Take 10 - 7 February 2025

Welcome to RPC's Media and Communications law update. This month's edition on key media developments and the latest cases.

First UK anti-SLAPP rules

The Civil Procedure Rule Committee has made amendments to CPR 3.4 (Power to strike out a case) and CPR 44.2 (Court's discretion as to costs) in order to implement the anti-SLAPP provisions at sections 194-195 of the Economic Crime and Corporate Transparency Act 2023 (the 'ECCTA').  The amendments will come into effect when section 194 ECCTA comes into force for all purposes (by virtue of section 219(2)(b), it is only currently in force for limited purposes).

When the rules come into force, the court will have an additional basis on which to strike out a claim, namely where (1) the claim is a SLAPP within the meaning of section 195 ECCTA (amongst other factors, that definition limits SLAPPs to claims over speech related to economic crime), and (2) the claimant fails to show that it is more likely than not they will succeed.

In addition, once the amendments are in force, the court will be unable to order a defendant to pay a claimant's costs in respect of a SLAPP unless the defendant's conduct justifies such an order. 

It will be interesting to see whether the court is prepared to determine whether a claim is a SLAPP within the meaning of s195 withoutthe new strike out mechanism being deployed, for example as a preliminary issue.  Defendants who succeed in showing a claim is a SLAPP through such a determination would appear to still be protected from adverse costs under the new rules: although the claim wouldn't be struck out, the defendant would still have secured a benefit which could significantly impact the dynamic of the claim going forward.  Bearing in mind that the new strike out mechanism will require the court to test the merits of the claim (which in many cases will be relatively costly), seeking a simple determination that a claim is a s195 SLAPP might in some cases be the more attractive option to defendants who believe they are facing one.

Mike Ashley v HMRC: A significant judgment in data subject access rights claim

Mike Ashley has succeeded in his claim against HMRC for breach of his fundamental data subject access rights.  Mr Ashley sent a SAR to HMRC in September 2022 seeking access to copies of his personal data processed by HMRC in the context of a tax enquiry into his Self-Assessment Tax Return.  HMRC failed to provide access to any personal data until February 2024, initially relying incorrectly on the tax exemption pursuant to Schedule 2, para 2 DPA 2018.  Reliance on the tax exemption was ultimately dropped save for in relation to two items of personal data. 

Mrs Justice Williams undertook a closed material procedure in relation to the two items of personal data withheld under the tax exemption and found they must be disclosed as "the suggestion that the text in question would provide an insight into HMRC's position with regard to the settlement of tax liabilities in the future is, at best, speculative" [200].   The Judge also ruled (a) that HMRC had applied too narrow a definition of "personal data" meaning it was "highly likely that HMRC had taken an unduly restrictive approach" in responding to the SAR [172]; and (b) that providing a data subject's name and initials (as HMRC had done on at least 21 occasions [173]) or "other entirely decontextualised personal data" would be unlikely to satisfy a data controller's obligations under Article 12 and 15 UK GDPR [211]. 

Mr Ashley has obtained a declaration that HMRC acted unlawfully in its handling of his subject access request.  It must now undertake a further review applying the correct definition of "personal data" (see guidance at paragraphs 175 – 183) and pay costs.  

This judgment is an important reminder of HMRC's duties to all taxpayers and will mean SARs are likely to be a powerful tool for taxpayers moving forward to enable them to understand how important decisions regarding them are taken. RPC acts for Mr Ashley.

Noel Clarke vs Guardian: Clarke's failed bid to strike out Guardian's defence

The actor Noel Clarke, who brought defamation (and data protection) proceedings against the Guardian in 2023 over the publication of articles detailing allegations of sexual misconduct, has lost his application to strike out the Guardian's defence only a few weeks before the full trial of his claim is due to begin.

Mr Clarke applied to strike out the Guardian's defence (either in whole or, alternatively, the public interest defence) on the basis that the Guardian's journalists had allegedly committed the common law offence of perverting the course of justice by apparently fabricating and/or suppressing evidence relevant to his claim.  The Claimant based his application on evidence indicating that, prior to publication of the articles (but long before any letter before action was sent), certain communications between journalists involved in the articles had been deleted.

Mrs Justice Steyn considered that per Douglas v Hello! (No.3) [2003] EWHC 5 (Ch) the court could not strike out a statement of case where documents had been destroyed before legal proceedings if this did not amount to a perversion of, or an attempt to pervert, the course of justice [30]. Further, even if such document destruction was found to amount to a perversion of or an attempt to pervert the course of justice, this alone could not justify striking out a statement of case. For there to be a strike out, it was necessary to prove that the document destruction prior to the commencement of proceedings amounted to a perversion of or an attempt to pervert the course of justice and that this rendered a fair trial impossible [31-39]. Steyn J emphasised that "the court's strike out power is not to be used as a punishment. The parties have rights of access to the court, at common law and pursuant to article 6 of the Convention. Any decision to take away such access should be proportionate, and so will entail considering whether a fair trial remains possible." [38].

Steyn J held that the Guardian had not perverted the course of justice in deleting a handful of documents prior to publication of the articles and receipt of any letter before action. Given the nature of the deleted documents and the mass of other evidence available to the court, the deletion of these documents was considered unlikely to have a material effect on the case [72]. Even then, the Guardian journalists had no intent to pervert the course of justice – they were deleting documents in line with the Guardian's data retention policy and were free to do so having not been ordered or otherwise been obliged to preserve these documents [73]. As for the allegation that the Guardian had fabricated evidence by deleting information to "modify the story", Steyn J held that "deletion is not fabrication, and such a grave allegation should not have been made and publicly aired without foundation. " [76]

Steyn J accordingly rejected the strike out application on the grounds that a) there was no perversion of justice; and b) the limited deletion of documents at the pre-action stage did not render a fair trial impossible given that the truth defence would rely on witness evidence to be heard at trial and that many documents and witness statements had already been served in respect of the public interest defence [78-79].  This follows a failed attempt by Mr Clarke at the PTR to introduce a claim of unlawful means conspiracy to his case ahead of the full trial which is due to commence on 3 March 2025.

Criminal's new identity protected subject to media challenge

The High Court has rejected an application by convicted rapist and child killer Colin Pitchfork for reporting restrictions to be put in place regarding a court hearing in which he challenged two Parole Board decisions.

The hearing concerned the Board's decision to deny Pitchfork access to information about new sexual assault allegations made against him ahead of his upcoming parole hearing in March. Pitchfork's claim was unsuccessful as the court considered he did not have an arguable case that his rights had been infringed.

Counsel for Pitchfork – who now goes by a different name - requested that reporting on this court hearing be restricted or that the hearing be otherwise held in private. This was on the basis that the media had been "unhelpful and destructive" when Pitchfork was previously released on licence, and that reporting on the hearing was likely to harm him and those connected to him and affect his rehabilitation plan.

Mr Justice Chamberlain refused to allow the hearing to be held in private in absence of "clear and cogent" evidence as to why this was needed. He stated that even if the court could restrain publication of Pitchfork's name there was no adequate basis on which to do so given that when challenging a Parole Board decision in the High Court, the claimant must make a claim in their own name. Chamberlain J considered that the public interest in Pitchfork's case also made a reporting restrictions order "wholly inappropriate."

Chamberlain J made a temporary reporting restrictions order regarding the reporting of Pitchfork's new name on the basis that publishing Pitchfork's new name could put him in danger on future release. However, he made it clear that the media could apply to challenge this decision.  Pitchfork's legal team now has 28 days to apply for this order to be made permanent. 

Sara Sharif: Court of Appeal rules that judges can be named

On 24 January, the Court of Appeal upheld the appeal brought by two freelance journalists and 8 national news organisations, ruling that the judges involved in the historic family court proceedings concerning Sara Sharif and her siblings can be named.

The Court of Appeal allowed the appeal on all grounds, ruling that the judge did not have jurisdiction to make the order under appeal; that his decision was procedurally irregular; and that judge had demonstrated inappropriate bias towards the media. Giving the leading judgment, Sir Geoffrey Vos, Master of the Rolls, took "the clear view that the judge had no basis…to think that articles 2, 3 or 8 [ECHR] were or might be engaged" and there was therefore no need to carry out a balancing exercise between article 8 and article 10 [69]. Vos MR accepted that Article 8 could, in theory, be engaged in respect of a judge hearing a case, but that it was a high threshold which could only be reached if "there was a real risk that a person's physical or psychological integrity might be undermined" [56]. The embargo on identifying the judges was lifted 7 days after judgment was handed down so that HMCTS could put in place measures to protect the judges from potential harm once their names were released. RPC acted for the eight national media organisations at first instance and the appeal. 

Wei & Ors v Long & Ors: Domain Name Registrar held not to be a publisher

The High Court has held that it did not have jurisdiction to hear a defamation claim brought against a US based Domain Name Registrar (D4), because it was not a publisher at common law and the conditions of section 10 Defamation Act 2013 were met. 

Four individual claimants brought claims in defamation, privacy, malicious falsehood and harassment against the first defendant (D1) an individual and three companies (D2-D4) on the basis that D1 had defamed and harassed the claimants in person and online via websites that the Claimants contended D2-D4 were responsible for.

At this interim hearing, D4, a US based Domain Name Registrar, disputed the court's jurisdiction to hear the claims against it on the grounds that i) they were not the publisher of the statements complained of under the common law, such that the order permitting service out of the jurisdiction should be set aside; and ii) they were not the "author, editor or publisher" of the statements complained of and, given that it was reasonably practicable for the Claimants to bring a claim against the author/publisher of the posts (D1), per section 10 of the Defamation Act 2013 the court did not have jurisdiction to hear a defamation claim against them. The court also had to consider, amongst other issues, the Claimants' application against D4 seeking an order from the court requiring D4 to remove the defamatory content from its website per section 13 Defamation Act 2013.

Key issues before the court at this interim hearing included whether D4 was a publisher under the common law; whether the court had jurisdiction to hear a defamation claim against D4 under section 10 of the Defamation Act 2013; and whether D4 could be ordered to take down the defamatory material under section 13 Defamation Act 2013.

As a Domain Name Registrar that did not provide web hosting services, D4 did not host or operate the website which contained the defamatory allegations and it had no control over the content posted on that website. It was therefore held that D4 was not a publisher at common law, whether primary or secondary [70-81]. It was also held that D4 was not an “author, editor, or publisher” per section 1(2) of the Defamation Act 1996 and, since the claimants had obtained default judgment against D1 (the author/publisher of the words complained of), section 10 Defamation Act 2013 applied. The court therefore granted D4's application challenging jurisdiction, setting aside the order allowing the Claimants to serve their claim on D4 in the US [113]. Regarding the section 13 application, because D4 had no control over the content of the website complained of, it could not be an "operator of a website" under section13(1)(a); a secondary publisher under the common law; or considered to be "distributing, selling or exhibiting material containing the statement” (section 13(1)(b)) [94-100]. The application against D4 was therefore dismissed [113]. 

Open reporting provisions now in force in family proceedings

Following a successful pilot in 2023, the judiciary recently announced that from 27 January 2025 where a transparency order is in place, accredited journalists and legal bloggers will now be able to report on all family court cases in England & Wales as they happen. Journalists will also be able to request access to certain court documents and interview people involved more freely without risking being found in contempt of court.

The presumption is that a transparency order, under which children and their families remain anonymised, will be granted unless there is good reason not to. Judges will still have powers to put reporting restrictions in place where necessary, however the initiative aims to open up the family courts to improve public understanding of important issues affecting vulnerable people such as child neglect and parental rights whilst still respecting the privacy of the families involved.

Whilst some are concerned that by permitting reporting on family cases this may create additional stress for those involved in the proceedings through fear of personal and sensitive information about their lives being featured in the media, Sir Andrew McFarlane, President of the Family Division, has nevertheless described the expansion as a "watershed moment" for family justice.

Journalists and media organisations seeking to report on family law cases should familiarise themselves with the Transparency Implementation Group (TIG)'s guidance on reporting from the family court here.

Ofcom and the UK Government tackle child sexual abuse content

The government has announced plans to introduce offences regarding the use of AI to create child sexual abuse material (CSAM) into its upcoming Crime and Policing Bill as reports show a significant increase in the use of AI to create CSAM. It will be the first country in the world to make it an offence, punishable by up to 10 years imprisonment, to possess, create or issue AI tools capable of producing CSAM. It will make it an offence, punishable by up to 3 years imprisonment, to possess "paedophile manuals" teaching people how to use AI to sexually abuse children. There will be a specific offence targeted at those operating websites encouraging the sharing of CSAM material (punishable by up to 10 years imprisonment). Regarding enforcement of these powers, the government proposes to give Border Force powers to compel any individual whom they reasonably suspect of posing a sexual risk to children to unlock their devices for inspection as part of its effort to tackle the distribution of CSAM abroad.

This follows Ofcom's publication of its first annual report on tackling terrorism and child sexual exploitation and abuse (CSEA) content under the Online Safety Act 2023 (the Act) which was presented to Parliament on 23 January 2025 as mandated by section 128 of the Act. The report discusses Ofcom's 'Technology Notice' powers under Section 121 of the Act which enable the regulator where it considers it necessary and proportionate to do so to compel online service providers to tackle terrorism and/or CSEA content using either accredited technology or technology it has developed or sourced which meets minimum standards of accuracy. These powers are not yet in force since Ofcom are yet to advise the Secretary of State on the minimum standards of accuracy required when detecting terrorist and/or CSEA content for it to approve. The report, however, details the preparatory work Ofcom has undertaken to date in relation to these powers, including consulting on the minimum accuracy standards for accredited technology and draft guidance for online service providers regarding how Ofcom will exercise its Technology Notice powers, and also outlines its next steps. Responses to its consultation must be submitted by 5pm on 10 March 2025.

Ofcom has separately been tackling other illegal content seen most recently in its fining of video-sharing platform MintStars £7,000 for failing to protect children from accessing online pornography. An investigation found that MintStars did not have adequate age verification measures to restrict access to pornographic content between November 2023 and August 2024, which was accessible to anyone via short 'preview' videos and upon subscribing to creators' material.  MintStars' reliance on users declaring their age and a general disclaimer in its terms and conditions that its content was for adults only were deemed to be insufficient for safeguarding against underage access. Ofcom considered this a serious breach resulting in a £7,000 fine which reflects a 30% discount due to MintStars' cooperation, admission of liability, and its small size and financial position. MintStars have since taken corrective actions, including implementing age assurance technology to address the issue. A full, non-confidential version of Ofcom's decision is due to be published in the coming weeks.

Rome II – Potential harmonisation of jurisdiction rules on EU defamation and privacy rights?

On 31 January 2025, the European Commission published its long-awaited report on the application of Regulation No. 864/2007 (Rome II), which governs the law applicable to non-contractual obligations (e.g. torts) in EU Member States. Rome II was transposed into UK law following the Brexit transition period and is known as "UK Rome II".

Acting as somewhat of a 'health-check' on Rome II, this report draws on various academic studies, new case law from Member States, and reports to consider the applicability of Rome II particularly in the light of emerging issues including AI and SLAPPs.

The Commission concludes that Rome II "generally works well and is fit for purpose". However, it considered that further analysis was needed of various issues, including the decision to exclude privacy and personality rights, including defamation, from its scope and also the application of Rome II in cases where damage arises across multiple jurisdictions giving rise to the application of lots of foreign laws (e.g. IP infringement, especially copyright infringement). The Commission states that it will carry out further analysis into these issues in "in order to consider and potentially prepare a proposal to amend or recast [Rome II]". The report is accompanied by a detailed Staff Working Document that provides a chapter-by-chapter analysis and summaries of relevant studies and Court of Justice rulings.

In addition to canvassing future potential divergence between Rome II and UK Rome II, these considerations are interesting from a SLAPPs perspective. By incorporating defamation and privacy rights within Rome II and thereby harmonising rights across EU member states, this may help to discourage forum shopping for such claims and the exploitation of weaker defamation/privacy rules in certain Member States as a way of stifling public participation.

CJEU finds customers' titles are not necessary for train ticket purchases

The Court of Justice of the European Union ('CJEU') has ruled in Mousse v Commission nationale de l'informatique et des libertés (CNIL), SNCF Connect, (Case C-394/23) EU:C: 2025:2) that a customer's title (e.g. Mr, Mrs etc) is not necessary data for the purchase of a train ticket under Article 6 GDPR.

The CJEU was asked by the French Conseil d’État to provide a preliminary ruling on whether requiring customers to select their title when purchasing a train ticket to enable the train company (SNCF) to personalise its customer communications based on their gender was justified under Article 6 the GDPR.

The CJEU considered two questions. First, was processing the customer's title necessary for either the performance of the contract (Article 6(1)(b) GDPR) or to pursue a legitimate interest (Article 6(1)(f) GDPR)? The CJEU found that whilst being able to communicate with the customer may be essential to performance of the contract (e.g. to provide the customer with the train ticket), it was not essential for the performance of the contract that these communications were personalised by the customer's gender – the contract would still be performed if generic expressions were used [40-43, 64].

As to whether processing the individual's title pursued a particular legitimate interest this was ultimately referred back to the Conseil d'Etat, however, the CJEU outlined that the processing would not be necessary for the purposes of achieving a legitimate interest if i) the customer was not told of this legitimate interest when their data was collected; ii) their data is being processed not solely for achieving this legitimate interest; iii) the customer's personal rights can override the legitimate interest being pursued (e.g. because there is a risk of  gender discrimination) [63-64].

The second question was: when seeking to justify the processing of personal data on the basis that it pursues a legitimate interest, is it necessary to account for the customer's right to object to the processing of their data (per Article 21(1) GDPR)? The CJEU held that when determining if the data processing was lawful, it was not necessary to take into account the individual's ability to object since to be able to object to the processing it had to be lawful in the first place [65-70].

Data Download

RPC's Data & Privacy group is hosting Data Download – an event which will explore the current and future challenges and risks in the field of data protection with a spotlight on compliance and handling cyber incidents and data disputes. We will be joined by a representative of the ICO who will be on hand to answer all your pressing questions. Please RSVP here if you would like to join us on 27 February 2025 with the event kicking off at 13:00. 

Quote of the fortnight

Sara Sharif judgment:

'The authorities that I have cited demonstrate that judges are in a special position as regards open justice. The integrity of the justice system depends on the judge sitting in public and being named, even if they sit in private. The justice system cannot otherwise be fully transparent and open to appropriate scrutiny.' [66]