Privacy and data protection have been hitting the headlines recently. There has been the Facebook scandal, in which up to 87 million people’s personal data was shared with a consultancy firm improperly. Alongside this, the EU General Data Protection Regulation (GDPR), which became enforceable in the UK on 25 May 2018 and is designed to allow individuals to have better control of their personal data, has resulted in a multitude of privacy emails being sent out from various bodies explaining the new terms and conditions. It might, therefore, come as a surprise to some Scottish homeowners that personal information held in relation to their property does not have such control mechanisms in place and can be obtained by anyone without justification or consent. This blog discusses why this is currently the case and argues that privacy protection measures should be adopted in the land registration system of Scotland. It summarises the findings of my LLM by Research project “Publicity and Privacy in Land Registration in Scotland” which was funded by the Registers of Scotland.
Information on property in Scotland is held on two public registers called the Register of Sasines and the Land Register. Both of these are under the control of the Registers of Scotland. The provision of information from the Land Register is governed by the Land Registration etc. (Scotland) Act 2012. Members of the public can request title sheets along with records held in the archive record such as copy deeds. This information must be provided upon request (provided that a fee is paid or arranged). There is nothing in the Act allowing for an individual to be exempt from having their records disclosed or to have any of their information redacted. There can be various pieces of personal information included in these title sheets and copy deeds, for example, marital status, date of birth and signatures.
One of the main arguments for such a system is that it is required in order to meet the publicity principle of property law. Real rights, which are rights in things (as opposed to personal rights which are between two parties), are good against the world and can bind third parties. Third parties, therefore, must be able to access information on such real rights. This publicity principle requirement for the transfer of land is generally met by the external act of registration in a land register.
What is not clear is what sort of information is required to meet the publicity principle. Berlee, who wrote a PhD on this topic, is of the view that specificity is part of publicity. Information on the object as well as information on the subject is required, that is, it is the subject-object-relationship that needs to be discoverable. You need to be able to ascertain that the person who claims to have the right, does. However, this does not necessarily mean that all such information should be made available to all. It can be dependent on who requires the information. An owner needs only to know that the neighbouring property has a servitude access right over their land. A bank considering giving a loan in exchange for a right in security would require more. Some third parties might have no need to access information if they are not involved in any transaction with the land. The publicity required may be dependent on the circumstances and it is not necessary for all information about subject-object-right to be publicly accessible at all times in order to provide third parties with adequate protection.
It is important not to confuse this publicity principle with the, much used of late, value of transparency and its links to openness and accountability. For example, publicly accessible information about landownership has recently been connected to transparency in Scotland. Transparency is seen as one of the facets of the doctrine of open government. An open government is one which operates on the principle that its citizens have the right to obtain government documents and information, resulting in the public having an oversight of its proceedings. With land information, the Scottish Government appear to be going further. Rather than only providing access to data and information currently held by public bodies, it also, through principle 5 of the Land Rights and Responsibilities Statement, wants similar information about private citizens to be made available. Like open government, they are striving for open land ownership. This is a case of what some writers call ideological drift where a principle, through time, drifts to different uses. Caution must be exercised when extending the principle of transparency in order to protect the privacy interests of landowners.
Clearly public registers such as the Land Register with its role on meeting the publicity principle, could cause issues with privacy. Moreham, a privacy law academic, uses the words retreat or inaccessibility as being at the heart of privacy protection. These are useful terms as they highlight that individuals should be able to control what they impart, who they share it with and how their personal information is cascaded through other networks. Information is strongly connected to individuals, who should be able to determine how it is used in an evolving process as they develop their personalities.
Solove, a leading author on privacy, argues that privacy should not be characterised through the use of a single factor which is common across all aspects of privacy. In his opinion, privacy should be viewed as a group of protections against a number of individually linked problems and it is through understanding these problems that laws can be developed to best protect privacy. In his book Understand Privacy, he provides a taxonomy which contains sixteen privacy problems, some of which are relevant to the Land Register, including:
Aggregation - a concern that a piece of data which by itself can be viewed as trivial can be used alongside other pieces of information and become less innocuous. There is a significant amount of information contained within the Land Register which could be used in this process of aggregation, for example full and previous (such as maiden) names, addresses, marital status, and dates of birth. Advances in technology and accessibility initiatives such as ScotLIS, could make it easier to obtain large amounts of data from the Land Register, which could then be combined with information from other sources and processed for various objectives not linked to the Register’s purpose.
Identity theft - Clearly there is information stored in the Land Register which could be used for identity theft and fraud both on and off the Land Register. For example, a maiden name and date of birth are common security questions used by the private sector and copy deeds or other documents held by the Keeper can include signatures. The English online deeds system was withdrawn due to the abuse of signatures and they implemented a warning system where a landowner can track changes made to the register or place a restriction on their title.
Physical or psychological injury - Solove has highlighted that information in public records can prove useful for stalkers. This raises the question as to whether residential information is something which is private and if so, should it be protected and should one have the ability to control who can discover it? The UK Government consider that accessibility of information held in the electoral register should be under the control of the individual. However, there is no such option with the Land Register.
So, how is our privacy protected? There are key pieces of legislation which contain privacy protection measures:
The Human Rights Act 1998 incorporated the rights contained in the European Convention on Human Rights into UK law. Article 8 of the convention provides that “Everyone has the right to respect for his private and family life, his home and his correspondence.” This is not an absolute right; it is a qualified right and there can be instances where a violation of this right can be justified, that is when it is in accordance with the law and is necessary in a democratic society in the interests of, for example, the economy or the rights of others.
The question of whether residential information is private information protected by Article 8 has been discussed by the European Court of Human Rights. For example, Alkaya v Turkey concerned the publication of a story about a burglary which had taken place at a property belonging to Alkaya, a cinema and theatre actress. Alkaya did not have issue with the story but she complained that disclosure of her address had no public interest and she had subsequently become anxious while staying at the property. The decision of the Court was that the choice of where you live is essentially a private matter and a person’s home address constituted personal data falling within the scope of private life.
For a number of years, there were also protective measures contained in the Data Protection Act 1998. This Act has now been replaced by the EU GDPR in tandem with the UK’s Data Protection Act 2018. The latter includes provisions in areas of the GDPR where the UK has discretion or is required to make its own rules. The GDPR contains a number of principles which generally have to be adhered to along with a list of conditions for processing. One of these conditions must be met before data processing or disclosure is deemed lawful. Significantly, consent is one of these conditions. However, there is also a condition that processing is necessary for compliance with a legal obligation. This condition removes the need for a person to consent to the disclosure of their data held in the Land Register.
The 2018 Act contains exemptions to meeting the GDPR data protection principles if the data controller has a legal obligation to make the information available to the public as is the case with the Land Register. This means that if a member of the public requests information for a reason which does not match the purpose of the Land Register, then it can be disclosed without breaching the GDPR. This will likely also be the case for disclosing information excessive to the purpose of the disclosure. The GDPR also gives an individual the right to object to the processing of their data in certain situations. However, this right is not applicable if the processing is necessary for compliance with a legal obligation which would cover disclosing data held in the Land Register.
The application of the exemptions raises the question as to whether they contain an appropriate protection of privacy or whether there is an assumption that privacy is protected through the enactment responsible for requiring the information to be made public. Indeed, the GDPR states that the use of exemptions should only be used to respect fundamental rights and freedoms; be necessary, proportionate and in the public interest; protect certain important matters such as the economy or the protection of rights; and be explicitly referred to in legislation adopting them. The Land Registration etc. (Scotland) Act 2012 does not currently explicitly set out the purpose of processing personal data, whether the 2012 Act is making use of any data protection exemptions or provide any privacy protection measures.
So, what can be done? Can publicity and third party protection in the Land Register be achieved alongside the introduction of measures to protect privacy? We need to get away from what Solove calls the secrecy paradigm where privacy rights are seen to disappear as soon as information is held in a public record. Information is not wholly private or wholly public. Individuals should expect that there will be a certain amount of accessibility of information but there needs to be controls and limits to how the information is used.
It is arguable that the provision of searching the Land Register by name has no particular justification in terms of the publicity principle and it is not required by statute. Searching by name is restricted by legislation for England and Wales. If an approach such as searching by name can be determined to infringe Article 8, then it would need to evidenced that it was necessary to meet a legitimate aim. The measure would need to be proportionate and only justifiable if there were no less restrictive measures available. There are other approaches available, such as defining groupings of verifiable parties who can search the Land Register by name and allowing for others to apply for such searches to be undertaken if they can show they have a legitimate interest. An example of such an approach has been implemented in Germany.
There will also be certain pieces of information in the Land Register that are not required to be disclosed. Items on copy deeds such as signatures could be classed as excessive pieces of personal data which are not required to meet the publicity purpose of the Land Register.
The Scottish Government intends to include protective measures in the new Register of Controlling Interests legislation to allow individuals to request that their information is non-disclosable if it is likely to cause damage or distress. Such measures are included in company law, money laundering legislation and the English Land Register. The approach developed for the new Register could then be replicated for the Land Register.
Further, advances in technology should not only be focused on accessibility improvements, but also utilised to enhance privacy protection. Examples of this could be the introduction of access logs to allow people to see who has viewed their information or the English approach of providing notifications to minimise identify fraud.
~ Michael Arthur