefore Article 10 of the UK GDPR “covers any personal data which is linked to criminal offences…”.
A statement alleging that an individual engaged in misconduct without labelling that conduct as criminal or stating that it amounts to any particular offence may nevertheless be “data as to … the commission or alleged commission by [the individual] of any offence”: see Law Society v Kordowski [2011] EWHC 3185 (QB), Tugendhat J at [29], [83]. (The allegations in that case included: “He colluded [sic] with the police, tampered with the evidence. He received large sums of money from the police… He attempted to put me in prison [sic] for something that I did not do… He was working with the police and tried his utmost [sic] to put me in prision [sic] for large sums of money.”)
In Lord Ashcroft v Attorney General & Anor [2002] EWHC 1122 (QB), Gray J held at [30] “It is in my view at least arguable that the reference in the memorandum to the laundry arrangements of Lord Ashcroft would be understood to be a reference to the criminal offence of money-laundering”.
Guidance as to the correct approach to ascertaining whether personal data are to be regarded as criminal offences data was provided by Warby J in Aven at [41]: “… this issue must be determined by considering only the text of [the document in question], identifying the relevant information conveyed by that text, isolating the conduct imputed to the claimants, and deciding whether ordinary readers would conclude that such conduct was prohibited by the criminal law”. Warby J held in that case at [42] that “the ordinary reader would understand the suggestion to be one of criminal behaviour on the part of the first two claimants” and at [45] that “One would expect an ordinary reader in any civilised country to consider dealing with the proceeds of crime and bribing a public official to be prohibited by the criminal law”.
Applying the law to the facts of this case, Mr Tomlinson submitted that (i) the personal data in the First Article concerns a suspected conspiracy by persons entrusted to handle nearly $1bn of funds provided by an alleged investor to defraud him by taking and failing to account for his money and receiving secret profits derived from that fraud; (ii) this is self-evidently personal data relating to the alleged commission of offences by each of the Claimants; (iii) such allegations are clearly linked to criminal offences; and (iv) an ordinary reasonable reader could not fail to conclude that the conduct imputed to the Claimants was prohibited by the criminal law.
I did not understand Ms Evans to dispute any of Mr Tomlinson’s propositions of law.
With regard to the guidance provided by Warby J in Aven at [41], however, Ms Evans submitted that while, on the one hand, that approach is undoubtedly correct where the document itself makes an allegation of conduct amounting to the commission of an offence, on the other hand, where, as in the present case, the document reports an allegation made by a third party, it is necessary for the Court to assess the nature of the allegation made as part of the “immediate context” of the data, which includes identifying the forum in which the allegation is made. In support of this qualification, Ms Evans relied on Information Commissioner v Colenso-Dunne [2015] UKUT 0471 at [46]: “whether the disputed information is sensitive personal data has to be answered in the light of the immediate context of the information in question”.
So far as concerns the facts of the present case, Ms Evans submitted with regard to Mr Pacini that (i) the First Article plainly does not report an allegation of the commission of criminal offences; (ii) it instead reports an allegation of civil fraud, it being self-evident that the claim being brought in the Cayman Islands is a civil claim; (iii) no specific conduct of his, in respect of the alleged fraud, is identified in the First Article; (iv) in the absence of specifics, no reasonable reader could conclude that the underlying conduct was conduct prohibited by the criminal law; (v) that reader would understand that allegations made in civil proceedings may not amount to the commission of an offence and would draw no conclusions; and (vi) this would be reinforced by the absence of any references in the First Article to criminal proceedings or investigation.
With regard to Mr Geyer, Ms Evans submitted that (i) it is plain that no allegation of conspiracy to defraud (or of obtaining “secret profits”) is levelled against him for the same reasons as apply in respect of the determination of the First Issue and (ii) for those reasons and in any event, no reasonable reader could conclude that the conduct imputed to his was prohibited by the criminal law.
DISCUSSION
So far as concerns Mr Geyer, I have no hesitation in preferring Ms Evans’ submissions.
So far as concerns Mr Pacini, the position is less straightforward. In my judgment, however, the Second Issue should be answered in the negative with regard to Mr Pacini’s personal data as well, for the following principal reasons.
I accept that (i) personal data may be data “relating to” or “linked to” the commission or alleged commission of an offence by the data subject even if the conduct imputed to the data subject is not labelled as criminal or said to constitute any particular offence; and (ii) the correct approach is to (a) identify the conduct imputed to the data subject by considering the text (in the present case, of the First Article) and (b) decide whether ordinary readers would conclude that such conduct was prohibited by the criminal law.
I consider that, consistent with my ruling on the First Issue, the First Article is stating that Xie Zhikun has alleged that Mr Pacini (and Ms Li) have received secret profits out of a conspiracy between XIO executives to defraud him out of his investment.
However, I do not consider that the hypothetical reasonable reader of the First Article would conclude that this imputes to Mr Pacini the conduct of receiving secret profits (or, for that matter, the conduct of participating in a conspiracy to defraud), or, in the language of the legislation, that it comprises personal data “relating to” the “commission” or the “alleged commission” of any criminal offence by Mr Pacini. Read in context, it neither states nor alleges that Mr Pacini has engaged in this conduct, but instead reports that Xie Zhikun has made this allegation, that Mr Pacini has denied that XIO ever received any of Xie Zhikun’s funds, and that the true position is a “mystery”.
Even if, contrary to the above, the true import of the First Article is to make or adopt the allegations that it rehearses concerning Mr Pacini’s conduct, I do not consider that the First Article imputes to him conduct which ordinary readers would conclude is prohibited by the criminal law. First, as set out above, I consider that such readers would consider the allegations made in [4] to be the same allegations as are more fully explained in [12] and [19], and to have been, as against Mr Pacini, of “receiving “secret profits” from the alleged fraud”. Second, I do not consider that such readers would conclude that receiving “secret profits” was prohibited by the criminal law, even leaving aside the international element in the present case, which complicates matters. I consider that such readers would, at highest, be agnostic about this, and that it is likely that their agnosticism would be reinforced in this instance by the fact that the First Article makes no mention of “crime” or “criminal proceedings” but instead clearly refers to civil proceedings alone.
I note that the points identified in the immediately preceding paragraph coincide with the Claimants’ case, because they make no complaint of processing of criminal offence data in relation to the Second Article, even though [50] repeats the allegation concerning civil proceedings in almost identical terms to [19] of the First Article.
If the Claimants’ submissions were right, it seems to me that they would, or might, have very far reaching consequences. If my understanding is correct, a publisher cannot circumvent the “repetition rule” by relying on double hearsay – i.e. by saying not that “X is suing Y for wrongdoing” but instead that “a source has informed us that X is suing Y for wrongdoing”. If that is right, a fair and accurate report of the current proceedings, which have taken place in open court, and which have resulted in the public judgment of HH Judge Richard Parkes KC and the current public judgment, would, insofar as it alluded to Xie Zhikun’s claims set out in the Articles concerning “conspiracy to defraud” and/or of receiving “secret profits”, comprise the processing of “criminal offence data”. This may be subject to protections for the data controller which would nevertheless render such processing permissible without violation of any material data subject rights, but it seems to me a far cry from what Article 10 of the UK GDPR is centrally about.
I answer the Second Issue in the negative.
CONCLUSION
For these reasons, I determine the First Issue as set out in [83] and [84] above, and I determine the Second Issue as set out in [116] above.
I ask Counsel to agree an order which reflects this determination of these Issues. I will deal with submissions on any points which remain in dispute as to the form of the order, and on any other issues such as costs and permission to appeal, either when judgment is handed down, or (if Counsel agree) on the basis of written submissions alone, or else on an adjourned hearing on some other convenient date.