Insights Court of Appeal upholds High Court decision of no reasonable expectation of privacy or obligation of confidence in relation to private emails sent from a business email account


The claimants, Mrs Nihal Brake and Mr Andrew Brake, appealed a High Court decision dismissing their claim against the defendants, Dr Geoffrey Guy and two of his companies, Chedington Court Estate Ltd and Axnoller Events Ltd (AEL), for a final injunction and damages for misuse of private information and breach of confidence. The information was contained in emails sent and received by Mrs Brake, via a business email account,, which had been set up and operated by AEL.

The Axnoller email domain was originally registered at Mrs Brake’s request in 2010, when she was a partner in a partnership running a business providing luxury breaks and hosting weddings and similar events at Axnoller House located at West Axnoller Farm, owned by the Brake family. The domain was not used for several years.

In 2013, the partnership broke up and was dissolved. In 2015, the farm and business were sold to Sarafina Properties Ltd, which was later bought by Chedington and changed its name to AEL. Six months later, Mrs Brake became an employee of AEL, running the same wedding and events business. At that point, the email host for the business was changed from Google to Fasthosts and five email accounts in the Axnoller domain were set up, one was the enquiries account while the other four comprised the names of the employees, including that of Mrs Brake. From that point on, Mrs Brake was the principal user of the enquiries account, although other employees also had access to it and used it for business purposes only.

It was not in dispute that, despite having an email account in her own name, Mrs Brake used the enquiries account to send and receive personal emails.

Mrs Brake was dismissed by AEL in November 2018 and the passwords to the email accounts were changed. Various suggestions were made to Mrs Brake as to how she could access her personal emails on the enquiries account, none of which Mrs Brake accepted.

In August 2019, the Brakes issued these proceedings. At first instance, the judge held that the claimants had no reasonable expectation of privacy and no right of confidentiality in respect of those emails. The claimants appealed.

Giving the lead judgment, Lord Justice Baker noted that the burden of proving that there was a reasonable expectation of privacy rested on the claimants. However, they only presented two of the 3,149 emails said to be private and confidential to the judge and he was not prepared to accept on that basis that there was a reasonable expectation of privacy in relation to all the emails. In Baker LJ’s view, that finding was manifestly open to him on the evidence. The claimants had failed to discharge the requisite burden of proof.

In an attempt to reverse the burden of proof, the claimants said that the judge had failed to engage with the 16-point categorisation of the emails set out in the list of issues and that, had he done so, he would have concluded that the emails falling into the first ten categories were private such that a reasonable expectation of privacy attached to them. Baker LJ disagreed, finding that, as confirmed by the Supreme Court in Bloomberg LP v ZXC [2022] UKSC 5, the fact that certain types of personal information are, as a general rule, treated as private does not give rise to any legal presumption. Further, the question of whether there is a reasonable expectation of privacy is a broad one that takes account of all the circumstances of the case. The content of the emails was only one factor, and it was a matter for the judge to decide how to proceed. His analysis could not be criticised. The burden of proof was on the claimants to establish that there was a reasonable expectation of privacy. There was no presumption of privacy that the defendants were required to rebut.

In any event, just because some of the emails were identified as private, did not necessarily give rise to a reasonable expectation of privacy. Nor did the fact that the defendants’ agreement to destroy those emails amount to a recognition of such an expectation. There was no binary division of the emails so that those that were not business-related were of necessity private and confidential.

Further, Baker LJ said, the enquiries account was AEL’s business account designed to receive enquiries from potential customers about the company’s services. The account was not exclusive to Mrs Brake; other employees, who did not use it for personal correspondence, also had access to it. The fact that Mrs Brake shared the account was plainly relevant to the question whether there was a reasonable expectation of privacy.

Further, although Mrs Brake knew the password for the account, it belonged to the company. The purpose for the password was to protect the company’s secrets, not Mrs Brake’s. She held the password, not in a personal capacity, but as an employee of the company. Mrs Brake did not have control of the account. Contrary to the claimants’ assertions, the judge had not treated the question of ownership of the account and/or the right to ask for the password as decisive factors, but as part of the general context, which he was entitled to do.

Baker LJ also noted that within the enquiries account, personal emails were not stored separately and were not marked as personal or private. It would not be apparent to anyone accessing the account that an email was personal until they started to read it. In Baker LJ’s view, it was highly significant that, at the same time as the enquiries account was created (when it was transferred from Google to Fasthosts), separate accounts in the names of employees were also created. The obvious inference was that the latter were subject to a reasonable expectation of privacy but the former, which was a business account, was not.

As for the line of authorities from the European Court of Human Rights cited by the claimants, which establish that communications from business premises may fall within the notion of private life under Article 8, and that an employee making a private communication from business premises or using business facilities may have a reasonable expectation of privacy, Baker LJ said that the question of reasonable expectation of privacy turns on a careful and detailed analysis of all the facts and circumstances. The facts and circumstances in the ECtHR cases were significantly different and no comparison with this case could be made.

Baker LJ also rejected the claimants’ argument that the judge had wrongly described the case of Simpkin v The Berkeley Group Holdings Plc [2017] EWHC 1472 (QB) as analogous with this case. In Simpkin, the court had found that no reasonable of expectation of privacy arose in relation to a private document drafted by an employee and sent on his work email account to his private email account. In Baker LJ’s view, the key point from Simpkin was that a claimant must demonstrate a reasonable expectation of privacy, or that the document is confidential, against the defendant. In this case, the claimants had failed to do that.

As for breach of confidence, the claimants had relied on the same set of facts and arguments. Baker LJ noted that the Supreme Court has confirmed that misuse of private information and breach of confidence are distinct causes of action resting on different foundations and protecting different interests. In this case, the claim for breach of confidence added nothing to the case. The claimants had not put forward any argument that persuaded Baker LJ that the judge had been wrong to conclude that the personal information in the enquiries account was “not imparted in circumstances importing an obligation of confidence”.

Baker LJ therefore concluded that the judge had been entitled to find as he had. The appeal was dismissed. (Nihal Mohammed Kamal Brake v Geoffrey William Guy [2022] EWCA Civ 235 (2 March 2022) — to read the judgment in full, click here).