Chowdhury v Secretary of State for the Home Office & Ors

The claim concerned subject access requests under s.7 of the Data Protection Act 1998 and s.94 of the Data Protection Act 2018 and whether the security and intelligence agencies were obliged to disclose personal data or to confirm or deny processing. The defendants relied on ministerial national security exemption certificates issued under s.28 of the 1998 Act and s.111 of the 2018 Act (and the companion provisions ss.27 and 110) which the court was required to treat as conclusive evidence that the national security exemption applied to operational data within the scope of the agencies' statutory functions.

Applying CPR 24.2, the court concluded the claimant had no real prospect of success because the exemptions were unqualified and covered the operational data she sought; the only route to challenge the certificates is by appeal to the Upper Tribunal. The claimant’s other applications (for injunctions, disclosure and further information) fell away once the principal claim was dismissed. The court also held that the use of a "neither confirm nor deny" response was appropriate where the certificates applied.

The claimant, self-represented, issued a claim seeking disclosure of personal data in response to subject access requests made to MI5, MI6 and GCHQ (requests described in the particulars as made since 2017, 2022 and 2023). She alleged the agencies had responded with "neither confirm nor deny" answers and sought an order under s.7 of the 1998 Act and s.94 of the 2018 Act requiring disclosure, together with compensation.

The defendants applied to strike out pursuant to CPR 3.4(2)(a) and/or for summary judgment under CPR 24.2, supported by a witness statement exhibiting ministerial exemption certificates and examples of the agencies' responses. The procedural history included an earlier urgent pre-claim hearing (dismissed by Lambert J), initial proceedings in the County Court at Clerkenwell and Shoreditch, transfer to the High Court by District Judge Sterlini, and directions given by Hill J and Nicklin J about sequencing the dismissal application before other applications.

The court framed the issues as: (i) whether the ministerial certificates established the national security exemption as a bar to the claimant’s rights of access under s.7 (1998 Act) and s.94 (2018 Act); (ii) whether the claimant’s pleadings disclosed reasonable grounds and a real prospect of success; and (iii) whether summary disposal was appropriate.

The judge reviewed the relevant statutory scheme: s.7, s.13, s.27 and s.28 of the 1998 Act and s.82, s.94, s.110 and s.111 of the 2018 Act. The court accepted the defendants’ evidence that the data sought would be operational data processed in performance of the agencies’ statutory functions and therefore within the scope of the s.28 and s.111 certificates exhibited. Those certificates are, by statute, conclusive evidence that exemption is required for safeguarding national security and are unqualified in their effect. The court held it could not go behind the certificates and that the appropriate route to challenge them is by appeal to the Upper Tribunal applying judicial review principles. As the claimant had no real prospect of success on the core claim, summary judgment was appropriate and the claim was dismissed. The judge added that an NCND response can legitimately be given both where data exist and where they do not, and that the claimant’s subsidiary applications were rendered unnecessary by dismissal of the claim.

The court granted the defendants summary judgment under CPR 24.2 and dismissed the claimant's claim. The judge held that ministerial certificates under s.28 of the 1998 Act and s.111 of the 2018 Act are conclusive evidence that the national security exemption applies to operational data processed by MI5, MI6 and GCHQ, so the claimant had no right of access to the operational personal data she sought; the certificates can only be challenged in the Upper Tribunal.

The claim began in the County Court at Clerkenwell and Shoreditch (claim no. K01EC754) on 25 April 2023. An urgent pre-claim without notice application was dismissed by Lambert J (date and reasons given in judgment). On 21 June 2023 District Judge Sterlini transferred the claim to the High Court and adjourned interim relief. Directions were given by Hill J and by Nicklin J (including sequencing the dismissal application before other applications). The present judgment is a first-instance High Court decision dismissing the claim; the judgment records that the only statutory route to challenge the ministerial certificates is by appeal to the Upper Tribunal under the relevant statutory provisions.