High Court Dismisses Claim Against Lloyds Bank For Failing To Respond To A Number Of DSARs

Ruby Ashby

Lees v Lloyds Bank Plc [2020] EWHC 2249 (Ch)

Background

Lloyds sought to possess a number of properties owned by Mr Lees. Mr Lees filed a defence in which he complained that Lloyds had failed to respond to a number of Data Subject Access Requests (DSARs).

Mr Lees made the first DSAR on 23rd November 2017 and asked for copies of his loan documentation. Lloyds took until 24th July 2018 to respond and, when they did respond, they confirmed that they could not locate any loan applications.

On 13th March 2019 (after Lloyds had issued their possession claims), Mr Lees sent out approximately 70 DSARs to a number of different parties. A number of these were directed at Lloyds. Lloyds responded to Mr Lees on 2nd April 2019.

Within his defence, Mr Lees claimed that Lloyds had failed to provide sufficient responses to his DSARs contrary to the Data Protection Act 2018 (DPA) and GDPR.

What was decided?

The Court considered the relevant provisions of the DPA and GDPR and concluded that Mr Lees had no grounds in relation to the DSARs. Lloyds had provided Mr Lees with an adequate response to each of the DSARs.

Even if Mr Lees were able to prove that Lloyds had failed to provide a proper response to the DSARs, the Court still had discretion as to whether it should make an order or not.

In this particular case, the Court concluded that even if Mr Lees were able to show that Lloyds had not properly responded to his DSARs they still would not have made an order in his favour for the following reasons:

  1. Mr Lees made numerous and repetitive DSARs (the Court commented that this was an abuse of process).
  2. The real purpose of the DSARs was to obtain documentation rather than personal data;
  3. There was a collateral purpose to the requests which was to prevent Lloyds from bringing the possession claims; and
  4. The data sought would be of no benefit to Mr Lees’ defence as the claims for possession had already been subject to a final determination in the County Court and all avenues of appeal had been explored.

Comment

The decision reached by the Court shows that even where there has been a breach of data protection laws in relation to a DSAR, the Court ultimately has full discretion as to whether they should make an order.

It is therefore not as clear cut as simply being in breach of the regulations. The Court will actually take into account other factors as they did in this case.

Lees LloydsHow can we help?

Ruby Ashby is an Associate in our expert Dispute Resolution team.

For any queries relating to the topics discussed in this article, please call Ruby or another member of the team in Derby, Leicester or Nottingham on 0800 024 1976 or contact us via our online form.

 

This article is for information only and does not constitute legal/financial advice. Please contact us for advice tailored to your specific position. Some of the content presented on our website has been generated with the assistance of Artificial Intelligence (AI). We ensure that all AI-generated content meets our high standards for accuracy and relevance.
Contact us today

We're here to help.

Call us on 0800 024 1976

Main Contact Form

Used on contact page

  • Email us