The Data Brief

A monthly data protection bulletin from the barristers at 5 Essex Chambers

Data protection and court orders – an unsurprising statement of common sense

29 October 2024

In Bates v Rubython [2024] EWHC 2706 (KB), the former Chelsea owner Ken Bates brought a libel claim in respect of an article about him in Business F1 magazine. The defendants were the company which publishes the magazine, and its editor and sole director – and author of the offending article – Tom Rubython.

Mr Rubython did not advance any positive defences, but essentially required Mr Bates to prove, amongst other things, that the article caused serious harm to his reputation. To assist with this, Mr Bates’ solicitors sought disclosure of a list of the magazine’s subscribers in England and Wales. Mr Rubython declined to provide this information, so a court order requiring its disclosure was sought and ultimately made by consent.

But Mr Rubython then sought to hide behind data protection as justification for non-compliance, asserting that s.170(1) Data Protection Act 2018 prohibited its disclosure. That provision creates a variety of criminal offences based on processing of personal data without the consent of the controller: in this case, of course, the defendant company was the controller and so could not commit the offence. In any event, there is a defence in s.170(2)(b) for processing required to comply with a court order. Letters from Mr Bates’ solicitors pointing out these points did not result in compliance. Instead, the defendant(s) sought an ‘indemnity’ from the Court, which unsurprisingly did not engage with that request. The list of subscribers was never disclosed.

The upshot was a finding at trial by Steyn J that Mr Rubython was ‘happy to latch onto [the issue of data protection] as an excuse for not complying with the order and then clung onto it even after its validity as an excuse had been exploded’. That led to an adverse inference being drawn against Mr Rubython’s case on serious harm.

All in all, a robustly common sense approach to an attempt to hide behind data protection as an excuse. So far, so unsurprising. But it is a helpful reminder that, when dealing with civil proceedings, it is highly unlikely that data protection provides a bar to disclosure. And of course this applies to special category/criminal offence data as well – see paras 7, 26, 33 and 34 of Schedule 1 to the DPA. One to remember if clients raise data protection concerns when you are advising on their disclosure obligations

Further reading: Bates v Rubython [2024] EWHC 2706 (KB)

The Data Brief

A monthly data protection bulletin from the barristers at 5 Essex Chambers

The Data Brief is edited by Francesca Whitelaw KC, Aaron Moss and John Goss, barristers at 5 Essex Chambers, with contributions from the whole information law, data protection and AI Team.

Visit the Information Law, Data Protection and AI area

Search The Data Brief

Affiliations

 

Affiliations

Portfolio Builder

Select the practice areas that you would like to download or add to the portfolio

Download    Add to portfolio   
Portfolio
Title Type CV Email

Remove All

Download


Click here to share this shortlist.
(It will expire after 30 days.)