October 6, 2020 · 8:09 am

Something is rotten in the state of FOI

By law, Freedom of Information Act 2000 (FOIA) requests must be responded to within 20 working days.

FOIA is regulated and (should be) enforced by the Information Commissioner’s Office (ICO).

As a public authority the ICO must also respond to FOIA requests.

So the ICO regulates (and should enforce) its own compliance with FOIA.

On 9 March 2020 I made a FOIA request to ICO, asking for the number of, and the recipients of “reprimands” issued by the ICO under Article 58(2)(b) of the General Data Protection Regulation (GDPR).

I didn’t receive a response within 20 working days (I did receive an acknowledgment of receipt on 31 March). However, I understood, and understand, the impact that COVID-19 has had on the ICO, so I realised and accepted that there might be a slight delay.

On 12 June I chased for a response.

On 16 June I was told the ICO was “working on a response”.

On 31 July I chased for a response.

On 12 August I received an apology and on 19 August a further email telling me I should receive a response by 28 August.

On 28 August I received some information: I was told how many Article 58 reprimands have been issued, but not who the recipients were. The latter would follow “shortly” as they were still “considering it”.

Despite chasing again, twice, I have heard nothing more.

So, nearly seven months after I made my FOIA request, and nearly half a year late, I still have no response from the office which is meant to regulate the law.

I really didn’t want to push this request too much. This period of pandemic has been beyond any normality, and I was very aware of the pressures the ICO must be under. But this was not a difficult request to deal with, in terms of finding the information (in fact, I would imagine they could find it in minutes). What presumably was difficult was the decision about whether to name and therefore shame the recipients of reprimands. I cannot see how COVID will have adversely affected the ability to take such a decision.

Ultimately, though, with an approach such as this from the regulator, one is left wondering – what’s the point in making FOIA requests?

The views in this post (and indeed most posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under Uncategorized

Comments are closed.