Querulants Beware: It's the end of the road for anonymity for complainants of planning breaches.
Not a single planning authority in Scotland has a GDPR compliant Planning Enforcement Charter.
Planning Complaints Procedure Is Fertile Ground Leveraged by Querulous & Malicious Individuals as a Tool of Indirect Harassment.
But.. the current procedures are not GDPR compliant.
Even the Scottish Government's model planning enforcement charter is not GDPR compliant. Let's take a look and find out why.
A bit of background…
s.27 of the Planning Etc. (Scotland) Act 2006 amended the principal Act - the Town & Country Planning (Scotland) Act 1997. s.158A of the 1997 Act now requires planning authorities to maintain an Planning Enforcement Charter & review it every two years or as directed by Scottish Ministers. It can be seen that much of it's purpose goes towards the complaints process.
ScotGov's Model Planning Enforcement Charter.
ScotGov Suggests Deputising the Public.
As for page 3, ScotGov's suggestion that members of the public should be involved in “monitoring” conditions that are placed on certain planning consents is highly questionable & ripe for abuse. Planning law is a very complex area of law that most people are quite unfamiliar with beyond the basics. The idea that the state encourages members of the public to keep tabs on neighbours is reckless and tempts blurring of legal boundaries of human rights law, data protection law & RIPSA - which is precisely how the Highland Council wound up in court defending this claim I raised against them.
That's also how I ended up with a stalker for 11½ years. The Highland Council encouraged former neighbours of mine to monitor me and one of them ended up charged with s.39 stalking offences & breach of the peace.
Who Are The Querulants?
I came to love this term querulants after reading the work of Peter Bates. It's a term that should be used more often as it perfectly describes the types of individuals who abuse the planning complaints process to indirectly harass others. In large part, they are obsessive individuals, often of questionable mental stability who feel disproportionately aggrieved about minor issues & at times, will complain to the point of making themselves physically unwell - the “morbid complainant”. Match these people up with a totally dysfunctional & rogue local authority like the Highland Council & you too, could find yourself having to deal with stalkers, post thieves & a multitude of other equally unsavoury individuals. All of these people free to operate under the “confidentiality” and “anonymity” of the planning complaints process?
Not anymore.
Why the GDPR Has Burst the Querulants & Council's Baw.
It may sound like a strong statement to say that every Council in Scotlands statutory planning enforcement charters, including that of ScotGov's own model one is not GDPR compliant - but, it's true.
s.158A(3) of the TCPSA 1997 states planning authorities are to update and republish their planning enforcement charters every two years. Why? Laws and the legal landscape changes and can have affects on these policies.. like the GDPR.
Notice that in all these enforcement charters, the complainants are provided with updates. That makes the complainants recipients of your personal data.
The Highland Council's Planning Enforcement Charter
What do these updates look like?
If you ever find yourself subject to a bogus planning enforcement investigation (& I'm certain the Highland Council has a plethora of these underway), it appears to me that the best way to find out what is going on is to have a mate make a complaint about you as well to the Council and thereafter the Council will tell your mate more about their investigation into you then they'll tell you as the subject of the investigation. Follow me for more clever tips like these. 😂
Jokes aside, what is the legal position under GDPR?
Anonymity of Recipients is Untenable in Light of GDPR.
Clearly, I am identifiable from the information in the email above & the data relates to me so in simple terms, it is my “personal data” and falls to be disclosed if a SAR is made by myself under Article 15 GDPR.
The recipient of the email & the actual identity of that recipient, the complainant in this case, also needs to be disclosed.
“Recipient” is defined in Article 4(9) of the GDPR as:
‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with [F3 domestic law] shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
Article 15(1)(c) also entitles the data subject to access to information concerning, “the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;”
The subject of recipients has been a hot feature in a few CJEU judgments in recent years including that of Case C-154/21. RW v. Österreichishe Post AG which is often just called the “Austrian Post” case.
Although, this CJEU case was decided after the withdrawal date and therefore, not binding on UK courts it is still highly persuasive & has been weighed in decisions in English court cases including that of the High Court in Harrison v Cameron & Anor [2024] EWHC 1377 (KB).
As I say, Article 79 claims only really seem to come in two different flavours; they are either highly contentious or they are about strict interpretations of the law. The case in Harrison, definitely fell into the former category. Whilst the judge found sound legal basis in the Austrian Post case for the disclosure of recipients that was not the end of the matter, given Harrison had made numerous threatening comments to the defender, Cameron including threats to “send men from Manchester” to do Cameron & his family some mischief. 😮 Harrison also refused Cameron's offer to disclose some recipients if Harrison would agree to an undertaking that he would not harass or threaten those recipients. The judge therefore, exercised his discretion to not compel Cameron to disclose the identities of those recipients given the circumstances. A very sound decision in my view but, this is the exception and not the rule.
Article 14 GDPR & Invisible Processing
The other important part of this situation is that… did you know that every single time the Highland Council receive your personal data from a source that is not from you personally, they are required under Article 14 GDPR to send a notice to you?
This means, every time a planning complaint (or almost any complaint) is received by the Highland Council they must send the subject of that complaint a notice containing all of the details above in Article 14(1) & (2). And no, none of the exceptions in Articles 14(5) apply to the Highland Council.
Highland Council have probably never served served a single Article 14 notice on anyone since the implementation of the GDPR which is not only a breach of Article 14 but, also considered “invisible processing” as the ICO terms it and further infringes the data protection principle in Article 5(1)(a) GDPR meaning that processing is unlawful.
(1)Personal data shall be:
(a)processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
It came out in INV-SM2-24 in 2025 that the Highland Council was invisibly processing my personal data without my knowledge since 2021 and that even included data from intercepted postal communications by a 3rd party. Therefore, all that processing likely deemed unlawful and subject to restriction and/or erasure including this email you see above.
And by the way.. that data is subject to a current court order under Article 18 GDPR in INV-SM2-24 restricting their use of my data to storage and defence of legal claims only.
In an affidavit, dated 7 March 2025, by the Highland Council's Data Protection Officer at paragraph 57, he states he has now given advice to the planning team about issuing privacy notices, and when to do so, to comply with the Highland Council's Article 14 obligations.
Well, has anything changed since that advice was provided by the Data Protection Officer? I guess we shall find out soon enough!
Edit: the answer to the above question is an unsurprising & resounding NO. The Highland Council has not issued a single Article 14 Notice to a subject of a planning enforcement complaint.