Kololo v Commissioner of Police for the Metropolis
Reference:  EWHC 600 (QB)
Court: High Court of Justice, Queen's Bench Division
Judge: Dingemans J
Date of judgment: 9 Mar 2015
Summary: Data protection - subject access request - abuse of process - discretion - collateral proceedings
Download: Download this judgment
Instructing Solicitors: Leigh Day for C; Directorate Legal Services, Metropolitan Police Commissioner for D
C was convicted by the Kenyan court of robbery with violence and kidnapping in relation to the kidnapping and murder of British nationals in Kenya in 2011. He was sentenced to death and is appealing against his conviction and sentence. As the incident involved British nationals, the Metropolitan Police (D) were involved in the investigation. C made a subject access request under section 7 of the Data Protection Act 1998 (DPA) seeking all records relating to him. He sought the information in the hope of using it in his appeal and (as per his witness statement in these proceedings) to find what out information D held and how that information was being used. D refused to comply with the subject access request stating that it was an abuse of process.
1) Whether the subject access request was an abuse of process;
2) Whether the court ought to refuse to direct D to comply with the subject access request, pursuant to its discretion under section 7(9) DPA, because it was made for an improper purpose.
Ordering D to comply with the subject access request made by C:
1) The subject access request was not an abuse of process. The existence of a separate statutory scheme for the provision of information under Crime (International Co-operation) Act 2003 (CICA) for overseas courts or prosecuting authorities to request assistance in obtaining evidence from UK authorities, did not render the request under the DPA an abuse of process. The DPA has within itself specific provision for exemptions for national security and investigation and prosecution of crime. There is nothing to indicate that CICA should be an exclusive remedy.
2) It was appropriate to order compliance with the subject access request. C was making the request to determine whether there are inaccuracies in the data and in order to correct any such inaccuracies. These are clearly proper statutory purposes (as per the Recital to the Directive and section14 DPA). The discretion under section 7(9) DPA is “general and untrammelled” but “should be exercised to give effect to the purposes of the DPA and be proportionate.” The existence of collateral proceedings in which it is proposed to use the data or corrected data does not amount to a reason to refuse to order compliance. Given that C had been sentenced to death, ordering compliance was proportionate.
An interesting discussion of the purposes for which it is proper to make a subject access request. It is fairly common for subject access requests to be made with a view to using the material in other proceedings, but this does not of itself, mean the request is improper. However, the discretion under section 7(9) means that the court does have scope to consider the requester’s motives as part of its evaluation.
It was not in dispute that despite C never having been to the UK the court had jurisdiction to order compliance with the subject access request as data relating to C was held by D in the UK.