Barristers are not “data processors” under GDPR, Bar Council tells solicitors

Data: Guidance for barristers

Self-employed barristers are “data controllers” and not “data processors” for the purposes of the General Data Protection Regulation (GDPR) as they need to be able to act independently of instructing solicitors, the Bar Council has said.

The Bar Council said it was responding to attempts by solicitors’ firms to get individual barristers or chambers to enter into data processing contracts under the GDPR, which comes into effect on May 25.

“For the avoidance of doubt, self-employed barristers are data controllers of their client’s data. They are not data processors.”

Under article 28 of GDPR, processors must only act on the instructions of the controller and can be held directly responsible for non-compliance

In a guidance note, the Bar Council’s IT panel warned that barristers who signed data processing contracts could be in breach of the Code of Conduct because of their duty to the court and obligations to act independently.

It was only in “very limited circumstances”, such as when barristers were on secondment to law firms, that they could be properly considered data processors.

“Even then, in some circumstances the barrister may need to exercise their independence, and in those circumstances will be a data controller.”

The Bar Council said care should be taken to ensure that “an appropriate clause” was included in any data agreement.

“This is because a barrister’s role is not to act as a sub-contractor on the solicitor’s behalf, merely processing data accordingly, but is instead to provide independent objective specialist advice and advocacy.

“It is almost always up to the barrister to determine what information to process and obtain in order to perform the work, and each barrister has their own professional responsibilities to fulfil.”

The Bar Council said terms in some proposed data processing agreements could clash with their obligations under the Code of Conduct, in particular their duty to the court, obligations to act independently in the best interests of the client and keep appropriate records.

“The terms of a data processing contract could for example give rise to difficulties for a barrister in the event of a disagreement with the solicitors, or if a lay client is considering whether to change solicitors or changes solicitors.

“In view of the nature of the barrister’s role and the potential conflict with the barrister’s duties under the Code of Conduct, both the need for and content of any proposed data processing contract should be very carefully considered.

“It will not be appropriate for self-employed barristers to sign such an agreement for work carried out in the course of normal practice.”

Leave a Comment

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms & Conditions which deals with user-generated content. All comments will be moderated before posting.

Required fields are marked *
Email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Why remote working has exacerbated cyber-security concerns

The ‘rule of six’ has been in place since 14 September, with fines levied for those who break it and now we are seeing even more drastic restrictions reimposed. So what does this mean for the UK’s cyber-security?

Cutting to the chase on the SQE

While it is right to raise valid concerns about the SQE, are we not a bit tired of hearing the same old tune of the beaten drum with no better alternatives being suggested and at the eleventh hour?

Loading animation