On 1 April 2025, the High Court ruled on an application for specific disclosure in a case involving various alleged breaches of the UK GDPR in the wider context of road traffic claims.
DWF were processing health data as part of a fraud investigation, challenging low-value road traffic claims (in which 95% of claims represented by the claimant firm alleged psychological injury). The claimants alleged that DWF's witness statement involved processing health data without consent, which they complained was a breach of the UK GDPR, and that the statement was inadmissible and unreliable. They submitted a specific disclosure application for documents processed by DWF.
Although the witness statement did include special category data, DWF argued that it was necessary for the defence of its clients. On this basis, the High Court rejected the claimants' disclosure application against DWF on the grounds that it amounted to a 'fishing expedition' over documents subject to privilege or not relevant to the issues. The judge described the request as 'designed to see what other material might be available to cast questions as to the reliability of [the witness statement]'.
Comment
The ruling highlights that in the context of disclosure requests, there is a need for relevance and specificity - these applications are not to be used as a means to conduct broad and speculative investigations. Organisations that might be subject to such disclosure requests should ensure they have a lawful basis for processing, and privacy notices setting out how data is processed.
Generally, the courts will not be the fora for requesting access to personal data – this is best done through a data subject access request rather than a specific disclosure application – but law firms should be aware of the increasing risk of litigation arising from (sometimes egregious!) data claims.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.