Joseph Pacini & Anor v Dow Jones & Company Inc.

This is the trial of preliminary issues in this data protection claim pursuant to the Order of HHJ Richard Parkes KC (sitting as a Judge of the High Court) dated 12 July 2024. That Order was made following HHJ Richard Parkes KC’s dismissal of the Defendant’s application to strike out the claim for the reasons given in his judgment dated 3 July 2024 ([2024] EWHC 1709 (KB)), from which the substance of the following narrative concerning the background to this trial is gratefully adopted. In essence, the claim is about the right to have personal information erased, or corrected by being brought up to date. It would appear that the current trial is the first in which the Court has been called upon to determine as a preliminary issue the “meaning” of personal data alone (as opposed to together with the trial of the preliminary issue of “meaning” in a claim for defamation), to say nothing of being the first in which the Court is required to address, in the context of such a trial, the “repetition rule” developed in the law of defamation.

The Claimants, Joseph Pacini and Carsten Geyer, are investment bankers. According to the Amended Particulars of Claim (“APOC”), they were formerly senior executives of the XIO group of companies (“XIO Group”), a global alternative investments business with offices in London, Hong Kong and Shanghai. They were two of the four founding partners of XIO Group, and worked in the XIO businesses between 2014 and 2020. Mr Pacini was Chief Executive Officer and Mr Geyer was Head of Europe.

XIO’s European business was based in London, where its UK arm was XIO (UK) LLP (“XIO UK”). XIO UK employed most of XIO’s senior investment executives. XIO Group appears to have been the entity that controlled the other XIO operations, in which Mr Pacini and Mr Geyer also held positions (in XIO HK and XIO UK respectively).

Mr Pacini and Mr Geyer are presently the Co-Managing Partners of SGT Capital LLC (“SGT”), and they each reside in Switzerland.

By a Claim Form issued on 16 March 2023, the Claimants complain of two articles written by Simon Clark and published by the Defendant (“Dow Jones”), which owns and publishes the Wall Street Journal (“WSJ”) worldwide on its website at WSJ.com. One article was published on the website on 16 March 2017 (“the First Article”) and the second on 31 January 2018 (“the Second Article”). Both Articles continue to be accessible online to WSJ.com subscribers.

The Claimants sue in data protection. They allege breach of the General Data Protection Regulation, as maintained by the European Union (Withdrawal) Act 2018 (the UK General Data Protection Regulation, or “UK GDPR”) and of the Data Protection Act (“DPA”) 2018, and claim compensation in accordance with UK GDPR Art 82 and/or DPA 2018 s168, a declaration that the personal data processed are inaccurate, and a compliance order under DPA 2018 s167, requiring erasure of the data and the taking of the steps prescribed by Arts 17(2) and 19 of the UK GDPR.

By application notice dated 22 August 2023, Dow Jones applied for an order striking out the claim pursuant to CPR 3.4(2)(b). Following that, the Claimants made a number of concessions. That resulted in the grounds of the application being narrowed to the contention that the claim is purely tactical and an abuse of process (a) because it is a statute-barred defamation complaint dressed up as a data protection claim, and brought as it is to avoid the rules which apply to defamation claims, and (b) on the basis identified by the Court of Appeal in Jameel v Dow Jones & Company Inc [2005] QB 946.

That application was heard by HHJ Richard Parkes KC on 12 December 2023, and was dismissed for the reasons set out in his detailed judgment referred to above.

The First Article, first published on 16 March 2017, reads as follows (I have added paragraph numbers to assist in the discussion below):

The Second Article, published on 31 January 2018, reads as follows (again, I have added paragraph numbers to assist in the discussion below):

HHJ Richard Parkes KC said (at [16] of his judgment): “The pre-action correspondence repays study”. He discussed that correspondence in detail, as it was relevant to the strike-out application that was before him, not least because it made repeated complaints of defamation. However, it is unnecessary to rehearse it for the purposes of the present trial. It is sufficient to record his observations (at [30]) that: “Notwithstanding the various threats and demands made in this lengthy correspondence, no proceedings were ever issued against Dow Jones by any XIO entity or by SGT. No proceedings at all were issued until the present litigation was commenced by the Claimants in respect of the two Articles in 2023, and even then not in defamation”.

On 1 February 2023 (2½ years since their last letter of 27 July 2020 on behalf of the Claimants and SGT), Withers wrote again on behalf of the Claimants, who were described as former Partners of XIO Group (and as CEO and Head of Europe of XIO respectively). That letter was expressed to be a Pre-Action Letter of Claim written in accordance with the Pre-Action Protocol for Media and Communication Claims. It stated (among other things) that (i) “This is not a privacy and/or defamation claim aimed at attempting to silence criticism but a data protection claim to remove our client’s (sic) inaccurate personal data”, (ii) the Claimants’ personal reputations within private equity were “significantly” damaged by the publication of the Articles, causing substantial losses including a loss of potential business, (iii) this harm was continuing, and (iv) the Articles continued to cause the Claimants “considerable harm and distress”. The complaint was of breach of the UK GDPR, from the continued publication of data in the Articles which was out of date, inaccurate and damaging to the Claimants’ reputations. Dow Jones replied on 13 February 2023 refusing to erase the Claimants’ data.

Proceedings were issued on 16 March 2023, exactly 6 years after the original publication of the First Article, and were served by letter dated 10 July 2023, less than a week before the validity of the Claim Form expired.

The APOC complain of the publication of the Articles, each of which is said to contain personal data of which the Claimants are the data subjects (“the Personal Data”).

The Personal Data are pleaded at paragraphs 11 to 14 of the APOC in terms which HHJ Richard Parkes KC described (at [40] of his judgment) as “strongly reminiscent of the pleading of meaning in a defamation case”. The pleading reads as follows:

“(11)

The First Article contains personal data and Criminal Offences Data of which Mr Pacini is the data subject as follows:

That there were reasonable grounds to suspect that Mr Pacini was party to a conspiracy to defraud Xie Zhikun of nearly $1billion, and had received 'secret profits' as a result.

(12)

The First Article contains personal data and Criminal Offences Data of which Mr Geyer is the data subject as follows:

That there were reasonable grounds to suspect that Mr Geyer was party to a conspiracy to defraud Xie Zhikun of nearly $1billion.

(13)

The Second Article contains personal data of which each of the Claimants is the data subject as follows:

That there were reasonable grounds to suspect that each Claimant had deliberately failed to provide proper disclosure of the true identity of investors in JD Power to the vendor and the US authorities and had concealed the fact that XIO was an investment vehicle for Xie Zhikun;

(14)

The Second Article contains personal data of which Mr Geyer is the data subject as follows:

That Mr Geyer falsely informed a Deloitte accountant that the investors into the XIO entity purchasing JD power were not primarily Chinese.”

At paragraph 16, the APOC pleads that the Personal Data are incorrect or misleading as to matters of fact, in the following respects:

“(1)

The Claimants were not party to any conspiracy to defraud Xie Zhikun and Mr Pacini did not make any “secret profit” from any such conspiracy.

(2)

There were no reasonable grounds to suspect that the Claimants were party to any conspiracy to defraud Xie Zhikun or that Mr Pacini had made any secret profit.

(3)

The allegations of wrongdoing made against the Claimants by Xie Zhikun were made in various legal proceedings – all of which were, by a settlement deed dated 4 August 2020, discontinued. There was no admission or finding of liability for conspiracy to defraud on the part of the Claimants.

(4)

The Claimants had not failed to provide proper disclosure of the true identity of investors in J D Power to the vendor or to the US Authorities.

(5)

The Claimants had made full disclosure to the Committee on Foreign Investment in the United States, including providing a list of all XIO's partners and investors and potential investors.

(6)

XIO was not an investment vehicle for Xie Zhikun;

(7)

The investors into the XIO entity which was purchasing J D Power were not from mainland China were not affiliated with the Chinese government and they were not introduced by or affiliated with Xie Zhikun.”

The Particulars of Claim were amended on 17 November 2023. Before amendment, they alleged at paragraph 19 that Dow Jones had failed to process the personal data lawfully or fairly. By amendment, the allegation of unlawful processing, and the supporting Particulars, which alleged that both the Articles were defamatory of the Claimants, were deleted. The Particulars of Breach of the UK GDPR, as amended, read as follows:

“(1)

In breach of Article 5(1)(a), the Defendant has failed to process the Personal Data lawfully or fairly. In this respect the Claimants will rely in particular on the following facts and matters:

(a)

The First Article refers to allegations of a serious nature and includes Criminal Offences Data.

(b)

The First Article relates to allegations which never resulted in a criminal charge or arrest.

(c)

The Second Article makes serious and damaging allegations of impropriety against the Claimants including, in particular of suspected failure to provide proper disclosure to the Committee on Foreign Investment in the United States.

(d)

The Articles are both defamatory of each of the Claimants.

(2)

In breach of Article 5(1)(d), the Defendant failed to ensure that the
Personal Data was accurate or to erase or rectify inaccuracies in the Personal Data without delay after becoming aware of them. Paragraph 16 above is repeated. The true factual position has been known to the Defendant since (at the latest) its receipt of the PAP Letter.

(3)

In breach of Article 5(1)(d), the Personal Data was kept in a form which permitted identification of the Claimants for longer than was necessary for the purposes for which the Personal Data was processed. Insofar as the First Article was reporting on legal proceedings brought by Xie Zhikun in the Grand Court of the Cayman Islands (Cause No FSD 25 of 2017), it was no longer necessary to process the Personal Data in the First Article after those proceedings were discontinued on 27 November 2020.

(4)

In breach of Article 10, the Defendant published the Criminal Offences Data in the Article without justification under any of the conditions in Parts 1 to 3 of Schedule 1 to the DPA 2018.

(5)

In breach of Article 17, the Defendant has failed to give effect to the Claimants’ exercise of their rights of erasure (by way of the PAP Letter) by removing the Articles from WSJ.com.  The Claimants rely on the following:

(a)

Even if (contrary to the Claimants' primary case) the Defendant's initial decisions to publish each of the Articles was justified, their continued publication is no longer justified once the Defendant had received the PAP Letter.

(b)

Further and in the alternative, by the PAP Letter, the Claimants objected to the processing of the Personal Data in the Articles. There were no overriding legitimate grounds for continuing the processing.

(6)

In breach of Article 21 the Defendant has failed to give effect to the Claimants’ exercise of their right to object to the processing involved in the publication of the Articles as set out in the PAP Letter. There are no compelling legitimate grounds for the continuing publication of the Articles.

(7)

If and insofar as the Defendant contends that the processing of the Claimants’ personal data in the Articles is for “special purpose of journalism” set out in paragraph 26 of Schedule 2 to the DPA 2018, and without prejudice to the burden of proof (which lies on the Defendant) the Defendant is not entitled to rely on any exemption from the listed UK GDPR provisions in that it is not reasonable for the Defendant to believe that:

(a)

Application of the listed UK GDPR provisions would be incompatible with the purposes of journalism;

(b)

The continuing processing of the Personal Data by publication is in the public interest. In particular, it is not reasonable to believe that the continuing processing of inaccurate and/or out of date personal data is in the public interest.

If and insofar as the Defendant had such reasonable beliefs when (it) published each of the Articles, it could no longer hold such beliefs once it became clear that the Personal Data was (sic) inaccurate and out of date.”

Under the heading of Remedies, the APOC now claim:

“(20)

By reason of the Defendant's wrongful processing of the Personal Data as pleaded above, the Claimants have suffered damage to their reputations, and have been caused anxiety, humiliation and distress for which the Defendant is liable to pay compensation to the Claimant'.

(21)

In support of their claims for compensation under s168 of the DPA 2018 the Claimants will rely on the following:

(1)

The loss of control of and autonomy over the Personal Data occasioned by the publication of the Articles.

(2)

the fact that the Defendant has continued to publish and maintain the Articles despite being put on notice of the Claimants' objections in the PAP Letter.

(3)

The fact that the Articles have been repeatedly mentioned by prospective investors in XIO and SGT as requiring further due diligence and therefore being an obstacle to investment. This has caused additional work and distress for the Claimants.”

The prayer for relief seeks compensation pursuant to Art 82 of the GDPR/UK GDPR and/or s168 of the DPA 2018, a declaration that the Personal Data are inaccurate, and a compliance order pursuant to s167 DPA 2018, requiring (a) the erasure of the Personal Data and any similar data, and (b) that Dow Jones takes the steps set out in Art 17(2) and Art 19 of the GDPR/UK GDPR (i.e. notification to controllers processing the data, and notification to publishees of the personal data of any rectification or erasure ordered).

The amendments to the Particulars of Claim followed a letter from Dow Jones’ solicitors dated 25 July 2023 in which it was contended that (i) the claim was purely tactical and amounted to an abuse of process and (ii) in any event the pleading was defective, in particular because it complained that the Articles were defamatory, without setting out the facts and matters required to make good a claim in libel. In response to that letter, and after service of the strike-out application, the Claimants by letter dated 12 September 2023 agreed to make the amendments to paragraphs 19(1) and 20(1) of the Particulars of Claim which are recorded above. As mentioned above, that had the effect of narrowing the grounds on which the strike-out application was pursued by Dow Jones.

By paragraph 5 of his Order dated 12 July 2024, HHJ Richard Parkes KC directed a trial of the following preliminary issues pursuant to CPR r 3.1(2)(i) and (j):

By paragraph 7 of that Order, he ordered Dow Jones to file and serve a written notice of its case on each of those preliminary issues. Pursuant to that Order, on 30 July 2024, Dow Jones filed and served a notice of its case on those issues as follows:

“The meaning of any personal data within the Articles complained of in the claim of which the Claimants are data subjects.

1.

In respect of the First Article (as defined in Paragraph 3 of the Amended Particulars of Claim):

a.

The First Claimant’s personal data bear the meaning that the First Claimant was

one of the executives who had been accused by Mr Xie, in contested legal proceedings in the Cayman Islands, of receiving “secret profits” in an alleged

conspiracy to defraud, an allegation denied by the First Claimant, who said Mr Xie

is not and has never been an investor in XIO.

The Second Claimant’s personal data bear the meaning that the Second Claimant,

In respect of the Second Article (as defined in Paragraph 4 of the Amended Particulars of Claim):

The First Claimant’s personal data bear the meanings that (i) he was part of an

on behalf of XIO the First Claimant contacted a financial firm, Hermes, to ask if

The Second Claimant’s personal data bear the meaning that he replied to a Deloitte

An Order in these terms derived from the relief that Dow Jones claimed before HHJ Richard Parkes KC in the alternative to its strike-out application. That alternative claim for relief, in turn, was made against the background of the way in which the Claimants’ case on Personal Data had been pleaded. As set out above, that case is pleaded in similar terms to a case on meaning in a claim for defamation. The explanation for that approach is to be found in three first instance decisions which both sides invited me to follow and apply when trying the First Issue, although they differed as to the results which they contended should follow from the application of that approach in this particular case.

The first decision in time is that of Warby J in NT1 and NT2 v Google LLC [2019] QB 344 (“NT1”), which Mr Tomlinson submitted was the “leading case” concerning “the Court’s approach to the meaning of personal data”. Specifically, in the context of the trial of the First Issue, s205(1) of the DPA 2018 provides that data is inaccurate if it is “incorrect or misleading as to any matter of fact”, and Mr Tomlinson submitted that NT1 sets out how the Court should assess whether personal data is “incorrect or misleading”.

In NT1, the Claimants were businessmen whose convictions for criminal offences were spent under the Rehabilitation of Offenders Act 1974. They brought claims under data protection law and for misuse of private information, seeking (among other things) orders for de-listing of details of their offending, convictions and sentences, requiring their removal from search results, on the basis that the information, in particular concerning their spent convictions, was old, out of date, irrelevant, of no public interest and/or otherwise an illegitimate interference with their data and/or privacy rights.

At [79], Warby J expressed criticism of the way in which the Claimants’ case on inaccuracy had been pleaded, commenting that the approach adopted by the Claimants “seems to beg the question of what sense a given word or phrase bears, when read in its context”. Warby J continued as follows:

“I cannot help feeling that in a context such as the present where the claimant sues in respect of media publications he should be expected to specify the meaning(s) he attributes to particular words or phrase[s], and which he says is inaccurate. A claimant should also give particulars of inaccuracy. Those are well-established requirements of a statement of case in a defamation or malicious falsehood claim, which are surely appropriate in this context for the same reasons.”

At [80], Warby J turned to consider “the right approach in principle” to the issue of accuracy. In the context of discussing the requirement that is now to be found in Art 5(1)(d) of the UK GDPR that personal data shall be “accurate”, Warby J recorded that “There has been some dispute about how to decide whether a published article is inaccurate for this purpose”. He then said “Two sources of law have been addressed”.

At [81], Warby J discussed the first of these sources, namely data protection law itself. He pointed out that this makes clear that data are inaccurate if they are incorrect or misleading as to any matter of fact, observing that “the reference to fact emphasises that this principle is not concerned with matters of comment, opinion or evaluation” and that “[t]he reference to misleading indicates that the court should not adopt too narrow and literal an approach”. (The core material provisions are now Art 4(1) and Art 5(1)(d) of the UK GDPR. Art 4(1) defines “personal data” as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”. Art 5(1)(d) provides that personal data shall be “accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay”.)

At [82], Warby J identified the domestic law of defamation as “[a] second source of possible guidance”. He continued:

“In a libel action, where truth is in issue, the court will first determine the single natural and ordinary meaning which the words complained of would convey to the ordinary reasonable reader. It is that which the defendant must then prove to be true. A claim for libel cannot be founded on a headline or other matter, read in isolation from the related text; the court must identify the single meaning of a publication by reference to the response of the ordinary reader to the entire publication”.

Also in [82], Warby cited the submission of Counsel for the Defendant “that any factual statement contained in the articles or the book extract must be read in its proper context, and that any complaint of inaccuracy must be assessed in the light of the ordinary and natural meaning of the article or book extract of which the offending statement is part”. At [83], Warby J indicated that he accepted those submissions, saying that the principles taken from the law of libel were not “artificial”, “have been developed over centuries to meet the needs of a cause of action that addresses issues arising from the publication of words and their impact on reputation”, had support in domestic authority, and “seem well-adapted to testing whether the words satisfy the Working Party criterion of giving ‘an inaccurate, inadequate or misleading impression of an individual’”.

At [84], Warby J went on to consider other implications of applying principles taken from the law of defamation in the context of claims concerning personal data:

“There is a further dimension to this. The law of defamation contains a rule (the “repetition rule”) which recognises that an accurate report of what a third party has said about a person may convey an inferential defamatory meaning which is false. The ordinary meaning of the statement “The prosecutor alleged that the defendant had defrauded the revenue” is that the claimant is guilty of fraud. That could turn out to be untrue. The same is true of the statement: “The jury found him guilty of fraud”. The policy of defamation law is to hold the publisher responsible for the inferential meaning, whilst protecting those who report accurately on court proceedings, and on certain other kinds of proceeding or statement such as parliamentary proceedings, even if the report conveys a false or inaccurate inferential meaning. The protection is absolute or qualified, according to the context. Some accurate reports are privileged “subject to explanation or contradiction”. The interpretative provisions of DPA Schedule 1, Part II contain some apparently relevant provisions for qualified exemption from the strict requirements of accuracy. They state, at para 7:

‘The fourth principle is not to be regarded as being contravened by reason of any inaccuracy in personal data which accurately record information obtained by the data controller from the data subject or a third party in a case where (a) having regard to the purpose or purposes for which the data were obtained and further processed, the data controller has taken reasonable steps to ensure the accuracy of the data, and (b) if the data subject has notified the data controller of the data subject’s view that the data are inaccurate, the data indicate that fact.’”

At [87], Warby J said:

“… It would be wrong to treat the two branches of the law as coterminous, as they not only have different origins but also serve different purposes. It is possible to give more weight to literal accuracy in the context of data protection law, with its broader aims and its wider and more flexible range of remedies. It is appropriate, however, to bear in mind domestic principles in order to ensure, as far as possible, that the law has the coherence to which Lord Sumption JSC referred in Khuja’s case [2019] AC 161.”

The second decision in time is Aven v Orbis Business Intelligence [2020] EWHC 1812 (QB) (“Aven”), another decision of Warby J. In that case, when considering “the right approach to the ascertainment of whether information contains the personal data of an individual” (see [26]), Warby J reaffirmed the approach that he had adopted in NT1, which he summarised as follows at [29]:

“I concluded that the right approach was to look at the articles and book extracts as a whole, and interpret any element of them by reference to the meaning that the ordinary reader would take from that element, read in its full context. My reasons were set out in detail at [80-84]. It is unnecessary to set them out here. In summary I concluded, and it remains my view, that support for this approach can be found in aspects of the DPA itself, the work of the Article 29 Working Party, domestic authority on the application of the DPA and its predecessor (the Act of 1984), and the logic and common sense to be found in the law of meaning in defamation.”

The particular context in which the debate about the correct approach arose in that case concerned the following sentences in the Memorandum that was said to contain the Claimants’ personal data:

“Speaking to a trusted compatriot in mid-September 2016, a top level Russian government official commented on the history and current state of relations between President PUTIN and the Alpha Group of businesses led by oligarchs Mikhail FRIDMAN, Petr AVEN and German KHAN. The Russian government figure reported that although they had had their ups and downs, the leading figures in Alpha currently were on very good terms with PUTIN. Significant favours continued to be done in both directions, primarily political ones for PUTIN and business/legal ones for Alpha.”

The issue that Warby J was required to determine in that regard was whether these sentences contained the following data of which the Claimants were the data subjects: “That significant favours are done by President Putin for the Claimants and for President Putin by the Claimants”. The nub of the Claimants’ case was that the words quoted above concerning “significant favours” would, in context, be understood by any ordinary reader to refer to the three individuals identified by name as the leaders of the Alfa Group, and to mean that the significant favours were being done by and for those individuals. The nub of the Defendant’s case was that the words concerning “significant favours” did not contain any personal data about any of the Claimants, but instead contained information about Alfa Group, a corporate entity; that the Claimants were not identifiable from the sentences in question; and that even if they were that would not be enough to make the information personal data that “relates to them”. Warby J, in my view entirely unsurprisingly, preferred the Claimants’ case, holding as follows at [32]:

“Applying that approach, I find that Memorandum 112 did contain the information in claimants’ proposition (a) [i.e. “That significant favours are done by President Putin for the Claimants and for President Putin by the Claimants”]. The claimants are plainly identifiable from Memorandum 112; they are named. Any ordinary reasonable reader of the Memorandum would understand the statements about the giving and receipt of “significant favours” as referring not only to Alfa Group but also to the three individual claimants. That would be the result of reading the whole document, which an ordinary reader would do; but in order to explain this conclusion, it is not necessary to look beyond the immediate context of the words in numbered paragraph 1. The two immediately preceding sentences identify the claimants by name as leaders of the Alfa Group, and assert that they are on “very good terms” with Putin. The reader of the sentence that follows would naturally take its reference to favours being done “in both directions” as a statement that Putin does favours for the claimants, and they for him. The mention of Alfa at the end of the third sentence would be read as synonymous with the claimants. In my judgment, further, the information is personal data within the meaning of DPA s1.”

The third decision is that of Collins Rice J in Shah v Up and Coming Ltd [2020] EWHC 3472 (QB) (“Shah”), made on a trial of preliminary issues in a claim for defamation and breaches of data protection law. Those issues (see [3]) comprised three issues relating to the defamation claim, including determination of “the natural and ordinary meaning of the words and images complained of”, and one issue relating to the data claim, namely “what personal data relating to the Claimant are contained in the words and images complained of”. When addressing the data protection issue, Collins Rice J said at [61]:

“So far as the data protection element of this claim is concerned, the parties agreed that I should be guided by the indications in NT1 v Google LLC [2018] EWHC 799 (QB) at paragraphs 80-87. Where the issue is accuracy, that should be assessed in the light of the natural and ordinary meaning of the material complained of, drawing on the principles developed in the defamation context. The aim is to describe faithfully the information held. The two legal regimes are distinct but unjustifiable incoherence should be avoided. A less impressionistic and more full and literal, or granular, description of personal data may be justified where the regulatory regime of data protection is concerned, since it has to deal with more issues than public reputation or an impression created by a single viewing”.

In my view, although she expressed herself in slightly different language to that used by Warby J in NT1, Collins Rice J was not seeking to lay down any different approach, but merely to summarise in her own words the thrust of [80]-[87] of Warby J’s judgment.

Collins Rice J’s reference to an “impression created by a single viewing” is nevertheless, in my view, telling. That is one of the criteria which needs to be taken into account when determining meaning in the context of a claim for defamation. However, it is possible that some items of personal information would make little or no impression on the hypothetical reasonable reader, for example because they are peripheral to the thrust of the publication, or because they neither criticise nor compliment the data subject. In that case, they would form no part of the single meaning that falls to be ascribed to the publication in question for purposes of the law of defamation. However, that would not mean that, if they are inaccurate, they should be excluded from a data protection claim. This illustrates why the defamation approach cannot be transposed indiscriminately.

Applying defamation principles, including the guidance provided by Nicklin J’s encapsulation of the principles concerning “natural and ordinary meaning” distilled from the authorities and set out in Koutsogiannis v Random House Group [2020] 4 WLR 25 (“Koutsogiannis”), at [11]-[12], Collins Rice J concluded (at [38]) that the natural and ordinary meaning of the words complained of by the Claimant (which she did not consider to be defamatory of him) was as follows:

“[The Claimant] is Indian. He has twice been recorded taking part in political demonstrations in the UK, acting the roles of, respectively, a Baloch nationalist and a citizen of Pakistan. He and others were hired to do that by the Indian government. This is an example of rent-a-crowd tactics by the Indian government constituting thoroughly reprehensible, anti- Pakistan, political conduct on its part.”

With regard to the data protection issue, at [64] Collins Rice J said that the essence of the difference between the parties as to the personal data of which the Claimant was the data subject “is the imputation of personal bad faith and moral turpitude to the Claimant”. She continued:

“Consistently with my findings on meaning, I think a more accurate description of the personal data content of this item would be as follows.

1.

The person shown in the video is identifiable as Mr Shah.

2.

He is an Indian citizen, or of Indian heritage.

3.

In November 2018 he took part in a political demonstration outside a restaurant in Wembley on the occasion of a dinner at which the Chief Justice of Pakistan was speaking. The purpose of the dinner was fundraising for an Indus dam project. The purpose of the demonstration was to object to that project. Mr Shah identified himself publicly with that purpose.

4.

On that occasion he acted the part of a Pakistani citizen.

5.

He, along with others, was hired and paid to do that by the Indian government as part of its rent-a-crowd tactics.

6.

In April 2018 he took part in a political demonstration outside the Houses of Parliament on the occasion of the visit of the Indian Prime Minister. The purpose of the demonstration was to enlist UK and Indian government support for a Pakistan regional issue. Mr Shah identified himself publicly with that purpose.

7.

On that occasion, he acted the part of a Baloch nationalist.

8.

He, along with others, was again hired and paid to do that by the Indian government as part of its rent-a crowd tactics.”

In my view, in that case there was a clear difference in the formulation of the defamation issues on the one hand and the data issue on the other hand, and while Collins Rice J may have had regard to the “natural and ordinary meaning” of the Claimant’s personal data applying principles developed in the law of defamation, the data content that she identified in the items complained of was purely factual and nothing like a libel meaning.

As I have already indicated, both sides invited me to determine the First Issue by applying the approach suggested by Warby J in NT1. For the Claimants, Mr Tomlinson emphasised that, faced with a choice between “holistic” and “atomised” approaches to “the ascertainment of whether information contains the personal data of an individual”, the “holistic” approach is to be preferred (see Aven at [26]). For Dow Jones, Ms Evans accepted that when identifying “data” for the purpose of determining whether or not the same constitute “personal data” the Court must have regard to the full context. She emphasised, however, that both Warby J in NT1 at [87] and Collins Rice J in Shah at [61] had made clear that a more literal and “granular” approach may be appropriate when considering data issues, and that no decided case went so far as to say that the Court was required unhesitatingly to apply defamation law principles in the context of data claims.

Building on that premise, it was common ground between the parties that I should apply the principles for determining the natural and ordinary meaning of words complained of in libel as distilled by Nicklin J in Koutsogiannis at [12] and approved by the Court of Appeal in Corbyn v Millett [2021] EMLR 19 at [8]:

“The following key principles can be distilled from the authorities: ….

i)

The governing principle is reasonableness.

ii)

The intention of the publisher is irrelevant.

iii)

The hypothetical reasonable reader is not naïve but he is not unduly suspicious. He can read between the lines. He can read in an implication more readily than a lawyer and may indulge in a certain amount of loose thinking but he must be treated as being a man who is not avid for scandal and someone who does not, and should not, select one bad meaning where other non-defamatory meanings are available. A reader who always adopts a bad meaning where a less serious or non-defamatory meaning is available is not reasonable: s/he is avid for scandal. But always to adopt the less derogatory meaning would also be unreasonable: it would be naïve.

iv)

Over-elaborate analysis should be avoided and the court should certainly not take a too literal approach to the task.

v)

Consequently, a judge providing written reasons for conclusions on meaning should not fall into the trap of conducting too detailed an analysis of the various passages relied on by the respective parties.

vi)

Any meaning that emerges as the produce of some strained, or forced, or utterly unreasonable interpretation should be rejected.

vii)

It follows that it is not enough to say that by some person or another the words might be understood in a defamatory sense.

viii)

The publication must be read as a whole, and any ‘bane and antidote’ taken together. Sometimes, the context will clothe the words in a more serious defamatory meaning (for example the classic ‘rogues' gallery’ case). In other cases, the context will weaken (even extinguish altogether) the defamatory meaning that the words would bear if they were read in isolation (e.g. bane and antidote cases).

ix)

In order to determine the natural and ordinary meaning of the statement of which the claimant complains, it is necessary to take into account the context in which it appeared and the mode of publication.

x)

No evidence, beyond [the] publication complained of, is admissible in determining the natural and ordinary meaning.

xi)

The hypothetical reader is taken to be representative of those who would read the publication in question. The court can take judicial notice of facts which are common knowledge, but should beware of reliance on impressionistic assessments of the characteristics of a publication's readership.

xii)

Judges should have regard to the impression the article has made upon them themselves in considering what impact it would have made on the hypothetical reasonable reader.

xiii)

In determining the single meaning, the court is free to choose the correct meaning; it is not bound by the meanings advanced by the parties (save that it cannot find a meaning that is more injurious than the claimant's pleaded meaning).”

In this regard, without apparent demur from Ms Evans, Mr Tomlinson relied on the guidance provided by the Court of Appeal in Chase v News Group Newspapers Limited [2003] EMLR 218 (“Chase”) at [45]:

“The sting of a libel may be capable of meaning [1] that a claimant has in fact committed some serious act, such as murder. Alternatively it may be suggested that [2] the words mean that there are reasonable grounds to suspect that he/she has committed such an act. A third possibility is that [3] they may mean that there are grounds for investigating whether he/she has been responsible for such an act.”

Mr Tomlinson, again without demur from Ms Evans, further submitted that, in accordance with the guidance given by the Court of Appeal in Tinkler v Ferguson [2019] EWCA Civ 819 at [9], I should read the Articles before reading the parties’ submissions.

In adopting that approach, I nevertheless consider that it is necessary for the Court to have some idea of the issues in the claim before reading the material complained of – for example, to note: who the Claimants are; that it is a data protection claim; and to get some sense of the ambit of the data complaint. Otherwise, there is a danger that the Court’s reading will lead to conclusions on meaning that are of no relevance to the claim.

The first point which divided the parties concerned the application of the “repetition rule”. As Nicklin J stated in Brown v Bower [2017] 4 WLR 197 (“Brown”) at [19]:

“The so-called “repetition rule” is a principle “deeply embedded” in the law of defamation (per Hirst LJ in Shah v Standard Chartered Bank [1999] QB 241, 261G). It has two, quite distinct, applications. First, it is a rule relevant to the determination of the single meaning that a statement bears. Second, it serves to limit the evidence that is admissible to prove the truth of a defamatory imputation.”

As appears from one of the authorities that Nicklin J cited in Brown, a pithy distillation of the rule is that “For the purpose of the law of libel a hearsay statement is the same as a direct statement, and that is all there is to it.” (Lewis v Daily Telegraph Ltd [1964] AC 234, Lord Devlin at 284). As Mr Tomlinson submitted, it is therefore no defence to an action for defamation for the defendant to “prove he was merely repeating what he has been told” (Stern v Piper [1997] QB 123, 128). As Simon Brown LJ explained (at 135-136), the repetition rule is: “a rule of law specifically designed to prevent a [court] from deciding that a particular class of publication—a publication which conveys rumour, hearsay, allegation, repetition, call it what one will—is true or alternatively bears a lesser defamatory meaning than would attach to the original allegation itself” (ibid, at 135-136). Further, both Mr Tomlinson and Ms Evans cited the judgment of Hirst LJ in Shah v Standard Chartered Bank [1999] QB 241, at 263, explaining that:

“… the repetition rule reflects a fundamental canon of legal policy in the law of defamation dating back nearly 170 years, that words must be interpreted, and the imputations they contain justified, by reference to the underlying allegations of fact and not merely reliance upon some second-hand report or assertion of them”.

Nevertheless, the rule is not absolute, as Nicklin J explained in Brown at [32]:

“When the authorities speak of rejecting submissions that words repeating the allegations of others bear a lower meaning than the original publication that is a rejection of the premise that the statement is less defamatory (or not defamatory at all) simply because it is a report of what someone else has said. That kind of reasoning is what the repetition rule prohibits when applied to meaning. The meaning to be attached to the repetition of the allegation has still to be judged, applying the rules of interpretation I have set out above, looking at the publication as a whole.”

Mr Tomlinson submitted that, in accordance with the judgment of Warby J in NT1, in particular at [84], when deciding on the meaning of personal data for the purpose of inaccuracy claims, the Court must apply the repetition rule.

Ms Evans did not attempt to rebut this submission root and branch, but instead argued that the repetition rule should be disapplied in data cases involving reports of court proceedings. Her principal submissions were as follows:

It was not entirely clear to me how these submissions, if correct, would fall to be applied on the trial of the First Issue, as Ms Evans’s Skeleton Argument stated: “This is not to say, and the Defendant does not submit, that the Court needs to determine at this trial of preliminary issues on data meaning whether the Articles in fact consist of court reports”. Ms Evans was right to accept that this factual issue could not be determined at this stage. At the same time, the submissions advanced by her are only of relevance in this case if and to the extent that the Articles do, in fact, consist of reports of court proceedings. This raised the spectre that, on her case, the First Issue could not be determined as a preliminary issue. (On Mr Tomlinson’s case, it could still be tried, because, according to him, the repetition rule applies whether or not reports of court proceedings are involved.)

Apart from pointing out this difficulty, and suggesting that, as the Court could not hold that there was in fact any reporting of court proceedings, it should determine the First Issue on the basis that there was no such reporting, Mr Tomlinson’s main submission in reply was that the position was not so stark as Ms Evans was suggesting, because there were other protections available within the data protection regime which mitigated the unavailability of a discrete protection for the accurate reporting of court proceedings.

As to the first point, as part of their case on inaccuracy the Claimants’ own case pleaded in the APOC refers to “legal proceedings brought by Xie Zhikun in the Grand Court of the Cayman Islands (Cause No FSD 25 of 2017)” and contends that “those proceedings were discontinued on 27 November 2020”. It therefore seems to me that it is not open to Mr Tomlinson to suggest that there were no proceedings for the Articles to report on. Nevertheless, I accept that it is still open to the Claimants to say that it cannot be assumed for the purposes of the present trial that any report on proceedings contained in the Articles is “fair and accurate”. Such points illustrate why preliminary issues “are too often treacherous short cuts” (Tilling v Whiteman [1980] AC 1, Lord Scarman at p25).

As to the second major point that he made in reply, Mr Tomlinson highlighted, in particular (i) the exemptions from the UK GDPR contained in para 26 of Sch 2 to the DPA 2018 in respect of (among others) “journalistic purposes” and (ii) the fact that, as observed by Warby J in NT1 at [85] and [86] “It is noteworthy that the remedial provisions of the DP Directive and the DPA afford the court a discretion, and considerable latitude” and “It is clear from these provisions that even where data are found to be inaccurate the court has a toolbox of discretionary remedies that can be applied according to the circumstances of the individual case”. In substance, these submissions amount to saying that while there may not be protection in data claims from liability for accurate court reporting (on the basis that the repetition rule applies, such that accuracy has to be tested by the reference to the truth or falsity of the reported allegations), protection is available, in appropriate cases, through other mechanisms.

As part of their submissions, both sides referred to the decision of Johnson J in AB v Chief Constable of British Transport Police [2022] EWHC 2749 (KB) (“AB”). That case concerned an appeal from a Circuit Judge, and (see [5]): “One of the issues raised by the appeal concerns the approach that a judge should take when deciding if police crime reports are accurate within the meaning of data protection legislation. Must the reports accurately describe what in fact occurred in the underlying incident; or should they instead accurately reflect the information provided to the police about the incident?”

Johnson J directed himself as follows at [30]:

“In order to decide whether personal data are accurate, so as to comply with DPP4, it is necessary first to decide what the personal data mean: NT1 v Google LLC [2018] EWHC 799 (QB); [2019] QB 344 per Warby J at [80]-[83]. When assessing meaning, it is necessary to interpret the words in context: NT1 at [83]. Once the meaning has been established, it is then necessary to establish the facts so as to decide whether that meaning is ‘incorrect or misleading as to any matter of fact’.”

When considering the issue of the meaning of the police occurrence summary reports (“OSRs”), Johnson J said at [70]: “The nature, context, and purpose of the OSRs are critical when deciding what they mean. That is because the same or similar words may mean different things depending on the context in which they are recorded.” He gave a number examples to illustrate this point, including the following:

“The record of antecedents that is produced to a criminal court discloses the previous convictions of the data subject. The data is accurate if it accurately records those convictions. If it erroneously records a conviction then the data is inaccurate, even if the data subject committed the offence. If it correctly records a conviction then the data is accurate, even if it can be shown that the data subject did not commit the offence.”

When giving this example, it seems to me that Johnson J took a literal approach towards the data in question. No doubt a Crown Court judge might understand a record of antecedents in the manner described. However, if such a record was repeated in a newspaper, it might be open to serious debate whether the hypothetical reasonable reader would do so. Yet there is no suggestion that this might affect the meaning of the data.

At [73], Johnson J said:

“The judge said that to the "ordinary reader" of an OSR, the "Modus Operandi" constitutes a description of what the data subject actually did. I agree that a member of the public, with no knowledge of the purpose of an OSR, or how it comes to be created, might well understand the MO to identify what the data subject actually did. But there was no evidence that the OSRs were published or otherwise communicated to members of the public. If they are kept in accordance with the appellant's policy, and guidance from the College of Policing, then they are only available to those with a proper policing purpose to access them. The "ordinary reader" of an OSR can be taken to be a person with an understanding of how OSRs come to be created and their underlying purpose. The reader knows that they are not a database of convictions or findings, that they simply record the information that has been provided to the police and the actions that the police have taken, and that the underlying allegation may or may not be true.”

Mr Tomlinson submitted that this decision reflected an application by Johnson J of conventional meaning principles derived from the law of defamation, in particular principle (xi) in Koutsogiannis that “The hypothetical reader is taken to be representative of those who would read the publication in question”. Ms Evans submitted that it reflected the adoption of a more literal approach to the issue of accuracy than application of the repetition rule would dictate, in order to accommodate the importance of reporting in a context where it was important that the relevant information should be disseminated.

I am not persuaded that either of these submissions is correct, because I am not persuaded that Johnson J applied defamation principles, let alone that he had regard to the repetition rule and any need to ameliorate the consequences of that rule in the context of OSRs. The direction that he gave himself at [30] seems to me not to depend on such principles. If that is right, I consider that Johnson J was correct to adopt the approach that he did. I do not consider that Warby J in NT1 was seeking to lay down principles of general application when determining the accuracy of data (for example, in health records or financial records). I consider that this is apparent from Warby J’s reference at [79] to “a context such as the present where the claimant sues in respect of media publications”.

I confess to being troubled by the course that these proceedings have taken. I am concerned that either this reflects a departure from what was envisaged by the judgment of Warby J in NT1, or that, if it does not, that judgment may require further consideration.

It seems to me that “data” centrally concerns matters of fact, whereas “meaning” is centrally concerned with the message conveyed by the material in question. In many data cases, there will be no need to look beyond the immediate statement(s) of fact to ascertain what personal data are involved. In other cases, it will be necessary to do so. For example, if a publication states “Everyone who lives at X address is a crook” and, quite separately, “Y lives at X address”, it may not be difficult to conclude that the latter statement contains two items of personal information: (i) that Y lives at X address and (ii) that Y is a crook. The process by which that conclusion is reached involves giving a meaning to the second statement, and in carrying out the process of interpretation it may be appropriate to apply the test of what the second statement would mean to a hypothetical reasonable reader. It seems to me that this is probably what Warby J had in mind.

However, if this approach is applied indiscriminately it may lead to unsatisfactory results. For example, if a publication states that X has been sued for fraud in civil proceedings, and X complains that this is personal data that is inaccurate because it bears the meaning that there were “reasonable grounds to suspect” X of fraud, then, on the face of it, that complaint of inaccuracy may involve enquiring whether there were, in fact, reasonable grounds to suspect X of fraud. However, whether or not that is right does not depend on whether X has, in fact, been sued for fraud in civil proceedings: there may be reasonable grounds to suspect X of fraud even if he has not been sued in civil proceedings at all. A claim based on a gloss on the factual statement that has been made concerning X may therefore lead to a separate enquiry to whether that statement is, in fact, accurate.

Another potential difficulty arises because of differences between defamation law and data protection law. In defamation cases, whether a defence of truth or substantial truth concerning a publication which alleges “reasonable grounds for suspicion” can be made out depends on whether there were reasonable grounds for suspicion at the time of publication. Therefore, what matters is the factual matrix at the time of publication. In data protection cases, however, a claim for inaccuracy may be made on the basis that personal data are inaccurate at the time of the processing complained of, including because they have become misleading or out of date, regardless of whether they were accurate at the time of original publication. In that event, what matters is the factual matrix at the time when relief is sought. Accordingly, if a data claim is based on a defamation-style meaning of “reasonable grounds for suspicion” that would seem to give rise to the prospect of shifting sands, depending on what grounds exist as time goes on.

Such consequences are far removed from simpler questions such as (i) was it accurate in the first place to say that X had been sued for fraud and (ii) has that statement of fact become inaccurate or misleading or not been kept up to date by reason of later events? If the proper pleading of data protection claims results in such complications, then that has to be accepted; but it seems to me desirable to avoid that result as far as possible.

The starting point for the defamation approach to meaning is the “single meaning rule”. In Stocker v Stocker [2020] AC 593 at [34], Lord Kerr, speaking for the Supreme Court, said: “… it is clear that the single meaning approach is well entrenched in the law of defamation … whatever else may be said of it, it provides a practical, workable solution.”

Nevertheless, the rule has its detractors. In Ajinomoto Sweeteners Europe SAS v ASDA Stores Ltd [2011] QB 497, the Court of Appeal declined to transpose the rule into the law of malicious falsehood. Sedley LJ said at [32] that “With the help of counsel’s scholarship we have seen how a pragmatic practice became elevated into a rule of law and has remained in place without any enduring rationale”. He continued at [33]:

“But where it is capable of being applied, as it is in the present claim, the rule is productive of injustice. On the judge’s unchallenged findings, the meanings which reasonable consumers might put on Asda’s health-food packaging include both the damaging and the innocuous. Why should the law not move on to proof of malice in relation to the damaging meaning and (if malice is proved) the consequential damage without artificially pruning the facts so as to presume the very thing – a single meaning - that the judge has found not to be the case?”

Rimer LJ said at [43]:

“If the single meaning rule does achieve a fair balance in defamation law between the parties’ competing interests, that would appear to be the result of luck rather than judgment; and how the measure of such claimed fairness might be assessed may anyway be questionable. The application of the rule can also be said to carry with it the potential for swinging the balance unfairly against one party or the other, resulting in no compensation in cases when fairness might suggest that some should be due, or in over-compensation in others. No doubt it would keep the common law tidy if the single meaning rule were also applied in malicious falsehood claims, particularly because there will be cases in which a claim might be brought either in defamation or malicious falsehood. The common law has, however, never worried about tidiness. It has always been more concerned with meeting the justice of the particular case and developing itself accordingly.”

If, as seems plain from this decision, the refusal to extend the single meaning rule to claims for malicious falsehood is not regarded as giving rise to incoherence, I consider that at lowest it is not self-evident that refusing to extend it to data claims would do so.

There is also another and perhaps more tangential aspect to the issue of coherence, namely that, stated in the broadest terms, one of the central missions of the GDPR is to provide equivalent protection to data subjects throughout the EU. As the GDPR left it to Member States how to bring about implementation, including how to “reconcile the right to protection of personal data … with the right to freedom of expression and implementation”, there are always likely to have been differences between the implementation regimes in different Member States. Moreover, following the withdrawal of the UK from the EU, the courts have greater freedom to develop UK data protection law in ways that may depart from EU jurisprudence on the GDPR. Nevertheless, if substantial differences were to arise in the protection afforded to data subjects, that might raise difficulties as to whether the transmission of data to the UK is compatible with the GDPR, such that it should be permitted by the EU; and in any event it is perhaps at least worthy of consideration whether the transposition of the unique features of the English law of defamation into the data field is desirable in this context.

In my view, there is another, more important, point concerning data claims, of which the present case is an example, namely that they involve not only considerations of accuracy but also considerations of fairness. Further, for the reasons explained by the Court of Appeal in Ajinomoto, application of the single meaning rule may give rise to unfairness.

If the single meaning rule is applied for purposes of (i) identifying personal data and/or (ii) interpreting the ambit of that data, a question arises as to how that interrelates with the issue of fairness. In Slim v Daily Telegraph [1968] 2 QB 157, at 187 Salmon LJ cited a case in which “It was there held that the words complained of were incapable of meaning to ordinary men that the bank was in financial difficulties, yet they caused a run on the bank, whose customers, presumably, were ordinary men”. No doubt, that is an extreme example. However, what if the Court determines for the purposes of the claim of inaccuracy that the natural and ordinary meaning of the data is innocuous, but readers, or some readers, of the data in fact react to it in a manner that is very adverse to the data subject? Does that have the effect that when addressing the claim of unfair processing, the Court is tied to the natural and ordinary meaning that it has found in respect of the inaccuracy claim? If so, it seems to me that might produce an unduly fettered approach to the issue of fairness. Or does it have the effect that when addressing the issue of fairness, the Court is not precluded from having regard to the reality of the matter? If so, that would seem to me to be consonant with achieving the correct approach on the issue of fairness, but how comfortably would that sit beside the conclusion on inaccuracy?

A related issue arises with regard to the adoption of a test that centres around the “hypothetical reasonable reader”. In the law of defamation, the characteristics of such a person are determined at the time of publication. It seems to me that in the case of archive material dating back to 2017 and 2018 of the type with which the present case is concerned, in the real world the readers of that material may well have quite different characteristics from the broad swathe of readers to whom the Articles were originally published. The evidence before HHJ Richard Parkes KC (see [113]) of his judgment) was that page views of the First Article in the UK were only 63 in 2022 and 41 in 2023, and of the Second Article 44 in 2022 and 34 in 2023. At the same time, the evidence of the Claimants was that this degree of page viewing was causing them major problems.

If – which is obviously not a matter that is before me on the trial of the First Issue – that evidence transpires to be correct, it seems to me that it may well be that the persons, or many of the persons, who are viewing this data are doing so as part of targeted searches concerning the persons mentioned in the Articles, including the Claimants. As a matter of common sense, such readers, or many such readers, may differ from the broad swathe of readers of the original publications: they will be, or will include, persons who are contemplating doing investment management business with the Claimants, and may, among other things, be more sophisticated in their appraisal of the contents of the Articles than the general readership. Further and in any event, if it is right to suppose that they are seeking out the Articles for a specific purpose, they will, or may, read the Articles more closely and analytically than the typical reader of the initial publication.

In such circumstances, it is at lowest not obvious why adoption of the “hypothetical reasonable reader” test, taken from the law of defamation, is appropriate in a data case. At root, the concern is that rules developed in order to render manageable the trial of claims for damage to reputation, particularly in the era of trials involving both judge and jury, are not best adapted to the correct resolution of factual issues in data claims.

This was not a point that either side made with regard to the judgment of Johnson J in AB, but it seems to me consistent with the approach that was adopted in that case. Johnson J accepted that the general public might read the OSRs in the way found by the Circuit Judge. However, the OSRs were not published to the general public, but instead to a limited class of persons “with an understanding of how OSRs come to be created and their underlying purpose”, who would accordingly read them differently. It is true that because those persons were the only people to whom the OSRs were published at any time this approach can be said to accord with the “hypothetical reasonable reader” principle. However, if, in fact, the relevant (i.e. current) readership of publications such as the Articles have a particular level of understanding which differs from original publishees, it seems to me hard to justify, and to have the potential to lead to wrong conclusions on issues of accuracy and fairness, to simply shut that out of consideration.

Standing back from all these points, I am of the opinion that many of the issues canvassed before me might be better addressed when considering whether data are processed “fairly”. Fairness is a broad and flexible concept, and it is possible to take account of all the circumstances when determining it. To my mind, (i) the availability of redress under this heading and (ii) the consideration that the definition of “inaccuracy” extends to data that is “misleading” renders, or may render, sterile many of the issues that may arise concerning the “meaning” of data, and whether it suffices for the purposes of “accuracy” that the data are literally accurate or whether for those purposes the data require to be accurate in some other sense (such as flows from the application of the “repetition rule”).

Finally, I would make two comments on the decided cases to which I have been referred. First, nothing said above is intended to cast any doubt on whether they were decided correctly. Second, in my view none of the cases following NT1 involved applying the full panoply of defamation principles discussed by Warby J in that case: (i) The material part of Warby J’s decision in Aven seems to me have turned, and certainly to have been justified by, a straightforward reading of three consecutive sentences, which taken together had the effect that “The mention of Alfa at the end of the third sentence would be read as synonymous with the claimants”; (ii) As set out above, I consider that Collins Rice J in Shah did not set herself the task of deciding, and did not overtly decide, the “natural and ordinary meaning” of the data in that case applying principles developed in the law of defamation; and (iii) In AB, the principles which Johnson J derived from NT1 were (a) when assessing meaning, it is necessary to interpret the words in context, and (b) once the meaning has been established, it is then necessary to establish the facts so as to decide whether that meaning is ‘incorrect or misleading as to any matter of fact’, both of which seem to me plainly right but not to depend on defamation law principles.

I have felt it necessary to consider the above points because: (i) the First Issue is formulated as it is; (ii) as far as I am aware, no such issue has ever been tried before; and (iii) this is the first time the Court has been asked to try a preliminary issue of meaning in a data claim alone, let alone one which involves a debate about the repetition rule.

In light of the above discussion, and having regard to the parties’ submissions, the approach that I propose to adopt towards determination of the First Issue is as follows:

In my judgment, the meaning of the personal data contained within the First Article of which the Claimants are data subjects and about which they make complaint is as set out in the words underlined below (with the further words providing immediate context, and the words in italics comprising personal data about which no complaint is made):

In my judgment, the meaning of the personal data contained within the Second Article of which the Claimants are data subjects and about which they make complaint is as set out in the words underlined below (with the further words providing immediate context, and the words in italics comprising personal data about which no complaint is made):

As is usual on the trial of a preliminary issue concerning meaning, the parties made both written and oral submissions on this topic. Such submissions cannot alter the view that the judge has already taken, adopting the approach endorsed in Tinkler v Ferguson. Nor should they trespass into the realm of “over-elaborate analysis”, as that is to be avoided in accordance with the principles distilled in Koutsogiannis. Their purpose would seem to be to afford the judge the opportunity to reconsider whether the judge’s initial reading of the publication in question does, on reflection, faithfully accord with those principles.

Mr Tomlinson’s overarching submissions with regard to each Article are that (i) it contains a “coherent narrative” and should be read adopting a “holistic” rather than an “atomised” approach and (ii) it is not “neutral” and instead contains information about suspected wrongdoing.

Mr Tomlinson’s principal further submissions on the First Article were as follows:

Ms Evans’ overarching submissions with regard to the First Article are that (i) it is a neutral report of legal proceedings brought by Xie Zhikun against the XIO Group, and (ii) it is aptly summarised by the standfirst (i.e. [1]): “Chinese investor says he backed XIO Group big-time; it says he didn’t, and now he has filed suit”. Ms Evans’ overarching submissions with regard to the Second Article are that (i) it is a report of XIO’s acquisition of JD Power and of concerns raised at the time about a perceived lack of transparency over who really owned XIO, and (ii) it is an Article about the business, and its activities, in which the actions of individual executives or employees are not the focus.

Ms Evans’ principal further submissions on the First Article were as follows:

Having carefully reflected on these submissions, they do not cause me to change my initial view concerning the meaning of the personal data contained within the First Article of which the Claimants are data subjects and about which they make complaint, for the following principal reasons:

Mr Tomlinson’s further submissions on the Second Article were as follows:

Ms Evans’ further submissions on the Second Article were as follows:

Again, having carefully reflected on these submissions, they do not cause me to change my initial view concerning the meaning of the personal data contained within the Second Article of which the Claimants are data subjects and about which they make complaint, for the following principal reasons:

For these reasons, I answer the First Issue as set out in [83] and [84] above.

The starting point is Article 10 of the UK GDPR, entitled “Processing of personal data relating to criminal convictions and offences”. This provides as follows:

“(1)

Processing of personal data relating to criminal convictions and offences or related security measures based on Article 6(1) shall be carried out only under the control of official authority or when the processing is authorised by domestic law providing for appropriate safeguards for the rights and freedoms of data subjects. Any comprehensive register of criminal convictions shall be kept only under the control of official authority.

(2)

In the 2018 Act —

(a)

section 10 makes provision about when the requirement in paragraph 1 of this Article for authorisation by domestic law is met;

(b)

section 11(2) makes provision about the meaning of “personal data relating to criminal convictions and offences or related security measures”.”

Section 11(2) of the DPA 2018 provides that:

“In Article 10 of the [UK GDPR] and section 10, references to personal data relating to criminal convictions and offences or related security measures include personal data relating to—

(a)

the alleged commission of offences by the data subject, or

(b)

proceedings for an offence committed or alleged to have been committed by the data subject or the disposal of such proceedings, including sentencing”.

The Explanatory Notes on section 11 of the DPA 2018 state at [104] that: “Subsection (2) contains a non-exhaustive definition of personal data relating to criminal convictions and offences or related security measures.”

Mr Tomlinson further relied on the following guidance as to the law.

The Guidance provided by the Information Commissioner’s Office (“ICO”) notes that criminal offence data extends to data relating to suspicion or allegations of criminal activity, and explains that “‘Relating to’ [in Article 10 of the UK GDPR] should be interpreted broadly” and therefore Article 10 of the UK GDPR “covers any personal data which is linked to criminal offences…”.

A statement alleging that an individual engaged in misconduct without labelling that conduct as criminal or stating that it amounts to any particular offence may nevertheless be “data as to … the commission or alleged commission by [the individual] of any offence”: see Law Society v Kordowski [2011] EWHC 3185 (QB), Tugendhat J at [29], [83]. (The allegations in that case included: “He colluded [sic] with the police, tampered with the evidence. He received large sums of money from the police… He attempted to put me in prison [sic] for something that I did not do… He was working with the police and tried his utmost [sic] to put me in prision [sic] for large sums of money.”)

In Lord Ashcroft v Attorney General & Anor [2002] EWHC 1122 (QB), Gray J held at [30] “It is in my view at least arguable that the reference in the memorandum to the laundry arrangements of Lord Ashcroft would be understood to be a reference to the criminal offence of money-laundering”.

Guidance as to the correct approach to ascertaining whether personal data are to be regarded as criminal offences data was provided by Warby J in Aven at [41]: “… this issue must be determined by considering only the text of [the document in question], identifying the relevant information conveyed by that text, isolating the conduct imputed to the claimants, and deciding whether ordinary readers would conclude that such conduct was prohibited by the criminal law”. Warby J held in that case at [42] that “the ordinary reader would understand the suggestion to be one of criminal behaviour on the part of the first two claimants” and at [45] that “One would expect an ordinary reader in any civilised country to consider dealing with the proceeds of crime and bribing a public official to be prohibited by the criminal law”.

Applying the law to the facts of this case, Mr Tomlinson submitted that (i) the personal data in the First Article concerns a suspected conspiracy by persons entrusted to handle nearly $1bn of funds provided by an alleged investor to defraud him by taking and failing to account for his money and receiving secret profits derived from that fraud; (ii) this is self-evidently personal data relating to the alleged commission of offences by each of the Claimants; (iii) such allegations are clearly linked to criminal offences; and (iv) an ordinary reasonable reader could not fail to conclude that the conduct imputed to the Claimants was prohibited by the criminal law.

I did not understand Ms Evans to dispute any of Mr Tomlinson’s propositions of law.

With regard to the guidance provided by Warby J in Aven at [41], however, Ms Evans submitted that while, on the one hand, that approach is undoubtedly correct where the document itself makes an allegation of conduct amounting to the commission of an offence, on the other hand, where, as in the present case, the document reports an allegation made by a third party, it is necessary for the Court to assess the nature of the allegation made as part of the “immediate context” of the data, which includes identifying the forum in which the allegation is made. In support of this qualification, Ms Evans relied on Information Commissioner v Colenso-Dunne [2015] UKUT 0471 at [46]: “whether the disputed information is sensitive personal data has to be answered in the light of the immediate context of the information in question”.

So far as concerns the facts of the present case, Ms Evans submitted with regard to Mr Pacini that (i) the First Article plainly does not report an allegation of the commission of criminal offences; (ii) it instead reports an allegation of civil fraud, it being self-evident that the claim being brought in the Cayman Islands is a civil claim; (iii) no specific conduct of his, in respect of the alleged fraud, is identified in the First Article; (iv) in the absence of specifics, no reasonable reader could conclude that the underlying conduct was conduct prohibited by the criminal law; (v) that reader would understand that allegations made in civil proceedings may not amount to the commission of an offence and would draw no conclusions; and (vi) this would be reinforced by the absence of any references in the First Article to criminal proceedings or investigation.

With regard to Mr Geyer, Ms Evans submitted that (i) it is plain that no allegation of conspiracy to defraud (or of obtaining “secret profits”) is levelled against him for the same reasons as apply in respect of the determination of the First Issue and (ii) for those reasons and in any event, no reasonable reader could conclude that the conduct imputed to his was prohibited by the criminal law.

So far as concerns Mr Geyer, I have no hesitation in preferring Ms Evans’ submissions.

So far as concerns Mr Pacini, the position is less straightforward. In my judgment, however, the Second Issue should be answered in the negative with regard to Mr Pacini’s personal data as well, for the following principal reasons.

I accept that (i) personal data may be data “relating to” or “linked to” the commission or alleged commission of an offence by the data subject even if the conduct imputed to the data subject is not labelled as criminal or said to constitute any particular offence; and (ii) the correct approach is to (a) identify the conduct imputed to the data subject by considering the text (in the present case, of the First Article) and (b) decide whether ordinary readers would conclude that such conduct was prohibited by the criminal law.

I consider that, consistent with my ruling on the First Issue, the First Article is stating that Xie Zhikun has alleged that Mr Pacini (and Ms Li) have received secret profits out of a conspiracy between XIO executives to defraud him out of his investment.

However, I do not consider that the hypothetical reasonable reader of the First Article would conclude that this imputes to Mr Pacini the conduct of receiving secret profits (or, for that matter, the conduct of participating in a conspiracy to defraud), or, in the language of the legislation, that it comprises personal data “relating to” the “commission” or the “alleged commission” of any criminal offence by Mr Pacini. Read in context, it neither states nor alleges that Mr Pacini has engaged in this conduct, but instead reports that Xie Zhikun has made this allegation, that Mr Pacini has denied that XIO ever received any of Xie Zhikun’s funds, and that the true position is a “mystery”.

Even if, contrary to the above, the true import of the First Article is to make or adopt the allegations that it rehearses concerning Mr Pacini’s conduct, I do not consider that the First Article imputes to him conduct which ordinary readers would conclude is prohibited by the criminal law. First, as set out above, I consider that such readers would consider the allegations made in [4] to be the same allegations as are more fully explained in [12] and [19], and to have been, as against Mr Pacini, of “receiving “secret profits” from the alleged fraud”. Second, I do not consider that such readers would conclude that receiving “secret profits” was prohibited by the criminal law, even leaving aside the international element in the present case, which complicates matters. I consider that such readers would, at highest, be agnostic about this, and that it is likely that their agnosticism would be reinforced in this instance by the fact that the First Article makes no mention of “crime” or “criminal proceedings” but instead clearly refers to civil proceedings alone.

I note that the points identified in the immediately preceding paragraph coincide with the Claimants’ case, because they make no complaint of processing of criminal offence data in relation to the Second Article, even though [50] repeats the allegation concerning civil proceedings in almost identical terms to [19] of the First Article.

If the Claimants’ submissions were right, it seems to me that they would, or might, have very far reaching consequences. If my understanding is correct, a publisher cannot circumvent the “repetition rule” by relying on double hearsay – i.e. by saying not that “X is suing Y for wrongdoing” but instead that “a source has informed us that X is suing Y for wrongdoing”. If that is right, a fair and accurate report of the current proceedings, which have taken place in open court, and which have resulted in the public judgment of HH Judge Richard Parkes KC and the current public judgment, would, insofar as it alluded to Xie Zhikun’s claims set out in the Articles concerning “conspiracy to defraud” and/or of receiving “secret profits”, comprise the processing of “criminal offence data”. This may be subject to protections for the data controller which would nevertheless render such processing permissible without violation of any material data subject rights, but it seems to me a far cry from what Article 10 of the UK GDPR is centrally about.

I answer the Second Issue in the negative.

For these reasons, I determine the First Issue as set out in [83] and [84] above, and I determine the Second Issue as set out in [116] above.

I ask Counsel to agree an order which reflects this determination of these Issues. I will deal with submissions on any points which remain in dispute as to the form of the order, and on any other issues such as costs and permission to appeal, either when judgment is handed down, or (if Counsel agree) on the basis of written submissions alone, or else on an adjourned hearing on some other convenient date.