ICO - FER0851659

From GDPRhub
ICO (UK) - FER0851659
LogoUK.png
Authority: ICO (UK)
Jurisdiction: United Kingdom
Relevant Law: Article 4(1) GDPR
Article 9 GDPR
Article 10 GDPR
Regulation 5(3) EIR
Type: Complaint
Outcome: Rejected
Started:
Decided: 01.11.2019
Published:
Fine: None
Parties: Canterbury City Council
National Case Number/Name: FER0851659
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): English
Original Source: ICO (in EN)
Initial Contributor: n/a

The Commissioner ruled that complaints about a property were the complainant's personal data and applied Regulation 5(3) of the EIR to prevent disclosure,

English Summary

Facts

On February 5, 2019, the complainant requested from Canterbury City Council ("the Council") copies of complaints made by third parties about a specific address from 1978 to December 2018. The Council refused, stating that the information was the personal data of the individuals who had submitted the complaints, and disclosing it would breach GDPR principles. The complainant then refined his request to a list of complaints with dates and summaries, but the Council again refused, citing the same reason. After an internal review upheld this position, the complainant contacted the Information Commissioner on June 15, 2019. Upon review, the Commissioner found that all the information was the complainant's own personal data, as the complainant and his family had owned or occupied the property in question during the specified period. The Commissioner thus applied Regulation 5(3) of the Environmental Information Regulations 2004 (EIR) to prevent disclosure.

Holding

The Information Commissioner held that since the complainant and his family had owned or occupied the property during the time specified in the request, all the information within the scope of the request was the complainant's own personal data. The Commissioner applied Regulation 5(3) of the EIR, which exempts personal data of the requester from disclosure under EIR. The Council's argument that disclosing the information would breach GDPR principles was not sufficient, as the data in question was primarily the complainant's own personal data. No further steps were required under the EIR.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!