YZ v The Chief Constable of South Wales Police

The Court of Appeal dismissed the appeal against the Administrative Court’s refusal of judicial review. The primary legal issues concerned the retention on police national and local records of personal and sensitive data about the appellant, including records of his acquittal, and compliance with the Data Protection Act 2018 (in particular Part 3, sections 31, 34, 35 and Schedule 8), and Article 8 ECHR. The court accepted that the NPCC record-deletion Guidance and the College of Policing Authorised Professional Practice on Management of Police Information (MoPI APP) provided the lawful policy framework applied by the police.

The court held that (i) the Guidance does not improperly place an evidential burden on applicants to justify deletion; it reasonably invites applicants to provide information to enable the controller to assess whether retention remains necessary; (ii) the appropriate statutory tests under the DPA (including strict necessity for sensitive data and proportionality) were applied and, on the facts, retention was strictly necessary for law enforcement and safeguarding purposes; and (iii) retention complied with Article 8 ECHR because any interference was in accordance with the law and proportionate to protect others. The appeal was therefore dismissed.

Background and parties: The appellant (YZ) was tried in 2012 and unanimously acquitted of three counts of rape (a Category 1 offence). Records of the charges and acquittal were retained on the Police National Computer (PNC) and on local police systems. YZ applied for deletion of the PNC record and biometric data; DNA and fingerprints were automatically deleted under the Protection of Freedoms Act 2012 but the PNC record remained. The application to delete the PNC entry was refused by a South Wales Police Record Deletion Panel and that refusal was upheld on internal review. YZ sought judicial review of the refusal and challenged retention under the Data Protection Act 2018 and Article 8 ECHR. The High Court (HHJ Jarman QC) dismissed the claim ([2021] EWHC 1060 (Admin)); YZ appealed to the Court of Appeal.

Relief sought: Deletion (erasure) from all police records, national and local, of all personal and sensitive data relating to YZ, including data about his acquittal and other intelligence, so as to achieve a ‘clean sheet’. In the proceedings below the principal, properly targeted, claim was for deletion of the PNC record of the acquittal.

Procedural posture: Appeal from the Administrative Court ([2021] EWHC 1060 (Admin)). The National Police Chiefs’ Council intervened. The claim’s scope expanded during litigation to challenge retention of other personal and sensitive data; the court emphasised that the appellant had not previously sought deletion of that wider material and did not challenge the lawfulness of the national policies (the Guidance and MoPI APP) themselves.

Issues framed: (i) Whether the NPCC Guidance and its application unfairly or unlawfully placed the burden on an applicant to justify deletion in breach of s.34(3) and other requirements of the Data Protection Act 2018; (ii) whether the decisions to retain the PNC/local records met the DPA tests (including strict necessity for processing sensitive data under Schedule 8) and were lawful, fair and proportionate; (iii) whether the Guidance and/or the decisions complied with Article 8 ECHR.

Court’s reasoning: The court proceeded on the premise that the Guidance and MoPI APP were lawful policies and that the decisions under challenge applied those policies. It held that the Guidance reasonably invites applicants to provide evidence to enable the controller’s assessment; this does not shift the statutory burden of compliance with the DPA from the controller. The court considered the relevant DPA provisions (Part 3; s.31 definition of law enforcement purposes; s.34 data protection principles; s.35 and related provisions on sensitive data; Schedule 8) and the MoPI APP national retention criteria. On the facts, the reviewing officer had examined the PNC entry alongside local intelligence (including allegations of domestic abuse, safeguarding concerns, information on extremist associations and mental health concerns) and reasonably concluded that retention was strictly necessary for law enforcement and safeguarding. The judge below had properly conducted the strict necessity and proportionality assessment, and the appeal did not identify a defect requiring reversal. The court therefore dismissed the appeal and held that retention was compatible with Article 8.

Appeal dismissed. The court upheld the High Court’s dismissal of the judicial review claim because the record-deletion decisions were taken under and in accordance with lawful policies (the NPCC Guidance and the MoPI APP), the Guidance did not impermissibly place the burden on the applicant to justify deletion, and on the available material the retention of the PNC and local records was strictly necessary for law enforcement and safeguarding and proportionate under the DPA (including Schedule 8) and Article 8 ECHR.

Appeal to the Court of Appeal from the Administrative Court (HHJ Jarman QC) judgment: [2021] EWHC 1060 (Admin). Permission to appeal was granted (noted in the judgment) and the appeal was heard in the Court of Appeal resulting in this judgment: [2022] EWCA Civ 683.