On 15 July 2025, the High Court of Justice formally discharged a contra mundum super-injunction originally granted to the Ministry of Defence (MOD) in September 2023. This marked the end of nearly two years of total judicial secrecy over a catastrophic data breach involving more than 18,000 Afghan nationals whose personal details had been exposed.
The individuals affected had applied for relocation to the UK under the Afghan Relocations and Assistance Policy (ARAP) and the Ex Gratia Scheme (EGS). The leaked dataset contained sensitive personal data, including names, telephone numbers, risk assessments, and details of family members. The MOD argued that if the Taliban obtained this information, it could lead to widespread torture, detention, and extrajudicial killings.
Emergency Relief Under Judicial Scrutiny: Why the Super-Injunction Was Granted
Mr Justice Robin Knowles first granted the injunction on 1 September 2023 in highly unusual circumstances. The MOD had discovered the breach only weeks earlier. It applied for a contra mundum injunction that prevented not just disclosure of the dataset but also any public acknowledgement of the injunction’s existence.
Justice Knowles accepted the MOD’s evidence that the breach posed an imminent threat to life and stated:
“The risk in question is to the lives of many individuals and their families, and of torture… The injunction may maintain a period, albeit of uncertain length, within which the data compromise is not known or not widely known.”
In effect, the Court allowed the Government a legally sanctioned period of secrecy to mitigate the harm primarily through emergency relocations. However, the initial expectation was that the injunction would last no longer than a few months.
Close Judicial Management and Evolving Legal Concerns
Mr Justice Chamberlain took over case management and convened no fewer than 10 hearings between October 2023 and July 2025. These were held in open (private) and closed sessions, with the assistance of Special Advocates under the Justice and Security Act 2013.
Throughout, the MOD insisted the Taliban remained unaware of the breach and that disclosure would “crystallise” interest in the dataset. Meanwhile, civil society and media parties pressed for greater transparency. The Government, they argued, was making life-or-death decisions affecting tens of thousands of people, all shielded from scrutiny by an indefinite gag order.
In a pivotal ruling handed down in May 2024, Chamberlain J observed:
“There is a significant possibility that the Taliban already know of the existence of the dataset… The injunction may now be doing more harm than good.”
This reflected growing unease that the very individuals the injunction was intended to protect were instead being denied warnings, support, or redress. The MOD’s own open evidence conceded that the risk of harm from disclosure, while still serious, was estimated at around 25–35%.
The Rimmer Review and the Final Discharge of the Injunction
In early 2025, the MOD commissioned an independent assessment known as the Rimmer Review. Its findings were decisive:
- The Taliban likely already had access to similar datasets from previous Afghan government systems;
- Continued secrecy did not meaningfully reduce the risk to individuals in the dataset;
- The public interest in open debate about UK immigration and foreign policy had been suppressed beyond justification.
On 4 July 2025, the MOD reversed course and applied for the injunction to be lifted. The High Court agreed and formally discharged the order on 15 July 2025.
Chamberlain J concluded:
“The evidential basis for continuing the order has collapsed. It now operates not to protect life, but to stifle scrutiny. The decision-making has taken place in a scrutiny vacuum. That is fundamentally objectionable.”
What Restrictions Still Apply? A Narrower Injunction Remains
Although the super-injunction is no longer in force, a narrower contra mundum non-disclosure order remains. It restricts publication of the leaked dataset, any extracts from the “case notes” section, including individual risk profiles, and public identification of individuals unless authorised by the MOD or a court.
This reflects the ongoing sensitivity of the data and the need to comply with UK data protection law.
Legal Analysis: Proportionality, Precedent, and Judicial Vigilance
Our Managing Solicitor, Karim Oualnan, was interviewed by Sky News on 16 July 2025. When asked for his legal view, he said:
“This wasn’t about covering up embarrassment it was a clash between two constitutional imperatives: the right to life and the principle of open justice. The initial secrecy was legally justified, but the longer it went on, the harder it was to defend.”
He further commented: “National security should never become a default reason for secrecy. This case shows that if you ask the courts to shut out Parliament and the press, you’d better have fresh, compelling evidence at every stage.”
His analysis highlights three key takeaways:
- Judicial oversight must remain active and informed.
- Open justice is not absolute, but restrictions must be strictly necessary and time-limited.
- National security claims must evolve with the evidence and cannot justify indefinite secrecy.
A Hypothetical Case Study: Why Disclosure Can Save Lives
Consider a fictional ARAP applicant, Reza, who fled Afghanistan and was awaiting UK relocation. Unbeknownst to him, his information had been exposed in the leaked dataset. If the Government had been able to notify Reza in 2023, he might have changed location, avoided detection, or sought help from NGOs.
But due to the super-injunction, even Reza’s own legal representative could not be told. By the time the Government expanded its protective relocation scheme in 2024, Reza had been deported from Pakistan. Months later, reports surfaced that he had been detained by the Taliban.
This example illustrates a central flaw in prolonged secrecy: the people most at risk may also be the ones left uninformed and unprotected.
The Future of Super-Injunctions in Public Law
This case is now a landmark for UK constitutional and administrative law. Any future application for a Government super-injunction will need to meet a high standard, including actual and immediate risk, clear and current evidence, regular review mechanisms, and a firm justification for withholding scrutiny.
The MOD’s use of the injunction while initially justified set a precedent that raised alarm bells in legal and democratic communities alike. As Karim noted, “The courts did their job. But we cannot rely on secrecy to clean up mistakes. That is not the purpose of law.”
What This Means for Data Protection and Compensation Claims
This case serves as a powerful precedent for individuals whose sensitive data has been mismanaged, especially where state secrecy has impeded access to justice. Those affected may have a claim under the Data Protection Act 2018, Human Rights Act 1998, or the common law duty of care.
At Go Legal, we have a dedicated team assisting:
- Individuals whose information appeared in government-held or leaked datasets;
- Asylum seekers and refugees affected by failure to notify or relocate;
- NGOs and legal professionals seeking clarity on disclosure obligations.
We have experience navigating:
- Complex data breach claims against government departments;
- Judicial review challenges to improper use of secrecy;
- Closed material procedures and Special Advocate coordination.
If you’ve been impacted by this or a similar breach or if you represent someone who has our public law and data protection team can provide expert support. Please call us for a Free Consultation on 0207 459 4037 or use our booking form to book a consultation.
