Tag: Transparency

20 Years of FOI: An Interview with Maurice Frankel  

It is more than 20 years since the Freedom of Information Act came into force. Now more than ever transparency is an important aspect of public life and indeed a democratic necessity.  

In Episode 3of the Guardians of Data podcast we discussed these issues with our guest was Maurice Frankel OBE, director of the Campaign for Freedom of Information .  

The following is an abridged version of the podcast focusing on Jon’s advice to IG professionals.   

Question: What was life like before the Freedom of Information Act? How easy was it to obtain information from the public sector? 

Answer: It was extremely difficult in most cases; unless the information you were asking for, was helpful for the public authorities position, in which case the authority would be prepared to release it. But if you asked for information which might question its position, then it was very difficult to get the information and officials, council leaders and ministers would treat the information as if it was their own personal information, and they’d sometimes be affronted that you would even ask and expect that information to be disclosed. 

What were the other challenges in terms of getting the FOI Act onto the statute books? 

Well, the fact is, the government realized and Tony Blair realised, once the legislation was going through Parliament that, this was something that would cause them problems. And, it came to the point at which, the government privately threatened to pull the FOI Bill from Parliament if further improvements to the bill were made during its parliamentary progress.  

Jack straw, who was the Home Secretary and the Justice Minister, confirmed this in his memoirs; that the government actively considered dropping the FOI Bill, for fear that it had gone too far, that it was providing too much openness; that explains why they put it off for so long. 

You mentioned the cost limit. There was a story recently about an author who had a number of FOI requests about Andrew Mountbatten Windsor refused on costs grounds. Do you think there’s a case here for the cost limit rules to be changed so FOI requests cannot be refused on the grounds of costs if there’s a strong public interest in disclosing the information? 

Well, I think there’s a good case for that. We argued for that when the FOI Bill was going through Parliament because, it was obvious that you had an absolute limit on what could be disclosed based on the time needed to find it, essentially. And there was no way through that. And that limit applied in the same way to a request about the purchase of government stationery and to information the government held about a life threatening disease or potential pandemic. And, the case for treating those differently and recognising the public interest in serious cases, I think is very strong. Now the government will argue that everybody will make a public interest case for disclosure. But everybody does make a public interest case for disclosure of information about commercial interests, law enforcement matters and so on. And the exemption does not, collapse in every case simply because somebody makes that argument. Tt gives way when there is genuine evidence which justifies a disclosure of otherwise exempt information. I think the same could take place if there was a public interest test applying to the cost limit. 

You mentioned previously with regards to inquiries and their power to seek information from government. The Covid inquiries are ongoing. We’ve about the use of unofficial communications such as WhatsApp, Signal and Google Chat by ministers and advisers and in some cases, them using disappearing messages. What does that say to you about attitudes to transparency when it comes to the major decisions, particularly around Covid? 

Well, a chunk of the history will have been lost forever. It may be that there’s enough been recorded, to make up for that in the main areas. But I think the use of auto deletion, or messaging software, is a very unhealthy development. And if it’s possible to prevent officials using it, even where they need to use messaging software for efficiency purposes, they should not be able to use software, which automatically deletes messages once they’ve been read. I think that is inimical to proper record keeping practices, to accountability and to the operation of the Freedom of Information Act. 

Do you think that the fallout from the Epstein Scandal and the Covid Inquiry so far, is going to lead to improvements in government transparency, or is it going to lead to more unrecorded decisions? 

Well, I think the surprising thing is that very embarrassing material has come out of the Post Office Inquiry. For example, about the real reasons for continuing with various practices, despite the fact that it was well known that the Post Office was subject to the Freedom of Information Act and was receiving Freedom of Information requests. So I think what is perhaps more surprising is how much of that information has survived, despite the existence of FOI. I mean, when the Act was being discussed in the early days, the government would argue that people would use post-it notes to record sensitive information so that these could be pulled off the documents when an FOI request was received. And so they believed that the threat of disclosure would prevent anything significant, which could be embarrassing being recorded in a permanent form at all, and that’s not proved to be the case. And I think that is probably because, first of all, the chances, I think officials will recognise that they’re dealing with vast volumes of documents, and very few of those were ever requested under FOI. And that means the ordinary incentive to carry on, recording information in the ordinary way or sending recorded information to colleagues, in the ordinary way, carries on, despite what in practice, maybe a hypothetical possibility of an FOI request being received at some later stage. So the information is, is not that vulnerable, to pre-emptive destruction, to prevent disclosure. I think that is perhaps a reassuring, result of these inquiries. 

I agree with you, Maurice, that having had over twenty years of FOI, we are seeing the government disclosing more information, sometimes embarrassing as well and certainly the inquiry system is disclosing more information perhaps, than the Freedom of Information Act would have allowed. So together, I think I agree we have made progress. But do you think there is still room for improvement? Do you think certain public authorities need to improve more than others? 

Well, I think there’s room for improvement across the board. I think there’s a number of things. I think the first thing is, authorities are sometimes too keen to impute bad motive to a requester, just as requesters are sometimes too keen to impute bad motive to a public authority for withholding information.  

I think a second problem is that, public authorities are not making proper use of Boolean searches,. That is, they’re not searching for search term A combined with search term B, but excluding search term C. They are simply looking for hits under particular search terms and not intelligently, using the ability that their systems in many cases, must have to narrow the request by proper use of the of search language. So I think that needs to be looked at.  

And I also think that the Act itself needs to be amended, to address some of the shortcomings that it creates. And, chief of those is, the reasonable extension to consider the public interest test. So the twenty working days is extendable by an unspecified reasonable period to consider the public interest test. I think that extension should be got rid of, just as the Environmental Information Regulations have got rid of it (and Scotland’s Freedom of Information Act, has never adopted that approach). 

Where do you think FOI is going? If we get a change of government, do you think you’ll be back on the campaign trail trying to save FOI? 

Well, we are always aware of the fact that the Act could come under threat at any time. The number of times we have had to come in and try and defend the Act against attempts by, initially the Blair Administration, then the Coalition Government, Conservative Government, to stop attacks on FOI is remarkable.  

I mean, we had attempts to remove Parliament itself from the scope of the act in the early days. There was an attempt to expand the cost limit so that the cost limit of effectively 18 hours or 24 hours of time spent looking for information would apply not to a single request, or to all similar requests within a sixty working day period, but to all requests by a requester to the same public authority, whether they were related or not. And that would mean that, and not just from the same individual requester, but from the same organisation. So it would mean that major news organisations would be limited to one or two requests to the Home Office in a in a three month period, spread amongst all of their journalists. This was seriously put forward by the Blair Administration in the early days. And so, I don’t underestimate the threat to FOI.  

The most recent serious threat we had was, the government setting up the Independent Commission on Freedom of Information, in the mid-nineties, where the unspoken aim was to remove information about policy making from the scope of FOI altogether. We did a very detailed analysis of all Tribunal decisions over, I think, a sixteen month period, relying on section 35, and showed that in very many cases, the exemption worked as it the government had intended it to work. That is, it protected sensitive discussions, from disclosure even after the decision had been taken. But that in a number of cases where the public interest justified it, that information was disclosed and the Tribunal accepted that that was the exemption and the public interest test working as it was supposed to, and that there should be no change to that that position. And so I think that was a very important milestone in the Act, because that resulted in the government before the final report was published, announcing that it hoped the Independent Commission would not require any weakening of the Freedom of Information Act, whereas a weakening of the Act had been the whole purpose of setting up the Commission 

And just finally, some words of inspiration for our new professionals please Maurice. 

Try and understand what the rationale for bringing FOI in actually was, and that was that openness serves the public interest. It serves the interest of accountability. It deters bad practice and it exposes unacceptable conduct. Those are all things which authorities, should be endorsing. And the FOI officers in particular, should see that as the benefit of freedom of information. And in my own experience where I’ve been provided information in the right spirit, it does change your view of the authority you’re dealing with. It does make you more willing to accept what they tell you, and more willing to have confidence in their decisions. It increases public trust in the organisation which can only be a good thing.  

You can listen to the full Episode 3 podcast with Maurice here. 

What Has the Freedom of Information Act Ever Done for Us? 

1st January 2025 marked the 20th anniversary of the Freedom of Information (FOI) Act 2000 coming into force. FOI advocates argue that the Act has transformed the landscape of public information access, empowering citizens, journalists, and organisations to hold public bodies more accountable while fostering a culture of openness. However, some critics consider it a “snooper’s charter” that has impeded government efficiency. Tony Blair, whose government enacted FOI, expressed regret in his memoirs: 

“Freedom of Information. Three harmless words. I look at those words as I write them, and feel like shaking my head till it drops off my shoulders. You idiot. You naive, foolish, irresponsible nincompoop. There is really no description of stupidity, no matter how vivid, that is adequate. I quake at the imbecility of it.” 

With these differing views in mind, let’s take a closer look at some of the FOI Act’s achievements.  

Greater Transparency 

One of the most significant achievements of the FOI Act is its enhancement of transparency in government operations. By granting individuals the right to request information from public authorities, the Act has helped lift the veil on many aspects of governmental and institutional processes. This increased transparency has led to greater scrutiny of decision-making, financial management, and policy implementation. 

A notable example of this was the 2009 MPs’ expenses scandal. FOI requests exposed widespread misuse of public funds by Members of Parliament, leading to resignations, repayments, and reforms in the parliamentary expenses system. Such revelations underscore how the FOI Act has empowered citizens to hold public officials accountable. 

Empowering Citizens and Strengthening Democracy 

The FOI Act has also played a pivotal role in empowering citizens. By democratising access to information, it allows anyone to request details from public bodies without needing to justify their reasons. This access enables citizens to engage more effectively in public debates and advocacy efforts, armed with facts and data obtained through FOI requests. 

One example of this empowerment was seen in 2013 when FOI requests helped expose racial disparities in police stop and search practices. This revelation sparked widespread public concern and contributed to reforms in policing policies.
Similarly, FOI requests uncovered the disproportionate closure of public libraries in deprived areas, prompting national discussions on equitable access to public services. 

Accountability Through Public Scrutiny 

Accountability is a cornerstone of good governance, and the FOI Act has played an instrumental role in ensuring that public officials and institutions are answerable to the people they serve. Numerous FOI disclosures have led to public outcry and prompted subsequent reforms.  

For example, in 2006, widespread concern about knife crime, fuelled by several
high-profile cases, led to a highly publicised knife amnesty by the police.
Tens of thousands of knives were handed in. However, an FOI request later revealed that a statistical evaluation of the amnesty in London found that, just weeks after the operation, knife crime rates were back to pre-amnesty levels. This disclosure, which might otherwise have been suppressed, demonstrated how FOI can provide vital, often inconvenient, truths that drive public policy. 

Promoting Ethical Conduct and Integrity 

The FOI Act has not only exposed wrongdoing but also served as a deterrent against unethical behaviour. Public officials are more likely to act with integrity, knowing that their actions could be subject to public scrutiny. 

In 2021, a BBC Panorama investigation revealed serious patient safety issues buried in confidential hospital reports. FOI requests led to the discovery of 111 reports, authored by medical royal colleges, which NHS trusts were legally obligated to share. Of those, only 26 were published, and 80 had not been shared with regulators at all. The resulting public outcry prompted greater attention to transparency within the NHS. 

Challenges and the Road Ahead 

Despite its successes, the FOI Act has faced several challenges, and notable gaps in the framework still need to be addressed. Currently, it does not extend to private entities performing public functions or receiving substantial public funding. Surprisingly, the Labour General Election manifesto made no reference to FOI despite the Party arguing for many years that private contractors delivering public services should be subject to FOI.  This leaves a significant transparency gap, where key information remains inaccessible. Expanding the scope of the FOI to include these entities would help ensure that transparency and accountability are maintained across all sectors receiving public money. 

Another challenge is the slow or inadequate response to FOI requests by some public authorities. While the Information Commissioner has taken action in recent years to hold public bodies accountable for FOI failures, from police forces to local councils and government departments, response times can still be unacceptably long. 

Although FOI contains exemptions to protect sensitive information, there are instances where these exemptions are applied excessively or inappropriately, leading to the withholding of information that could otherwise be disclosed. This undermines the spirit of the Act and hampers transparency. (See the recent article in the Guardian “Dubious’ use of the Freedom of Information Act stopping access to files on Prince Andrew, researchers say”). In 2021 current and former editors of Britain’s leading newspapers expressed concern over the government’s handling of FOI requests. 
In an open letter, they called for an investigation into a Cabinet Office unit – the Clearing House – which is alleged to have profiled journalists and blocked FOI requests.  

As we celebrate the 20th anniversary of the Freedom of Information Act, it is clear that the Act has been a game-changer for transparency, accountability, and democratic engagement in the UK. While there have been notable achievements, the journey is far from complete. To maximise its potential, the FOI Act should be strengthened in key areas, including expanding its coverage and ensuring that public authorities are adequately resourced to handle requests in a timely and efficient manner. The next 20 years will be critical in determining whether the FOI can continue to serve its intended purpose: fostering an informed, engaged, and accountable public. 

Enjoy reading our blog? Help us reach 10,000 subscribers by subscribing today!

Are you an experienced FOI officer wishing to advance your career in 2025. Our FOI Intermediate Certificate strengthens the foundations established by our FOI Practitioner Certificate. It will help you become an adept FOI practitioner by delving deeper into the intricacies of the FOIA, equipping you with the skills and confidence to navigate its complexities. 

Common FOI Requests By Sector

Despite the General Election, its business as usual for FOI practitioners. In fact many will report an increase in FOI requests. Understanding what requestors are interested in can help FOI practitioners to consider whether proactive publication of this information would benefit their organisation and help to reduce information requests. 

Working with WhatDoTheyKnow (WDTK), the ICO have analysed a sample of more than 150,000 requests made during 2022 and identified common themes in the information that has been requested. This has been broken down into 5 sectors:

Health

  • Meetings, committees, and minutes
  • Data and statistics
  • Complaints 
  • Recruitment and staffing information, including fuel allowance and travel costs
  • Policies
  • Mental health care

Local Government 

  • Highways, roads and parking  
  • Bus lanes and bus services
  • Children, schools and care
  • Housing and planning
  • Contracts
  • Internal correspondence
  • Asbestos

Education 

  • Admissions
  • Grades, scores and results 
  • Management and finances 
  • Economics, law, engineering, science and medicine courses.

Central Government 

  • Data and statistics
  • Correspondence and communications
  • Meetings
  • Covid-19
  • Costs

Emergency Services 

  • Statistical information
  • Hate crimes, crimes of a sexual nature, assault, and stalking
  • Vehicle and fleet 
  • Roads and speed limits

The ICO says that understanding the public’s information needs can better equip public authorities to meet one of the challenges set out in their recent open letter to senior leaders: ‘… look at what people are asking you about and actively publish it.’ Proactive publication also leads to greater transparency and could decrease the number of information requests public authorities receive.

Our FOI Exemptions workshop is ideal for FOI Officers who want to develop their knowledge of the exemptions and sharpen their Refusal Notice writing skills.

Lessons On Transparency: The ICO Experian Appeal

The Information Commissioner’s Office recently lost its appeal in the Upper Tribunal in relation to an Enforcement Notice issued to Experian.  

The concerned Experian’s marketing arm, Experian Marketing Services (EMS) which provides analytics services for direct mail marketing companies. It obtains personal data from three types of sources; publicly available sources, third parties and Experian’s credit reference agency (CRA) business. The company processes this personal data to build profiles about nearly every UK adult. An individual profile can contain over 400 data points. The company sells access to this data to marketing companies that wish to improve the targeting of their postal direct marketing communications 

On 20th February 2023, the First-Tier (Information Rights) Tribunal (FTT) overturned an ICO Enforcement Notice issued to Experian. The notice alleged several GDPR violations namely; Art. 5(1)(a) (Principle 1, Lawfulness, fairness, and transparency), Art. 6(1) (Lawfulness of processing) and Art. 14 (Information to be provided where personal data have not been obtained from the data subject). For more detail of the FTT judgement read our earlier blog here

On 23rd April 2024, the Upper Tribunal dismissed the ICO’s appeal against the FTT’s judgment. This can be read here along with a useful press summary. The Upper Tribunal backed the FTT’s conclusions while repeatedly criticising its unclear reasoning. 

The broader value of the judgment lies in its guidance, for the first time at this level, of what the transparency requirement under the UK GDPR involves (see paragraph 95). It also sets out its views on the current data protection landscape more generally. 5 Essex Court have a good summary of the judgement on their website.  

The ICO’s has issued a (“Let’s look on the bright side”) statement stating that: 

“The ICO will take stock of today’s judgment and carefully consider our next steps, including whether to appeal.” 

This and other data protection developments will be discussed in detail on our forthcoming  GDPR Update  workshop. 

Experian’s GDPR Appeal: Lawfulness, Fairness, and Transparency

On 20th February 2023, the First-Tier (Information Rights) Tribunal (FTT) overturned an Enforcement Notice issued against Experian by the Information Commissioner’s Office (ICO). 

This case relates to Experian’s marketing arm, Experian Marketing Services (EMS) which provides analytics services for direct mail marketing companies. It obtains personal data from three types of sources; publicly available sources, third parties and Experian’s credit reference agency (CRA) business. The company processes this personal data to build profiles about nearly every UK adult. An individual profile can contain over 400 data points. The company sells access to this data to marketing companies that wish to improve the targeting of their postal direct marketing communications. 

The ICO issued an Enforcement Notice against Experian in April 2020, alleging several GDPR violations namely; Art. 5(1)(a) (Principle 1, Lawfulness, fairness, and transparency), Art. 6(1) (Lawfulness of processing) and Art. 14 (Information to be provided where personal data have not been obtained from the data subject). 

Fair and Transparent Processing: Art 5(1)(a) 

The ICO criticised Experian’s privacy notice for being unclear and for not emphasising the “surprising” aspects of Experian’s processing. It ordered Experian to: 

  • Provide an up-front summary of Experian’s direct marketing processing. 
  • Put “surprising” information (e.g. regarding profiling via data from multiple sources) on the first or second layer of the notice. 
  • Use clearer and more concise language. 
  • Disclose each source and use of data and explain how data is shared, providing examples.  

The ICO also ordered Experian to stop using credit reference agency data (CRA data) for any purpose other than those requested by Data Subjects. 

Lawful Processing: Arts. 5(1)(a) and 6(1) 

All processing of personal data under the GDPR requires a legal basis. Experian processed all personal data held for marketing purposes on the basis of its legitimate interests, including personal data that was originally collected on the basis of consent. Before relying on legitimate interests, controllers must conduct a “legitimate interests assessment” to balance the risks of processing the risks. Experian had done this, but the ICO said the company had got the balance wrong. It ordered Experian to: 

  • Delete all personal data that had been collected via consent and was subsequently being processed on the basis of Experian’s legitimate interests. 
  • Stop processing personal data where an “objective” legitimate interests assessment revealed that the risks of the processing outweigh the benefits. 
  • Review the GDPR compliance of all third parties providing Experian with personal data. 
  • Stop processing any personal data that has not been collected in a GDPR-compliant way. 

Transparency: Art. 14 

Art. 14 GDPR requires controllers to provide notice to data subjects when obtaining personal data from a third-party or publicly available source. Experian did not do provide such notices relying on the exceptions in Art 14. 

Where Experian had received personal data from third parties, it said that it did not need to provide a notice because “the data subject already has the information”. It noted that before a third party sent Experian personal data, the third party would provide Data Subjects with its own privacy notice. That privacy notice would contain links to Experian’s privacy notice.
Where Experian had obtained personal data from a publicly available source, such as the electoral register, it claimed that to provide a notice would involve “disproportionate effort”. 

The ICO did not agree that these exceptions applied to Experian, and ordered it to: 

  • Send an Art. 14 notice to all Data Subjects whose personal data had been obtained from a third-party source or (with some exceptions) a publicly available source. 
  • Stop processing personal data about Data Subjects who had not received an Art. 14 notice. 

The FTT Decision  

The FTT found that Experian committed only two GDPR violations: 

  • Failing to provide an Art. 14 notice to people whose data had been obtained from publicly available sources. 
  • Processing personal data on the basis of “legitimate interests” where that personal data had been originally obtained on the basis of “consent” (by the time of the hearing, Experian had stopped doing this). 

The FTT said that the ICO’s Enforcement Notice should have given more weight to:  

  • The costs of complying with the corrective measures. 
  • The benefits of Experian’s processing. 
  • The fact that Data Subjects would (supposedly) not want to receive an Art. 14 notice. 

The FTT overturned most of the ICO’s corrective measures. The only new obligation on Experian is to send Art. 14 notices in future to some people whose data comes from publicly available sources. 

FTT on Transparency 

Experian had improved its privacy notice before the hearing, and the FTT was satisfied that it met the Art. 14 requirements. It agreed that Experian did not need to provide a notice to Data Subjects where it had received their personal data from a third party. The FTT said that “…the reasonable data subject will be familiar with hyperlinks and how to follow them”.
People who wanted to know about Experian’s processing had the opportunity to learn about it via third-party privacy notices. 

However, the FTT did not agree with Experian’s reliance on the “disproportionate effort” exception. In future, Experian will need to provide Art. 14 notices to some Data Subjects whose personal data comes from publicly available sources. 

FTT on Risks of Processing 

An ICO expert witness claimed that Experian’s use of CRA data presented a risk to Data Subjects. The witness later admitted he had misunderstood this risk. The FTT found that Experian’s use of CRA data actually decreased the risk of harm to Data Subjects. For example, Experian used CRA data to “screen out” data subjects with poor credit history from receiving marketing about low-interest credit cards. The FTT found that this helped increase the accuracy of marketing and was therefore beneficial. As such, the FTT found that the ICO had not properly accounted for the benefits of Experian’s processing of CRA data. 

The ICO’s Planned Appeal 

The FTT’s decision focuses heavily on whether Experian’s processing was likely to cause damage or distress to Data Subjects. Because the FTT found that the risk of damage was low, Experian could rely on exceptions that might not have applied to riskier processing.  

The ICO has confirmed that it will appeal the decision. There are no details yet on their arguments but they may claim that the FTT took an excessively narrow interpretation of privacy harms. 

This and other data protection developments will be discussed in detail on our forthcoming  GDPR Update  workshop. There are only 3 places left on our next Advanced Certificate in GDPR Practice.  

The WhatsApp GDPR Fine 

mika-baumeister-uKdkh25_wc0-unsplash

On 2nd September, the instant messaging service WhatsApp was fined €225 million by the Irish Data Protection Commission (DPC) under GDPR. It is the largest fine issued by the DPC and the second highest in the EU (In July Luxembourg’s National Commission for Data Protection fined Amazon €746 million after finding that the way the e-commerce giant handles people’s personal data, especially around personalised ads, was not GDPR compliant).

The background to the WhatsApp fine is an investigation by the DPC, which started in December 2018. WhatsApp users are required to provide the company with all their contacts’ phone numbers. Some of these will inevitably belong to non-WhatsApp users.
The DPC found that these numbers were also personal data because the subjects were identifiable and consequently WhatsApp was the data controller in relation to such data.

The DPC then evaluated WhatsApp’s compliance with the transparency obligations set out in Articles 14 and 12(1) of GDPR. WhatsApp argued that it took “appropriate measures” to inform non-users of the “very limited ways” in which it processed their personal data.
This was supposedly done by stating users provide the company with all their contacts’ phone numbers in their privacy policy. 

The DPC rejected this argument, pointing to the lack of a discoverable and accessible “public notice” that would provide non-users of WhatsApp services with the information they are entitled to under Article 14. For example, they should be provided with details about the “circumstances in which any non-user personal data is shared with any of the Facebook Companies”(Facebook bought WhatsApp in 2014). It emphasised that the burden of providing such information is outweighed by “the role and utility of the right to be informed”.

The DPC also ruled that WhatsApp had not complied with Article 13 in relation to the privacy information it provided to users. It specifically assessed the extent to which WhatsApp explained its relationship with the Facebook companies and any consequent sharing of data. It criticised the manner in which the information is spread out “across a wide range of texts”, and how a significant amount of it is so high level as to be meaningless. It pointed out how the Facebook FAQ is only linked to WhatsApp’s privacy policy in one place. The information being provided was “unnecessarily confusing and ill-defined”. 

In addition to the fine, the DPC has also imposed a formal reprimand (under GDPR Art. 58(2)(b)) along with an order (under GDPR Art. 58(2)(d)) for WhatsApp to bring its processing into compliance by taking a eight specified remedial actions.  WhatsApp has 3 months to comply. One of the remedial actions is to remind users of their GDPR rights which will lead to substantially more work for WhatsApp in meeting these requests.

Data Controllers need to assess how well their privacy policies and notices comply with Article 13 and 14. This cases shows that regulators are willing to enforce GDPR transparency obligations on data controllers even where the obligations are difficult to meet because, like WhatsApp, they have millions of non-service user data subjects with whom there is no direct relationship.

WhatsApp has confirmed that it will appeal the decision. 

Most of our courses are now available as both classroom and online options. The GDPR Practitioner Certificate is our most popular certificate course with may courses filling up fast. We have added more dates.

Veni, Veto, Vici : Court of Appeal FOI Veto Case and its Implications

Image

What effect will the Court of Appeal’s recent decision on the FOI – and EIR – ministerial veto have on another recent case – the vetoing of the decision to require disclosure of the High Speed Rail assessment review?

On 6 June 2013 the Information Commissioner (IC) served a Decision Notice under the Environmental Information Regulations 2004 (EIR). Section 50(4) of the Freedom of Information Act 2000 (FOIA) gives the IC the power to do so (those powers being extended to the EIR by Regulation 18). The Decision Notice required the Cabinet Office to disclose a Project Assessment Review (“PAR”) report concerning the high-speed rail link, High Speed Two (HS2).  On 30 January 2014 Patrick McCloughin, Secretary of State for Transport, signed a certificate pursuant to section 53 of FOI and Regulation 18(6) of the EIR. The effect of this certificate was that the Cabinet Office was no longer required to comply with the IC’s Decision Notice:

“the decision taken by the Cabinet Office not to disclose the PAR report in response to the relevant request was fully in accordance with the provisions of the EIR, or the Act, as appropriate”

Of course, this exercise of ministerial veto – described as a “constitutional aberration” by the Lord Chief Justice (Evans, R (on the application of) v HM Attorney General & Anor [2013] EWHC 1960 (Admin)), is not unprecedented; the power has now been wielded seven times (twice by the Labour government and five times by the coalition). The minister, notably, was minded to disagree with the IC that the request had fallen to be determined under the EIR, rather than FOIA:

“there is considerable force in the Cabinet Office’s position that the information within the PAR report was insufficiently proximate to the environmental impact of the HS2 project itself to amount to “environmental information” for the purposes of the EIR”

However, he went on to say that:

“it is not necessary for me to determine whether the PAR report is environmental information, because I take the view that the Cabinet Office was entitled to withhold it from disclosure, whether or not it consisted of environmental information”

This is perhaps surprising, because at the time he issued that veto certificate there was an argument, being aired in the Court of Appeal, that the power to exercise the veto does not exist under the European law to which the EIR give domestic effect.

Now, the Court of Appeal has handed down judgment (Evans, R (on the application of) v HM Attorney General & Anor [2014] EWCA Civ 254). The case is being recognised, correctly, as primarily about the specific lawfulness of the vetoing of the disclosure of private correspondence on policy matters between the Prince of Wales and government departments. However, as in the Divisional Court beforehand, one point which fell to be determined was about the general status of the veto power in relation to environmental information. On this point the Court of Appeal held that

“the certificate is incompatible with EU law in so far as the information to which it relates is environmental information”

The court’s reasoning was that, although, the EIR, by Regulation 18, provide for a ministerial veto no such power exists in the Directive 2003/4/EC of the European Parliament and of the Council of 28 January 2003 on public access to environmental information (“the Directive”) which is implemented in domestic legislation by the EIR. Moreover, Article 6(2) of the Directive says, crucially

Member States shall ensure that an applicant has access to a review procedure before a court of law or another independent and impartial body established by law, in which the acts or omissions of the public authority concerned can be reviewed and whose decisions may become final

And this requirement to have a “final” review before a court or independent and impartial body could not be satisfied by the availability of judicial review of a ministerial veto. Article 6(2) and (3) should be given their natural and ordinary meaning: the right is to have the acts or omissions of the public authority reviewed, but in judicial review proceedings the question becomes whether the accountable person had reasonable grounds for forming the opinion that the public authority had in fact complied with its EIR obligations and, “that difference is not a mere matter of form”. Moreover, and for broadly similar reasons, the veto power offended Article 47 of The EU Charter of Fundamental Rights which provides:

“Everyone whose rights and freedoms guaranteed by the law of the Union are violated has the right to an effective remedy before a tribunal in compliance with the conditions laid down in this Article”

So what does this mean for the veto on the HS2 “PAR” request? It certainly appears at the moment that following the Court of Appeal’s ratio in Evans, and to the extent that the HS2 request was for environmental information, that the veto may be unlawful, if (as has been suggested, it is challenged). However, there are two caveats to that. Firstly, the Attorney General has been given permission to appeal Evans to the Supreme Court: it seems highly likely that the general EIR point will be appealed, as well as the overarching specific point about the public law validity of the veto (if the former is not appealed, then it would mean in effect that the government accepts that the EIR fail properly to implement the Directive). Secondly, we must look back to the suggestion by the Minister when issuing the certificate in the HS2 veto that he tended to disagree with the IC that the information in question was environmental. Much, despite what he implied about the lack of need to determine this point, may now turn on this: if the information was environmental then Evans, providing the EIR point is not overturned by the Supreme Court, may well lead to the veto being struck down. If, however, the information was not environmental, and FOIA applied, then any appeal of it will presumably be on domestic public law grounds.

At this point it is probably otiose to start speculating on what will happen with requests which are classed as hybrid ones – namely, those which seek information which is a mix of environmental and non-environmental (as, indeed, those in both Evans and the HS2 case arguably are). All these matters are by no means yet resolved.

Jon Baines, who is Chairman of the National Association of Data Protection Officers (NADPO) and works in local government.

Ibrahim Hasan will be discussing this and other recent FOI decisions in the FOI Update workshops and online webinars.