Data processing: legal professional privilege (LPP) and client confidentiality
LPP and client confidentiality are key exemptions under UK data protection law. Learn how to apply them correctly and transparently.
You need a high level of transparency to comply with the UK GDPR, Data Protection Act 2018 (DPA) and Data (Use and Access) Act 2025 (DUAA).
This generally means you need to:
- tell people if you’re using their personal data
- provide them with a copy of their data
However, there are exceptions for:
- data where a claim to Iegal professional privilege (LPP) could be maintained in legal proceedings, and
- the duty of confidentiality to a client
LPP and client confidentiality override a data subject’s right of access and right to be informed under the DPA.
You may rely on the LPP exemption to decline to provide personal data for a data subject access request.
If you rely on the exemption, you must keep an internal record of what data is being withheld under the exemption.
You must inform the data subjects about the exemption you’re applying and the reason for applying this exemption.
Data subjects can ask the Information Commissioner to review how you applied the exemption. The Commissioner may ask for confirmation that you (as the data controller) have relied on the exemption.
Legal professional privilege (LPP)
LPP protects certain confidential communications from disclosure without your client’s permission.
The right to assert LPP belongs to the client, not the lawyer.
Assessing whether LPP applies may require drawing delicate and difficult balances.
For these reasons, you must take great care to advise clients on LPP appropriately.
There are narrow exceptions to LPP. It may also be waived by clients (explicitly or by implication).
For help deciding if privilege applies, read our legal professional privilege practice note.
Types of LPP
There are two types of LPP:
Legal advice privilege
Legal advice privilege protects communications between a lawyer and client for the dominant purpose of giving or receiving legal advice.
This includes ongoing communications intended to keep a solicitor and client informed so legal advice may be given as required.
Litigation privilege
Litigation privilege protects communications between lawyers, their clients and third parties.
For litigation privilege to apply, the communication must be:
- to obtain advice or information for litigation that has already commenced or is reasonably anticipated, and
- made for the sole or dominant purpose of conducting that litigation
Litigation privilege may apply to relevant communications even at the early stages of a regulatory or criminal investigation where there is a realistic risk of enforcement action, although no allegations have yet been made.
This will depend on the facts and circumstances of the case.
Duty of confidentiality
The duty of confidentiality applies to all confidential information about a client's affairs.
The duty applies no matter how the solicitor came by the information.
You must keep your client’s information confidential unless the law or your client’s consent allows you to disclose it.
There are a small number of exceptions to the duty of confidentiality. These are discussed in the Solicitor Regulation Authority’s (SRA’s) confidentiality of client information guidance.
The duty of confidentiality continues after you stop acting for a client. In the case of a client dying, the right to confidentiality passes to their personal representatives.
If you obtain information relating to a prospective client, you may be bound by a duty of confidentiality. This applies even if the client does not go on to instruct your firm.
Resources
For more detailed guidance on LPP, read our legal professional privilege practice note.
For more data protection guidance, read our guides on: