Summary: We will not investigate this complaint that the Council’s digital parking permit system breaches data protection law. This is because the complainant can complain to the Information Commissioner.

The complaint

1. The complainant, whom I refer to as Mr X, says the Council’s digital system for visitors’ parking permits breaches the General Data Protection Regulation (GDPR).

Back to top

The Ombudsman’s role and powers

2. We investigate complaints about ‘maladministration’ and ‘service failure’. In this statement, I have used the word ‘fault’ to refer to these. We must also consider whether any fault has had an adverse impact on the person making the complaint. I refer to this as ‘injustice’. We provide a free service, but must use public money carefully. We may decide not to start an investigation if we believe there is another body better placed to consider this complaint. (Local Government Act 1974, section 24A(6), as amended)
3. We normally expect someone to refer the matter to the Information Commissioner (ICO) if they have a complaint about data protection. However, we may decide to investigate if we think there are good reasons. (Local Government Act 1974, section 24A(6), as amended)

Back to top

How I considered this complaint

4. I read the complaint and the Council’s responses. I considered comments Mr X made in reply to a draft of this decision.

Back to top

What I found

Digital parking permits

5. The Council uses a digital system for visitors’ parking permits. Residents purchase digital permits and activate them by inputting the date/time of the visit and the vehicle registration number.

What happened

6. Mr X complained to the Council about the digital parking permits. He said the system breaches the GDPR and means the Council is collecting more personal identifiable data than it needs or is allowed by law. Mr X says the system allows the Council to identify visitors and will allow the Council to build up a powerful network of personal associations which could be abused by criminals. Mr X says the Council could use a different system which would not breach privacy or lead to people being identified.
7. In response, the Council explained the advantages of the digital system especially in relation to cost and convenience. It said it had done a privacy impact assessment and the system is complaint with GDPR. The Council explained that knowing a car registration does not enable the Council to identify individuals. It explained that the identity of the registered keeper is held by the DVLA and the DVLA only discloses that information under strict conditions. The Council said it does not try to identify individuals and has no means to do so.

Assessment

8. I will not start an investigation because Mr X can complain to the ICO if he thinks the digital permit system breaches the GDPR. It is reasonable to expect him to contact the ICO because the ICO is the appropriate body to consider complaints about the way councils, and other bodies, handle information.

Back to top

Final decision

9. I will not start an investigation because Mr X can complain to the ICO.

Back to top

Investigator's decision on behalf of the Ombudsman