Pendle Borough Council – Dismissed (United Kingdom, 2019)

The complainant has requested a copy of an inspection report named kennels to the Pendle Borough Council (the Council). The Council refused as it considered it to be third party personal data under 40(2) of the Freedom of Information Act (FOIA). The complainant challenged the decision before the ICO. Is the information personal data? Would disclosure contravene GDPR principles ? Which are the legitimate interest at stake? Is disclosure necessary? The ICO confirmed that the requested information was considered to be personal data pursuant to Section 3(2) of the Data Protection Act (DPA) and Article 4(1) GDPR. Pursuant to the FOIA and the GDPR, the ICO balanced the right to information and the protection of the personal data at issue in order to assess if the disclosure would contravene Article (1)(a) GDPR principle. It found that the access to information request did not override the third party right to privacy. The ICO found that the refusal of disclosure was justified and it was legitimate to withhold the information under section 40(2) of the FOIA by virtue of section 40(3A)(a) for transparency purposes.