Registered with
Monday 7th January 2019

Latest Comments

Total Number of Property118 Comments: 2


15:17 PM, 9th February 2019, About 3 years ago

Is the ICO fit for purpose?

Reply to the comment left by Larry Sweeney at 07/01/2019 - 15:48

> Re comment by Mrmr93. Incorrect. GDPR regs are clear. Data collected must not be excessive. A local authority asking for addresses of properties outside of their borough is indeed excessive.

I think you may have confused your feeling that collecting this data is 'excessive' -- more than you would like -- with the GDPR's use, where data must be necessary for the purposes the controller states. To collect this data to measure the scale and scope of landlords, or for other related regulatory purposes, would seem to meet those purposes.

> Re the second point, How can the council maintain this data as accurate and up to date. ... There is no law mandating that he should inform every council in the country of his aquisitions/disposals therefore the data held will not be current leaving the council in clear breach.

I'm not sure the term 'breach' is a good choice here. The GDPR requires that data is accurate in the sense that

* the controller should take reasonable steps to 'rectify' or erase incorrect information (Article 5(1)(d))
* the data subject can prompt the controller to update inaccurate data (Article 16)
* the ICO can order the controller to update inaccurate data (Article 58(1)(g)).

This does nothing to change the legality of the data's collection under the GDPR. It would also be easy to argue that it's not a 'reasonable step' to pass a law.

> Most Tellingly neither Sefton nor their ICO pals could tell the Alliance when tasked ,how the Council could keep the data current and up to date.

If I had to guess the answer: it's probably in the terms of the license that the data must be kept up to date. This makes out-of-date data fraud on the part of the landlord, and the council can discharge any liability for it onto the landlord.... Read More


15:30 PM, 7th January 2019, About 3 years ago

Is the ICO fit for purpose?

I can appreciate that it's hard to grasp the content of the GDPR without reading it, but there seems to be no case here.

From GDPR Article 6:
1. Processing shall be lawful only if and to the extent that at least one of the following applies:
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
4. Where the processing for a purpose other than that for which the personal data have been collected is not based
on the data subject's consent or on a Union or Member State law which constitutes a necessary and proportionate
measure in a democratic society to safeguard the objectives referred to in Article 23(1), the controller shall, in order to
ascertain whether processing for another purpose is compatible with the purpose for which the personal data are
initially collected, take into account, inter alia:

To try and argue that this wasn't an exercise of official authority would be madness, and the council can use the information for anything related (if it meets 6.4's tests). The ICO was right to throw this out.... Read More