Data Protection – Virgin Trains Cleared Over Corbyn Case

The Information Commissioner’s Office (ICO) has largely cleared Virgin Trains East Coast from wrongdoing after it released CCTV footage of Jeremy Corbyn looking for a seat on one of its trains. The case provides a good example of how data protection law works in practice.

The case arose when Mr Corbyn published a video of himself sitting on the floor of one of Virgin’s trains because, he claimed, there were no free seats available. In a bid to refute the claim, Virgin released CCTV footage which suggested that, in fact, there had been seats available on the train.

The ICO announced its decision on the case on its blog. It decided that so far as Mr Corbyn was concerned, Virgin had not breached data protection law in releasing the footage. In the ICO’s view, Mr Corbyn would have had different expectations than other passengers as to his privacy given that:

  • Mr Corbyn had previously made a video showing himself on the train released to the media, and
  • having raised issues about his journey, it was only reasonable to expect that Virgin would respond to his complaint.

Furthermore, under the Data Protection Act 1998 an organisation is permitted to process personal data if it has a ‘legitimate interest’ in doing so. Here, Virgin had had such a legitimate interest – namely, correcting what it deemed to be misleading news reports that were potentially damaging to its reputation and commercial interests.

However, the ICO said that Virgin broke data protection law in relation to the other passengers on the train. Virgin should have taken more care to obscure their faces. Publication of their images was unfair and a breach of the first principle of the Data Protection Act.

The ICO states that it has investigated this case rigorously and Virgin has agreed to amend its data protection policies and procedures in a number of ways. However, in view of the fact that this was a one-off incident, it has decided not to take any further enforcement action against Virgin. Only three people were recognisable in the footage – most were pixelated – and while some people complained to the ICO about how CCTV had been used, none of the affected passengers had done so.

As with health and safety law, there is a fair amount of “urban mythery” around data protection law. This case is a good illustration of how the law tries to strike a fair balance between the interests of the data subject – the individual to whom data relates – and those of the business or other organisation holding the data.

If you would like to know more, please contact Nick Crook or David Dees.