Data: Guidance for barristers
Self-employed barristers are “data controllers” and not “data processors” for the purposes of the General Data Protection Regulation (GDPR) as they need to be able to act independently of instructing solicitors, the Bar Council has said.
The Bar Council said it was responding to attempts by solicitors’ firms to get individual barristers or chambers to enter into data processing contracts under the GDPR, which comes into effect on May 25.
“For the avoidance of doubt, self-employed barristers are data controllers of their client’s data. They are not data processors.”
Under article 28 of GDPR, processors must only act on the instructions of the controller and can be held directly responsible for non-compliance
In a guidance note, the Bar Council’s IT panel warned that barristers who signed data processing contracts could be in breach of the Code of Conduct because of their duty to the court and obligations to act independently.
It was only in “very limited circumstances”, such as when barristers were on secondment to law firms, that they could be properly considered data processors.
“Even then, in some circumstances the barrister may need to exercise their independence, and in those circumstances will be a data controller.”
The Bar Council said care should be taken to ensure that “an appropriate clause” was included in any data agreement.
“This is because a barrister’s role is not to act as a sub-contractor on the solicitor’s behalf, merely processing data accordingly, but is instead to provide independent objective specialist advice and advocacy.
“It is almost always up to the barrister to determine what information to process and obtain in order to perform the work, and each barrister has their own professional responsibilities to fulfil.”
The Bar Council said terms in some proposed data processing agreements could clash with their obligations under the Code of Conduct, in particular their duty to the court, obligations to act independently in the best interests of the client and keep appropriate records.
“The terms of a data processing contract could for example give rise to difficulties for a barrister in the event of a disagreement with the solicitors, or if a lay client is considering whether to change solicitors or changes solicitors.
“In view of the nature of the barrister’s role and the potential conflict with the barrister’s duties under the Code of Conduct, both the need for and content of any proposed data processing contract should be very carefully considered.
“It will not be appropriate for self-employed barristers to sign such an agreement for work carried out in the course of normal practice.”
