dr_rami_rangerSuch is Dr Raminder Ranger’s success as an entrepreneur that he has received, amongst other things, an MBE for his services to business as well as the much coveted title of “Man of the Year” at the GG2 Leadership Awards in London in 2014.

It has even been reported that David Cameron, during his speech at the GG2 Leadership Awards, cited Dr Ranger’s business success as an example of how individuals from Asian backgrounds can become integrated into British society and act as role models for younger generations.

Given Dr Ranger’s indisputable business success and his significant contribution to the British economy, one might expect a peerage to follow (think Lord Sugar). Indeed, in 2007 and 2010 Dr Ranger applied for consideration for appointment to the House of Lords as a non-party-political life peer. On both occasions, his application was unsuccessful.

Dr Ranger accepted the outcome of the House of Lords Appointments Commission (the Commission) but understandably wished to discover the grounds on which his application was refused. In particular, Dr Ranger became aware of two unsolicited letters sent to the Commission which he argued contained his “personal data”.

So, Dr Ranger submitted a subject access request to the Commission under section 7 of the Data Protection Act 1998 (“the Act”) in an attempt to force the Commission to reveal the contents of the letters. The Commission resisted this request, arguing that it was not compelled to disclose the letters under the Act. Dr Ranger was thus forced to make an application to Court to determine the issue.

The exemptions to the general rule that data subjects can access the information an organisation holds about them are set out in Schedule 7 to the Act. They include, for example, references that are given in confidence for the purpose of an individual’s education, training or employment.

The exemption upon which the Commission sought to rely in response to Dr Ranger’s request was rather more obscure. The relevant provision (paragraph 3 of Schedule 7) reads as follows:

“Personal data processed for the purposes of –

  • assessing any person’s suitability for judicial office or the office of Queen’s Counsel, or
  • the conferring by the Crown of any honour or dignity,

are exempt from the subject information provisions.”

The Judge who heard Dr Ranger’s application, Mr Justice Knowles, was clear that a life peerage would be the conferring of “an honour or dignity”. In reaching this view, Mr Justice Knowles referred to Hansard – admissible in these proceedings given the ambiguity of the primary legislation – which recorded that during a debate in the House of Lords on 24 October 2000, Lord Falconer of Thoroton stated that the words “or dignity” were proposed to be added to paragraph 3(b) by amendment to ensure “that the exemption applies to the granting of peerages”. With this in mind, therefore, it can come as no surprise that Dr Ranger’s application was dismissed ([2015] EWHC 45 (QB)).

Notwithstanding Dr Ranger’s unsuccessful application, subject access requests remain an invaluable means by which an individual can obtain his or her personal information. There are a plethora of situations in which making a subject access request might result in individuals obtaining information from an organisation that might otherwise not be forthcoming, such as when an individual leaves his employer on acrimonious terms and wants to know what personal data the employer holds which might be relevant to his or her departure.

The Court of Appeal in Durant v Financial Services Authority ([2003] EWCA Civ 1746) held that: “the purpose of section 7, in entitling an individual to have access to information in the form of his “personal data” is to enable him to check whether the data controller’s processing of it unlawfully infringes his privacy and, if so, to take such steps as the Act provides”. In this regard, an individual can seek to rely on section 14 of the Act, for instance, which requires a data processor to rectify, block, erase or destroy personal data which is inaccurate. It is also worth noting that an individual may also be entitled to compensation for any contravention by a data controller of any of the requirements of the Act.

Dr Ranger is unlikely to ever discover whether his personal data contained in the letters sent to the Commission infringes his privacy (or, indeed, gives rise to another cause of action) because of the exemption referred to above. However, it should be noted that the exemptions in the Act only cover very specific circumstances which are unlikely to apply in most cases.

At a time when the courts are increasingly having to address complex data protection arguments (see, for example, Mosley, Hegglin and Vidal-Hall) , we should not forgot how useful a subject access request can be in obtaining pre-action disclosure, enabling an individual to see whether s/he has a legitimate basis for issuing a claim in due course.

Tom Double is an Associate in the Defamation and Reputation Management Team and the Cyber Investigation Unit at Collyer Bristow