This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Sign Up for our Free Newsletter
Solictors Journal logoSolictors Journal logo

Tribunal dismisses data protection appeal

Case Notes
Share:
Tribunal dismisses data protection appeal

By

The Tribunal struck out Christopher Hart's appeal against the ICO, citing lack of jurisdiction and no realistic prospects of success

Introduction

The First-tier Tribunal (General Regulatory Chamber) recently dismissed an appeal by Christopher Hart against the Information Commissioner (ICO). The case revolved around Hart's application under section 166 of the Data Protection Act 2018, which was ultimately struck out due to jurisdictional issues and a lack of realistic prospects of success.

Background

Christopher Hart lodged a complaint with the ICO on 12th September 2024 concerning access to his online health records. He alleged criminal intent in denying him access to these records. Following the ICO's decision on 10th October 2024, Hart applied to the Tribunal on 18th November 2024, seeking an order under section 166 of the Data Protection Act 2018.

Application Details

Hart's application was extensive, including a 63-page document detailing his complaints. He argued that the ICO failed to take appropriate procedural steps in handling his complaint, which involved sensitive medical data being shared without safeguarding his confidential information. He sought an order for the ICO to comply with section 166 and requested the Tribunal to consider the human rights implications of his case as a disabled vulnerable adult.

ICO's Response

The ICO responded on 13th December 2024, inviting the Tribunal to strike out Hart's application. The ICO argued that it had a wide discretion in handling complaints and that the Tribunal should not substitute its judgment for that of the ICO absent good reason. The ICO had investigated Hart's complaint and offered alternative solutions for accessing his medical data.

Tribunal's Analysis

The Tribunal noted that Hart's application was procedurally flawed, as he failed to submit the required GRC 1 appeal application form. The Tribunal found that Hart's appeal was essentially an attempt to re-open the investigation to achieve a different outcome, which was beyond its jurisdiction. The Tribunal emphasised that section 166 applications are concerned with procedural failings, not the substantive outcome of a complaint.

Legal Framework

The Tribunal referenced several key cases, including Leighton v Information Commissioner and Killock v Information Commissioner, to clarify the scope of section 166 applications. It highlighted that the Tribunal's role is limited to addressing procedural defects and not reassessing the appropriateness of the ICO's response. The Tribunal also noted the broad discretion afforded to the ICO in handling complaints, as affirmed by the Court of Appeal in Delo v Information Commissioner.

Conclusion

Ultimately, the Tribunal concluded that Hart's application lacked merit and was bound to fail. It determined that the ICO had appropriately handled Hart's complaint, and there was no basis for the Tribunal to intervene. The application was struck out under Rule 8(2)(a) and 8(3)(c) of the Tribunal Procedure Rules.

Implications

This case underscores the limited scope of section 166 applications and the broad discretion granted to the ICO in handling data protection complaints. It serves as a reminder that the Tribunal's role is to address procedural issues rather than reassess the merits of a complaint.

Learn More

For more information on data protection, see BeCivil's guide to English Data Protection Law.

Read the Guide