Claimants Issue Claim: Alleging A Breach Of UK GDPR

Ruby Ashby

Pacini & Anor v Dow Jones & Company Inc [2024] EWHC 1709 (KB)

Background

The Claimants in this case, Joseph Pacini and Carsten Geyer, were former senior executives of the XIO group of companies. Both left the XIO Group in February 2020. The claim centres around 2 articles written by Simon Clark and published by the Defendant, Dow Jones.

The first article was published on 16 March 2017 and suggested that there were reasonable grounds to suspect that both claimants were party to a conspiracy to defraud Xie Zhikun of nearly $1 billion. The focus of the first article was on proceedings pursued against Mr Pacini that were later withdrawn.

The second article was published on 31 January 2018 and suggested that there were reasonable grounds to suspect that each claimant had deliberately failed to provide proper disclosure of investors and had concealed the fact that XIO was an investment vehicle for Xie Zhikun.

On 16 March 2023, the Claimants issued a claim against the Defendant (6 years after the original publication of the first article) alleging a breach of the UK GDPR and/or the Data Protection Act 2018 (DPA 2018). The Claimants argued that the Defendant was in breach of the following:

1. Article 5(1) of the UK GDPR – that the Defendant had failed to ensure that the personal data processed was accurate and/or had failed to erase and rectify the inaccuracies without delay after becoming aware of them;

2. Article 5(1)(d) of the UK GDPR – that the Defendant had kept the personal data for longer than was necessary for the purpose of the processing. For example, the first article reported on legal proceedings which were discontinued in November 2020;

3. Article 10 of the UK GDPR – that the Defendant had published criminal offence data without any justification; and

4. Article 17 of the UK GDPR – that the Defendant had failed to give effect to the claimants’ exercise of their rights of erasure.

The Claimants sought compensation, a declaration that the personal data was inaccurate and an order requiring erasure of the data.

The pre-action correspondence between the parties started before the first article was even published. Throughout the pre-action correspondence, the Claimants stated that they would be pursuing a defamation claim against the Defendant. The limitation period for defamation claims is however 1 year from the date of the defamatory comment. As confirmed above, the claimant did not issue proceedings until 6 years after the defamatory articles were published, which could explain why they decided to issue proceedings under the UK GDPR and/or DPA 2018 rather than a defamation claim.

The Defendant applied for an order striking out the claim arguing that the claim was “purely tactical” and an abuse of process as in reality it was a statute-barred defamation claim that had been dressed up by the Claimants as a data protection claim.

The Defendant argued within the application that this had been done to avoid the rules that apply to defamation claims such as the limitation date and the defences that apply. The Claimants had not explained why they did not issue a defamation claim when the articles were published. It was the Defendant’s position that the “nub” of the claim was in relation to the protection of reputation and therefore that the appropriate claim should have been in defamation.

Decision

The judge first considered whether the claim really was a defamation claim dressed up as a data protection claim. He accepted that in accordance with the Claimants’ evidence about the purpose of the litigation, they had a desire to exercise the rights of erasure made available to them by the UK GDPR and/or the DPA 2018. He therefore concluded as follows:

I cannot see how they can be summarily denied access to the court to make that case, employing a cause of action which is legitimately open to them… simply because in the past they have repeatedly threatened to claim in defamation, or because the claim is heavily based (as it is) on consideration of harm to reputation, or because, had they brought the claim in defamation, it would have faced very difficult obstacles.”

Decision

The judge ultimately concluded that this issue alone would require a trial and could not be determined summarily.

The judge did go on to consider whether it would even be possible to pursue damages for harm to reputation in a data protection claim and considered many previous judgments exploring this very issue.

The judge ultimately concluded that the position appears to be that damages for injury to reputation may be recoverable via a cause of action other than defamation as long as the defendant in such a case is allowed to rely on the defences that would have been available had the claim been brought in defamation. The judge did however acknowledge that the “law on the recoverability of damages for injury to reputation in non-defamation claims is uncertain and in flux…

The defendant’s application was dismissed and a trial of a preliminary issue listed to consider the above in detail. It will be interesting to see what the outcome of this will be.

How can we help?Defamation Or Data Protection Claim

Ruby Ashby is a Senior Associate in our expert Dispute Resolution team, specialising in data breach claims, inheritance and Trust disputes and defamation claims.

If you need any advice, please do not hesitate to contact Ruby or another member of the team in Derby, Leicester, or Nottingham on 0800 024 1976 or via our online enquiry form.

Contact us
Contact us today

We're here to help.

Call us on 0800 024 1976

Main Contact Form

Used on contact page

  • Email us