Privacy Impact Assessment: Land Registry’s Commercial and Corporate Ownership Data and Overseas Companies Ownership Data

Post: 19 December 2017

Last month Land Registry made their Commercial and Corporate Ownership Data and Overseas Companies Ownership Data available free of charge.

These two datasets are far from open data, but even within the restrictions of the licensing (CCODOCOD) there are useful things we can do with the data.

For example: this interactive map by Anna Powell-Smith, this fascinating piece of detective work by Guy Shrubsole, and this recent hackday in Birmingham organised by Simon Whitehouse.

Why not open data? Andrew Trigg explains:

As the custodian of the Land Register we are obliged to safeguard the information it contains, to prevent fraud or misuse. To ensure users of CCOD and OCOD don’t use the data to harm others, or breach their privacy rights, we have implemented a registration process. This process includes the acceptance of licence terms and identity verification.

Protecting privacy rights is important, of course. But aren’t these datasets about properties owned by companies, not individuals? How could the data be used to breach privacy rights?

Land Registry were kind enough to send me their Privacy Impact Assessment (PIA), which you can read here along with the cover email.


A few observations on the PIA.

Privacy rights

Land Registry’s PIA focuses almost entirely on personal data collected from customers who request the CCOD and OCOD datasets. It does not consider any privacy impact of making the datasets themselves more widely accessible.

Page 8 says clearly: “The datasets themselves do not contain personal information.”

So I’m none the wiser on Land Registry’s theory that the CCOD and OCOD data could be used to breach privacy rights, or how either the licence terms or the identity verification process would prevent that.

Fraud detection

Download of the datasets is via a “secure online collaboration site” called Kahootz. As of yesterday the workspace for the CCOD dataset had 958 members and the workspace for the OCOD dataset had 681 members.

So hundreds of people have downloaded the data. Land Registry knows who they are, but how do the registration and identity verification processes reduce the potential for fraud?

Data retention

Customers’ personal details (name, address, email address, and telephone number) “will need to be retained as long as the customer holds a valid licence, which are not intended to expire.”

This strikes me as problematic. The licences only seem to allow for termination by Land Registry.

End-users

More significantly, the licences require customers to collect and maintain records of their end-users (names, contact details, and IP addresses) and allow Land Registry or their representatives access to those records “as long as this Licence is in existence and for a period of twelve months afterwards”.

Remember, these licences aren’t intended to expire.

There is nothing in the PIA about Land Registry’s processing of that additional personal data, if they choose to access it in accordance with the licences.

I struggle to work through the practicalities. Do Land Registry’s customers have a legal basis to retain end-users’ details in perpetuity, even if the end use itself is transient? If not, how can the customers square their responsibilities under data protection law with the terms of the Land Registry licences?

Perhaps Land Registry will provide more guidance. According to the PIA:

The arrangement will be reviewed after 6 months.

This is a temporary ‘tactical solution’ that is intended to meet the Government target of Autumn 2017 release and is expected to be required for around a year.

The datasets will subsequently be transferred to HMLR’s Data Publication Platform that is scheduled to begin development in early 2018.

Image credit: Land Registry by Jonathan Rolande (CC0)