The Data Brief

A monthly data protection bulletin from the barristers at 5 Essex Chambers

Can a data breach found a claim for unlawful detention?

18 December 2024

The judgment in Willis v (1) Chief Constable of South Wales Police, (2) Ministry of Justice (County Court at Cardiff, HHJ Porter-Bryant) is a recent example of claimant lawyers seeking to push the boundaries of claims under the Data Protection Act 2018. As a County Court judgment it is unreported, but worth sharing to show how claimants seek to use – and misuse – the Data Protection Act 2018.

Mr Willis was a prisoner released on home detention curfew (HDC), i.e. on early release prior to the end of the custodial part of his sentence.  Officers of SWP Police arrested Mr Willis after the MoJ gave an arrest instruction to recall him to prison. The recall instruction arose as an MoJ employee recorded that Mr Willis had been arrested and convicted of a new offence, therefore breaching his HDC licence conditions. In fact, Mr Willis had not been arrested or convicted of a new offence.

Mr Willis claimed that the error amounted to a breach of the fourth data protection principle as his personal data was not accurate.  He went a step further to claim that an ‘unlawful’ data breach rendered his arrest and detention a violation of Article 5 ECHR, which provides:

No one shall be deprived of his liberty save in the following cases and in accordance with a procedure prescribed by law: (a) the lawful detention of a person after conviction by a competent court”. 

He argued that the ‘prescribed by law’ condition at Article 5 was not met, as arrest and detention arose from an ‘unlawful’ data breach. 

The Court rejected that argument. On a proper construction of Article 5, ‘procedure prescribed by law’ refers to the passing of the sentence by the criminal court. As Mr Willis’ sentence had not expired, his detention remained lawful pursuant to that sentence. A subsequent data breach was irrelevant to that analysis.  The Supreme Court’s judgment in R (Whiston) v Secretary of State for Justice [2014] UKSC 39 was applied. The headline point is that claimant lawyers must be careful not to confuse different forms of ‘unlawfulness’ when formulating claims; a (data) wrong does not make a (human) right.

Peter Laverack acted for the MoJ.

The Data Brief

A monthly data protection bulletin from the barristers at 5 Essex Chambers

The Data Brief is edited by Francesca Whitelaw KC, Aaron Moss and John Goss, barristers at 5 Essex Chambers, with contributions from the whole information law, data protection and AI Team.

Visit the Information Law, Data Protection and AI area

Search The Data Brief

Affiliations

 

Affiliations

Portfolio Builder

Select the practice areas that you would like to download or add to the portfolio

Download    Add to portfolio   
Portfolio
Title Type CV Email

Remove All

Download


Click here to share this shortlist.
(It will expire after 30 days.)