Why You Cannot Access Your SQE1 Exam Paper Under a DSAR

SQE1 and the Limits of DSAR Access

The Solicitors Qualifying Examination (SQE1) is one of the most significant professional assessments for aspiring solicitors in England and Wales, designed to evaluate candidates’ knowledge across core areas of law, including contract law, tort, criminal law, property law, ethics, and professional conduct. It is administered by Kaplan on behalf of the Solicitors Regulation Authority (SRA) and serves as a gatekeeper to ensure that only competent and ethically capable individuals qualify to practice as solicitors. Many candidates, upon completing the examination, naturally seek to obtain a copy of their test papers, often assuming that their rights under a Data Subject Access Request (DSAR) pursuant to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018) entitle them to access such materials. At first glance, this seems reasonable, because candidates can reasonably consider the exam questions and marking schemes to be part of the personal data generated about their performance. However, the legal reality is far more nuanced. UK data protection law distinguishes sharply between a candidate’s personal data – including registration details, submitted answers, marks, and feedback—and the examination content itself, which includes questions, model answers, and marking schemes. The distinction is critical because DSARs provide rights only over personal data and do not automatically extend to materials owned and controlled by an exam provider or regulatory authority. Disclosure of the actual questions could compromise the integrity of future examinations, provide unfair advantage to other candidates, and violate the copyright and contractual rights held by Kaplan and the SRA. This blog post explores the legal framework, statutory exemptions, relevant case law, intellectual property considerations, and practical implications for candidates seeking access to SQE1 materials, providing a comprehensive guide for legal professionals, candidates, and advisors alike. In addition, this post includes a detailed FAQ section addressing the most common questions relating to DSARs, exam content, and legal rights. By understanding the legal basis for the non-disclosure of examination questions, candidates and advisors can manage expectations, draft effective DSAR requests for personal data, and avoid unnecessary disputes with examination providers or the Information Commissioner’s Office (ICO). It is essential to approach this issue not only from a candidate’s perspective but also from the viewpoint of regulatory compliance, professional standards, and the public interest in maintaining the integrity and fairness of solicitor qualification assessments.

Struggling to understand what you can (and can’t) request under a DSAR for your SQE results?

Get our step-by-step GDPR DSAR template pack,

designed for exam candidates, and avoid wasting time on invalid requests.

Download Now

UK GDPR and the Right of Access

Under Article 15 of the UK GDPR, individuals have the right to access personal data held by a data controller. This right is often interpreted broadly, encompassing confirmation of whether personal data is being processed, access to the data, and information regarding the purposes, recipients, and retention periods. In practice, this means that SQE1 candidates are entitled to request access to their personal information, which includes registration details, submitted answers, marks and scores, and feedback or performance summaries provided by Kaplan. However, the GDPR is not absolute and includes a range of exemptions designed to protect third-party rights, preserve the confidentiality of processes, and prevent prejudice to legal or regulatory interests. Section 38 of the Data Protection Act 2018 is particularly relevant in the context of professional examinations. This provision exempts information recorded by candidates if disclosure would prejudice the confidentiality of the assessment process, the assessment of other candidates, or the enforcement of civil law. Examination questions, model answers, and marking schemes are therefore excluded from the scope of a DSAR because their release could compromise the fairness, reliability, and security of future assessments. Importantly, the exemption is not limited to written scripts but also covers derivative materials that could indirectly reveal the structure, content, or assessment criteria of the examination. From a legal perspective, this ensures that while candidates can access their own answers and results, the integrity of the examination system remains protected. The law recognizes that professional qualifications such as the SQE1 serve not only individual candidates but also the broader public interest by maintaining consistent competency standards within the legal profession. Misunderstanding the scope of personal data can lead to contested DSARs, complaints to the ICO, and unnecessary delays in accessing legitimately available personal information. Legal advisors must emphasize the distinction between data that is personal to the candidate and data that is confidential to the examination provider, ensuring DSAR requests are narrowly tailored to information the candidate is entitled to receive. Furthermore, UK GDPR permits exemptions where disclosure would adversely affect the rights of others, regulatory compliance, or confidential professional processes, all of which apply in the context of high-stakes professional assessments. Thus, while candidates have legitimate rights to access their personal data, they do not have an entitlement to examination content, which is protected by statutory exemptions and supported by both regulatory and case law precedent.

Examination Scripts, Confidentiality, and Intellectual Property

Examination scripts, including questions and marking schemes, are not merely functional assessment tools; they constitute confidential intellectual property belonging to Kaplan and the SRA. Legal protection of these materials is twofold: first, through statutory exemptions under Section 38 of the DPA 2018, and second, through copyright protections under the Copyright, Designs and Patents Act 1988. Releasing exam content could undermine multiple layers of protection, including contractual obligations, intellectual property rights, and regulatory requirements designed to ensure fairness and security. Questions are often reused, adapted, or serve as templates for future assessments; their premature disclosure would therefore compromise both the integrity and defensibility of the exam. The legal rationale is that releasing such materials could unfairly advantage other candidates, skew performance comparisons, and potentially expose the professional qualification process to challenges in court or regulatory scrutiny. From a regulatory perspective, the SRA has a vested interest in maintaining consistent standards for solicitors, ensuring that all candidates are assessed under equitable conditions. Exemptions also serve the public interest, safeguarding the professional competence of future solicitors and protecting the integrity of the legal profession. The distinction between personal data and examination content is therefore fundamental. Candidates’ answers and marks are their personal data, while questions and marking schemes are owned by the provider and protected as confidential materials. Failure to respect these boundaries could result in legal disputes, DSAR refusals, and complaints to the ICO. Additionally, disclosure of examination content could potentially violate copyright law, as the questions are original works. By combining statutory exemptions, regulatory oversight, and intellectual property protections, the legal framework ensures that exam questions remain secure, confidential, and protected from public release. This dual protection balances candidates’ rights to personal data with the broader obligation to maintain the integrity, fairness, and defensibility of professional assessments, providing a robust legal basis for non-disclosure under a DSAR.

Case Law Supporting Exemptions

UK and Scottish courts have repeatedly confirmed the applicability of Section 38 DPA 2018 exemptions to examination content. In NEBOSH v. Information Commissioner (2019), the Information Tribunal considered whether NEBOSH was obliged to disclose exam scripts under a DSAR. The Tribunal upheld NEBOSH’s refusal, emphasizing that disclosure would compromise the confidentiality of the examination process and could unfairly advantage future candidates. The Tribunal recognized that while candidates could access personal data relating to their own submissions and marks, the questions themselves were exempt. Similarly, in University of Edinburgh v. Applicant (2023), the Scottish Information Commissioner confirmed that institutions are not required to disclose assessment materials when confidentiality is necessary to protect fairness, academic integrity, or regulatory compliance. These cases illustrate the courts’ careful balancing of individual data rights against the public interest in maintaining secure, fair, and defensible examinations. The rulings also highlight the intersection of data protection, intellectual property, and professional regulation, providing a clear legal precedent for DSAR refusals in the context of high-stakes professional assessments. Legal practitioners advising candidates must emphasize that access rights under DSAR are limited to personal data and do not extend to protected examination content. The cases reinforce the principle that examination questions, marking schemes, and model answers are exempt from disclosure to preserve fairness, confidentiality, and regulatory compliance. Practically, candidates seeking to access their personal data must structure requests to obtain marks, feedback, and registration details rather than exam content. The decisions also confirm that the public interest in professional qualification integrity outweighs individual access rights to exam materials. Understanding these cases allows both candidates and advisors to navigate DSARs effectively, ensuring legitimate access while respecting statutory exemptions, regulatory duties, and intellectual property rights.

Practical Implications for Candidates and DSAR Requests

Candidates must understand the scope of their DSAR rights and limitations in practice. Effective DSAR requests should focus on personal data, such as registration records, submitted answers, marks, and performance feedback. Requests for exam questions, model answers, or marking schemes are almost invariably refused under Section 38 DPA 2018 exemptions. Legal advisors must guide candidates to ensure DSARs are properly framed, avoiding overly broad or manifestly unfounded requests, which may be limited under GDPR proportionality principles. Providers like Kaplan are legally justified in refusing access to protected materials, and candidates must recognize that even content arguably relating to their answers is not automatically considered personal data if disclosure could prejudice assessment integrity or the fairness of future exams. Maintaining transparent communication from providers about the limitations of DSARs is critical in managing candidate expectations and reducing disputes. From a practical perspective, candidates benefit from detailed performance feedback, summaries, and score reports, which are considered personal data. Meanwhile, examination questions, marking schemes, and model answers remain confidential, ensuring the security, fairness, and intellectual property protection of the SQE1 assessment. Candidates and legal advisors must also consider that regulatory obligations and public interest considerations may supersede individual access requests where disclosure threatens exam integrity. Ultimately, understanding the boundaries of DSAR rights and exemptions helps candidates obtain all legally available personal data while preserving the professional and regulatory framework that underpins the SQE1 examination process.

The legal framework governing access to SQE1 examination content under a DSAR is robust and multifaceted. Section 38 of the DPA 2018, UK GDPR provisions, and copyright law collectively provide a strong basis for withholding exam questions, marking schemes, and model answers. Relevant case law, including CJEU judgement – Peter Nowak v Data Protection Commisioner (Case C-434/16), reinforces that disclosure would prejudice the confidentiality and fairness of assessments, potentially compromise future examinations, and interfere with regulatory enforcement. Candidates retain the right to access personal data, including registration information, submitted answers, marks, and feedback, but they cannot compel disclosure of the exam content itself. Legal practitioners must advise candidates accordingly, emphasizing the distinction between personal data and protected examination materials. DSARs must be carefully drafted to maximize access to available personal data without attempting to obtain materials that are exempt. This ensures candidates can exercise their rights effectively while maintaining compliance with statutory exemptions, intellectual property rights, and professional standards. By understanding these limitations, candidates and advisors can navigate DSARs confidently, ensuring transparency and access to legitimate personal information while preserving the integrity of the SQE1 examination and the legal profession as a whole.

Frequently Asked Questions

1. Can I obtain my SQE1 exam questions under a DSAR?
No. Examination questions are not considered personal data and are exempt under Section 38 DPA 2018. Disclosure would prejudice exam confidentiality, fairness, and future assessments.

2. What personal data can I request from Kaplan?
You can request registration details, submitted answers, scores, marks, and any feedback provided. These are considered personal data under UK GDPR.

3. Why are exam questions protected under copyright law?
Exam questions are original works created by Kaplan and the SRA. Unauthorized disclosure could infringe copyright under the Copyright, Designs and Patents Act 1988.

4. Does Section 38 DPA 2018 apply to all exams?
It applies to professional and academic assessments where disclosure could prejudice confidentiality, assessment of others, or regulatory enforcement.

5. Can I challenge a refusal to release exam questions?
Challenges are unlikely to succeed because statutory exemptions, case law, and IP protections provide strong legal grounds for refusal.

6. Are my submitted answers considered personal data?
Yes. Your own answers, marks, and feedback are personal data and can be accessed via a DSAR.

7. Can I obtain model answers under a DSAR?
No. Model answers are considered confidential materials and are protected to ensure exam integrity.

8. How does case law support non-disclosure?
Cases like NEBOSH v. ICO (2019) and University of Edinburgh v. Applicant (2023) confirm that exam content is exempt from DSARs to preserve fairness and confidentiality.

9. What should a properly framed DSAR for SQE1 include?
It should request personal data such as registration info, submitted answers, marks, and feedback, explicitly excluding exam questions or model answers.

10. Can repeated DSAR requests be limited?
Yes. GDPR allows controllers to limit manifestly unfounded or excessive requests to protect resources and regulatory compliance.

11. Does disclosure of feedback affect exam integrity?
No. Feedback related to your performance is personal data and does not compromise confidentiality if questions remain protected.

12. Are online or computer-based exam questions treated differently?
No. Section 38 exemptions apply regardless of the medium used for the exam. The principles of confidentiality, fairness, and intellectual property remain the same.

13. What is the public interest in protecting exam questions?
Maintaining professional standards, fairness, and competence of future solicitors protects the public and ensures the credibility of legal qualifications.

14. Can I request statistical results or anonymized data?
Yes. Aggregate or anonymized data does not reveal your personal data or compromise exam integrity and may be provided.

15. How should candidates handle DSAR refusals?
Candidates should seek legal advice, focus on personal data access, and understand the exemptions for exam content to avoid unnecessary disputes with the ICO or exam providers.

As privacy and compliance professionals with extensive GDPR experience,

We’ve created practical templates and guides for SQE candidates.

Save yourself the stress — access them today and make sure your DSAR request is accurate, valid, and effective.

View Templates