In a recent blogpost the rather excellent Bilal Ghafoor (who goes by the handle of “FOIKid”, although I note he’s now extended this to “FOI (and DP) Kid”, evidently having rather belatedly discovered the joys of data protection) asked “What is the purpose of subject access requests?“. He drew attention to the potential discord between approaches by the Information Commissioner and by the courts (in cases such as Durant v Financial Services Authority  EWCA Civ 1746) to such requests (made under section 7 of the Data Protection Act 1998 (DPA)).
In a comment on that post I argued that the Court of Appeal in Durant was perhaps not as out-of-step with, at least, the EC data protection Directive 95/46/EC as is sometimes thought
it’s important to note that the Court of Appeal were keen to stress the fact that the Act gives effect to the Directive, and that the Directive and its recitals have a “primary objective” to “protect individuals’ fundamental rights, notably the right to privacy and accuracy of their personal data held by others…
This particular primary objective is illustrated quite starkly by the news from the Press Gazette that comedian/journalist Mark Thomas discovered, through submitting a subject access request, that his name is on a “domestic extremist database”:
police held a file of seven pages containing more than 60 individual items of intelligence…”a bizarre list of events monitored by the police, lectures given, panels attended, even petitions I have supported…the police have monitored public interest investigations in my case since 1999″
Thomas says he is taking legal action to have his name removed. This will be an interesting case if it reaches court, joining a line of cases where people try to effect removal of records from police systems.
What is also interesting though is that Thomas, and the National Union of Journalists (NUJ), are encouraging journalists to submit subject access requests to the police. As Thomas says
I know of other NUJ members on the database….Which is why I am asking NUJ members to take action. If your work brings you into contact with the police whether covering riots or climate camp, from Plebgate to the NSA, then the police could have you on their database
and the NUJ general secretary Michelle Stanistreet adds
we want as many other members as possible to find out what information the Met is holding
In answer to Bilal’s question, then, I think that this – the investigation of how an arm of the UK state monitors and records the activities of the free press – is a vitally important example of what the purpose is of subject access requests.
One response to “THIS is the purpose of subject access requests”
Discourteous of me to reply so late after you had been kind enough to consider my blog and reply – apologies.
While I agree with the fist half of your argument, the Mark Thomas stuff entirely proves what I thought – that is an excellent example of the appropriate use of the subject access right.
But it is out of step with most SARs. Nobody, least of law firms, seem to understand this when they write to public authorities and angrily say things like ‘I want to know what you hold on me about my appendix removal operation because I think you mucked it up and I want to sue you’.
While data subjects get a lot of information, they often don’t get what they need and get more cross.
Do we agree?
I am reading about unstructured personal data and my brain hurts.