Barristers are not “data processors” under GDPR, Bar Council tells solicitors


Data: Guidance for barristers

Self-employed barristers are “data controllers” and not “data processors” for the purposes of the General Data Protection Regulation (GDPR) as they need to be able to act independently of instructing solicitors, the Bar Council has said.

The Bar Council said it was responding to attempts by solicitors’ firms to get individual barristers or chambers to enter into data processing contracts under the GDPR, which comes into effect on May 25.

“For the avoidance of doubt, self-employed barristers are data controllers of their client’s data. They are not data processors.”

Under article 28 of GDPR, processors must only act on the instructions of the controller and can be held directly responsible for non-compliance

In a guidance note, the Bar Council’s IT panel warned that barristers who signed data processing contracts could be in breach of the Code of Conduct because of their duty to the court and obligations to act independently.

It was only in “very limited circumstances”, such as when barristers were on secondment to law firms, that they could be properly considered data processors.

“Even then, in some circumstances the barrister may need to exercise their independence, and in those circumstances will be a data controller.”

The Bar Council said care should be taken to ensure that “an appropriate clause” was included in any data agreement.

“This is because a barrister’s role is not to act as a sub-contractor on the solicitor’s behalf, merely processing data accordingly, but is instead to provide independent objective specialist advice and advocacy.

“It is almost always up to the barrister to determine what information to process and obtain in order to perform the work, and each barrister has their own professional responsibilities to fulfil.”

The Bar Council said terms in some proposed data processing agreements could clash with their obligations under the Code of Conduct, in particular their duty to the court, obligations to act independently in the best interests of the client and keep appropriate records.

“The terms of a data processing contract could for example give rise to difficulties for a barrister in the event of a disagreement with the solicitors, or if a lay client is considering whether to change solicitors or changes solicitors.

“In view of the nature of the barrister’s role and the potential conflict with the barrister’s duties under the Code of Conduct, both the need for and content of any proposed data processing contract should be very carefully considered.

“It will not be appropriate for self-employed barristers to sign such an agreement for work carried out in the course of normal practice.”




Leave a Comment

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms & Conditions which deals with user-generated content. All comments will be moderated before posting.

Required fields are marked *
Email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Reports

Our latest special report, produced in association with Temple Legal Protection, looks at the role of after-the-event (ATE) insurance in commercial litigation post-LASPO. We are at a time when insurers, solicitors, clients and litigation funders work ever more closely to create funding packages that work for all of them, with conditional fee and even damages-based agreements now part of many law firms’ armoury.

Blog

11 November 2019

Taking a strategic approach to cyber-risk

If you forced 10 cyber-criminals to sit through an average law firm’s IT committee meeting, they’d be turning themselves in to the National Crime Agency before it reached AOB.

Read More

Loading animation