ICO - FS50867142

From GDPRhub
Revision as of 11:36, 21 February 2020 by AL (talk | contribs) (Created page with "{| class="wikitable" style="width: 25%; margin-left: 10px; float:right;" ! colspan="2" |ICO - FS50867142 |- | colspan="2" style="padding: 20px; background-color:#023868;" |F...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
ICO - FS50867142
ICOLOGO.png
Authority: ICO (UK)
Jurisdiction: United Kingdom
Relevant Law:

Article 4(1) GDPR

Article 5(1)(a) GDPR

Article 6(1)(f) GDPR

Section 3(2) Data Protection Act 2018 (DPA 2018)

Sections 30(1), 38(1), 40(2) and 40(3A)(a) Freedom of Information Act (FOIA)

Type: Complaint
Outcome: Dismissed
Decided: 3. 2. 2020
Published: n/a
Fine: none
Parties: Devon and Cornwall Police
National Case Number: FS50867142
European Case Law Identifier: n/a
Appeal: n/a
Original Language:

English

Original Source: ICO (EN)

The ICO decided that Devon and Cornwall Police rightly refused to disclose information about the death of a man with mental health issues who had been restrained with an emergency response belt while in police custody. It considered the information personal data and it found that disclosure would be generally unlawful, since the admitted legal basis of legitimate interest is not sufficient to outweigh the data subject’s fundamental rights and freedoms.

English Summary

Facts

The complainant had requested from Devon and Cornwall Police (“D&CP”) information about the death of a man with mental health issues, who had been restrained with an emergency response belt while in police custody.

D&CP referred the complainant to some information in the public domain, said that some of the information described in the request was not held and said that the remainder was exempt from disclosure under section 30(1) (investigations and proceedings), section 38(1) (health and safety) and section 40(2) (personal information) of the FOIA.

Dispute

The ICO had to assess whether the requested information constitutes personal data according to the Data Protection Act 2018 (DPA 2018). Then, if it is personal data, the ICO must establish whether disclosure of that data would breach any of the data protection principles under the DPA 2018.

Holding

Starting its assessment the ICO found that the withheld information constitutes personal data. It noted that according to Section 40 of the FOIA, the exemption from disclosure applies when the disclosure to the public would contravene any principles laid down in Article 5 GDPR. The most relevant data protection principles in this case was lawfulness, fairness and transparency of processing according to Article 5(1)(a) GDPR. As for the lawfulness, the ICO considers that there is a legitimate interest according to Article 6(1)(f) GDPR. However, this legitimate interest proves insufficient to outweigh the data subjects’ fundamental rights and freedoms, hence the disclosure of the information would not be generally lawful. Given that disclosure would be unlawful, the ICO considered that she does not need to go on to separately consider whether disclosure would be fair or transparent.

Finally, the ICO decided that D&CP was entitled to withhold the information requested under section 40(2), by way of section 40(3A)(a)of the FOIA.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English official version

No need for automated translation. Please refer to the original English decision for details.