Insights High Court rules that judicial exemption under Data Protection Act 2018 (DPA) and UK GDPR should be construed broadly


The claimant, X, had brought several claims against a Government department in the High Court, which were heard together. He had mixed success, so that the trial judge made a costs order in his favour but also costs orders against him. All the costs were the subject of detailed assessment by Master Jennifer James, a Costs Judge, and there were various hearings.

During these costs proceedings, X lodged with the Judicial Conduct Investigations Office (JCIO) a complaint of judicial misconduct against Master James. The complaint was dismissed in its entirety in April 2021. X then complained to the Judicial Appointments and Conduct Ombudsman (JACO) challenging JCIO’s handling of his case.

Master James gave judgment in April 2021, assessing X’s costs at only a very small fraction of the very substantial costs that he had claimed. She went on to reduce the assessed costs by 70% on the grounds of X’s conduct of the litigation.

X then issued a subject access request (SAR) to both The Transcription Agency LLP (TTA), a provider of transcription services including court hearings, and Master James for the personal data they each held about him. Both TTA and Master James declined to provide X with his personal data, relying on the statutory exemption under Schedule 2 Part 2 paragraph 14 of the DPA, which enables personal data to be withheld if it is processed by an individual or court “acting in a judicial capacity” or if its disclosure would be likely to prejudice judicial independence (the judicial exemption). X challenged these decisions.

Mrs Justice Farbey noted that the independence of the judiciary, and the corresponding immunity of judges from civil liability, is a hallmark of a democratic society and has long been recognised by the common law. Farbey J said that the protection of judges from suit ensures that judges are not the subject of partisan pressures and that they are free to take decisions that may have significant adverse consequences for a party without the threat of civil litigation. In her view, the same reasoning and principles applied to ensuring the independence of the judiciary under para 14, whether in relation to the exemption for judges acting in a judicial capacity (para 14(2)(a)) or to judicial independence in direct terms (para 14(3)).

Farbey J said that it was wrong to suggest that, in the interests of rooting out wrongdoing, the judicial exemption should be narrowly construed and restricted to matters relating to the production of judgments or the making of decisions. This argument ignored the parameters of the scheme of the UK GDPR and the DPA 2018, which has a specific and limited purpose: to enable a person to check whether a data controller’s processing of his or her “personal data” unlawfully infringes privacy rights and, if so, to take such steps as the DPA provides. It was impermissible, Farbey J said, to deploy the DPA as a proxy for the wider purpose of obtaining documents with a view to litigation or further investigation (Durant v Financial Services Authority [2003] EWCA Civ 1746). The scheme for access to personal data was not a vehicle for a party to proceedings to root out information about a judge, she said.

In addition, Farbey J said, the DPA was not a general mechanism for holding judges to account for what they have done. The rule of law meant that the way for parties to challenge judicial acts was the exercise of rights of appeal. If data protection rights were deployed to hold judges to account, a party to litigation could use the machinery of the UK GDPR and the DPA to avoid the limits of an appellate jurisdiction (such as a requirement for permission to appeal) or to seek to undermine a judge’s authority when appeal rights did not bring about the result that a party wished. Such a scenario would be contrary to the public interest. Instead, there is a scheme for complaints about the conduct of judges under the Constitutional Reform Act 2005 and X had already exercised his right to complain to JCIO and to JACO.

Further, Farbey J said, the independence of the judiciary is a fundamental public interest and the question of whether X agreed with or objected to the way in which his data was processed was irrelevant: if the data was processed by Master James acting in a judicial capacity, the public interest demanded that it be exempt.

In addition, by enacting the judicial exemption, Parliament had restricted data subjects’ rights to safeguard judicial independence, which it was entitled to do under the EU GDPR. The principal restriction is that judges are exempt from data protection obligations by virtue of para 14(2), which applies generally to all personal data processed by an individual “acting in a judicial capacity”. In Farbey J’s view, Parliament had used this broad language to ensure that the exemption was not limited to data processed when a judge was producing (orally or in writing) a judgment or decision. Parliament had intended that all judicial functions should be covered.

Farbey J also noted that Recital 20 of the EU GDPR contemplated the independence of the judiciary as extending not only to decision-making but to other “judicial tasks”. The tasks undertaken by Master James in relation to the production of transcripts of proceedings and the data processed for those tasks were judicial tasks performed as part of a judge’s judicial functions. That the production of transcripts was covered by procedural rules under the CPR strengthened that conclusion.

Master James’s processing and the associated processing undertaken by TTA were therefore covered by the judicial exemption. The claim was dismissed. (X v The Transcription Agency LLP [2023] EWHC 1092 (KB) (9 May 2023) — to read the judgment in full, click here).