High Court gets tough on ‘nuisance’ Subject Access Requests.
The High Court has dismissed a claim for failing to provide an adequate response to a Subject Access Request (SAR). The court not only decided that the organisation had adequately responded, it also gave some commentary on the court’s discretion to refuse an order, even where it can be demonstrated that an organisation has failed to provide data.
In the court’s view, the SARs issued were numerous and repetitive (which was abusive) and there was a collateral purpose underpinning the requests (namely, to use the documents in separate litigation).
Significantly, the court said that even if the claimant could show there was a failure to provide a proper response to one or more SARs, the court had a discretion as to whether or not to make an order – and that in this case, there were good reasons for refusing to make an order, including:
- The issue of numerous and repetitive SARs which were abusive.
- The real purpose of the SARs being to obtain documents rather than personal data.
- The fact that the data sought would be of no benefit to the claimant.
The court’s comments demonstrate a robust approach to nuisance Subject Access Requests that is not matched by regulatory guidance.
If your organisation is looking to comply with the requirements of the GDPR then take a look at how our CSaaS and DPaaS solutions can help.