A comprehensive strategic review of the various appellate mechanisms for rights exercisable under the Data Protection Act is “arguably long overdue”, an Upper Tribunal judge has said.
In Scranage v Information Commissioner  UKUT 196 (AAC) Judge Wikeley found that the First-tier Tribunal had made some mistakes in how it dealt with Mr Scranage’s case, but those errors did not materially affect the outcome.
“Ultimately the First-tier Tribunal was right to conclude that (i) Mr Scranage’s [section 166(2)] application to the Tribunal was late; and (ii) he should not be granted an extension of time,” Judge Wikeley concluded.
The judge did, however, comment that there was a wider jurisdictional issue in play here.
“Plainly the GDPR requires that data subjects have an ‘effective judicial remedy’ against both a 'supervisory authority' (here, the [Information] Commissioner) and a data controller or processor (see GDPR Articles 78and 79 respectively),” he said.
“Domestic legislation provides that procedural redress against the Commissioner under Article 78(2) is sought from the Tribunal whereas substantive redress under Article 79 must be pursued in the courts (being the county court or the High Court).”
Judge Wikeley said: “The policy reason for this jurisdictional disconnect, which is hardly helpful for litigants in person, or for developing a coherent system of precedent, is not immediately apparent. A comprehensive strategic review of the various appellate mechanisms for rights exercisable under the DPA is arguably long overdue.
“This might include consideration of whether the section 166(2) procedure is working as anticipated. Anecdotally at least, the experience of both the First-tier Tribunal and the Upper Tribunal is that a significant proportion of these applications have little merit yet consume a considerable and disproportionate amount of judicial and administrative resources.”