Must trustees and their advisors give information to beneficiaries if it is requested under data protection rules?
Trustees could be forgiven for reading the High Court’s recent ruling in Dawson-Damer and others v Taylor Wessing LLP and others ( EWHC 1258 (Ch)) with some trepidation.
The judgment is important for a number of reasons and there will no doubt be a flurry of commentary seeking to explore each aspect of the ruling in detail. This article instead aims to address the oft-repeated, and misleading, notion that the Dawson-Damer litigation somehow cuts across established trust law and undermines the rights of trustees to refuse disclosure of documents to beneficiaries.
The previous Court of Appeal decision in the same case from 2017 ( EWCA Civ 74) was something of a wake-up call for the trusts and estates industry as regards the dangers here. Of particular concern were statements such as Arden LJ’s that 'in my judgment, the [Data Protection Act 1998] does not contain an exception for documents not disclosable to a beneficiary of a trust under trust law principles'.
The new High Court ruling does nothing to reassure trustees or practitioners on the point and instead cites Arden LJ’s comments repeatedly.
The obvious question therefore continues to be how Dawson-Damer impacts upon the 'Londonderry principle' that trustees can legitimately refuse to disclose certain types of documents and information to beneficiaries. Can beneficiaries use data protection laws to force the disclosure of documents containing personal data even if the trustee would normally be entitled to withhold them under traditional trust law principles?
In short, we suggest that the answer is 'No'.
The Dawson-Damer litigation will rightly receive a great deal of attention because reported cases dealing with data protection rights in the context of trusts and estates are rare.
However, one should not forget that the case concerns the repealed Data Protection Act 1998. The provisions governing the right to request copies of personal data under the new law (which is now found in the GDPR, as applied by the Data Protection Act 2018) are subtly, but significantly, different and arguably offer greater protection to trustees.
Dawson-Damer’s impact on the Londonderry Principle
When Taylor Wessing was confronted with a subject access request in relation to a trust they sought to limit their response in line with trust law principles.
They justified this by arguing that the 'legal professional privilege' exemption under the DPA 1998 should be interpreted 'purposively' so that it would protect not only documents covered by legal privilege but also any documents that a trustee could refuse to disclose to a beneficiary under the Londonderry principle.
Unfortunately for them, the Court of Appeal was unconvinced, stating in no uncertain terms that 'The fact is that [such documents] are not within the Legal Professional Privilege Exception, and no other exception has been suggested.'
The latest High Court judgment does nothing to reverse this finding (unsurprisingly, as it was not one of the issues being reviewed). The judgment frequently repeats Arden LJ’s statement that the DPA 1998 did not contain an exception for documents which would not be disclosable to a beneficiary under trust law principles. The result is that a casual reader could easily reach the conclusion that Dawson-Damer sounds the death knell for the Londonderry principle and that subject access requests completely sidestep trust law principles limiting a beneficiary’s right to disclosure.
However, since the events in Dawson-Damer, the DPA 2018 and the GDPR have replaced the DPA 1998 and it is dangerous to assume that the conclusions reached in that case can be transposed directly onto the new law.
The new Article 15(4)
Whilst the DPA 2018 and the GDPR have generally strengthened individual’s data rights, some changes have placed additional limitations on them.
In particular, Article 15 of the GDPR, which sets out an individual’s right to request copies of their personal data (i.e. to make a “subject access request”) now includes article 15(4) which provides that:
'The right to obtain a copy [of personal data] shall not adversely affect the rights and freedoms of others.'
S.7 of the Data Protection Act 1998, which set out the right to make a subject access request under the old law and was central to the Dawson-Damer judgments, contained no directly equivalent provision.
The scope of Article 15(4)
There is not yet any case law clarifying the scope of Article 15(4) but when the Data Protection Bill was working its way through the House of Lords, the government was asked expressly about the Court of Appeal judgment in Dawson-Damer and its effect on trustees’ rights to refuse disclosure.
Lord Pannick (speaking on 13 December 2017) noted that:
'A recent Court of Appeal judgment, Dawson-Damer v Taylor Wessing, has prompted a concern of trust practitioners about the applicability of data protection law in this context….
'The noble and learned Lord, Lord Walker, and I, accompanied by other trusts lawyers, had the benefit of a very helpful meeting with the Minister—the noble and learned Lord, Lord Keen—and members of the Bill team. I am extremely grateful to them for the very constructive discussions we had. I very much hope that the Minister, when he replies to this short debate—I hope it will be short—will be able to confirm three matters:
'The first is that the government understand and are sympathetic to the concerns raised by the Trust Law Committee, which I have just summarised.
'The second matter, which I hope the Minister can confirm, is that the government’s view is that article 15(4) of the GDPR, which states that the right of access, 'shall not adversely affect the rights and freedoms of others', applies in this context to protect the confidentiality principle.
'The third matter, to which I hope the Minister will be able to respond, is that if that view is shown to be erroneous in future litigation—I anticipate the Government do not believe this will be the case, but if it were to occur—I hope the government would consider using the delegated powers conferred by this Bill to enact a specific and express exemption.'
In response, Lord Keen replied for the government that:
'…the government consider that the, “rights and freedoms of others”, referred to in article 15(4) includes the rights of both trustees and other beneficiaries. Where disclosure under data protection law would reveal information about a trustee’s deliberations or reasons for their decisions that would otherwise be protected from disclosure under trust law, the government’s view is that disclosure would adversely affect the rights and freedoms of trustees and beneficiaries in the trustees’ ability to make independent decisions in the best interests of the trust without fear of disagreement with beneficiaries.
'Should the law be tested after Royal Assent and found wanting—which, I stress, the Government do not expect to happen—the delegated power in Clause 15(1) allows the Secretary of State to bring forward regulations to correct this. By that point it will be much clearer what deficiency, if any, has in fact been identified in the law and we would expect a Government to consider those powers in such circumstances.'
In other words, the government expressly confirmed that it in its view Article 15(4) incorporated the Londonderry Principle into the UK’s data protection law. It also implied that, should subsequent litigation prove the government wrong on this point, an express exemption could be introduced to resolve the issue.
With only this brief discussion in the House of Lords to work from, there are inevitably questions as to exactly how Article 15(4) should be interpreted in any particular scenario. However, Trustees do at least have some comfort that Dawson-Damer has not fundamentally altered their right to withhold disclosure of documents in accordance with established trust law principles.
This article gives general information only and is not intended to be an exhaustive statement of the law. Although we have taken care over the information, you should not rely on it as legal advice. We do not accept any liability to anyone who does rely on its content. © Burges Salmon 2018
This article written by Edward Hayes, an associate in the tax, trusts, and family team.
Meet the team of industry experts behind ComsureFind out more
Keep up to date with the very latest news from ComsureFind out more
View our latest imagery from our news and workFind out more
Think we can help you and your business? Chat to us todayGet In Touch
As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email firstname.lastname@example.org.