There is a question in Maltese planning law which, in my view, deserves more attention than it has so far received: to what extent should the identity and information of an owner be shielded when land is placed before the Planning Authority through a development application? The issue is not as simple as saying that planning is public, and therefore everything in a planning file must be public. Nor is it satisfactory to say that because an owner’s name is personal data, it must always remain hidden. The more correct position, I would argue, lies somewhere between these two extremes. Planning law is public law in action; but public law does not abolish private rights. Transparency is essential; but transparency must still pass through the filters of legality, proportionality, data protection, and purpose.
The starting point, I think, must be Chapter 552 of the Laws of Malta, because it is the Development Planning Act which first tells us what kind of legal process we are dealing with. Article 33 of Chapter 552 establishes the public character of development-planning information. It contemplates public access to planning-related material, including application reports, planning reports, decisions relating to development permissions, relative plans and documents, environmental studies, traffic impact statements, site alternative assessments, and cost-benefit analyses. It also refers to a register accessible for public inspection containing, among other things, the name of the applicant, the nature of the proposal, and the documents and plans annexed to the application. That architecture is significant. It tells us that the planning system is not private correspondence between an applicant and the State. It is a regulated public process, because what happens on land is rarely confined to the owner’s boundary wall.
However, it is equally fair to say that Article 33 does not appear to place the owner’s identity on the same statutory footing as the applicant’s identity. The applicant is expressly central to the public register; the owner is not necessarily treated in the same way. Legally, therefore, it is not unsafe to conclude that Chapter 552 creates a disclosure framework, but not an unrestricted one. The law makes certain planning material public because the public must be able to understand, object to, and scrutinise development. But that does not automatically mean that every item of personal information uploaded into a planning file becomes public property.
That said, the owner cannot be treated as a complete stranger either. Article 71(4) of Chapter 552 is important here. Where an applicant is not the owner of the entire site, the owner’s position becomes procedurally relevant because the applicant may need to notify or obtain the relevant authorisation or consent, depending on the statutory context. In that sense, the owner’s role is not merely accidental. The applicant cannot simply detach the land from its owner and present the site as if ownership were juridically invisible. It may therefore be argued that the owner has a limited but real connection with the planning process. This is especially so because a development permission, once issued, attaches to the site and may increase the value or utility of the land. Even if the planning merits are not determined according to who the owner is, the legal and economic effects of permission may still be felt by the owner.
Here, however, one must be careful. Article 72 of Chapter 552 reminds us that planning decisions are meant to be taken according to planning law, plans, policies, material considerations, and the character of the proposed development. The Planning Authority is not supposed to decide an application according to the personal identity of the owner. An application should not be approved because the owner is popular, nor refused because the owner is disliked. The process is meant to be site-specific and development-specific. This is where the first counterargument arises. If the owner’s identity is not a planning criterion, why should it be disclosed at all?
My answer would be this: the owner’s identity may not be relevant to the planning merits in the narrow technical sense, but it may still be relevant to public-interest scrutiny in a broader governance sense. There may be cases, particularly involving persons who are not the apparent beneficial actors, where the public interest in knowing who stands behind the land may be stronger. It would be naïve to pretend that development control exists in an abstract world of elevations, setbacks, and policy maps alone. Land has owners, owners have interests, and permissions can generate considerable economic value.
Still, public interest is not a magic formula. Under the GDPR, a person’s name and surname are personal data when they identify a natural person. Article 4(1) of the GDPR defines personal data broadly, while Article 4(2) treats disclosure and making data available as forms of processing. Therefore, when an authority releases an owner’s name, it is not merely “giving information”; it is processing personal data. That immediately brings into play Article 5 of the GDPR, particularly the principles of purpose limitation and data minimisation under Article 5(1)(b) and Article 5(1)(c). It also brings into play Article 6, especially Article 6(1)(c), where processing is necessary for compliance with a legal obligation, and Article 6(1)(e), where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
It may be argued, therefore, that GDPR does not prohibit disclosure in every case. Article 86 of the GDPR is particularly instructive because it expressly recognises the need to reconcile public access to official documents with the right to protection of personal data. This is a crucial point. GDPR is not a secrecy charter. It is not there to conceal every name from every public document. But neither is it a transparency weapon which allows personal data to be released merely because someone asks for it. The proper approach is reconciliation, not domination by one principle over the other.
Chapter 496, the Freedom of Information Act, then enters the equation. Its objective is transparency and accountability in public administration. But Article 5(3)(a) is important because it excludes from the scope of the Act personal data falling under the data-protection framework, particularly Chapter 586. Article 5(3)(b) may also become relevant where disclosure is prohibited by another law. Yet it is important not to overstate the point. If Chapter 552 simply does not list the owner’s name among the categories which must be disclosed, that is not necessarily the same as saying that Chapter 552 positively prohibits disclosure. The better view, I think, is more refined: Chapter 552 does not create an automatic right to the owner’s personal data; Chapter 496 and Chapter 586 then require a careful balancing exercise before such data is released.
This is why, legally, it is not unsafe to conclude that the default position should be redaction rather than total refusal. If a document in the planning file contains both planning-relevant material and personal data, the correct solution is often not to suppress the entire document. The more proportionate solution is to release the document with personal data removed, unless a stronger public-interest ground justifies disclosure of that data. This approach respects the public character of planning law while preventing planning files from becoming informal title searches or personal-data repositories open to everyone.
A further question then arises: who decides whether the public interest is strong enough to justify disclosure? This, in my view, is the most delicate part of the debate. It would be legally unsatisfactory if the matter began and ended with the same authority which holds the information. The Planning Authority must necessarily make the first assessment, because it is the authority receiving the request, holding the document, and controlling the data. But its assessment cannot be treated as conclusive. If that were so, data protection would risk becoming a unilateral veto in the hands of the authority holding the file.
The proper rule should be that the Planning Authority decides first, but not finally. If the requester disagrees, the Information and Data Protection Commissioner becomes the independent institutional safeguard. This is important because the requester will often be placed in a difficult position. He may suspect that the withheld information is relevant to a genuine public-interest concern, but he may not know enough about the hidden material to articulate the point fully. In other words, the requester may be asked to prove the public interest in information which he is not allowed to see. That is precisely why the Commissioner’s role is not merely administrative. It is constitutional in substance, because the Commissioner is able to examine the withheld material and test whether the invocation of privacy or data protection is genuine, proportionate, and legally grounded.
Thereafter, the Tribunal and ultimately the courts provide the legal control mechanism. The task is not to replace the Planning Authority’s function with uncontrolled disclosure, but to ensure that the authority’s refusal is not treated as the final word. In a system governed by legality, the public-interest balance must be capable of independent scrutiny. Otherwise, the person requesting information would be trapped in a circular process: he cannot obtain the information because he cannot prove the public interest, but he cannot prove the public interest because the information is being withheld.
It may therefore be argued that the real safeguard is not that the Planning Authority decides whether public interest exists, but that the Planning Authority must justify its position before an independent body. That is the only way to prevent two opposite dangers: administrative secrecy on the one hand, and irresponsible disclosure on the other. The rule should not be “GDPR has been invoked, therefore the discussion is closed.” The rule should be: identify the data, identify the statutory basis for access, identify the purpose for which the data was collected, assess whether disclosure is necessary, consider whether redaction would suffice, and allow an independent body to test the balance where the requester challenges the refusal.
Having said all this, one must also remember that the Planning Authority is not the Public Registry, nor is it the Land Registry. This distinction is more important than it first appears. Maltese law already contains mechanisms through which immovable property may be researched. The public character of property transactions has historically been safeguarded through notarial publication and registration systems. The Planning Authority, by contrast, collects owner information for a specific procedural purpose connected with the processing of development applications. It does not certify civil title in the traditional sense. Indeed, the definition of “owner” under Chapter 552 may be wider and more functional than the strict civil-law meaning of ownership. Therefore, information identifying a person as “owner” in a planning file may not necessarily be conclusive evidence of ownership in the civil-law sense. That is another reason for caution.
Yet I would not go so far as to say that owner information should always be shielded. Planning law is too important, and land is too sensitive, for the law to allow complete opacity. A distinction should be drawn between automatic publication and justified disclosure. Automatic publication of every private owner’s name may go too far. But a blanket refusal to disclose owner information in all circumstances may also go too far. The more balanced position is that owner information should generally be protected where the owner is a private individual, where the owner is not acting in a public capacity, where the information was supplied by the applicant rather than by the owner, and where disclosure would exceed the purpose for which the data was collected. Conversely, the case for disclosure becomes stronger where the request is supported by a concrete public-interest justification rather than curiosity.
This is why the phrase “public interest” must be used with discipline. Suspicion alone should not be enough. But neither should the law demand impossible proof before disclosure is even considered. Still, the strongest counterargument to my position is that once owner identity is disclosed, it cannot be undisclosed. Personal data, once released, may circulate permanently. There is also a risk that planning objections become personalised, with opponents attacking owners rather than evaluating planning merits. That danger is real. Planning law should not become a theatre for reputational punishment. But the answer to that is a principled test: identify the data, identify the purpose for which it was collected, identify the statutory basis for access, assess the public interest, consider whether redaction can achieve the same objective, and release only what is necessary.
