Category Archives: Uncategorized

When is a filing system a relevant one?

Yesterday, the Court of Appeal (England and Wales) delivered a fresh judgment in the field of data protection. In its judgment in Dawson-Damer v Taylor Wessing LLP [2020] EWCA Civ 352, the Court (Lord Justice Floyd, Lord Justice Newey and Lord Justice Arnold) considered two issues: (1) the exemption in paragraph 10 of Schedule 7 to the Data Protection Act 1998 relating to legal professional privilege; and (2) the meaning of a “relevant filing system” within section 1(1) of the Data Protection Act 1998. Although this case was concerned with the 1998 Act rather than the GDPR and Data Protection Act 2018, the guidance provided by the Court of Appeal will be of assistance when dealing with the current data protection landscape.

In this blog post I intend to focus only on the issue of a relevant filing system and not on the legal professional privilege. I may, should time permit, come back to the issue of Legal Professional Privilege in the near future.

In the court below, the judge decided that 35 paper files held by Taylor Wessing LLP constituted a relevant filing system and therefore the personal data contained therein were within scope of a subject access request. Every data protection practitioner’s favourite case (Durant v Financial Services Authority) was, of course, a feature of this latest judgment from the Court of Appeal. The Court decided, however, that the decision of the Court of Justice of the European Union in Tietosuojavaltuutettu had changed the landscape somewhat and that the decision of the Grand Chamber was inconsistent with the interpretation of “relevant filing system” in Durant. The Court of Appeal considered that the approach in Durant was “in some respects, more restrictive and cannot be fully reconciled with the CJEU’s interpretation.” [para 88]

At Paragraph 90 of its judgment, the Court of Appeal, sets out four questions that it considers should be asked in light of the CJEU’s decision in Tietosuojavaltuutettu. Those questions are:

1. Are the files a “structured set of personal data”?
2. Are the data accessible according to specific criteria?
3. Are those criteria “related to individuals”?
4. Do the specific criteria enable the data to be easily retrieved?

The Court of Appeal endorsed the “temp test” set out by the Information Commissioner in her guidance. That test explains the concepts by reference to the employment by a controller of a temporary administrative assistant. Would such a person be able to extract specific information about an individual from the controller’s manual records without any particular knowledge of the controller’s type of work of the documents held by a controller. The test does assume that the temp in question is reasonably competent, required on a short induction, explanation and/or operating manual on the controller’s particular filing system in order for them to be able to use it. In essence, if a temp could easily extract information from a controller’s filing system without any real skill or knowledge (beyond competence and basic introductory training), then the filing system is likely to be a “relevant filing system”

In Dawson-Damer, a trainee solicitor and a senior associate had been utilised in order to go through the paper files in order to extract the information. The Judge had relied upon this as a reason why it was a relevant filing system; this was an error, the Court of Appeal held. The Court of Appeal stated that “[i]f access to the relevant data requires the use of trainees and skilled lawyers, turning the pages of the files and reviewing the material identified, that is a clear indication that the structure itself does not enable ready access to the data.” [para 99]

It will not be enough to simply use highly skilled individuals in order to leaf through files and extract information to prove that a manual filing system is not a “relevant filing system”; if a temp could have been capable of performing the same work then it will still be a relevant filing system regardless of who actually performed the task. Data Controllers often put tasks like this out to their lawyers and it will often be trainee solicitors, under supervision (as is the case with all tasks performed by trainee solicitors) of experienced solicitors, who carry out these tasks on behalf of clients who elect to send it to their lawyers; simply deciding to do so will not be sufficient to be able to successfully argue that the filing system in question is not a “relevant filing system”. The court is likely to look at the matter objectively and decide whether a temp administrative assistant could have extracted the information had the controller kept the matter in-house. There are good reasons why a controller might wish to out-source the task to lawyers (there is value that a lawyer can add); however, if it’s simply to try and avoid disclosing personal data by arguing that the manual filing system is not a “relevant filing system” then the controller is likely to be out of luck.

It is also important to note that the temp test is more of a rule of thumb than an exacting legal test. It simply acts as a good indicator that the manual filing system is a relevant filing system for data protection purposes. However, in the case before the Court of Appeal, it was of assistance to Taylor Wessing. The Court determined that the Claimant had failed to prove that the filing system was a relevant filing system and that the conclusion reached by the judge at first instance was not supported by the evidence.

Alistair Sloan

We are able to provide advice and assistance to controllers, processors and data subjects in respect of data protection matters. If you would like advice or assistance in connection with a data protection matter, or any other information law concern, then please contact us on 0141 229 0880 or by E-mail to