Silas Jonathan Lees – Court Ruling (United Kingdom, 2020)

Between 2010 and 2015 Lloyds and Mr Lees, the data subject, entered into buy-to-let mortgages with respect to three properties which in 2019 became subject to orders for possession. Over the period of two years (2017-2019), during the court proceedings for possession, Mr Lees made a few Data Subject Access Requests (DSARs) to which Lloyds responded. In the current case, one of the allegations made by Mr Lees was that Lloyds is in breach of the Data Protection Act 2018 ("DPA 2018) and the GDPR because it failed to answer Mr Lees DSARs. Did Lloyds fail to provide personal data contrary to the GDPR and DPA 2018? The DPA 1998 is the applicable legislation in the current case since the DSARs were submitted before the DPA 2018 and GDPR came into effect. The court held that Lloyds provided Mr Lees with an adequate answer to each of the DSARs. As a result, Lloyds complied with the DPA 1998 and GDPR. Further, Chief Master Marsh stated even if Lloyds failed to respond to DSARs, the court has the discretion whether or not to issue an order to make Lloyds comply and confirmed that the court would not have exercised the discretion in favor of Mr Lees due to the following factors: 1. The numerous and repetitive DSARs were abusive; 2. The real purpose of the DSAR was to obtain the documents rather than personal data; 3. There being a collateral purpose that lay behind the requests which was to obtain assistance in preventing Lloyds bringing claims for possession; 4. The fact that data sought would be of no benefit to Mr Lees; 5. The claims for possession have been the subject of final determinations in the County Court from which all available avenues of appeal have been exhausted; The court held the claim is without merit and dismissed it.