Important new privacy judgment: police retention of protestor’s data not an Article 8 infringement

June 1st, 2012 by Robin Hopkins

The Admin Court (Gross LJ and Irwin J) has handed down judgment this week in Catt v Association of Chief Police Officers and Commissioner of Police of the Metropolis [2012] EWHC 1471 (Admin). It is an extremely important judgment on Article 8 ECHR in the context of personal information retained for policing purposes. It is also notable for its analysis of protest as an inherently public activity.

The background

ACPO launched a National Domestic Extremism Database containing information provided by police forces. The Metropolitan Police subsequently assumed responsibility for the database. The database contained information relating to the attendance by the claimant (an 87-year old protestor of good character) at various political protests made by a group called “Smash EDO”. Smash EDO opposes a US arms manufacturer with a factory in Brighton; its activities have often involved violent disorder and criminality (though apparently not by the claimant), necessitating a substantial police presence. Police officers overtly gathered information (including photographic and video material) at those protests. They then compiled reports on the protests, identifying a number of individuals including the claimant. The information at issue in this case comprised those sorts of reports – they were about incidents rather than the claimant per se, although the claimant was identified in the reports. The defendants retained that information pursuant to the statutory Code of Practice on the Management of Police Information, made under the Police Acts 1996 and 1997, and associated Guidance on the Management of Police Information.

The issues

The overarching issue was whether this infringed Mr Catt’s rights under Article 8 ECHR, the right to respect for private life.

It is important (if not entirely surprising) to note how the parties and the Court saw Article 8 and the Data Protection Act 1998 interacting (see paragraph 6(iv)). All agreed that the DPA was theoretically in play, but added nothing: if the Article 8 claim succeeded then the DPA claim was not needed; if Article 8 was engaged, but the interference was justified, then the DPA claim would automatically fail; if Article 8 was not engaged, the prospects of success under the DPA were negligibly remote.

The issues were therefore: (i) whether there was an interference with the claimant’s rights under Article 8(1), and (ii) if so, whether this interference was justified. The Court said no on both counts, by application of the authorities to three crucial findings.

Crucial findings

First, the Court accepted the need for such information to be retained by the police. Gross LJ said this at paragraph 19:

“… the use of intelligence is a fundamental policing tool.  Investigators need the ability to identify relationships within protest groups. Likewise, they need to be able to identify individuals associated with the use of particular tactics, together with those with a propensity to violence, disorderly behaviour and organised coordinated actions.  Although Mr. Catt has not been convicted of any offence, the evidence, which again I accept, is that his close association with violent members of Smash EDO and knowledge of this association is of intelligence value.  Such knowledge forms part of a “far wider picture of information”… needed by the police, inter alia, to investigate incidents of criminality and to assist the policing of future events.”

Secondly, “the essential nature of such activity [protesting] is that it is of a public nature. Indeed, its very object is to make others aware of his views and the causes to which he lends his support” (paragraph 36).

Thirdly, given the violent disorder which characterised Smash EDO’s activities, it was reasonable to expect the police to gather and retain such information. This was especially so as this information had been gathered by over rather than covert policing.

Issue 1: Article 8(1) neither engaged nor infringed

Given those findings, the Court concluded that the claimant’s rights under Article 8(1) were not engaged at all. The claimant’s reliance on R (Wood) v Commr of Police of the Metropolis [2009] EWCA Civ 414 did not assist: the facts were different, and it would be “unreal and unreasonable” to find an infringement of Article 8(1) in the present case.

Issue 2: interference would in any event be justified

The Court went on to conclude that even if there had been an interference with Article 8(1), this would be justified. The claimant had argued inter alia that he was not personally suspected of criminality and that there was no democratic oversight of the database system. The defendant argued inter alia that, given Smash EDO’s activities, the retention of this sort of information – police reports as opposed, for example, to photos or video material – was reasonably necessary and proportionate.

Gross LJ (with whom Irwin J agreed) had “no hesitation in concluding that any interference with Mr. Catt’s rights was amply justified under Art. 8.2”.

His reasons included the following (paragraph 64):

“Any interference with Mr. Catt’s Art. 8.1 rights was at the margins. The reports, the product of overt policing, did no more than record Mr. Catt’s public activities, the very object of which was to convey his views to as wide an audience as possible.  The reports were compiled and retained for intelligence purposes, in accordance with the Code and the Guidance, with a view to an appropriate police response to a campaign marred by serious, persistent criminality and posing a significant public order problem.”

Irwin J agreed that there was no expectation of privacy here, applying the approach in Campbell v MGN [2004] UKHL 22.

At paragraph 70 he added that it was not easy to see “… how it can affect the engagement of Art 8.1 that the material is recorded by police officers as opposed, say, to journalists; or collated and held within the National Extremism Database, as opposed to a local history archive in the town where the demonstrations have been held.  The latter distinction was advanced by Mr Owen (“the entries were not recorded on any database…”).  The issue is not whether the individual concerned likes or dislikes the thought of the data being held by this or that body: the issue is whether a reasonable expectation of privacy arises.  In my judgment, it does not arise in respect of any of the information in this case.”

Irwin J did, however, add this observation at paragraph 70, which might give rise to interesting arguments in future cases on such issues:

“Different questions might arise if material recorded in that context were collated with material which was private in its nature.  That does not arise in this case.”

What about ongoing retention of this information?

Gross LJ thought it sensible for the police to review its retention of this sort of information when the Smash EDO campaign concludes, but he agreed with Irwin J’s comments at paragraph that 73:

“… even when the Smash EDO campaign ends, it may yet be justifiable to retain some or all of this information.  The picture here is that there are connections between this group and parts of the animal rights movement, active before this group was formed.  It may be a legitimate function of intelligence to keep records of this group after it has ceased to be active, the better to understand the risks associated with after-coming groups with overlapping membership.  To my mind, there is no expectation that a review at a suitable point in the future will conclude otherwise.”

Robin Hopkins


November 18th, 2011 by Rachel Kamm

The Chancery Division has considered the scope of the database rights in the Copyright, Designs and Patent Act 1998  in Forensic Telecommunications Services Ltd v Chief Constable of West Yorkshire [2011] EWHC 2892 (Ch).

The Claimant was a forensic services company, which recovered digital evidence from mobile phones for criminal investigations. It had a list of the permanent memory absolute addresses for different types of phone (known as PM Abs addresses) and it created software from this list. The Claimant had granted the security service a licence to use the software, but this did not extent to law enforcement agencies. A police officer (who was the Second Defendant to the claim) received several PM Abs addresses from a security operative and he posted them on the internet. Other law enforcement officers added to the list. The police officer created a list which contained 32 of the Claimant’s 33 PM Abs addresses. The police officer used this list to create software that was similar to the Claimant’s software.

The Claimant issued a claim against the police officer’s force (the Chief Constable of West Yorkshire) and the police officer personally, alleging infringement of its copyright and database rights.

The Court found that no copyright subsisted in the individual PM Abs addresses because the skill, judgement and labour expended in ascertaining the addresses was not of the right kind to attract copyright protection. The PM Abs list was however a database because the addresses were systematically arranged and individually accessible (meeting the test in section 3A of the Copyright, Designs and Patents Act 1988) and therefore it was not protected by copyright. The Claimant had made a substantial investment in obtaining and verifying the data on the list and therefore a database right subsisted in the list. The police officer had extracted and re-utilised a substantial part of the database and thereby infringed the Claimant’s database right. The police force was vicariously liable for this act of infringement.

The Claimant also succeeded in a claim for breach of confidence against both Defendants. The PM Abs list had the necessary quality of confidence, since it was valuable information collated by  the Claimant through the exercise of skill, judgement and labour which was not in the public domain. The police officer had misused this confidential information by posting the list on the website forum and making copies of it for his own use. The police force was again vicariously liable for the police officer’s actions.


January 5th, 2011 by Robin Hopkins

In Football Dataco & Others v Yahoo! UK Ltd & Others, the Court of Appeal has referred to the ECJ questions on the interpretation of Directive 96/9 on the Legal Protection of Databases. Its principle question was: what is meant by “databases which, by reason of the selection or arrangement of their contents constitute the author’s own intellectual creation”?

The databases in question comprised football fixture lists in the English and Scottish leagues. The defendant used these without paying the claimant (an organiser of football fixtures). The claimant contended that, by arrangement of its contents, the fixture list became its “own intellectual creation”, thereby attracting the Directive’s protection. The defendant’s stance was that these lists did not attract such protection, because they were merely the fruits of “sweat of the brow” – in other words, compilation, but not creation.

The Court of Appeal observed that the ECJ’s answers to its questions had wide implications for the legal protection not only of sports fixture lists, but possibly also of TV listings, which required comparable energy and skill to compile.


November 15th, 2010 by Robin Hopkins

The Information Commissioner has delivered his latest report to the Home Affairs Select Committee on “the state of surveillance” in the UK. The report traces privacy-related developments since the Commissioner’s 2006 report on the same theme, which memorably observed that the UK may be “sleepwalking into a surveillance society”. According to the November 2010 report, that warning

 “… is no less cogent in 2010 than it was several years ago. It is not being suggested that the UK is a ‘police state’ or that there are surveillance conspiracies afoot against the public. Neither the 2006 report nor this one supports such an assumption, and evidence for it is lacking. Much of what is taken to be surveillance is done for benign reasons and has beneficial effects on individuals and society. But much surveillance also goes beyond the limits of what is tolerable in a society based on the rule of law and human rights, one of which is the right to privacy.”

The report provides an illuminating summary of trends in (amongst others) the use of CCTV, body scanning and border control (including ‘ethnic targeting’ for security searches), workplace monitoring, social networking, ‘crowdsourcing’, the monitoring of protest activities and even the use of unmanned drones. Scrutiny is also given to a number of governmental policy tools, such as databases and the use of ‘social sorting’ (eg into groups such as ‘high cost, high risk’ social groups who are vulnerable to social exclusion’) to develop targeted welfare strategies.

As regards private-sector online commerce, the Commissioner recommends a number of measures to correct what he describes as the “worrying trend particularly with those who provide on-line services not to have thought through the privacy implications of their activities and given users robust privacy settings as a default”.

What to do about the risks identified in the report? The ICO’s recommendations focus principally on overhauling the legislative process insofar as it affects privacy, by introducing: 

  • a requirement for a privacy impact assessment to be presented during the parliamentary process where legislative measures have a particular impact on privacy;
  • an opportunity for the Information Commissioner to provide a reasoned opinion to Parliament on measures that engage concerns within his areas of competence, and
  • a legal requirement to make sure all new laws that engage significant privacy concerns undergo post-legislative scrutiny to ensure they are being implemented and used as intended by Parliament.

If implemented, these measures would add substantially to the ICO’s clout as the guardian of privacy.

The report can be found here, with the accompanying press release from the ICO here.


June 30th, 2010 by Timothy Pitt-Payne QC

The Coalition’s Programme for Government contains a great deal that is of interest to information lawyers: see here.  But when and how will any of this be given legislative effect?

The Queen’s Speech was delivered on 25th May 2010. The website of the Prime Minister’s office gives a list of the proposed Bills , with further information about each one. Three of the proposed Bills have potential implications for information law.

(i) The Public Bodies (Reform) Bill will enhance the transparency and accountability of quangos: though it is not clear as yet whether enhanced information access rights will play a role in this.

(ii) The Decentralisation and Localism Bill will (among other matters) require public bodies to publish online the job titles of every member of staff and the salaries and expenses of senior officials.

(iii) The Freedom (Great Repeal) Bill is intended to cover a wide range of subjects, to be announced in due course: it may include an extension to the scope of FOIA, and also various provisions in relation privacy (e.g. relating to CCTV cameras, and the DNA database).

Of these Bills, it is the third that is likely to be much the most significant. 


June 17th, 2010 by Timothy Pitt-Payne QC

Sharing patient information in the NHS has proved highly controversial.  We posted about this subject here a while back.  Now there’s a new report from UCL researchers, suggesting that two key recent NHS IT programmes for handling patient information have so far delivered only modest benefits.   A short summary appears here, with links to the executive summary and the full report.  A research paper based on the findings has been published in the BMJ.

The three year UCL project looked at the Summary Care Record (SCR) and at Healthspace, both introduced as part of the NHS National Programme for IT. 

The SCR is an electronic summary of key health data, taken from GP records and other sources, and available to a range of NHS staff.   According to the UCL report, very few people had chosen to opt out; less than 1% of those who had been sent the relevant information.  But SCRs were not yet widely used; even where available, they were only accessed in 21% of clinical encounters.  So far there was little evidence that SCRs improved patient safety or reduced consultation length or hospital admissions.

HealthSpace is a tool that allows patients to update their own health information, plan healthcare appointments, and contact their GP via a secure internet connection.  So far, take up has been very low.  According to the UCL study only one person in 200 who was invited to open a basic account did so, and only one in 1000 opened an advanced account.

The report’s lead author, Professor Greenhalgh, is quoted as saying:  “This reseach shows that the significant benefits anticipated for these programmes have, by and large, yet to be realised – and that they may be acheived only at high cost and enormous effort … It serves to demonstrate the wider dilemma of national databases:  that scaling things up doesn’t necessarily make them more efficient or effective.”  

DNA Database – A Controversial Behemoth

November 24th, 2009 by Anya Proops

The police DNA database for England and Wales is currently the largest DNA database in the world. It has in excess of 5 million profiles, including the profiles of many individuals who have been found to be innocent of any charges made against them. The rapid development of this vast database has inevitably fuelled debates about the rise of the Surveillance ‘Big Brother’ State. Most notably, concerns have been expressed that the database unjustifiably interferes with the individual’s right to privacy, particularly having regard to the retention of records relating to people who have not been convicted of any offence (there are at least 850,000 profiles of such persons on the DNA Database). Earlier this year, these concerns resulted in a judgment by the European Court of Human Rights that the existing approach to the retention of DNA data relating to unconvicted individuals was unlawful (Marper v UK see also my earlier post on the Marper case). Concerns have also been expressed as to the disproportionate presence of individuals from ethnic minorities on the database, particularly young black men, and as to the resulting discriminatory potential which is effectively built into the system.

Two recent important developments suggest that the controversies surrounding the database are only likely to intensify in the coming months. First, the government has opted to use the Queen’s Speech to lay before Parliament a bill which contains a number of inevitably controversial provisions relating to the database (the Crime and Security Bill). Second, a government backed commission, the Human Genetics Commission (HGC) has today issued a report entitled Nothing to Hide, Nothing to Fear?’ which criticises a number of aspects of the existing database system.

The following aspects of the Bill are particularly worthy of note:

·         The Bill contains provisions aimed at giving the police additional powers to take DNA samples from individuals who have been previously arrested for crimes but whose biometric has yet to be obtained. The effect of the provisions is that the police will be entitled to take biometric data from someone who may have been arrested some time ago and before the new provisions came into force (clause 2(1)). The provisions also afford the police new powers to take DNA samples from UK nationals or residents who have been convicted overseas of serious sexual and violent offences (clause 3(1)). These powers would equally apply to convictions occurring prior to the coming into force of the new provisions.


·         The bill also sets out a statutory framework for the retention and destruction of biometric material (including DNA samples, DNA profiles and fingerprints) that has been taken from an individual as part of the investigation of a recordable offence (clause 14). These powers were consulted upon in the Keeping the Right People on the DNA Database paper published in May 2009. In effect, the provisions envisage a somewhat more nuanced approach to the retention of data with retention periods for the various categories of data depending on a number of factors including the age of the individual concerned, the seriousness of the offence or alleged offence, whether the individual has been convicted, and if so whether it is a first conviction. Most notably:


o   the fingerprints and DNA of adults who are arrested but unconvicted will prima facie be retained for a period of 6 years


o   the fingerprints and DNA of adults who are convicted will be retained indefinitely


o   lesser retention periods apply to persons under the ages of 18 and 16 and, in respect of such minors the gravity of the offence will be in issue


o   chief constables are however afforded a power to determine that any retention period may be extended by up to two years for reasons of national security


o   all DNA samples must be destroyed six months after being taken.


·         The Secretary of State will be afforded powers to make a statutory instrument prescribing the manner, timing and other procedures in respect of destroying relevant biometric material already in existence at the point the legislation comes into force. This will enable the Secretary of State to ensure that the retention and destruction regime set out in this Bill is applied to existing material (clause 19).


·         The National DNA Strategy Board which already exists to oversee the operation of the database will be put on a statutory footing (clause 20).

It remains uncertain whether any of these provisions will make it onto the statute books in advance of the forthcoming general election. However, it must be said that the growth in police powers which would be afforded under the Bill does not sit particularly comfortably with the serious concerns as to the existing system identified in the report from the HGC. Those concerns include, not least, concerns about the disproportionate representation of members of ethnic minorities; the retention of data relating to unconvicted persons for any period of time and, further, the problems of function creep.

This I can do at home

November 23rd, 2009 by Timothy Pitt-Payne QC

The last Queen’s speech before the election includes another proposal for databases about children; this time, in relation to children who are being home educated.

The background is that in January 2009 the Department for Children, Schools and Families (DCSF) commissioned Graham Badman to carry out a review of the current system for supporting and monitoring home education. The report (available here) was published in June 2009. Its first recommendation was that the DCSF should establish a national registration scheme, locally administered, for all children of statutory school age who are, or become, home educated.

On 11th June the Government launched a consultation about registration and monitoring proposals for home education. Unfortunately I cannot link to the consultation document itself, as it is currently unavailable on the DCSF website. The key proposals in the consultation document were these.

2.1 Register of home educated children
The review recommends that DCSF establishes a national registration scheme, locally administered, for all children of statutory school age who are, or become, electively home educated. The scheme described in the review is one where education and safeguarding issues are both considered as part of the registration process, with an initial statement of educational intent forming the basis for subsequent educational monitoring arrangements. The review response acknowledges that ultimately the scheme would need to be underpinned by guidance and training for local authority staff in order to work effectively. We accept that it will take time to put the full scheme in place particularly where more work is needed to provide more comprehensive guidance on the practical interpretation of ‘efficient’ and ‘suitable’.
2.2 Registration would be granted automatically unless there were safeguarding concerns (see next section): if at any time a LA became dissatisfied with the quality of home education provided to a child, it would – as now – serve a school attendance order.
2.3 We propose to legislate now for registration and monitoring arrangements that will focus on safeguarding but should also improve the quality of education. They will have the following features:
• Every home educated child of compulsory school age must be registered with the local authority in which the child is resident;
• Regulations will specify the information that parents must provide which is likely to be child’s name, date of birth, address, the same information for adults with parental responsibility; a statement of approach to education, and the location where education is conducted if not the home;
• Scope to extend the scheme to 18 in future;
• Regulations will specify how registration should take place;
• Any changes to registration details should be notified immediately;
• Registration must be renewed annually;
• It will be a criminal offence to fail to register or to provide inadequate or false information;
• Pupils should stay on the school roll for 20 days after a notification to home educate;
• The school must provide the local authority with a record of achievement to date and predicted future attainment;
• DCSF will take powers to issue statutory guidance relating to registration and monitoring.
2.4 Safeguarding
The review recommends that local authorities should have a discretion to refuse registration where there are safeguarding concerns. In addition, if safeguarding concerns are identified after home education has begun, the LA would have powers to revoke registration. Each case would need to be considered on its merits, balancing the rights of parents to home educate, and the rights of children to receive a suitable education in a safe environment.
2.5 Monitoring arrangements
Local authorities tell us that they need greater powers to ensure that home educated children are safe, well, and receiving a suitable education. The current arrangements allow parents to submit evidence that a ‘suitable education’ is being provided, which could be mainly written evidence. Local authorities have no powers to interview home educated children to establish that sample material provided is representative of their work, nor to establish that they are safe and well.
2.6 We believe that local authorities should interview children within 4 weeks of home education starting, after 6 months has elapsed, and thereafter at least annually to assess the quality of education provided and ensure that children are safe and well. The local authority should visit the premises where education is conducted, and question the child about the education provided, although at least 2 weeks notice should be given before the visit is conducted. The local authority should have the right to carry out the interview without a parent being present, if this is judged appropriate, or alternatively if the child is vulnerable or has particular communication needs, in the company of a trusted person who is not the home educator or parent/carer.

The consultation closed on 19th October, and as yet there has been no Government response to it.  The Queen’s Speech  nevertheless includes a proposal for a Children, Schools and Families Bill, one element of which is to be a new home educators’ registration system. For the full text of the proposed Bill, see here.  The provisions about home education are in Schedule 1 to the Bill, and consist of proposed amendments to the Education Act 1996.   New section 19A(1) of the 1996 Act will require each local authority to maintain a register of home-educated children. Regulations will make provision for how parents can apply to have their children included in the register. The local authority must refuse registration if they consider that it would be harmful to child’s welfare for the child to become, or remain, a home-educated child. It seems that if registration is refused, and the child is not sent to school, then the likely consequence will be a school attendance order: see the proposed amendments to section 437 of the 1996 Act. Under new section 19H of the 1996 Act, regulations can be made requiring other local authorities, and schools, to share information with a local authority for the purposes of that authority’s home education functions.


There are four points to make about this. One is that the proposed registers are, in substance, a mechanism for parents to seek advance permission from their local authority before home schooling their children. Failure to register will not in itself be a criminal offence, but may lead to a school attendance order; and failure to comply with that order may be a criminal offence. Secondly, exactly what information is to be included in each register is unclear, and will be set out in regulations; but it may well be that the registers will include information about each child’s prospective home education, as well as basic personal details such as name and address. Thirdly, it is unclear as yet who will have access to these registers, and for what purpose.  And fourthly, there are to be specific information-sharing provisions in connection with home education.


Home Office publishes response to its consultation on communications data

November 16th, 2009 by Robin Hopkins

The Home Office has published a summary of responses to its April 2009 consultation paper on ‘communications data’, i.e. information about a communication that does not include the content of the communication itself. At present, such data is owned by communications service providers and accessed by certain public authorities under disparate statutory powers for the purposes of combating, for example, fraud, terrorism and other serious crime. The government is considering an overhaul so as to bring all communication types (such as web chat) and all relevant service providers (some of whose contractual positions place them beyond the current statutory arrangements) within the system.


The attendant tension between individual liberty and public protection is reflected in the 221 responses to this consultation.


A substantial minority of respondents objected in principle to any ‘surveillance’ of communications. A majority (albeit a fairly narrow one) agreed that communications data served an important public purpose and that the government should therefore act to maintain the capability of public authorities to make use of this type of information.


As to what form this action should take, only one element of the government’s proposed approach was widely welcomed, namely its rejection of a central database for holding all data of this type. Reservations were otherwise expressed about technological feasibility, data security and the proportionality of public authorities’ use of communications data.


Nonetheless, such reservations were not deemed forceful or widespread enough to deter the government from its proposed course. A number of respondents’ suggestions have been rejected, including the specifying of categories of data which should not be retained, and the requirement for a magistrate’s authorisation before communications data can be accessed.

The government is also satisfied that the DPA 1998 and RIPA 2000 provide sufficient safeguards against abuse of such data. A legislative review is, however, proposed, to see if a single means of authorised access (through RIPA 2000) would be practicable. Fresh or consolidating legislation appears likely.

High Court Judgment on Inspection of Personal Data

May 29th, 2009 by Anya Proops

The High Court has recently handed down an interesting judgment on the extent to which redacted personal data contained in documents disclosed in the course of litigation was vulnerable to inspection. The judgment also highlights some of the limits which may be placed on parties seeking inspection of databases containing personal data. In Webster & Ors v Ridgeway Foundation School Governors [2009] EWHC 1140 (QB), the claimants had brought claims against the governors of a school on the basis that they had suffered racially motivated assaults on school property. They alleged that the governors had caused or contributed to the injury by negligently failing to maintain proper disciplinary standards or otherwise taking proper care with respect to pupil security, particularly by allowing racial tensions to develop. During the course of standard disclosure, the governors disclosed a log of investigations into racist incidents, bullying and aggression in the school. Moreover, one of their witness statements disclosed the existence of a computerized system used to record pupil behaviour. The governors allowed inspection of the disclosed documents but redacted the names of purported victims of racism, bullying and aggression. The claimants sought disclosure of the redacted names and, further, of the computerized system. They argued that they needed to access this information in order to assess whether there were other pupils who might be able to provide useful evidence and that they had a right to inspect that information given that its existence had been disclosed by the governors.

Nicol J refused the claimants’ application for inspection of the redacted information and the computerized system. He held that that the mere fact that a document had been disclosed did not mean that there was an automatic right of inspection in respect of all of the information it contained, not least this was because some of the information in the disclosed document may not be relevant to the matters in issue. On the facts of the instant case, Nicol J found that inspection of the redacted names could and should be refused on the basis that: (a) it would amount to an interference with the privacy rights of the individual children named in the documents; and (b) that interference was not necessary in the instant case as the claimants did not need to know the identities of the purported victims in order to have a fair trial or for the fair disposal of the litigation (Science Research Council v Nasse [1980] AC 1028 HL applied). With respect to the computerized system, Nicol J accepted that mention of a document in a witness statement could be equated with inclusion of a document in a disclosure list and, hence, prima facie it would give rise to an obligation to permit inspection. However, he also held that that general proposition was subject to the qualifications contained in CPR 31.3, which included the right to object to disclosure on grounds of proportionality. Nicol J went on to find that permitting inspection of the computerized database would be disproportionate, particularly because: (a) the governors would have to redact the entire database to ensure that any private information relating to individual pupils and, further, any irrelevant information was not disclosed, which was a very substantial task and (b) undertaking this task was disproportionate having regard to any possible benefit for the claimants and the issues in the case.