Clients accused of fraud claim data misuse, judge finds their complaint baseless and dismisses it
A High Court judge has thrown out a data protection claim brought by three personal injury clients, ruling the case against law firm DWF Law LLP was legally baseless and did not amount to any misuse of personal or health information.
Yesim Kul, Rohat Mahir, and Mahmut Mahir filed the claim after DWF, acting for insurers, used their data—including sensitive health details—while investigating alleged dishonesty in their injury claims. Represented by Ersan and Co Solicitors, the trio accused DWF of breaching UK General Data Protection Regulation (UK GDPR).
The matter stemmed from a county court case where DWF’s then head of organised fraud, James Stevens, submitted a witness statement. That statement analysed patterns in claims data provided by insurers—data that featured the claimants’ names and linked multiple claims involving Ersan. DWF firmly denied any wrongdoing, arguing their actions were in line with their legal obligations and clients’ interests.
Mrs Justice Jennifer Eady ruled in favour of DWF in the case of Yesim Kul & Ors v DWF Law LLP. She concluded that the firm had processed the data for “a specified, explicit and legitimate purpose.” According to the judge, DWF acted as part of its duty to its clients and in support of the public interest by ensuring proper justice administration.
Embed from Getty ImagesShe also rejected the idea that Kul and the Mahirs were misled or deceived in any way. “Even allowing that the claimants might reasonably not have taken [steps to review DWF’s website], I am satisfied they would have been aware… that information disclosed in (proposed) litigation would be the subject of scrutiny and investigation by the lawyers acting for the insurer defendants, and would be utilised in open court proceedings,” the judge said.
The court acknowledged that DWF’s privacy policy already informed potential claimants about the use and potential third-party sharing of personal information in the performance of legal services. Moreover, the judge found no unfairness in how DWF compiled and disclosed Stevens’ witness statement, noting that the use of names was necessary when presenting evidence to Ersan Solicitors and the court.
Ultimately, the judge ruled that DWF’s actions involved “very limited disclosure” and fell well within legal bounds. The data was used strictly for the legitimate interests of DWF’s clients and to challenge questionable injury claims.
Lorraine Carolan, DWF’s global head of fraud, welcomed the judgment, calling it a strong endorsement of the firm’s strategy. “The judgment reinforces the legality of DWF’s approach, finding our actions necessary and proportionate,” she said.
Carolan added that the case was significant not only for the 18 insurers backing the original claims but for the entire industry. “It is a clear win for insurers and their policyholders and should serve as a cautionary note to those contemplating bringing, or facilitating, such claims.”
The decision underscores the legal limits of data protection claims when set against a background of alleged insurance fraud. For DWF, the ruling delivers vindication and bolsters confidence in its anti-fraud efforts. For the claimants, however, it marks a humiliating defeat in court—one that could deter similar challenges in future.
