Tweet
http://www.allenovery.com/publicatio...re-regime.aspx
The DPA allows DSARs for the purposes of protecting privacy and ensuring the accuracy of personal data. This case highlights the importance a data controller must place upon adhering to those objectives, and the need to carefully balance the rights of a requestor against any other individual whose personal data appears in the document. It also serves as a warning to any party seeking to use a DSAR as a back door to obtaining documents for the purposes of litigation; while the DPA is “purpose blind”, the Courts will not allow it to be used where doing so could circumvent the disclosure regime mandated by the Civil Procedure Rules and render redundant the protections those rules provide. It has long been the position of the Information Commissioner’s Office (ICO), notwithstanding a line of previous case law, including Durant, Eszias2 and Edem3, that it will not look at the motivation behind a DSAR when considering complaints by data subjects. It remains unlikely that this case will cause the ICO to adopt a different approach, but it is increasingly becoming a more difficult position for the ICO to defend.
