The ICO’s Tougher FOI Enforcement Policy 

By Martin Rosenbaum 

Last month the Information Commissioner’s Office announced it was issuing another two Enforcement Notices against public authorities with extreme backlogs of FOI and EIR requests; the Ministry of Defence and the Environment Agency. From the published notices it is clear that both authorities had consistently failed to tackle their excessive delays, despite extensive discussions over many months with the ICO. 

The ICO also issued Practice Recommendations, a lower level of sanction, to three authorities with a poor track record on FOI; Liverpool Council, Tower Hamlets Council and the Medicines and Healthcare Products Regulatory Agency. This brings the total of Enforcement Notices in the past year or so to six, and the number of Practice Recommendations to 12.
As Warren Seddon, the ICO’s Director of FOI, proclaimed in his blog on the subject, both these figures exceed the numbers previously issued by the ICO in the entire 17 years since the FOI Act came into force. 

From my point of view, as a frequent requestor, this is good news.
For requestors, the ICO’s current activity represents a welcome tougher stance on FOI regulation adopted by Seddon and also the Commissioner, John Edwards, since the latter took over at the start of last year.  

Under the previous Commissioner Elizabeth Denham, any strategic enforcement regarding FOI and failing authorities had dwindled to nothing. The experience of requestors was that the FOI system was beset by persistent lengthy delays, both from many authorities and also at the level of ICO complaints.  

The ICO’s Decision Notices would frequently comment on obstruction and incompetence from certain public bodies, as I reported when I was a BBC journalist, but without the regulator then making any serious systematic attempt to change the culture and operations of these authorities.
Under Denham the ICO had also ceased its previous policy of regularly and publicly revealing a list of authorities it was ‘monitoring’ due to their inadequate processing of FOI requests. Although this was in any case a weaker step than issuing formal enforcement notices and practice recommendations, in some cases it did have a positive effect.
Working at the BBC at the time I saw how, when the BBC was put into monitoring by the ICO, it greatly annoyed the information rights section, who brought in extra resources and made sure the BBC was released from it at the first opportunity.  

On the other hand, other public authorities with long-lasting deficiencies, such as the Home Office and the Metropolitan Police, were kept in ICO monitoring repeatedly, without improving significantly and without further, more effective action being taken against them.  

The ICO’s FOI team has also made important progress in the past year in rectifying its own defects in processing complaints, speeding things up and tackling its backlog. This led to a rapid rush of decision notices.
One result is that delay has been shifted further up the system, as the
First-tier Tribunal has been struggling to cope with a concomitant increase in the number of decisions appealed. I understand that the proportion of decisions appealed did not change, although I don’t know if the balance between requestor appeals and authority appeals has altered. 

Another consequence has been that decision notices now tend to be shorter than they used to be, especially those which support the stance of the public authority and thus require less interventionist argument from the ICO. Requestors may need to be reassured that the pressure on ICO staff for speedier decisions does not mean that finely balanced cases end up predominantly being decided on the side of the authority.  

More generally I gather there is some concern within the ICO about its decisions under sections 35 and 36 of FOI, to do with policy formulation and free and frank advice, that some staff have got into a pattern of dismissing requestors’ arguments without properly considering the specific circumstances which may favour disclosure. 

As part of its internal operational changes, a few months ago the ICO introduced a procedure for prioritisation amongst appeals and expediting selected ones. I have seen the evidence of this myself.  A complaint I made in April was prioritised and allocated to a case worker within six weeks and then a decision notice served within another six weeks (although sadly my case was rejected). All done within three months.  

On the other hand a much older appeal that I submitted to the ICO in May 2022 has extraordinarily still not even been allocated to a case worker 15 months later, from what I have been told. This is partly because it relates to the Cabinet Office, which accounts for a large proportion of the ICO’s oldest casework and has been allowed a longer period of time to work through old cases.  

It is interesting to note that the ICO does not proactively tell complainants that their case has been prioritised, even when they have specifically argued it should be at the time of submitting their complaint.
The ICO wants to avoid its staff getting sucked in to disputes about which appeals merit prioritisation. If you want to know whether your case has been prioritised, you have to ask explicitly, and then you will be told. 

The ICO has not yet officially released any statistics about the impact of its new prioritisation policy. However I understand that in the first three months about 60 cases were prioritised and allocated to a case officer to investigate within a month or so. This is a smaller number than might have been expected.  

Around 80 percent of these were prioritised in line with the criterion for the importance of the public interest involved in the issue. And about 60 percent of decisions to prioritise reflected the fact that the requestor was in a good position to disseminate further any information received, possibly as a journalist or campaigner. 

In most of the early decision notices for prioritised complaints the ICO has backed the authority and ruled against disclosure. So if you are a requestor, the fact that the ICO has decided to prioritise your appeal does certainly not mean that it has reached a preliminary decision that you are right.  

Martin Rosenbaum is the author of Freedom of Information: A practical guidebook. The book is aimed at requestors and provides thorough guidance on the workings of the law, how best to frame requests and how to challenge refusals. It will also be valuable to FOI officers and others who want a better understanding of the perspective of requestors. In the book Martin passes on the benefits of all the expertise and experience he acquired during 16 years as the leading specialist in BBC News in using FOI for journalism. 

New FOI Intermediate Certificate

Act Now Training is delighted to launch the FOI Intermediate Certificate . This new course empowers delegates to further enhance their skills as FOI practitioners, by building upon the foundations established by the FOI Practitioner Certificate, delving deep into the intricacies of FOI and gaining the confidence to navigate its complexities effectively.

Background

Over the past three years, Act Now Training has worked diligently alongside industry experts and education professionals to develop a comprehensive skills and competency framework for FOI Officers. The Intermediate Certificate emerged from the need to further develop FOI Officers who have already completed our FOI Practitioner Certificate and wish to enhance their expertise. The course emphasises skills as well as knowledge, covering challenging topics to provide a deeper understanding of the FOI fundamentals.

Course Content

The Intermediate Certificate strengthens the foundations established by the FOI Practitioner Certificate. Topics include interpreting information requests, navigating data repositories for relevant information, handling vexatious requests and applying the exemptions. Time will also be spent discussing the historical development and transformative impact of FOI on transparency, accountability and citizen empowerment. International comparisons with the FOI Act will broaden delegates’ perspectives, while critically evaluating its impact and effectiveness will assist them to appreciate the importance of transparency and accountability. By the end of the course, delegates will gain skills in, amongst other things, effectively interpreting information requests, assessing their scope, retrieving relevant information, overcoming challenges in organisational compliance, applying exemptions and crafting clear Refusal Notices.

Format

The course is structured over three days, one day per fortnight, and can be undertaken online or in the classroom. Each day includes engaging discussions, exercises and case studies. Upon completion, delegates must submit a practical assessment within 30 days. Personal tutor support is provided, throughout the course, alongside access to a comprehensive online resource lab to maximise success.

Our Commitment

Act Now Training is committed to promoting the recognition of Information Governance as a profession. We believe that anyone in the profession can gain a solid foundation in interpreting and applying the law as part of their skillset. We are committed to not only teaching with a non complex jargon free philosophy, but also ensuring our delegates are supported in building these skills for themselves and their organisations.

Our involvement with NADPO and the IRMS over the past two decades demonstrates our dedication to nurturing new entrants into the IG profession through quality training. Our partnership with Damar, on the DP and IG Apprenticeship, has led to the recruitment of over 100 apprentices and laid the foundations for prosperous IG careers.  Course Director, Ibrahim Hasan, commented:  

“After carefully considering feedback from our delegates and consulting with FOI experts, we are thrilled to introduce the FOI Intermediate Certificate. This newly designed course offers an excellent opportunity for individuals with a strong foundation and practical experience in FOI to further elevate their expertise and refine their skills.”

Special Discount

The first course starts in November and is currently eligible for a special introductory discount. In addition, if you have completed our FOI Practitioner Certificate in the last 24 months, we are offering a further £150 discount off the Introductory price. Limited places are available, book now so book now to avoid disappointment.  

Spring Offer: Get 10% off on all day courses and special discounts on GDPR certificates

Spring is around the corner, and what better way to celebrate than by learning something new? Act Now Training are offering a special Spring sale with 10% off on all one day courses until 21/04/23. Plus, we have some exciting discounts on our GDPR certificates! 

Our one day courses are designed to provide you with a comprehensive understanding of various information governance topics, including data protection, records management, FOI and information security. Whether you are a beginner or an experienced professional, our courses are tailored to meet your specific needs. 

But that’s not all! We also have some exclusive discounts on our GDPR certifications. You can get a 10% discount on our NEW Intermediate Certificate in GDPR course (Valued at £195) and a mega £150 off on our Advanced Certificate in GDPR Practice course. 

Our Intermediate Certificate in GDPR strengthens the foundations established by our UK GDPR Practitioner certificate. Delegates will cover more challenging topics and gain a deeper awareness of the fundamental data protection principles. It is an excellent option for those with an established knowledge base and experience in data protection who wish to level up their knowledge and sharpen their skills. 

Our Advanced Certificate in GDPR course is perfect for those who want to take their GDPR knowledge to the next level. This course covers the more complex aspects of GDPR and provides you with the practical skills needed to manage GDPR compliance effectively. You will learn how to break down complex multi-faceted scenarios and learn how to analyse case law, MPNs, ICO reprimands and Enforcement notices. This course is unlike any other, it challenges delegates with real world complex scenarios and is excellent in showcasing a much higher level of knowledge depth and understanding. 

Don’t miss this opportunity to enhance your information governance skills and take advantage of our Spring sale. To take advantage of this offer, simply book your chosen course before 21/04/23 and enter the code SPRING10 at checkout and the relevant discount will be applied.

Celebrating 20 Years of Delivering Customised Inhouse Training 


Act Now Training is celebrating 20 years of delivering training and consultancy in Information Governance. To commemorate this, we will be offering various offers over the next month so watch this space.

To kick things off, we are offering 20% off all in-house course bookings made until Christmas this year. These can be scheduled for delivery anytime in the next 12 months.* Act Now’s in-house training services are very popular for those seeking high quality training customised for their organisation. These can be delivered online or at client locations. 

Over 100 inhouse training courses were delivered by our team of associates in the past twelve months. These have been delivered online, as well as at client premises. We have delivered training for a range of organisations including local and central government, political parties, the NHS, and the charitable sector. Course titles include: 

  • SIRO’s and IAOs 
  • RIPA  and Surveillance  
  • Handling Subjects Access Requests 
  • Data Sharing 
  • Law Enforcement Directive and Part 3 of the DPA 2018 
  • EIR Exceptions 
  • FOI Exemptions 
  • DPIAs 
  • International Transfers 
  • GDPR Practitioner Certificate 
  • FOI Practitioner Certificate 

We have also delivered our very popular certificate courses in GDPR and FOI on an in house basis. The feedback has been very positive with an average Net Promoter Score of 91 for the last twelve months: 

“I found the trainer to be both very engaging and interesting and I felt participation was fully encouraged. The conduct of the training was very effective and the trainer made the training and the subject come to life with his engaging and easy manner. He was of course also highly knowledgeable and experienced.”  

AB, Isle of Man Government 

“Really good training course – I now have a much better understanding of Freedom of Information and Environmental Information Regulations. Tutor was really clear and very knowledgeable in the topic area.”  

GS, Environment Agency 

“Very knowledgeable trainer pitched at the right level. Interactive elements welcome so officers could discuss real world situations they have encountered making it very practical as well.”  

WP, South Ribble Borough Council  

Act Now has been providing inhouse training and consultancy services for over 20 years.  We pride ourselves on having experienced practitioners in the fields of Data Protection, Surveillance Law, Freedom of Information and Information Management. All have many years of experience of training and advice in this area.  

We have trained over 80,000 individuals from different backgrounds. Our strength lies in having a strong client base in all relevant sectors. This means that we are well informed about the most current information management issues in almost every sector. With our education led approach, we are committed to providing measurable training that adds real world value to organisations by promoting and developing participants’ skills, competencies and behaviours. 

Feel free to get in touch to discuss your online inhouse training needs. Visit our website for further details. Please quote “20th Anniversary” when enquiring. 

*Although scheduled delivery can be anytime in the next 12 months, payment terms will still be as per the usual 30 days from invoice.

Act Now Training Wins IRMS Award

Act Now Training is proud to announce that it has won the Information and Records Management Society (IRMS) Supplier of the year award for 2021.

The awards ceremony took place on Monday night at the IRMS Conference in Birmingham. Act Now was also nominated for two others awards. Congratulations to all the other winners.

Ibrahim Hasan said:

“I would like to thank the IRMS as well as the Act Now team. This award recognises the hard work of our colleagues who are focussed on fantastic customer service as well as our experienced associates who deliver great practical content and go the extra mile for our delegates. We are committed to helping advance the profession and raising the awareness of the importance of Information Rights as a fundamental Human Right; and enable a culture of respect and trust within organisations.” 

The Innovation of the Year award went to Dapian which is a cloud based programme designed to assist those conducting Data Protection Impact Assessments and Information Sharing Agreements. Act Now helped develop Dapian alongside nine organisations from the public and private sector including the IRMS.

Despite the pandemic, it has been a fantastic year for Act Now. We have delivered over 250 online workshops and launched some great new courses and products. Our Advanced Certificate in GDPR Practice has been really well received by experienced GDPR practitioners who want to enhance their skills and knowledge. We have run eight fully booked courses this year with fantastic reviews. We have also launched our very popular UK and EU GDPR Handbooks.

We have exciting plans for 2022. Watch this space!

Classroom Courses are Back

It has been a long time since we have delivered our much loved classroom courses. But the wait is over. As the world slowly, blinkingly, comes out in to the post pandemic dawn,
Act Now has launched a curated list of Classroom courses in London and Manchester.

Many of our delegates have been requesting the return to classroom for quite some time, and now we can finally start to add some dates to our calendar.

Whether Classroom or Online, our courses deliver the same content whilst ensuring that each medium is catered for specifically resulting in trackable learning outcomes. Take your pick, Online in the comfort of your home or office, or join us in one of our premier locations.

We look forward to having you back. A list of our courses can be found below. Please also check the website for further dates and details. Places will be limited to ensure social distancing so book early to confirm your place.

To see our complete list of of Online and Classroom courses please CLICK HERE

First Online FOI Practitioner Certificate Fully Booked! New Dates Added

Act Now is pleased to announce that the recently launched online FOI Practitioner Certificate course is fully booked. Delegates from a wide rage of organisations, including the NHS and local government, have booked on the first course which starts in August.

The course has been designed to mirror our classroom based course that was running successfully throughout the country before the Coronavirus lockdown.
Delegates will benefit from the same fantastic features in a live online learning environment.

Susan Wolf, who has designed this new course says:

“This is a very exciting opportunity. Despite the current difficult times and uncertainties, this online course gives FOI practitioners access to high quality training, that is cost effective and safe.”

The next course starts on 11th September 2020. Please book early to avoid disappointment. We can also deliver this course on an in-house basis customised to the needs of your staff. Please get in touch for a quote.

Act Now Launches Online FOI Practitioner Certificate

Act Now is pleased to announce the launch of its new online FOI Practitioner Certificate.

This new course has been designed to mirror our classroom based course that was running successfully throughout the country before the Coronavirus lockdown.
Delegates will benefit from the same fantastic features in a live online learning environment.

Class sizes are 50% smaller to ensure that delegates receives all the attention and support they need to get the best out of the course. They will also have plenty of opportunities to ask questions, test their skills and engage with FOI practitioners from the comfort of their home office.

The four days of training are split up into three online sessions per day. Using our online training platform, delegates will be able to see and hear the course tutors as well as the slides, exercises and case studies. We have also built in 1 to 1 tutor time at the end of each day to provide individual support.

A very comprehensive set of materials, including all legislation, will be posted to delegates in advance of the online sessions. In addition they will have access to our online Resource Lab, which now includes updated videos on key aspects of the syllabus.

This new course builds upon our wealth of experience of designing and delivering online training as well as the delegate feedback from our online GDPR Practitioner Certificate.

Susan Wolf, who has designed this new course says:

“This is a very exciting opportunity. Despite the current difficult times and uncertainties, this online course gives FOI practitioners access to high quality training, that is cost effective and safe.”

The first course starts on 20th August with a special introductory price of  £1,995  plus VAT. Places are filling up so book early to avoid disappointment. We can also deliver this course on an in-house basis customised to the needs of your staff. Please get in touch for a quote.

 

Disclosure Staff Names in FOI Requests  

One of the most popular search terms on our blog is “disclosure of names under FOI.”
A further question that we were recently asked on a course is whether FOI practitioners should provide their names when they respond to requests.

There have been some important developments since 2013 and our last two blogs on this topic. The provisions of S.40(2) of the Freedom of Information Act  (FOI) 2000 have been amended to take into the provisions of General Data Protection Regulation 2016 (GDPR) and the Data Protection Act 2018 (replacing the Data Protection Act 1998).
In addition we now have the benefit of  two rulings from the Upper Tribunal namely Information Commissioner v Halpin (GIA) [2019] UKUT 29 (AAC) and Cox v Information Commissioner and Home Office [2018] UKUT 119 (AAC). In addition, the Information Commissioner’s Office has issued revised guidance on requests for personal data about public authority employees which take into account the recent developments.

The FOI Section 40(2) Exemption

The names of staff working in public authorities are personal data as defined by Article 4 (1) of GDPR and S. 3 Data Protection Act (DPA) 2018. In addition organisational charts and internal directories that contain staff names are also personal data if they identify individual members of staff. FOI requests may not necessarily be couched as request for staff names. For instance, a requestor may wish to see “ all communications” about a certain subject, but these communications may include the names of those sending and receiving emails. They may wish to find out the names of staff present in specific meetings (which is what happened in the Cox case). The Cox case was the first occasion in which the Upper Tribunal was tasked with considering the principles governing the disclosure of the names of civil servants, but clearly it has wider application to all other public authorities.

When a public authority receives an information request that includes a request for the names of staff, it needs to consider the third-party personal data exemption in S. 40(2) FOI. This is an absolute exemption if:

  • Disclosure of the third-party personal data (in this case staff) would contravene any of the data protection principles; or

  • Disclosure would contravene an objection to processing under GDPR Article 21; or –

  • The personal data would be exempt if the data subject  (member of staff concerned) had made a subject access request.

An almost identical exception operates in EIR regulation 13.

The data protection principles are listed in GDPR Article 5. The first principle is the most relevant in this context. This requires that the processing of personal data must be lawful, fair, and transparent. Disclosing under the FOI constitutes processing.

Before disclosing any staff names the first question is whether the disclosure is lawful. There are six lawful bases for processing in GDPR Article 6, but only consent or legitimate interests are relevant to disclosure under the FOI or EIR. It may be possible to ask staff for their consent to disclose their names. However, given the particularly high threshold for consent to be valid (see GDPR Article 7) and the imbalance of power in an employer/employee relationship, any consent is not necessarily going to be valid.

Legitimate Interests

The alternative lawful basis is that disclosure is “necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interest or fundamental rights and freedoms of the data subject which require protection of personal data…” (GDPR Article 6 (1)(f)). Some readers may be concerned because the GDPR specifically states that public authorities cannot rely on the legitimate interests’ lawful basis when processing in the performance of their tasks. However, this restriction is lifted in relation to disclosure under the FOI or EIR by S.40(8) of FOI and Reg. 13(6) of EIR respectively.

The ICO guidance suggests that public authorities answer three key questions when considering this issue, namely:

Question 1: What is the legitimate interest in disclosure (or what is the purpose)?

This includes the legitimate interest of the public authority or a third party, which is likely to be the requestor.  A wide range of interests may be legitimate interests. The requestor may have  a personal and private reason for wanting to know staff names, but this makes it no less relevant. In the Halpin case, the Upper Tribunal confirmed that a purely private interest was capable of amounting to a legitimate interest. In this case Mr Halpin wanted details of the training undertaken by two social workers because their capacity and skills were relevant in any appeal against a Care Act assessment.

Question 2: Is it necessary to disclose staff names for that purpose?

This requires a public authority to ask whether it is “necessary” to disclose staff names in order to serve the legitimate interests of the requestor. It may be possible to provide the applicant with alternative information, such as the numbers of staff involved in a meeting and information about their roles and levels of seniority without providing names. For example, in McFerran v Information Commissioner EA/2012/0030,the requestor wanted to know the names of the council staff who were present during a police search of a council property. The Tribunal acknowledged that there was a legitimate interest in knowing that the search had been conducted properly but it was not necessary for the requestor to know the names of the council staff involved.

Question 3: Does the legitimate interest outweigh the interest and rights of the staff concerned? 

This involves a balancing exercise. Public authorities need to consider the likely impacts or consequences that disclosure of staff names will have on the staff themselves.
Names should not be disclosed if disclosure will cause unjustified adverse effects on the staff concerned. It is important to remember when making this assessment, that disclosure of names under the FOI is to “the world at large”. Again, the Upper Tribunal in Halpin was at pains to emphasise that even if the requestor indicates they have no intention of publicising the information, the public authority loses control of the information once it is disclosed. Disclosure under the FOI is not subject to any duty of confidence. This becomes a relevant factor in deciding whether the disclosure will cause unwarranted harm to the  named individuals.

The key question when it comes to disclosing names, is what is the harm that will arise from disclosure? There must be a connection between the disclosure and the harm.
Even if disclosure may cause distress to a member of staff  this doesn’t automatically trump the legitimate interests of the requestor; the public authority must undertake a balancing exercise. When a public authority carries out this balancing exercise it should take the reasonable expectations of the staff concerned into account. For example, just asking whether the member of staff concerned would have a reasonable expectation that their names would be disclosed to the world at large provides a useful starting point.
This also enables the public authority to address the question of fairness.
In deciding whether to disclose staff names it is important to think about the public facing nature of the role filled by the individual member of staff ; their seniority in the organisation; whether a public authority has a policy  on the disclosure of staff names that informs their expectations. The staff privacy notice should also provide staff with some understanding of when their names may be disclosed in response to FOI request.

Clearly a Chief Executive of an organisation should expect that their name is released into the public domain. As the ICO guidance advises:

The more senior an employee is and the more responsibility they have for decision making and expenditure of public money, the greater their expectation should be that you disclose their names.

On the other hand somebody with responsibility for cleaning offices will have a real expectation that their name remains confidential. FOI practitioners are familiar with this assessment, which is  based on ICO guidance and an earlier case of Home Office v Information Commissioner EA/2011/0203. This said that the names of junior civil servants are generally protected from disclosure unless they occupy a public-facing role. However the decision in the Cox case makes it clear that each case will depend on its own facts and context. There is no blanket presumption in favour of disclosure of the names of senior officials, each case must be considered carefully and with regard to the legitimate interests of the requestor.

Disclosing Names of FOI practitioners

The question of whether a public authority should disclose the name of a person handling an FOI request raises all of the above considerations. First, what is the legitimate interest in a FOI requestor knowing the name of the person who handled their request?
Second, is it necessary to know that person’s name to serve that legitimate interest? Finally does the legitimate interest of the requestor outweigh any harm that may be caused to the member of staff handling the request. There is no legal obligation to disclose staff names and a public authority could refuse under S 40(3) FOI if all of the above are satisfied.

In the interests of transparency many public authorities disclose the names of the person who has handled their request. Given the public facing role and the work that FOI practitioners do it is arguable that their expectation is that their names may be disclosed. However in some organisations FOI requests are dealt with by many different staff at various levels rather than via a single FOI point of contact. In these circumstances more junior staff who have handled requests may have a greater expectation of privacy.

This and other developments will be discussed in our  FOI and EIR workshops  which are now available as an online option. If you are looking for a qualification in freedom of information,  our  FOI Practitioner Certificate  is ideal. It will soon be available as an online option. Please get in touch to learn more.

 

The Public Interest Test under EIR and FOI: Weighting the Arguments

A recent decision of the Upper Tribunal, under the Freedom of Information Act 2000 (FOI), provides a useful reminder of what a public authority needs to do when applying the public interest test.

FOI practitioners will be familiar with conducting public interests tests when considering whether to apply one of the qualified FOI exemptions and the exceptions in the Environmental Information Regulations 2004 (EIR). Both sets of exemptions/exceptions require a public authority to weigh the public interest in maintaining the exemption against the public interest in disclosure. A public authority can only withhold the information if the public interest in maintaining the exemption outweighs the public interest in disclosure.

Public interest arguments in favour of withholding the information must relate specifically to that exemption. In addition, the public authority must consider all the circumstances of the case. This means that two identical requests to different public authorities may result in different disclosure decisions if the circumstances of the case are different.
Practitioners should be particularly cautious about relying on other cases to help decide where the public interest lies and must not apply blanket refusals to certain types of information. In one of its earlier decisions, the First Tier Tribunal (Information Rights) made it clear that a public authority may have a general policy that the public interest is likely to be in favour of maintaining an exemption in respect of a specific type of information, but any such policy must be flexibly applied, with genuine consideration being given to the circumstances of the particular request (see Guardian Newspaper and Heather Brooke v Information Commissioner (EA/2006/0011)).

Essentially, this ‘weighting’ exercise requires a public authority to consider, in the specific circumstances of each case, whether it is in the public interest to disclose the information or to withhold it. Arguments against disclosure must focus on the factors associated with the particular exemption in question and the interest it seeks to protect (see Oxford City Council and Hogan v Information Commissioner EA/2005/0026). Where, an exemption is about prejudice (under FOI) or adverse effect (under the EIR) then there is an inherent public interest in avoiding that prejudice or adverse effect.

The Ryan Case

The recent Upper Tribunal decision, in Ryan v Information Commissioner [2020] UKUT 54 (AAC), involved a request by Mr Ryan to Kent County Council for information about the Council’s negotiations with Tesco in relation to the sale of council land to Tesco in 2004. Mr Ryan wanted to see the correspondence between the Council, the Council’s agent and Tesco. The land in question was a two-acre site that included an Adult Education Centre and car park. As part of the sale contract, Tesco agreed to provide a shop unit for community use to be leased back to the Council at a nominal rent, with the Council paying the costs of constructing the building. However, in 2015 Tesco decided that it would not proceed with its development plans and subsequently sold the land on to a company for residential development. Consequently the community lost the use of the adult education centre that had to be relocated elsewhere. The health and social care centre that was supposed to have been based in the community shop was forced to move into a smaller space inside a library. Mr Ryan argued that there was a  strong public interest in knowing what the Council’s negotiation strategy had been, since the failure of the negotiations with Tesco had clearly caused “ongoing pain” to the community through the loss of these community services.

Following an investigation by the Information Commissioner’s Office (ICO), the Council disclosed the majority of the information requested but continued to withhold one section of a document (“Negotiating Strategy”) relating to its negotiations with Tesco. The Council claimed that disclosure would prejudice its commercial interests and used EIR regulation 12 (5)(e) to withhold this one section. This permits a public authority to refuse a request for environmental information to the extent that its disclosure would adversely affect the confidentiality of commercial or industrial information where such confidentiality is provided by law to protect a legitimate economic interest.

In her Decision Notice (FER0713831) the Commissioner concluded that disclosing the requested information would highlight a tactic used by the council in the negotiations which might well be used in similar circumstances in the future. She decided that the exception was engaged and that the public interest favoured withholding this one piece of information.

The First Tier Tribunal (Information Rights) agreed that the exception was engaged (Ryan v Information Commissioner EA/2018/019). Although the negotiations with Tesco had ended some time ago, the Tribunal decided that disclosure of the relevant tactic may lead parties considering future negotiations with the Council to change their negotiating strategy and that the confidentiality of this commercial information would be adversely affected by disclosure. The Tribunal decided that there was a significant public interest in understanding what happened with the deal and why attempts to obtain the adult education centre and the health and social care centre failed. Disclosure of information about how and why the situation had happened would further the public interest in holding the Council to account for its conduct of this matter and could help to ensure that the same thing does not happen again. On the other hand the Tribunal considered that there was a clear public interest in allowing the Council to approach negotiations on a level playing field; that disclosure would the undermine its negotiating position in future similar negotiations and this would  prevent it from obtaining the best value in its land deals, with a consequential effect on the public purse. On balance the Tribunal decided that taking into account the specific information, the public interest arguments and the amount of information that had already been disclosed, that the public interest favoured withholding the small amount of information regarding negotiating tactics. In particular the Tribunal noted that the disputed information would not greatly further the public’s understanding of what had happened, and disclosure would cause substantial damage to the public interest.

On appeal the Upper Tribunal decided that the First Tier Tribunal’s approach was wrong. The latter had not taken into account the content of the disputed information, which in the Upper Tribunal’s view contained nothing “unique or unusual”. The Upper Tribunal stated that the information was about the sort of advice that a local authority would generally be given in the circumstances and that it was also the sort of advice that would be anticipated by the other side. In its view disclosure would not adversely affect the Council in the ways identified by the First Tier Tribunal. However, the Upper Tribunal has remitted the case back to a differently constituted First Tier Tribunal for reconsideration of the public interest.

In doing this the Upper Tribunal, referring to one of its earlier decisions (FCO v Information Commissioner and Plowden [2013] UKUT 275 (AAC), made some important observations about the public interest test:

  1. It is important to look at the disputed information and consider whether its disclosure would further the public interest. In this case the Upper Tribunal suggests that if the information regarding tactics is well known to anyone advising on development issues, disclosure would not do much to further the public interest in disclosure. If the disputed information is not particularly informative then it is important to explain what the public interest in disclosure is that will outweigh the public interest in maintaining an exemption.
  2. The test for the balance of public interests is a comparative one; so that the weaker the case for one side, the less public interest is needed on the other side to outweigh it.
  3. Under the EIR it is necessary to show how the presumption in favour of disclosure has been factored into the consideration. This applies to public authorities, the Commissioner, and the First Tier Tribunal.

This case concerned a qualified exception under EIR and therefore technically only provides a precedent in relation to that legislation. When a public authority is applying one of the EIR exceptions it must show how it has factored the presumption in favour of disclosure into its considerations. A public authority would be well advised to explain how it has done this in the Refusal Notice.

The FOI does not include an expressly stated presumption in favour of disclosure, so this aspect of the judgment has no bearing on it. However, this case provides some useful lessons for practitioners when dealing with qualified exemptions under the FOI. The first two observations listed above have equal force when dealing with qualified exemptions under the FOI and serve to remind us that it is always necessary to consider whether and how disclosure of the disputed information will further the public interest, and to deal with each case on its own set of facts.

This and other developments will be discussed in our FOI and EIR workshops which are now available as an online option. If you are looking for a qualification in freedom of information, our FOI Practitioner Certificate is ideal.

Exit mobile version
%%footer%%