How Data Protection Legislation Is Failing Private Tenants – Part 3


Welcome back to this, the final part of our investigation into how landlords and letting agencies’ non-compliance with data protection legislation is preventing private tenants from accessing justice.

In part one of this series, we set out the current data protection law and how landlords and letting agents are supposed to provide tenants and their legal representatives with access to the personal data required to bring a claim for disrepair and/or a statutory breach. We know from our work that landlords and letting agents are not complying with subject access requests (SARs) and this is preventing tenants from accessing justice. In part two we analysed how EU countries and some US States manage data protection compliance breaches to see if the problems suffered by UK tenants are also present in other jurisdictions. Below, we examine the UK case law on SAR compliance, specifically when it is for the purposes of potential litigation and whether or not landlords and letting agents can refuse a SAR if they believe it is being used to acquire information for future litigation.

What is the case law say regarding SAR compliance if the request is made in contemplation of future litigation?

There has been no significant case law on non-compliance with SARs since the 2017 decision of Dawson-Damer v Taylor Wessing LLP [2017] and the joined appeals of Deer v University of Oxford and Ittihadieh v 5-11 Cheyne Gardens [2017]. In these cases, the Court of Appeal clarified the law relating to SARs under the Data Protection Act 1998.

In Dawson-Damer v Taylor Wessing LLP, the court came to three key conclusions:

  1. A SAR will be valid even if its collateral purpose is to obtain information for litigation purposes.
  2. Material withheld because it is protected by legal professional privilege does not include other protected information such as trust law privacy principles.
  3. Data does not need to be provided if doing so would involve a disproportionate effort. The work required to obtain the relevant personal data can be taken into consideration when assessing proportionality.

Dawson-Damer concerned a trust dispute. The SAR was made to the law firm Taylor Wessing, which acted for the trustee of several Bahamian-based trusts of which the Dawson-Damers were beneficiaries. Taylor Wessing refused the SAR arguing that it was made to obtain information for litigation and that this was an improper use of a SAR. The Court of Appeal rejected this argument. Although previous authorities had been conflicted as to whether or not a SAR was valid if used for accessing data in contemplation of litigation, the Dawson-Damer decision makes clear that a SAR designed to procure information for litigation purposes must be actioned.

It is worth noting that although the decision in Dawson-Damer is unambiguous, a further Court of Appeal’s ruling in the joint appeals of Ittihadieh v 5-11 Cheyne Gardens and Deer v Oxford University, stated that the “absence of a legitimate reason” for a SAR may still be relevant when the court exercises its discretion to order compliance. Although wanting to acquire information for the purposes of litigation is not an absolute bar, the court can refuse to order compliance in cases where the SAR is plainly vexatious and repetitive. This was confirmed in Lees v Lloyds Bank Plc [2020] EWHC 2249 (Ch) where the judge noted in an obiter comment that even if the facts showed that Lloyds Bank had not provided an adequate response to each of the Claimant’s SARs, due to the repetitive nature of the request and the fact that they clearly were designed to obtain documents rather than personal data, the court would have used its discretion and refused to order Lloyds to comply with further SARs issued by the Claimant.

What do these decisions mean for tenants whose SARs are being ignored by landlords and letting agents?

As we mentioned at the beginning of this series, there is a trend across all fields of litigation to use SARs to access more information than may be available under the pre-action protocol process. Although the existing cases on SARs used for the purpose of contemplated litigation were decided under the Data Protection Act 1998, there is no reason to doubt that the principles laid down in Dawson-Damer and Ittihadieh v 5-11 Cheyne Gardens and Deer v Oxford University apply to the 2018 UK GDPR and Data Protection Act. Provided that SARs are not vexatious and/or repetitive, there are no legal grounds that allow non-compliance by landlords and letting agents.

Letting agents, who must be registered with the ICO, and private landlords must start complying with SARs or risk the consequences of a data breach claim being brought against them. And given that the case law concerning SAR compliance, even in situations where the request is made to acquire documents for contemplated litigation, clearly states that compliance is required, chances are that the tenant will be successful.

Veriwise helps all tenants get access to justice. If you have an issue with your rented property and your landlord is refusing to fix the problem or is ignoring you, please contact us at and we will resolve the issue directly with your landlord/agent so you don’t have to.