GDPR & related issues - Public forum - Planning Advisory Service (PAS)

Don't forget when you're talking to GDPR 'experts' there are specific stat requirements in the DMPO to include the applicant's name on notices etc

Hi, my background is GDPR, not Planning, so I might need pointing in the right direction.

By "stat neighbour notification letters" are we talking about notices per The Town and Country Planning (Development Management Procedure) (England) Order 2015 Sch 3, which relate to Articles 15 and 16?

If so, and allowing A15 applies (A16 looks rather more niche) it seems that the LPA has the choice, under both ss(4) and ss(5), to either serve the "requisite notice" (defined by ss(10) as being the relevant item in Sch 3) or to notify via "site display".

In GDPR terms, even act of processing personal data has to have a lawful basis.  And the relevant lawful basis would look to be either UK GDPR A6(1)(c) "Legal Obligation" or (e) "Public Task", the latter supported by DPA2018 s8(c).

Either way, it's definitely not a breach as statute provides you with a legal gateway to, via A5 and Sch 3, disclose the applicants personal information to either the neighbours directly, or to anyone who walks past the site notice.

It's worth identifying the correct lawful basis, not only because we are legally obliged to, but because the Data Subjects rights are determined by that relationship - they get less rights under LO compared to PT, for example there is no Right To Object under LO but there is under PT.

However UK GDPR A6(3) allows the UK to set out, by reference to the nature of the processing, some scenarious which are versions of LO and PT but where the rights which are normally awared by that lawful basis are modified.

For example DPA2018 Sch 2 Para 5(2) would appear to apply to "stat neighbour notification letters" and Para 5(1) would appear to apply to "site notices".

To qualify for the modifications in Para 5 the question is, due to statute is the LPA required to disclose information this way?  Afterall it appears to have discretion between the two notification methods.  Personally I believe the LPA is required to disclose, that it has a choice about how is not relevant to the underlying duty.

If you can claim rights to Para 5, you can then access the modificaitons in Para 1.

It looks as though there are provisions, in A15, for publication on website too - but I won't go into that in case I've completely misunderstood the scenario presented in the original post.

I've always understood there to be a legal requirement in having applicant's names on notices etc but I know that Coventry City Council a good few years ago made a decision to stop publishing applicant details except for majors or companies stating GDPR: https://www.coventrytelegraph.net/news/coventry-news/coventry-planning-applications-gdpr-17007236

This has scratched many planning, information governance and legal brains over many years.

The upshot of my understanding, informed by colleagues from the aforement specialisms, is that whilst planning legislation commands that the register must hold certain details, in the interests of transparency and open governement, as well as continual efficiencies to which the LGAct imposes an obligation on all local authorities; most LPAs now utilise their website in distributing the relevant information in the publicity requirements of various application types. This extends to appeals and, to a far more limited degree, enforcement.

The holding and retention of information to process live and recently determined casework is legitimate, and done under legal provisions - including the openness regulations which effectively point to any email or correspondence which is material in making a decision to being a 'background paper', carrying a minimum retention of 4 years. There is then business interest in justifying longer retention periods, given sites may take several years to build out and original correspondence may be key in discharging conditions and planning obligations, etc.

The publishing of information around such cases is very different. There is nothing in law which states an LPA must publish anything so that it is freely available to obtain online. However, as noted above, most do. It is then incumbent to consider the manner in which information can be redacted or anonymysed to acheive an appropriate publication and protection of personal data, and this is where an element of professional judgement comes into play - in the absence of prescribed 'rules'. Some outcomes might include:

• No applicant name/address on the copy of the form on the planning register (the Portal remove some information, but not all)
• Applicant name/address appears on the form on the planning register (noting Portal privacy notices and also ensuring the LPA's reflects this approach)
• Applicant name only on the decision notice (as that is the only thing which remains relevant thereafter, for the purposes of right of appeal)
• Representations to carry the name or address of the person commenting only (not both) so to limit the ability to link individuals to locations (although, again, the LPA's privacy notice needs to cover this off, and notification letters/site notices need to advertise this privacy notice)

Remember also that the DMPO provides template notices, etc. but the wording in the Articles only require a notice substantively in that form (i.e. it does not have to be a 100% match). Ask youself whether the recipient of the notification/notice would be prejudiced if they did not have the information - if it were the applicant's name on a site notice, I struggle to see how this is material to the assessment and eventual decision made.

Bottom line is that there is an element of judgement around the best approach. The PAS guide to GDPR June 2021 is the best place to start, before then developing what is approrpiate for your authority in terms of the corporate approach to data protection, systems used and their capabilities, and then logistics for the planning service in redacting and retaining personal data.