EPC – Is it private information?

EPC – Is it private information?

14:54 PM, 22nd December 2022, About A year ago 6

Text Size

Just come across something of interest and certainly a discussion point. You can opt out of the EPC register if you do not want other people to be able to see your EPC. (Contact the Department for Levelling Up, Housing and Communities (DLUHC).)

There has already been a debate about if an EPC is private information or not. I’m looking at it from the perspective of if an EPC was removed from the public register. If it’s not in the public domain, how can the Council for example access and see and any EPC? If the Local Authority decides to use its Council Tax or other records to collate a database of properties in the future for example that that do not have valid EPCs to C level, (with a view to contacting the owners of non-compliant properties to pursue prosecution) then surely this would be a breach of personal data?


ICO’s advice on the status of EPCs as personal data

Following is the ICO’s advice in substance, as set out in an email to the BSD dated 31 July 2013:
The issue of the extent to which information about a person’s property is the personal data of the person associated with it can be a difficult judgement. We can understand the logic behind the advice given previously about a property’s EPC certificate being the personal data of the property’s owner. However, our view in this case is that the EPC does not – in itself – constitute personal data. In short, our view is that information about things – for example houses – is only personal data about individuals where it is processed to learn, record or decide something about an identifiable living individual. We explain this for example at points 3.2 and 5 in our ‘Determining what is personal data’ guidance.

For the EPC certificate information to constitute personal data it would have to identify an individual in itself – it does not – or mean that it is reasonably likely that an individual could be identified from it. In our view, it is not reasonably likely that identification will take place. We concede that it would be possible for someone to take the EPC information and to use the Electoral Roll to deduce that ‘[Redacted] of 1 Blair St, Edinburgh lives in a property with an EPC certificate’. However, using our well-established tests of focus and context, we still would not say that the resultant information is the personal data of [Redacted]. It tell us nothing about [Redacted] himself, as the focus of the information is the energy performance of the house, not of [Redacted].

There could be cases where EPC information about [Redacted]’ house does constitute the personal data of [Redacted]. This could be the case where, for example, the Local Authority decides to use its Council Tax or other records to collate a database of houses that do / do not have EPC’s, with a view to contacting the owners of non-EPC properties to promote the scheme, or where a double-glazing company establishes a link between a property and its owner in order to market its products to him or her. However, this is not happening in the case under consideration here.

Drawing the definition of personal data too wide, and replacing the test in the law for one of the possibility of identification would mean, for example, that a newspaper publishing advertisements for houses for sale would be processing the personal data of the houses’ owners because, ultimately, it would be possible for the publisher or a reader to deduce – again using the Electoral Roll – that [Redacted] has a house worth X amount. This is an approach ICO would reject.

Further correspondence in 2015

The Scottish Government had some follow-up correspondence with the ICO in 2015. It was concerned that a 2014 decision notice about a similiar request for EPC data from the Department for Finance and Personnel for Northern Ireland (DFP NI) represented a change in the ICO’s position on when information will or will not be personal data.

The ICO’s policy officer confirmed the position had not changed. The DFP NI decision notice, which was upheld by the First Tier Tribunal, applied to “a very specific set of circumstances” and was mainly about the costs associated with obtaining the data.

The policy officer commented further:

As I understand it, the Scottish Government are approaching the use of EPC data in a different context. You publish the EPC data without reference to any individual owner or occupier on it. Therefore, from the certificate alone, it is not possible to identify any individual, it does not relate to any individual (the data relates to the building), the act of publication is not being done to learn, decide or record anything about individuals but about buildings, and if I’m correct that certificates are only to be updated every 10 years, then the data will be the same regardless of whether the occupier changes during that time so the certificate itself can’t be about an individual. There would need to be some linking of the EPCs by an organisation with other data held by that same organisation for it to become personal data, and only in their hands.

Is the ICO advice still current?

There is a slight possibility that the ICO might provide a different view on the status of EPCs as personal data, if it was asked for fresh advice.

The advice in 2013 and 2015 was given when the Data Protection Act 1998 was in force. The UK General Data Protection Regulation is now the main statutory basis for data protection law in the UK. The Information Commissioner has also changed twice since 2015.

However, the definition of personal data in UK GDPR is functionally identical to that in DPA 1998. The ICO’s ‘Determining what is personal data’ guidance is still in use and has not been updated since 2012.

The analysis in the ICO advice remains robust, as far as I can see.

DLUHC’s position isn’t tenable

The above ICO advice and correspondence confirms my view that DLUHC’s position – that address level data concerning the energy performance of buildings constitutes personal data – cannot be correct.

Unless DLUHC has some other arguments not considered by the ICO in the analysis given to the Scottish Government, it should clarify in its documentation that the EPC records do not contain personal data (in the form in which they are released as bulk data).

DLUHC’s current approach is confusing and serves to discourage re-use of the EPC data.


Share This Article


Lee Chapman

11:50 AM, 23rd December 2022, About A year ago

Personally i have nothing to hide, and feel that if i were to remove anything, the government will only have me jump through hoops at a later stage.

Contended Ted

12:47 PM, 23rd December 2022, About A year ago

I have been making good use of the register so that I can check what I can do to raise the epc rating and what others have done to get a higher rating. If I can reach a C without ridiculous expense then that’s what I will do. Otherwise it may have to be sold. I recognise that the information shared also has commercial value, so at the moment it’s a blessing that could become a curse.

Jan Martin

18:52 PM, 23rd December 2022, About A year ago

I opted out with my properties .

Recently had the mortgage company write to me and tell me that I hadnt got an EPC for my property and I needed to get one .

Reluctant Landlord

9:56 AM, 24th December 2022, About A year ago

I'm just wondering if its worth opting out to avoid the council sniffing! All mine are in date and valid but that's not the point. I'm getting very sceptical in my old age so that if there is no legal need for info to be the public arena, then there is no obligation for me to offer it up either.

Jireh Homes

20:10 PM, 29th December 2022, About A year ago

In Scotland where all rental properties are subject to Licencing, any audit check from Local Council may indicate property does not have a valid EPC and thus appear non compliant.

Requirement for rating to be noted on advert and copy EPC to be provided to tenant.

Challenge for DEA when instructed renewal EPC as required to check if one exists prior to undertaking survey.

Jan Martin

12:59 PM, 30th December 2022, About A year ago

Reply to the comment left by Jireh Homes at 29/12/2022 - 20:10
Yes I live in Wales nd we have Rent Smart Wales to
register with .
Always put EPC rating on any rental or selling adds .
Always there in any property for any applicants to view.

Leave Comments

In order to post comments you will need to Sign In or Sign Up for a FREE Membership


Don't have an account? Sign Up

Landlord Tax Planning Book Now