How not to do it: object lessons in discovery and data protection from Her Majesty’s Government

Her Majesty’s Government has been giving us some object lessons in discovery and data protection recently. We have had documents missing at court, reluctance to swear affidavits about documents, and curious redactions. Now we have been offered spurious GDPR / personal information reasons for withholding messages about government business, and a threat of tracking and data-harvesting on government websites in a way which suggests that Facebook’s morals and business methods have been imported into government. The whole thing stinks.

Look away now if you wish to be spared the political context in which all these things have become normalised. The context, of course, is Brexit, which began with a referendum won by fraud, by foreign interference, and by the skilful collection and use of data to target undecided voters. That has brought us Boris Johnson as Prime Minister, a man whose every word is a lie, an exaggeration or a distortion. He is in hock (political hock, I mean – I wouldn’t dream of suggesting that money has changed hands) to a group of far-right extremists and vulture capitalists who will benefit from a no-deal Brexit first by shorting the crashing Pound, second by picking over the carcass of British business and industry, third by the removal of regulatory protection for workers, food and other essentials, and last by US trade deals in which we will necessarily be the weaker partner.

Johnson has been encouraged in all this by Dominic Cummings, who masterminded the skilfully dishonest Leave campaign in 2016. Cummings is one of those people whose maxim is “Move fast and break things”, and he seems indifferent what gets broken – the Union, the Conservative Party, the rule of law, the constitution, and any standards of decency and public morality are all either in his sights or will be broken by-products of his grim determination to win at any price.

Constitutional lawyers have been in a frenzy of excitement over the results, which have disturbed a sleepy backwater of the law whose strength lies in the fact that it is rarely disturbed. Those with an interest in discovery / disclosure of documents and in privacy and data protection have also been wearily amused by different aspects of it all – “wearily” in my case because I have plenty else to be writing about. One cannot, however, ignore the growing pile of case studies from the government showing how not to do it.

What follows is a summary of points relevant to discovery which have emerged over the last few days. I make no attempt to examine the constitutional context of each example (which is well beyond my range), merely pointing out where discovery points overlap with the political and constitutional ones.

The missing witness statement

As I write, the case brought by Joanna Cherry QC and others in the Scottish Courts has resulted in the unanimous conclusion by the Court of Session that Boris Johnson lied to the Queen about the reasons for his wanting to prorogue Parliament and that, in consequence, the prorogation was unlawful.

A party to such an application is required to produce relevant documents. The government seemed reluctant to produce much about the decision-making, despite the fact that its motive was central to the case. It was not that there were obvious specific omissions, but observers at the original hearing got that sense (known to anyone who has engaged in discovery exercises) that “there must be more than this”.

Furthermore, no-one on the government side seemed willing to sign a witness statement or swear an affidavit about the documents. Why should that be? No minister? No senior civil servant? Not one of the many government lawyers? The penalties for misleading the court include imprisonment, and perhaps even fear of brutal alleycat Cummings was not enough to make anyone risk that.

At least two people went to prison in England & Wales in the last year for misleading the court about documents in civil proceedings. Some lessons of general application arise from this case: one can sometimes almost smell defective discovery; cases can be lost for discovery / disclosure defects alone (see what I wrote here about Eaglesham v The Ministry of Defence where the defence was struck out for disclosure failures and went straight to assessment of damages). That article links to the Al-Sweady case where the Court of Appeal condemned by name an army officer who had been responsible for disclosure; it is no wonder that no-one volunteered to swear in support of a Johnson/Cummings plot; even if you don’t get banged up the Tower for deceiving the court, your regulator would take a dim view.


An odd side-point about redaction emerged during the Scottish hearing. One of the few documents put up by the government was this:


The redacted words proved to be “a girly swot Cameron”. This puerile dig at Johnson’s predecessor-but-one was taken to refer to the fact that David Cameron got a First at Oxford where Johnson got only a Second.

The discovery point is this: why was this document redacted at all? The most usual reasons for redacting document used in court are to do with state security, privilege or personal information. Petty insults are not covered. Who made the decision to redact that?

The Yellowhammer Report – GDPR and business information on private devices

Again cutting through the details, a newspaper received a copy of a government report called Yellowhammer whose purpose was to set out the implications of a “no deal” departure from the EU. The government obviously wanted to downplay its significance – it was old, it was a “worst-case scenario”, and so on.

In response to demands for its production, they raised two points, relevant also to the prorogation argument and other document demands, about the confidentiality of the people who were involved in the fact-finding and decision-making.

These things all have cross-overs with everyday discovery / disclosure, some analogous to a court’s consideration of an application for specific disclosure, some based on what is known about the giver of the document (albeit an involuntary giver in this case), and some to do with the content of the document.

If we look at the character of the party arguing against production, the Prime Minister and First Lord of the Treasury of the United Kingdom of Great Britain and Northern Ireland would in normal circumstances have the benefit of an assumption that he or she behaved honestly and decently. Boris Johnson had forfeited the right to that presumption long before he became Prime Minister – he lies for a pastime, without thought or care; his chief adviser, Dominic Cummins, as I observed above, was the genius behind the lies which won the EU Referendum. Those arguing on the House of Commons motion for production of the Yellowhammer documents had no compunction in calling Johnson dishonest and untrustworthy to his face. He gets no beneficial presumption in his favour. Courts considering evidence on any subject will inevitably take account of the credibilty of a party or witness (and in this case, the absence of any witness as to the documents).

Next, one looks at the document itself. This is one of the principles of discovery which it is easy to overlook in all the excitement about metadata – old-fashioned deductions made from actually reading the damn thing. It was possible to see from some of its contents that Yellowhammer dated from the beginning of August (after the Johnson administration took office). What was said about its date was a straight lie.

Worse, that lie was used to blame a former cabinet minister for its circulation – if it was as old as the government said, then only a handful of now-ejected ministers would have had copies of that version. So a lie was used to denigrate decent people.

The two other points related to officials and their devices. Attempts were made to justify the withholding of information first by asserting that the General Data Protection Regulation would have made it unlawful to produce it, and second by saying that some of the information was on private devices and could not therefore be released.

Did the government seek advice from its lawyers before raising this sort of bollocks? I hope not – I prefer to think of government lawyers standing up for the law and for the principles but being ignored, than to think that they would actually give such advice.

Let’s deal briskly with the two points. As to the GDPR, the relevant data might well have included documents or messages containing personal information protected by GDPR; that is justification for redaction, not concealment, and certainly not for concealment of the whole lot. As to the private devices point, discovery lawyers have grappled with this since smartphones and tablets were invented; if the data is business data, and relevant to the issues, then it should be produced, and if that means that some retrospective separation must be made, then so be it. If the civil service and political aides are not subject to policies and processes which manage this, then there is something seriously wrong with the policies.

Capturing data from GOV.UK

It is said that Dominic Cummings has ordered that all visitors to GOV.UK be tracked and their data amalgamated and analysed for use in “government” campaigns. I put “government” in quotation marks because it seems clear that the purpose is a party political one, allied to the heavy use of Facebook targeting which Cummings used with such success on the Leave campaign. Cummings’ direction is said to be extremely sudden and urgent; it is clearly not for the routine operation of GOV.UK but to identify the fairly small group of voters which is susceptible to mailshots and astroturfing. Johnson’s government is adopting the morals, as well as the methods, of Facebook.

Websites which collect and analyse user data are required to give warning of the uses to which the traffic data might be used, and to obtain positive consent. They are also subject to various regulatory constraints and requirements. Johnson and Cummings seem to think themselves above the law on other fronts; if you are content to lie to the Queen and to prorogue Parliament for party political purposes, then you won’t baulk at breaking data protection law.


Much of what I say above about general rules of discovery / disclosure reflects the position under the Civil Procedure Rules of England and Wales, which do not necessarily apply precisely to requests for data from government, and do not apply in Scotland which has its own rules. I do not need to rely on specific rules to assert that you do not conceal documents from a court; it needs no rule to suggest that there is a presumption of bad faith against those who are known to be dishonest.

There are, nevertheless, some basic points about discovery / disclosure which apply in all contexts – no-one apart from a politician, for example, would argue with a straight face that messages about the conduct of business are exempt from disclosure because they sit on an employee’s phone. It is common for organisations to whine that the GDPR prevents them from disclosing information; that usually reflects their willingness to obstruct and conceal rather than any point of law.

Like the constitutional lawyers, I am gripped with excitement at every new turn, while simultaneously feeling that we are headed to a very dark place. If we get nothing else out of this, let’s dispatch a few discovery myths.


About Chris Dale

I have been an English solicitor since 1980. I run the e-Disclosure Information Project which collects and comments on information about electronic disclosure / eDiscovery and related subjects in the UK, the US, AsiaPac and elsewhere
This entry was posted in Brexit, Discovery, eDisclosure, Electronic disclosure. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s