Publication - Impact assessment

The Town and Country Planning (National Planning Framework and Local Development Plan Amendment) (Scotland) Regulations 2024 - Impact Assessments

Published: 28 February 2024
Directorate: Local Government and Housing Directorate
Part of: Building, planning and design
ISBN: 9781835219669

These impact assessments relate to the proposed procedures for preparing

amendments to National Planning Framework and Local Development Plans. The plans prepared using those procedures will themselves be subject to assessments of the impact of their content.

Supporting documents

Data Protection Impact Assessment (DPIA)

Data Protection Impact Assessment (DPIA) Development Plan Amendment Regulations – Consultation Only

1. Introduction

The purpose of this assessment is to consider the privacy implications associated with the consultation arrangements undertaken by the Planning, Architecture and Regeneration Division (PARD) of the Scottish Government.

The Data Protection Impact Assessment (DPIA) was prompted by the development of the consultation on Development Plan Amendment Regulations.

2. Document metadata

Name of Project: Development Plan Amendment Regulations: Consultation

Author of report: Ruairidh Anderson

Date of report: 18 January 2024

Name of Information Asset Owner (IAO) of relevant business unit: Fiona Simpson

Date for review of DPIA: TBC

Review date	Details of update	Completion date	Approval Date

3. Description of the project

Section 12 of the Planning (Scotland) Act 2019 inserts new sections 3CC and 20AA into the Town and Country Planning (Scotland) Act 1997 to introduce powers to amend both the National Planning Framework and local development plans. These provisions give Scottish Ministers powers to prepare secondary legislation (regulations) and the consultation will be seeking views on the proposed approach to implementing these provisions.

The National Planning Framework 4 Delivery Programme identifies that National Planning Framework and local development plan amendment regulations are to be prepared. These powers are important to address any emerging policy issues that need to be reflected in the National Planning Framework or in local development plans.

The consultation will ask a series of questions, with a mix of open and closed questions, although all the closed questions will allow the opportunity to provide reasons for their answer. There will be no text limit for the free text responses.

The preferred method of response will be through the online CitizenSpace system. The questionnaire will also be downloadable and hard copies may be posted / e-mailed out to meet specific respondent’s requirements if requested. Hard copies will be returned directly to PARD to ensure confidentiality. Personal data will also be requested to enable acknowledgement of receipt of response or to enable feedback to any queries received.

It is our usual practice to publish the responses as per the preferences that respondents have indicated via Citizen Space, or, where responses arrived by e-mail / post, via the Respondent Information Form (RIF), which asks about data release preferences.

Following the closure of any consultation, we would look to publish responses where approval has been given for this by the respondent. All the responses will be moderated.

PARD will analyse the responses received and provide a clear and concise report for publication, which reflects a robust analysis of the consultation responses, in order to inform the next stages of policy / legislative development.

Consultation Process

Consultations are hosted on Citizen Space, the Scottish Government's digital platform for consultations, and published on the Consultation Hub, enabling people to submit their response online. Citizen Space is managed by the Scottish Government’s Digital Engagement Team.

Consultations are also published on the Scottish Government website, enabling people to email or post a response.

The consultations will run for a minimum of 12 weeks starting February 2024 to May 2024.

Governance

The governance arrangements for consultations broadly involve the following:

Consultation Manager (Scottish Government): Ruairidh Anderson
Digital Engagement Manager, Comms (Scottish Government): DigitalEngagement@gov.scot

Reporting

The Consultation Manager will be responsible for the analysis of the consultation responses, as well as the preparation of the final reports. The final consultation analysis report will be published on the Scottish Government’s website. It is the responsibility of the Consultation Manager to ensure that their methods do not contravene the provisions of current Data Protection Laws.

Data Protection Laws means any law, statute, subordinate legislation, regulation, order, mandatory guidance or code of practice, judgement of a relevant court of law, or directives or requirements of any regulatory body which relates to the protection of individuals with regard to the processing of Personal Data to which a Party is subject including the Data Protection Act 2018 and any statutory modification of re-enactment thereof, and the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data on the free movement of such data, and repealing Directive 95/46/EC.

4. Data Controller and Data Processor

Data Controller and Data Processor: The Scottish Government.

Information Asset Owner: Fiona Simpson

Data to be processed

Variable: E-mail address

Data Source

Citizen Space (online responses).

Respondent Information Form (e mailed or postal responses).

Variable: Name

Data Source

Citizen Space (online responses).

Respondent Information Form (e mailed or postal responses).

Variable: Whether a person is responding on behalf of an organisation, or issuing a response as an individual. (If respondent is from an organisation, they are asked the type of organisation – developer, public sector, community council etc.).

Data Source

Citizen Space (online responses).

Respondent Information Form (e mailed or postal responses).

Variable: Postal address

Data Source

Respondent Information Form (postal responses).

Variable: Contact telephone number

Data Source

Respondent Information Form (e mailed or postal responses).

Data Subjects

The data subjects are the self-selecting respondents to the consultation. Responses may be submitted by both individual members of the public and by organisations. During the data collection process, all respondents are asked to provide information about themselves, either via the Citizen Space online platform or by completing a Respondent Information Form. This form asks respondents to state their publication preference as follows.

The Scottish Government would like your permission to publish your consultation response. Please indicate your publishing preference:

Publish response with name

Publish response only (without name)

Do not publish response

If individual respondents do not answer this question, the default position is not to publish their response.

If organisation respondents select ‘do not publish’ or do not answer this question, the organisation name may still be listed as having responded to the consultation.

Respondents are also asked to indicate whether they are content to be contacted again in the future by the Scottish Government in relation to this specific consultation exercise.

Data Collection, Storage and Transfer

Data will predominately be collected from data subjects electronically via the Citizen Space online platform. Some respondents may also submit their response via post or email and these are uploaded on to Citizen Space by the Scottish Government. Responses on Citizen Space can either be downloaded individually or automatically entered into a database (downloadable onto Excel).

Data Access

Citizen Space will securely hold the consultation responses submitted online or uploaded as attachments, and it will be possible to download the database of online responses onto Microsoft Excel.

The database will include all or some of the following information about each respondent who replied using the online data form or by email or post and either completed a Respondent Information Form or provided the information within their response:

Name
Email address
Responding as an individual or an organisation (If responding on behalf of an organisation) Organisation’s name and sector (from list of options -e.g. public, private, third).
Permission to publish consultation response (publish response with name, publish response only, do not publish response).
Content to be contacted by the Scottish Government in the future in relation to this consultation exercise
All inputted responses to the consultation questions.

Data Cleaning

Before beginning the analysis, the Consultation Manger will identify any blank or duplicate responses. Blank responses will be removed before analysis. Multiple different responses submitted by the same individual or organisation will be combined into a single composite response.

For audit and quality control purposes, a record will be kept of any exclusions or changes made to responses included in the final database (i.e. any responses that are excluded from the analysis and the reason for exclusion; any identified as campaign responses; and any reclassification of organisation type). This information will be provided in a separate worksheet within the master database and referred to in the final report.

Data Publication

Responses will be published in accordance with respondents’ expressed publication preferences. Where respondents have given permission for their response to be published, with or without their name, and after the Scottish Government has redacted any personal data or defamatory content, consultation responses will be published at http://consult.gov.scot.

Data Purging and Archival

The consultation datasets will be held on a secure, password protected server in the Scottish Government, in a sub-folder which is restricted to a limited number of staff working on the Consultation. It is expected that the data will only be held for as long as the data is required. As soon as possible after the project is completed, a review will take place to determine whether the data needs to be retained or destroyed.

If it is decided that there is

no rationale to justify continuing to hold the data, then it will be destroyed,
justification to continue to hold the data then it can be held until a further review 12 months later.

Explain the legal basis for the sharing with internal or external partners:

The legal basis for processing personal data will be public task.

The analysis of the data arising from the consultations provides information that will assist the Scottish Ministers in fulfilling their duties to engage under a range of legislation, including those requiring the preparation of impact assessments under environmental, equalities and islands legislation. The information may form the basis of future discussion with key stakeholders.

5. Stakeholder analysis and consultation

List all the groups involved in the project, and state their interest

Group: Planning authorities

Interest: Statutory role as decision-makers in the planning system

Group: Other public bodies

Interest: May have a role as a key agency / statutory consultee, or use planning to deliver development.

Key Agencies in Development Planning are specified in regulation 25 of The Town and Country Planning (Development Planning) (Scotland) Regulations 2023

Group: Public at large

Interest: Opportunities proposed to consult the public as part of the process of preparing amendments to NPF or LDPs. Planning can impact on the places we live, work or play.

Group: Community Councils

Interest: Statutory role in the planning system

Group: Equality, Amenity and Environmental Interests / Groups

Interest: Provide representations reflecting their particular cultural, environmental, societal interest

Group: Business and developer interests

Interest: Private sector organisations, individual businesses and enterprises use the planning system to deliver investment and development

Group: PARD Team

Interest: Develop and produce the consultation paper for consultation, and analyse responses

Group: Data Protection and Information Asset Team

Interest: Advise on completing the DPIA

Group: Digital Engagement Unit

Interest: Create the consultation in Citizen Space

Method used to consult with these groups when making the DPIA

Respondents will be invited, through the consultation, to comment on the DPIA.

Method used to communicate the outcomes of the DPIA

We will publish the finalised DPIA on the Scottish Government official platform.

6. Questions to identify privacy issues

All staff involved in processing data will be aware of procedures for data security and privacy, to comply with GDPR. All project staff will know how to recognise a personal data breach (PDB) and how to report suspected breaches in line with GDPR requirements.

Anonymity and pseudonymity

Scottish Government will be responsible for ensuring that responses are published in accordance with respondents’ expressed publication preferences.

Individual respondents’ names will be published with their responses only if they have given explicit permission for this. Where an individual respondent selects ‘publish response only’, SG will redact their name and any other potentially identifiable information from their response. Any direct quotations from responses included in the report will not be attributed to identifiable individuals, regardless of their expressed publication preference. There will be no quotations from responses where permission to publish has not been given.

Organisation respondents which select the option 'publish response only (without name)' may still have the organisation name published, but the name of the specific person submitting the response will not be published. Organisations which have given permission for their response to be published could be mentioned by name in the final report, though it is also possible that, rather than being explicitly named, they might be referred to as ‘an organisation from the private/public/third sector’ etc.

We will keep under review whether anything else needs to be redacted from responses should it risk revealing a respondent’s identity.

Technology

Citizen Space is a secure online platform which will hold consultation responses. Where responses are not received via Citizen Space, such as by post / email, these are uploaded on to Citizen Space by the Scottish Government.

Identification methods

Identifiable respondent information is accessible in the dataset created through Citizen Space.

Sensitive/Special Category personal data

It is not anticipated that many of the consultation responses would contain ‘special category data,’ as defined by GDPR. The legal basis for processing this data, under Article 9 of GDPR, will be ‘substantial public interest.’

(g) processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject’.

However, there is a risk that such data is submitted in free text boxes. Data on text boxes will be reviewed and irrelevant ‘special category’ data removed.

Changes to data handling procedures

There will be no changes to general data handling procedures for consultations.

Statutory exemptions/protection

We don’t believe that there any exemptions from the Data Protection Act will apply to this project. Though exemptions for statistical and research purposes may apply.

Justification

Other risks

None Identified