In the planning application Y19/0257/FH – Otterpool Park the document – Statement Of Community Involvement – has been submitted. At page 9 of the document it states:
The developers of the Otterpool Park project are Folkestone & Hythe District Council & Cozumel Estates Limited – a British Virgin Islands company.
This letter was sent out by the joint developers, Folkestone & Hythe Distict Council and Cozumel Estates Ltd. This means the Council, acting as the Council and not as the developer would have had to share your address details with the developers for you to receive the letter. Your address is ‘personal data’ under both the old Data Protection Act 1998 (DPA) and the new DPA 2018.
At the time the developers sent out this letter the law that was relevant was the Data Protection Act 1998 (now superseded by the DPA 2018)
In doing so, this may well have breached your data rights under the old Data Protection Act 1998, as the Council shared your personal datawithout your consent to do so with the developers.
Not just that, they also shared your data with a company overseas and so transferred your data to Cozumel Estates Ltd. Now for those of you who do not know:
The Council acting as the Council, not the developer, means its ability to share information is subject to a number of legal constraints which go beyond the requirements of the Data Protection Act (DPA 1998).
As concerned citizens, we would certainly want our Council to assess the impact on individuals’ privacy of any proposed plan involving residents personal data. We would expect the Council to consider which condition of the Data Protection Act 1998 justified this processing and sharing of data with the developers F&HDC & Cozumel Estates BVI, of the data.
Remember that the Data Protection Act 1998 was not a barrier to sharing information but provided a framework to ensure that personal information about living persons was shared appropriately. It would appear that in this instance the Council may well have not shared your data appropriately. By doing so they may well have committed another significant data breach.
The Council itself, not the developer, ought to self report to the ICO for a potential data breach. If they don’t you can report them by sending your concerns to: – casework@ico.org.uk
The Shepwayvox Team
Journalism for the people NOT the Powerful
The information contained in this blog post is provided for informational purposes only and should not be construed as legal advice on the matter discussed. You should not rely on the information published.
Do not act or refrain from acting upon this information without seeking professional legal advice: you are strongly advised to obtain specific, personal legal advice about your case or matter and not to rely on the information or comments in this blog post.
