Revealing the names of suppliers in Town/Parish Council accounts

Question

Can anyone help because the Information Commissioner couldn't!  The Town Council that supposedly serves our Parish has decided that they will not reveal the names of external suppliers "due to GDPR".in their accounts This is bad for transparency and accountability. They already waste money paying photograpers to take snaps of events that  could easily be taken on a smart phone. If they hire a one man (or woman outfit) who provides services we have no way of knowing if they are using the same supplier or different suppliers to provide the same service or materials.   Our Principal Authority does name them  for items of over £500..   Can this be justified under the spirit of GDPR or does it permit some personal data to be disclosed where services and contractual issues are concerned?

Answer 1

Interesting.  As a starting point, the Transparency Code (which predates GDPR) includes the following on Data Protection:-

The Government believes that local transparency can be implemented in a way that complies with the Data Protection Act 1998. Where local authorities are disclosing information which potentially engages the Data Protection Act 1998, they must ensure that the publication of that information is compliant with the provisions of that Act. The Data Protection Act 1998 does not restrict or inhibit information being published about councillors or senior local authority officers because of the legitimate public interest in the scrutiny of such senior individuals and decision makers. The Data Protection Act 1998 also does not automatically prohibit information being published naming the suppliers with whom the authority has contracts, including sole traders, because of the public interest in accountability and transparency in the spending of public money.

...and this on Commercial Confidentiality:-

The Government has not seen any evidence that publishing details about contracts entered into by local authorities would prejudice procurement exercises or the interests of commercial organisations, or breach commercial confidentiality unless specific confidentiality clauses are included in contracts. Local authorities should expect to publish details of contracts newly entered into – commercial confidentiality should not, in itself, be a reason for local authorities to not follow the provisions of this Code. Therefore, local authorities should consider inserting clauses in new contracts allowing for the disclosure of data in compliance with this Code.

The spirit of this is clear and I am not aware of any part of the GDPR legislation that would override this, so I suspect that this is either a misinterpretation of the legislation or a means to reduce disclosure.  One for the NALC legal bods methinks!

Comments

Policy here is that a full list of transactions is approved by Full Council. This is done in open session: it is Public Money that is being spent and they have a right to know who we are dealing with and have been contracted to provide services. .

---

Absolutely, we provide a full income/expenditure report detailing every transaction in the last two months (bi monthly meetings) a copy is laid out for all members of the public.
I can't imagine why you wouldn't at least name the supplier. GDPR is a red herring.