Leading national law firm DWF has been accused of breaching data protection laws while collecting evidence related to how a North London firm, Ersan & Co., pursued personal injury claims. The accusation emerged in an interlocutory ruling by Mrs Justice Eady on April 2, 2025, following a legal battle regarding the GDPR compliance of the evidence presented.

The Dispute: DWF's Use of Personal Data

The case centers around the use of personal data by DWF, which processed health data as part of a fraud investigation. The dispute arose after James Stevens, the former head of organised fraud at DWF, created a witness statement known as JS1 in 2021. This statement was used to challenge low-value road traffic claims in which Ersan & Co. represented the claimants. The statement analyzed 372 claims, revealing patterns such as 95% of claims including psychological injury allegations, and the majority involving psychiatric assessments and diagnoses.

The claimants, who sought to block the use of JS1, argued that DWF had processed their personal data—including sensitive health information—without consent, which they claim is a breach of GDPR regulations. They contend that DWF processed more personal data than necessary, and without the requisite consent from the individuals involved.

 

Legal Ruling and Data Protection Issues

In her ruling, Justice Eady found that JS1 did indeed contain personal data, including health data that would qualify as special category data under GDPR. However, DWF argued that the data collection and processing were necessary for the defense of its clients and that the claimants were attempting to undermine the use of the evidence.

The claimants, led by Ersan & Co., sought to have JS1 excluded on the grounds that it was inadmissible and unreliable. However, the application to exclude JS1 was rejected by the court, and the claimants' application for disclosure of additional documents was dismissed, with the court labeling their requests as a "fishing expedition".

Despite the accusations, DWF maintains that the data was processed within the lawful bounds of the litigation and that the GDPR violations claimed by the claimants were unfounded.

 

The Broader Implications of the Case

This case has raised important concerns over data protection in the context of legal proceedings. Specifically, it highlights how personal and sensitive data is being used by law firms in the defense of their clients, and whether such data is being processed in compliance with GDPR.

The GDPR stipulates strict rules on how personal data, especially special category data like health information, should be handled. This case underscores the need for clear and robust data protection practices within the legal sector, particularly when dealing with sensitive personal data in the context of litigation.

 

The Legal and Ethical Debate Over Data Use

The ongoing debate around the use of personal data in legal proceedings will likely have significant repercussions on future cases, particularly in the realm of fraud prevention and personal injury claims. The GDPR requires that data controllers (like DWF) ensure that the data processing is lawful, fair, and transparent, with specific provisions for the handling of sensitive data. However, this case has highlighted how even well-meaning data collection can face legal challenges when it involves sensitive personal data.

 

For any enquiries or information, contact info@thelawreporters.com or call us on +971 52 644 3004. Follow The Law Reporters on WhatsApp Channels