![[2025] UKUT 319 (AAC)](https://backend.juristeca.com/files/emisores/logo_3a2BKne.png){kind=logo}
General approach to construction of the GDPRs
General approach to construction of the GDPRs
Ms Proops emphasised the broad and weighty nature of the data protection scheme under the GDPRs, highlighting the potentially serious consequences of a breach of their provisions, including mass data protection claims in the civil courts, criminal sanctions for non-compliance(see sections 144, 148 and 173 of the DPA 2018), and the imposition by regulators of large fines and orders to stop processing data. These sanctions could cause significant disruption to a controller’s business and might, ultimately, prevent it from operating at all. Ms Proops submitted that the “significant, particularly weighty nature” of the data protection scheme should be a factor that is taken into account when deciding how broadly or narrowly the provisions in issue in this appeal should be construed and applied.
Against that backdrop, Ms Proops argued, construction of the GDPR engages four principles of statutory interpretation:
comity;
utility;
legal certainty; and
proportionality.
We agree that these principles are relevant, and we have borne them in mind in interpreting these provisions. Counsel for the parties took us to various domestic and EU law authorities to assist us in our task of construction.
- Heading
- The decision of the Upper Tribunal is to allow the appeal The decision of the First-tier Tribunal made on 17 October 2023 was materially in error of law. It is SET ASIDE under section 12(2)(a) of the Tribunals, Courts and Enforcement Act 2007 (“TCEA
- REASONS FOR DECISION
- Introduction
- The decision under appeal
- A summary of the relevant factual background
- The FTT’s decision
- The FTT’s findings of fact
- The FTT’s conclusions
- The issues in this appeal
- Appeal ground 1
- Appeal ground 2
- Appeal ground 4
- Additional Reason 1
- The scope of the appeal - admitting the additional reasons arguments for consideration
- Permitting Privacy International to intervene in the appeal
- Permitting Clearview to rely on a written reply to Privacy International’s skeleton argument
- Reliance on the evidence filed by Privacy International
- Reliance on legal arguments not raised before the FTT
- Legal framework
- Relevant legislative provisions
- The GDPR
- The UK GDPR
- “Article 2 This Regulation applies to the automated or structured processing of personal data, including
- 1A. This Regulation also applies to the manual unstructured processing of personal data held by an FOI public authority This Regulation does not apply to
- “Article 3
- The 95 Directive
- The Law Enforcement Directive
- State immunity and foreign act of state
- Material scope: the caselaw
- Territorial scope: the caselaw
- The Travaux in respect of the GDPR
- The EDPB Guidelines
- Data subjects in the Union
- The burden of proof in appeals against ICO Notices
- Analysis
- The parties’ positions on material scope in brief
- What the FTT decided in relation to Article 2(2)(a)
- General approach to construction of the GDPRs
- Domestic authorities on comity, extra-territoriality and utility
- EU authorities on extra-territorial effect and comity
- Certainty and foreseeability
- Proportionality
- EU law authorities on the construction of Article 2(2)(a) of the GDPR
- Relevant comity principles
- Our construction of Article 2(2)(a)
- Analysis of Clearview’s proposed intersectional construction
- Alternative analysis based on the ICO’s construction
- Would regulation of Clearview’s data processing breach comity principles?
- Article 3(2)(b) GDPR: territorial scope
- What was the policy objective behind Article 3(2)(b)?
- The meaning of “related to” in Article 3(2)(b)
- The meaning of “behavioural monitoring” in Article 3(2)(b)
- Ground 1
- Ground 2
- Ground 3
- Ground 4
- Clearview’s Additional Reasons
- Additional Reason 1
- Additional Reason 2
- Additional Reason 3
- Additional Reason 4
- Conclusions