ICO - FER0851659
| ICO (UK) - FER0851659 | |
|---|---|
 | |
| Authority: | ICO (UK) |
| Jurisdiction: | United Kingdom |
| Relevant Law: | Article 4(1) GDPR Article 9 GDPR Article 10 GDPR Regulation 5(3) EIR |
| Type: | Complaint |
| Outcome: | Rejected |
| Started: | |
| Decided: | 01.11.2019 |
| Published: | |
| Fine: | None |
| Parties: | Canterbury City Council |
| National Case Number/Name: | FER0851659 |
| European Case Law Identifier: | n/a |
| Appeal: | n/a |
| Original Language(s): | English |
| Original Source: | ICO (in EN) |
| Initial Contributor: | n/a |
The Commissioner ruled that complaints about a property were the complainant's personal data and applied Regulation 5(3) of the EIR to prevent disclosure,
English Summary
Facts
On February 5, 2019, the complainant requested from Canterbury City Council ("the Council") copies of complaints made by third parties about a specific address from 1978 to December 2018. The Council refused, stating that the information was the personal data of the individuals who had submitted the complaints, and disclosing it would breach GDPR principles. The complainant then refined his request to a list of complaints with dates and summaries, but the Council again refused, citing the same reason. After an internal review upheld this position, the complainant contacted the Information Commissioner on June 15, 2019. Upon review, the Commissioner found that all the information was the complainant's own personal data, as the complainant and his family had owned or occupied the property in question during the specified period. The Commissioner thus applied Regulation 5(3) of the Environmental Information Regulations 2004 (EIR) to prevent disclosure.
Holding
The Information Commissioner held that since the complainant and his family had owned or occupied the property during the time specified in the request, all the information within the scope of the request was the complainant's own personal data. The Commissioner applied Regulation 5(3) of the EIR, which exempts personal data of the requester from disclosure under EIR. The Council's argument that disclosing the information would breach GDPR principles was not sufficient, as the data in question was primarily the complainant's own personal data. No further steps were required under the EIR.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
