Home Decisions

Decision 151/2020

Decision 151/2020: Information relating to two planning applications

Public authority: Perth and Kinross Council
Case Ref: 202000638

Summary

The Council was asked for information relating to two planning applications.

The Council made some information available. It redacted other information it considered to be personal data, excepted under the EIRs.

The Commissioner accepted that, by the time it provided an updated response to the Applicant's request for review, the Council provided any relevant information it held. It was also entitled to redact certain personal data from part of one document, but not to withhold other personal data it disclosed during the investigation.

Relevant statutory provisions

The Environmental Information (Scotland) Regulations 2004 (the EIRs) regulations 2(1) (paragraphs (a), (b) and (c) of definition of "environmental information", "the data protection principles", "data subject", "the GDPR" and "personal data"), 5(1) and (2)(b) (Duty to make available environmental information on request); 11(2), (3A)(a) and (7) (Personal data)

General Data Protection Regulation (the GDPR) articles 5(1)(a) (Principles relating to processing of personal data); 6(1)(f) (Lawfulness of processing)

Data Protection Act 2018 (the DPA 2018) sections 3(2), (3), (4)(d), (5) and (10) (Terms relating to the processing of personal data)

The full text of each of the statutory provisions cited above is reproduced in Appendix 1 to this decision. The Appendix forms part of this decision.

Background

1. On 27 September 2019, the Applicant made a request for information to Perth and Kinross Council (the Council). The information requested was:

Copies of all correspondence and contacts, to include, emails, letters, memos, notes of phone calls, records of meetings, reports, etc., between Perth & Kinross Council officers and the applicants or their agents in relation to planning applications 19/00090/FLL and 17/01260/FLL not otherwise available on the Public Access portal.

2. The Applicant noted that the request was to include all items detailed from 12 September 2019 onward to date, including post-determination discussion and advice relating to 17/01260/FLL and any contact in relation to the DPEA Appeal and decision. It was also to include all internal and external consultations and legal advice sought/provided by and/or obtained by Perth and Kinross Council officers, from any source, in relation to both planning applications.

3. Specifically in regard to 19/00090/FLL, the Applicant stated that the request was to include all discussion and advice on the suitability or otherwise of the proposal and all correspondence and contacts, to include, emails, letters, memos, notes of phone calls, records of meetings, reports etc., between Perth & Kinross Council officers and the applicants or their agents from 12 September 2019 to date.

4. The Council responded on 25 October 2019, disclosing information in two documents, subject to redaction of information it considered to be personal data (to which it applied regulation 11 of the EIRs).

5. On 27 November 2019, the Applicant wrote to the Council requesting a review of its decision on the basis that photographs referred to in one of the documents had not been provided, nor had correspondence alluded to in an email exchange between the case officer and the agent for the applicant. The Applicant also asked that, on review, any other information overlooked in error and relevant to his request be supplied to him.

6. The Council notified the Applicant of the outcome of its review on 20 December 2019. In response, the Council acknowledged that its response to the Applicant's request was incorrect insofar as it did not include the photographs. The Council apologised for this and enclosed the photographs. With regard to the correspondence referred to in the Applicant's requirement for review, the Council explained that this was the Applicant's own correspondence with the Council, which it believed he should have copies of. The Council commented that it was not aware of any other relevant information which had been deliberately withheld or overlooked in error.

7. On 7 January 2020, the Applicant contacted the Council in relation to its response to his requirement for review. With regard to the correspondence, he stated that he believed there should be further correspondence related to the letter in question.

8. The Council provided an updated review response on 10 January 2020. It provided the Applicant with three further documents, subject to the redaction of information it considered to be personal data under regulation 11 of the EIRs.

9. On 15 June 2020, the Applicant wrote to the Commissioner, applying for a decision in terms of section 47(1) of the Freedom of Information (Scotland) Act 2002 (FOISA). By virtue of regulation 17 of the EIRs, Part 4 of FOISA applies to the enforcement of the EIRs as it applies to the enforcement of FOISA, subject to specified modifications. The Applicant stated he was dissatisfied with the outcome of the Council's review because:

  • He considered he was entitled to have full access to the information requested, despite it being redacted and withheld from him
  • He remained unconvinced that he had been given access to all documents that should be held on file and record which he believed he was entitled to
  • He considered it to be in both his interests and those of the wider public that the withheld information be made available, in order that proper scrutiny and accountability could be exercised in the interests of best practice, openness and fairness, and of upholding the public trust in the planning system and democracy.

Investigation

10. The application was accepted as valid. The Commissioner confirmed that the Applicant made a request for information to a Scottish public authority and asked the authority to review its response to that request before applying to him for a decision.

11. On 4 August 2020, the Council was notified in writing that the Applicant had made a valid application. The case was allocated to an investigating officer.

12. Section 49(3)(a) of FOISA requires the Commissioner to give public authorities an opportunity to provide comments on an application. The Council was invited to comment on this application and to answer specific questions. These related to the actions and searches undertaken by the Council to determine what recorded information it held falling within scope of the Applicant's request, together with the reasons for applying regulation 11 to information it deemed to be personal data. The Council was also asked to send the Commissioner the information that had been withheld from the Applicant.

13. During the investigation, the Council confirmed that it was willing to make available certain of the personal data previously withheld from the Applicant. This information was provided to the Applicant on 14 October 2020. Given that the Council has now made this information available to the Applicant, without any reasons for it being withheld earlier, the Commissioner must find that it breached regulation 5(1) of the EIRs in failing to disclose this information in response to the Applicant's request.

14. Submissions were also received from the Applicant, during the investigation, in relation to why he considered he had a legitimate interest in receiving the information deemed by the Council to be personal data.

Commissioner's analysis and findings

15. In coming to a decision on this matter, the Commissioner considered all of the withheld information and the relevant submissions, or parts of submissions, made to him by both the Applicant and the Council. He is satisfied that no matter of relevance has been overlooked.

Handling in terms of the EIRs

16. The Council processed the Applicant's request and requirement for review in accordance with the EIRs.

17. Where information falls within scope of the definition of "environmental information" in regulation 2(1) of the EIRs, a person has a right to access it (and the public authority a corresponding obligation to respond) under the EIRs, subject to various restrictions and exceptions contained in the EIRs.

18. The Applicant has not challenged the Council's decision to deal with the information as environmental information. The Commissioner is satisfied that the information does comprise environmental information and will consider the handling of the request in what follows solely in terms of the EIRs.

Regulation 5(1) of the EIRs - Duty to make environmental information available

19. Regulation 5(1) of the EIRs requires a Scottish public authority which holds environmental information to make it available when requested to do so by an applicant. The obligation relates to information that is held by the authority when it receives a request.

20. On receipt of a request for environmental information, therefore, the authority must ascertain what information it holds falling within scope of the request. Having done so, regulation 5(1) requires the authority to provide that information to the requester, unless a qualification in regulations 6 to 12 applies (regulation 5(2)(b)).

21. In order to ascertain whether all relevant information had been identified, the Council was asked to explain the steps it took to establish what information it held that fell within the terms of the Applicant's request.

22. The Council explained that the request related to two particular planning applications and all information related to a planning application is methodically held in the Planning system, to ensure that legislative requirements for the planning register are met. The Council commented that most of the information is published on the Public Access portal. However, some is withheld because it falls outwith the definition of what should be publicly available. The Council also noted that each planning application has an assigned case officer, who deals with all correspondence sent and received relating to the case.

23. The Council stated that there should be no other information held by the Council related to a planning application.

24. As a consequence of the systems in place and the processes followed by the Council in respect of planning information, the Council asserted that obtaining all information held which fell within scope of the request was simply a matter of asking for the information from the relevant electronic case file.

25. The Council provided submissions evidencing the nature of the searches carried out prior to responding to both the Applicant's request for review and his subsequent challenge to the Council's response.

26. The standard of proof to determine whether a public authority holds information is the civil standard of the balance of probabilities. In determining where the balance of probabilities lies, the Commissioner considers the scope, quality, thoroughness and results of the searches carried out by the public authority. He also considers, where appropriate, any reason offered by the public authority to explain why it does not hold the information.

27. Having considered all of the submissions from the Council and the terms of the request, the Commissioner does not accept that adequate and proportionate searches were carried out by the Council at the time it responded to the Applicant's request. However, he does accept that the further searches carried out following the Applicant's request for review and subsequent challenge to that response would have been capable of identifying any further information held by the Council falling within scope of the Applicant's request (as it did). As not all of this had been done by the time the Council issued its review outcome, however, the Commissioner must find that the Council did not comply fully with regulation 5(1) of the EIRs in identifying and locating any relevant information it held.

Regulation 11(2) of the EIRs - Personal data

28. The Council relied on the exception in regulation 11(2) (as read with regulation 11(3A)(a)) for withholding some information in the copy of its response to an information request disclosed to the Applicant. This was the information provided to the Applicant following his challenge to the Council's response to his requirement for review.

29. The Council provided the Applicant with a copy of the response it provided to the person who made the information request. This included all the redactions that had been applied to the information disclosed to that requester. The only additional redaction applied when this information was disclosed to the Applicant was in respect of the name and contact details of the requester: this is the information being considered by the Commissioner here.

30. The Council has submitted that the redacted information constitutes personal data, disclosure of which in response to this request would breach the first and second data protection principles in Article 5(1) of the GDPR ("lawfulness, fairness and transparency" and "purpose limitation").

31. Regulation 10(3) of the EIRs provides that a Scottish public authority can only make personal data in environmental information available in accordance with regulation 11. Regulation 11(2) provides that personal data shall not be made available where the applicant is not the data subject and other specified conditions apply. These include where disclosure would contravene any of the data protection principles in the GDPR or in the DPA 2018 (regulation 11(3A)(a)).

Is the withheld information personal data?

32. The first question the Commissioner must address is whether the information is personal data in terms of section 3(2) of the DPA 2018.

33. "Personal data" is defined in section 3(2) of the DPA as "any information relating to an identified or identifiable individual". Section 3(3) of the DPA 2018 defines "identifiable living individual" as a "living individual" who can be identified, directly or indirectly, in particular by reference to -

(i) An identifier such as a name, an identification number, location data, or an online identifier, or

(ii) One or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual."

34. Information will "relate" to a person if it is about them, linked to them, has biographical significance for them, is used to inform decisions affecting them, or has them as its main focus.

35. An individual is "identified" or "identifiable" if it is possible to distinguish them from other individuals.

36. In its submissions, the Council explained that the withheld information comprised the name and contact email address of the requester.

37. Having considered the Council's submissions and the withheld information, the Commissioner accepts that the name and contact details can be linked to a named individual (to whom it can be said to relate, in the circumstances) and so is satisfied that the individual data subject can be identified from the redacted information.

38. The Commissioner is therefore satisfied that the redacted information is personal data as defined in section 3(2) of the DPA 2018.

Would disclosure contravene one of the data protection principles?

39. Article 5(1)(a) of the GDPR requires personal data to be processed "lawfully, fairly and in a transparent manner in relation to the data subject."

40. The definition of "processing" is wide and includes (section 3(4)(d) of the DPA 2018) "disclosure by transmission, dissemination or otherwise making available". For the purposes of the EIRs, personal data are processed when made available in response to a request. This means that the personal data can only be made available if doing so would be both lawful (i.e. it would meet one of the conditions for lawful processing in Article 6(1) of the GDPR) and fair.

41. The Council did not consider any conditions in Article 6(1) applied in the circumstances of the case. In considering this, the Commissioner has looked at condition 6(1)(f) as the only one which might potentially apply in the circumstances.

Condition (f): legitimate interests

42. Condition (f) states that the processing will be lawful if it is necessary for the purposes of legitimate interests pursued by the data controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data (in particular where the data subject is a child).

43. Although Article 6 states that this condition cannot apply to processing carried out by a public authority in performance of their tasks, regulation 11(7) of the EIRs (see Appendix 1) makes it clear that public authorities can rely on Article 6(1)(f) when responding to requests under the EIRs.

44. The tests which must be met before Article 6(1)(f) can apply are as follows:

a) Does the Applicant have a legitimate interest in obtaining the personal data?

b) If so, would making the personal data available be necessary to achieve that legitimate interest?

c) Even if the processing would be necessary to achieve that legitimate interest, would that be overridden by the interests or fundamental rights and freedoms of the data subject(s)?

Does the Applicant have a legitimate interest in obtaining the personal data?

45. There is no definition within the DPA 2018 of what constitutes a "legitimate interest", but the Commissioner takes the view that the terms indicate that matters in which an individual properly has an interest should be distinguished from matters about which he or she is simply inquisitive. In the Commissioner's published guidance on personal information[1] it states:

"In some cases, the legitimate interest might be personal to the applicant, e.g. he or she might want the information in order to bring legal proceedings. With most requests, however, there are likely to be wider legitimate interests, such as the scrutiny of the actions of public bodies or public safety."

46. The Council was of the view that the Applicant did not have any legitimate interest in knowing the identity of the requester, regardless of the relevance of the subject of the request to him.

47. The Applicant submitted that he was entitled to receive the withheld information and explained that, in the time it had taken to process these planning applications, many alarming indicators and evidence has been uncovered which led him to conclude that the public interest (in relation to the Council's handling of the planning process) was not being well served in this instance.

48. The Applicant referred to several emails he had sent to and received from the Council regarding its handling of these planning applications, to justify why he is of the view that the planning process applied by the Council in this case was of serious concern to the public.

49. It is the Applicant's contention that the history contained in these emails has exposed a lack of any commitment to proper investigation and scrutiny when serious matters in regard to process are brought to the attention of the most senior responsible officers in the Council.

50. It is for these reasons that the Applicant believes that the withheld information should be made public, in order that public scrutiny can enable accountability to be satisfied.

51. Having considered both the submissions from the Council and the Applicant, the Commissioner accepts that the Applicant was pursuing a legitimate interest in seeking to understand actions taken, and the process followed by, the Council in respect of the processing of these two planning applications.

52. However, the withheld information in this case is the name and contact details of an individual who submitted an information request to the Council. While this individual did have an input into these two planning applications, the Applicant is already aware of who they are and knowledge of their name and contact details would not assist the Applicant in understanding any better the reasoning applied by the Council, or the actions taken by it, when considering and processing these two planning applications. The information is peripheral to these concerns, at best. The Commissioner does not, therefore, consider that the Applicant has a legitimate interest in receiving this information.

53. As the Commissioner has concluded that the Applicant does not have a legitimate interest in receiving the personal data redacted in this case, he finds that condition (f) of Article 6(1) of the GDPR cannot be satisfied. Accordingly, he accepts that making the personal data would be unlawful.

54. Given that the Commissioner has found that the processing would be unlawful, he is not required to go on to consider separately whether making the personal data available is necessary to fulfil any legitimate interest or the data subject's interests or fundamental rights and freedoms (or balance them against any legitimate interest in making the information available).

55. In all the circumstances of the case, in the absence of a condition in Article 6(1) of the GDPR being met, the Commissioner must conclude that making the personal data available would breach the data protection principle in Article 5(1)(a) of the GPDR. Consequently, he is satisfied that making the personal data available is not permitted by regulation 11(2) of the EIRs.

56. As mentioned previously, the Council also argued that making the withheld personal data available would breach the data protection principle in Article 5(1)(b) of the GDPR. Because the Commissioner has found that making the withheld personal data available would be unlawful in terms of the data protection principle in Article 5(1)(a) of the GDPR, he need not (and will not) go on to consider whether disclosure would also breach the data protection principle in Article 5(1)(b).

Decision

The Commissioner finds that Perth and Kinross Council (the Council) partially complied with the Environmental Information (Scotland) Regulations 2004 (the EIRs) in responding to the information request made by the Applicant.

The Commissioner finds that the Council was entitled to rely on regulation 11(2) of the EIRs for withholding certain personal data from the Applicant.

However, he finds that the Council was not entitled to rely on the exception in regulation 11(2) for withholding information it subsequently disclosed during the investigation. The Commissioner therefore finds that the Council failed to comply with regulation 5(1) of the EIRs in this respect.

The Commissioner also finds that, while the Council had carried out thorough and adequate searches by the time it provided an updated response to the Applicant's requirement for review, it had not done so in carrying out the review itself. To the extent that it failed to do so, the Council failed to comply with regulation 5(1) of the EIRs.

Given that the Council disclosed the information it did not consider to be excepted from disclosure during this investigation (and had already carried out adequate searches by that point), the Commissioner does not require the Council to take any action in respect of these failures, in response to the Applicant's request.

Appeal

Should either the Applicant or Perth and Kinross Council wish to appeal against this decision, they have the right to appeal to the Court of Session on a point of law only. Any such appeal must be made within 42 days after the date of intimation of this decision.

Margaret Keyse
Head of Enforcement
27 November 2020

Appendix 1: Relevant statutory provisions

The Environmental Information (Scotland) Regulations 2004

2 Interpretation

(1) In these Regulations -

"environmental information" has the same meaning as in Article 2(1) of the Directive, namely any information in written, visual, aural, electronic or any other material form on -

(a) the state of the elements of the environment, such as air and atmosphere, water, soil, land, landscape and natural sites including wetlands, coastal and marine areas, biological diversity and its components, including genetically modified organisms, and the interaction among these elements;

(b) factors, such as substances, energy, noise, radiation or waste, including radioactive waste, emissions, discharges and other releases into the environment, affecting or likely to affect the elements of the environment referred to in paragraph (a);

(c) measures (including administrative measures), such as policies, legislation, plans, programmes, environmental agreements, and activities affecting or likely to affect the elements and factors referred to in paragraphs (a) and (b) as well as measures or activities designed to protect those elements;

"the data protection principles" means the principles set out in -

(a) Article 5(1) of the GDPR, and

(b) section 34(1) of the Data Protection Act 2018;

"data subject" has the same meaning as in the Data Protection Act 2018 (see section 3 of that Act):

"the GDPR" and references to a provision of Chapter 2 of Part 2 of the Data Protection Act 2018 have the same meaning as in Parts 5 to 7 of the Act (see section 3(10), (11) and (14) of that Act);

"personal data" has the same meaning as in Parts 5 to 7 of the Data Protection Act 2018 (see section 3(2) and (14) of that Act);

5 Duty to make available environmental information on request

(1) Subject to paragraph (2), a Scottish public authority that holds environmental information shall make it available when requested to do so by any applicant.

(2) The duty under paragraph (1)-

(b) is subject to regulations 6 to 12.

11 Personal data

(2) To the extent that environmental information requested includes personal data of which the applicant is not the data subject, a Scottish public authority must not make the personal data available if -

(a) the first condition set out in paragraph (3A) is satisfied, or

(b) the second or third condition set out in paragraph (3B) or (4A) is satisfied and, in all the circumstances of the case, the public interest in making the information available is outweighed by that in not doing so.

(3A) The first condition is that the disclosure of the information to a member of the public otherwise than under these Regulations -

(a) would contravene any of the data protection principles, or

(7) In determining for the purposes of this regulation whether the lawfulness principle in Article 5(1)(a) of the GDPR would be contravened by the disclosure of information, Article 6(1) of the GDPR (lawfulness) is to be read as if the second sub-paragraph (disapplying the legitimate interests gateway in relation to public authorities) were omitted.

General Data Protection Regulation

Article 5 Principles relating to processing of personal data

1 Personal data shall be:

a. processed lawfully, fairly and in a transparent manner in relation to the data subject ("lawfulness, fairness and transparency")

Article 6 Lawfulness of processing

1 Processing shall be lawful only if and to the extent that at least one of the following applies:

f. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

Data Protection Act 2018

3 Terms relating to the processing of personal data

(2) "Personal data" means any information relating to an identified or identifiable living individual (subject to subsection (14)(c)).

(3) "Identifiable living individual" means a living individual who can be identified, directly or indirectly, in particular by reference to -

(a) an identifier such as a name, an identification number, location data or an online identifier, or

(b) one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual.

(4) "Processing", in relation to information, means an operation or set of operations which is performed on information, or on sets of information, such as -

(d) disclosure by transmission, dissemination or otherwise making available.

(5) "Data subject" means the identified or identifiable living individual to whom the data relates.

(10) "The GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

[1] [1] http://www.itspublicknowledge.info/Law/FOISA-EIRsGuidance/EIRsexceptionbriefings/Regulation11/Regulation11PersonalInformation.aspx