Is the ICO fit for purpose?

by Larry Sweeney

10:53 AM, 7th January 2019
About 8 months ago

Is the ICO fit for purpose?

Make Text Bigger
Is the ICO fit for purpose?

The information Commissioner Elizabeth Denham has serious questions to answer. The National Landlords alliance has written to her on behalf of its members and with respect to two specific complaints by members one of whom is an elected public official.

The ICO has attempted to fob off the Alliance. Our message for Ms Denham is quite simple. Do the job please.

By way of background:  The Alliance, having studied various Council licensing schemes around the country, has uncovered hard evidence that Local Authorities are breaching GDPR regulations on a wholesale scale. For the purpose of this article, we will confine ourselves to Sefton Council.

On its landlord application this authority demands addresses of properties owned by the landlord applicant in other boroughs. If the Council wanted to check with other authorities with respect to a landlords conduct, perhaps this might be acceptable. but it is an abuse to demand addresses of landlords properties licensed elsewhere.

Sefton quote HMO regs as a justification for obtaining this information. Irrespective of that this is a clear GDPR breach demanding excessive information. If readers are not convinced yet, then look at what follows. The authority as per GDPR has a duty to maintain the data held as current and up to date. If a landlord disposes of his holdings outside of Sefton or purchases a property in Devon or London, the Council will not have the relevant data on file, unless the landlord decides to become involved in assisting Sefton remain GDPR compliant by updating them every time he purchases or sells a property. There is no legal obligation on him to do so.

Therefore,the Council  from the outset are placing themselves in a position where they breach GDPR and Sefton by demanding this data have already done so.

Are the ICO grossly incompetent or is the Information Commissioner trying to protect the council? Either way these authorities are very quick to come down like a ton of bricks on the public, but when the shoe is on the other foot we see how slow they are to prosecute their tax payer funded pals.

Meanwhile the other landlord associations are too busy flogging courses or publishing Shelter poetry, to take up this baton.

Landlords for real representation, join the Alliance >> https://www.property118.com/the-alliance-is-launched/

Finally Ms Denham, do your job or resign.



Comments

Larry Sweeney

16:10 PM, 7th January 2019
About 8 months ago

No Annie, we will not be posting information given to us in confidence.
As regards our tweets about the employment tribunal ruling against your favourite charity. We are happy to assist. It is in the public domain. You could use google or look at our latest tweet. This post is about the ICO and not Shelter.

Luke P

17:23 PM, 7th January 2019
About 8 months ago

Reply to the comment left by mrmr1993 at 07/01/2019 - 15:30
From Article 5:

"Personal data shall be:

processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);

collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);

adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

accurate and, where necessary, **KEPT UP TO DATE**; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);"

James Mann

21:02 PM, 7th January 2019
About 8 months ago

Larry, the reason why no other landlord representatives are tackling this is because it is predominately not a landlord issue. As far as I can see, there is widespread disregard of GDPR regulations from Government, councils, financial services companies, social media companies etc etc. There is no interest in policing this and your data is kept for years and/or sold just as before. How you think you will have any effect on these EU regulations which have been steamrollered in, i do not know.

Larry Sweeney

7:34 AM, 8th January 2019
About 8 months ago

Thank you James for your point. Up to recently it probably was not so much a landlord issue, however with the advent of these licensing schemes it is now very much a relevant issue. Landlords are being forced to disclose information which is excessive and councils cannot comply with GDPR. We have cases of councils sending information about housing benefit claimants to the wrong landlords. It is a complete mess, and the useless ICO are enabling these breaches. The other landlord organisations are appalling.

Peter Fredericks

11:42 AM, 8th January 2019
About 8 months ago

Reply to the comment left by Larry Sweeney at 08/01/2019 - 07:34I wholly agree. I have been asked for ridiculous amounts of personal data from Salford City Council even to the extent of them asking for tax reference numbers and other confidential data that has nothing to do with the assessment of fitness for the purposes of granting a selective landlord licence. The Council also will not say what safeguards it has in place to protect personal data held electronically.
The ICO has in fact been ignored by the Council and the ICO has told me that my remedy is to sue the Council. I have emailed the Information Commissioner Liz Denham asking that the ICO prosecute the Council and await to hear further.
All this shows is that our constitutional checks and balances and tipped very heavily against the interests of the citizen (in fact in the UK we're not even citizens with proper rights as such but subjects of the Crown, another piece of prize medieval nonsense, but that's a different rant!).

Elizabeth

16:19 PM, 8th January 2019
About 8 months ago

Reply to the comment left by Peter Fredericks at 08/01/2019 - 11:42
I couldn't agree more with your last paragraph Peter. It may be a 'different rant' but it is a very pertinent one. We are indeed subjects not citizens. And these medieval, feudal relations characterise much of the interaction between government bodies and the individual in this country - as manifest in the Local Council actions outlined by you and by Larry.

Annie Landlord

16:43 PM, 8th January 2019
About 8 months ago

Reply to the comment left by Larry Sweeney at 07/01/2019 - 16:10
Yes I had found it, thank you. A little something for the obsession but no help to landlords

Larry Sweeney

19:56 PM, 8th January 2019
About 8 months ago

To Elizabeth and Peter, if you could both email a synopsis of your cases and any reference numbers to us at the Alliance info@landlordsalliance.co.uk we will include them in our file to parliament. At this point we are looking for the resignation of Elizabeth Denham and a public enquiry. We are fighting non stop for landlords unlike the other two so called landlord representative bodies.

Colin McNulty

9:09 AM, 13th January 2019
About 7 months ago

mrmr1993 > "I can appreciate that it's hard to grasp the content of the GDPR without reading it"

Wow, passive aggressive much!?!

I too had to fill in a Sefton council's license form and balked at the amount of irrelevant information they asked for. Forget keeping it up to date, listing other licensed premises out of the council area is simply not relevant for processing the application in hand. How are the going to "process" that information?

ICO is the tool the gov't use to beat on companies and individuals. It's not a tool designed for companies and individuals to challenge gov't. Sadly a Judicial Review is likely the only viable route here.

Re councils, it really gets my goat when a council calls me and asks: "Can you give us the forwarding address of your ex-tenant please, we're chasing him for council tax?" but when I call them and ask the same re rent arrears, they shout: "Data Protection!!" and end the call!

Last year I saw a mate who happens to work in the compliance dept of a local council and I asked him how his week had been: "Interesting" he replied, "I've spent all week breaching the Data Protection Act. I've been downloading data from the council tax register, and using it to check the benefits database, looking for benefit cheats!" He reckoned he'd identified a few £millions worth of benefits cheats.

He knew what he was doing, to process council tax data for a purpose it wasn't collected for, was wrong but didn't care, nor did his management. (Though why don't councils have this power anyway, I thought they did??)

mrmr1993

15:17 PM, 9th February 2019
About 7 months ago

Reply to the comment left by Larry Sweeney at 07/01/2019 - 15:48
Larry,

> Re comment by Mrmr93. Incorrect. GDPR regs are clear. Data collected must not be excessive. A local authority asking for addresses of properties outside of their borough is indeed excessive.

I think you may have confused your feeling that collecting this data is 'excessive' -- more than you would like -- with the GDPR's use, where data must be necessary for the purposes the controller states. To collect this data to measure the scale and scope of landlords, or for other related regulatory purposes, would seem to meet those purposes.

> Re the second point, How can the council maintain this data as accurate and up to date. ... There is no law mandating that he should inform every council in the country of his aquisitions/disposals therefore the data held will not be current leaving the council in clear breach.

I'm not sure the term 'breach' is a good choice here. The GDPR requires that data is accurate in the sense that

* the controller should take reasonable steps to 'rectify' or erase incorrect information (Article 5(1)(d))
* the data subject can prompt the controller to update inaccurate data (Article 16)
* the ICO can order the controller to update inaccurate data (Article 58(1)(g)).

This does nothing to change the legality of the data's collection under the GDPR. It would also be easy to argue that it's not a 'reasonable step' to pass a law.

> Most Tellingly neither Sefton nor their ICO pals could tell the Alliance when tasked ,how the Council could keep the data current and up to date.

If I had to guess the answer: it's probably in the terms of the license that the data must be kept up to date. This makes out-of-date data fraud on the part of the landlord, and the council can discharge any liability for it onto the landlord.

1 2

Leave Comments

Please Log-In OR Become a member to reply to comments or subscribe to new comment notifications.

Forgotten your password?

OR

BECOME A MEMBER

PRA stress tests and the benefits of incorporation - With Kate Faulkner

The Landlords Union

Become a Member, it's FREE

Our mission is to facilitate the sharing of best practice amongst UK landlords, tenants and letting agents

Learn More