GDPR – Overall

  • Lawfulness
    • Principle: Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
    • Protocol: The Data Protection Act 2018 ss 8 and 10 supplements the GDPR to provide explicitly for the lawfulness of the publication of court judgments. We index and annotate those cases, but do not ourselves publish them. Our data is derived from Courts which have in each case made a positive choice to make the material public, to create a document for general publication and to distribute it for publication. The court considers in each case whether anonymisation is needed, either of its own volition, or on the application of a party.
  • Purpose
    • Principle: Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
    • Protocol: Our purposes are to support those researching UK and related law, whether to support litigation, research or for study.
  • Data minimisation
    • Principle: Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
    • Protocol: We seek to avoid unnecessary additional personal identifiers. Thus we usually will remove first names from case titles. Historically this did not happen so we are working through older case listings to improve this.
  • Accuracy
    • Principle: Personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
    • Protocol: This can be particularly problematic for us, since judgments are being made by the Courts often as between conflicting versions of events. We manage this as best we can by restricting our summary reports of facts found to those required to understand the points of law identified. It is vital to understand that we cannot go behind the court judgment to assess the value of any case presented. Our task is to summarise the court findings.
  • Storage
    • Principle: Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
    • Protocol: Our earliest cases date from 1020 AD. Older cases find a way into our database generally because they have been relied upon by courts in recent times. We cannot always know what recent cases will come to be relied upon in the future.

      Legal research in the past was carried out by professionals in a particular manner with standard approaches to finding the points of law decided. More recently however, greater numbers of researchers are litigants in person, whose researches include very much less structured searching methods – looking for examples of applications of the sort they anticipate making. Such researchers do not have access to standard law libraries. That requires a much wider cast of cases to be kept and for much longer.
      As a matter of public policy, decisions have been made by government to publish a very much wider range of case law, including, for example, First Tier Tribunal, Employment Tribunal, Parole Board hearings, and wide ranges of cases involving care proceedings, and contempt of court hearings. We follow that public policy.

      It should be noted however that we always approach requests on a case by case basis.
  • Security
    • Principle: Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
    • Protocol: We hold no personal data on individuals beyond that already put into the public domain by the Courts.
  • Accountability
    • Principle: The controller shall be responsible for, and be able to demonstrate, compliance with the principles.
    • Protocol: We are clear as to who controls the data, and this paper attempts to demnstrate how we comply with the principles.
    • Please take a look at our other pages to see in more detail just what we do.