Section 8(2) of the DPA permits recipients of SARs not to provide copies of the requested information if it is not possible or would involve disproportionate effort. The concept of disproportionate effort is not included in the Data Protection Directive (95/46/EC) (the Directive) and it is therefore arguable that section 8(2) of the DPA does not comply with EU law.

The court applied the disproportionate effort test to the search that Taylor Wessing would have had to undertake to determine whether any particular document was covered by legal professional privilege. The court held that it would be a very time-consuming and costly exercise for necessarily skilled lawyers to undertake that task and noted that the Dawson-Damers had only paid the statutory fee of £10 each when making the SARs. The court concluded that it would be neither reasonable nor proportionate to expect Taylor Wessing to carry out the work required.

Interestingly, this was not the first time that the judge, His Honour Judge Behrens, has applied the disproportionate effort test to the search process, rather than to the provision of the information covered by the SAR. Previously, in Elliot v Lloyds TSB Bank, HHJ Behrens held that the requirement in the DPA is to provide the personal data that is found after a reasonable and proportionate search (unreported, Leeds County Court, 24 April 2012).

However, the Information Commissioner's Office (ICO) has expressly rejected this approach, stating in its subject access code of practice that the recipient of a SAR cannot refuse to deal with it just because it thinks that locating the information in the first place would involve disproportionate effort (https://ico.org.uk/media/1065/subject-access-code-of-practice.pdf). Even if the supply of copies in permanent form may involve disproportionate effort, the ICO points out that the recipient of the SAR must still comply with the request in some other way; for example, by offering access to the relevant documents at its offices and providing copies of requested documents.

The court has a discretion under section 7(9) of the DPA whether to order a party to comply with a SAR. In Dawson-Damer, the court held (obiter, as it did not find non-compliance) that it would not exercise its discretion because the Dawson-Damers had only issued proceedings in the High Court in order to obtain information to be used in connection with the Bahamian proceedings.

The court referred to Durant v FSA, where the Court of Appeal said that the purpose of SARs under the DPA is to enable an individual to check whether the processing of his data unlawfully infringes his privacy and, if so, to take the steps provided by the DPA to protect it ([2003] EWCA 1746; www.practicallaw.com/9-102-6113). It is not an automatic key to any information, nor should it be used to assist the individual to, for example, obtain discovery of documents that may assist him in litigation or complaints against third parties.

Again, this is in stark contrast to the ICO's approach to responding to SARs. The ICO recognises that, where other legal proceedings are contemplated or in progress, the courts may be reluctant to allow individuals to use SARs as a means of accessing information in connection with those proceedings where disclosure should more appropriately be dealt with under the Civil Procedure Rules. It also recognises that the courts may even regard SARs as an abuse of process if the SAR would not have been made but for the desire to access information to be used in other legal proceedings.

However, the ICO takes the view that whether or not a court would be likely to grant an enforcement order has no bearing on the legal duty of a recipient of a SAR to comply with a SAR. According to the ICO, a recipient may only refuse to comply with a SAR if a relevant exemption under the DPA applies in the particular circumstances of the SAR.

Dawson-Damer will be welcomed by recipients of SARs as it has the potential to significantly reduce the burden on them of responding to a SAR. If there are ongoing or threatened legal proceedings in connection with the information that may be covered by a SAR, recipients can argue that the SAR is an abuse of process and not respond. If the search for the information that may be covered by a SAR will be onerous, recipients can argue that responding will involve disproportionate effort and, again, not respond. Although a SAR applicant might challenge either or both of these positions, the risks of such a challenge may be outweighed by the savings in time and costs of not responding.

For individuals making SARs, Dawson-Damer presents another hurdle to overcome if they need to enforce their SAR in the courts. However, it is worth remembering that individuals can also refer a failure to comply with a SAR to the ICO, which is likely to be a much more receptive audience than the courts to these claims.

The court gave the Dawson-Damers permission to appeal and so further clarity on both of these issues may be available if an appeal is heard.