I’ll start with a simple proposition: if a dataset is made publicly available online by a public authority, but some information on it is withheld – by a deliberate decision – from publication, then the total dataset is not reasonably accessible to someone making an FOI request for information from it.
I doubt that any FOI practitioners or lawyers would disagree.
Well, sit back and let me tell you a story.
In November 2023 the Information Commissioner’s Office (ICO) refused to disclose information in response to a Freedom of Information request, on the grounds that the exemption at section 21 of the Freedom of Information Act 2000 (FOIA) applied: the information was “reasonably accessible to the applicant” without his needing to make a FOIA request.
The request was, in essence, for “a list…of the names of all the UK parish councils that have received 20 or more ICO Decision Notices (for FOIA cases only) since 1st January 2014”. The refusal by the ICO was on the basis that
the search function on the decision notice section of the ICO website returned 415 decision notices falling within the scope of the complainant’s request…[therefore] it is possible to place the names of the parish councils into an Excel sheet and then establish quickly how many decision notices relate to each individual parish council.
The ICO noted that, when it comes to the application of section 21
It is reasonable for a public authority to assume that information is reasonably accessible to the applicant as a member of the general public until it becomes aware of any particular circumstances or evidence to the contrary [emphasis added]
On appeal to the Information Tribunal, the ICO maintained reliance on the exemption, saying that all the applicant needed to do was to go to the ICO website and “look at each entry and count-up [sic] the numbers of [Decision Notices] against each parish council”. The Tribunal agreed: the ICO had provided the requester
with a link to the correct page of the ICO website, and instructing him how to use the search function. These instructions have enabled him to identify from the tens of thousands of published decision notices those 415-420 notices which have been issued to parish councils over the past decade or so
All straightforward, if one’s analysis is predicated on an assumption that the ICO’s public Decision Notice database is a complete record of all decision notices.
But it isn’t.
I made an FOI request of my own to the ICO; for how many Decision Notices do not appear on the database. And the answer is 45. A number of possible reasons are given (such as that sensitive information was involved, or that there was agreement by the parties not to publish). But the point is stark: the Decision Notice database is not a complete record of all Decision Notices issued. And I do not see how it is possible for the ICO to rely on section 21 FOIA in circumstances like those in this case. It is plainly the case that the ICO knew (or was likely reckless in not knowing) that there were “particular circumstances or evidence” which showed that the information could not have been reasonably accessible to the applicant.
Of course, it is quite likely (perhaps inevitable) that the 45 unpublished Decision Notices would make no difference at all to a calculation of how many UK parish councils have received 20 or more Decision Notices since 1st January 2014. But that really isn’t the point. The ICO could have come clean – could have done the search itself and added in the 45 unpublished notices. It knew they existed, but for some reason thought it didn’t matter.
The ICO is the regulator of FOIA, as well as being a public authority itself under FOIA. It has to get these things right. Otherwise, why should any other public authority feel the need to comply?
The views in this post (and indeed most posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.
informationrightsandwrongs 
The ICO makes up its own rules to suit itself obviously
When faced with a complaint regarding a Judge, altering a judicial record in order to deceive to try and prevent a persons SAR, the ICO wrote and stated it was not their remit?
All is also predicated on the ICO’s public Decision Notice database being correct, that is where DN are issued that the case summaries (Upheld or Not) match the DN handed down.
Amazingly, in this particular case, over 20 DN have been issued for a Council/public authority processing personal data that does not appear to have registered as a data controller. I came across, and made an FOI request to the ICO about, this “Step 0” anomaly six years ago, as documented here:
https://www.whatdotheyknow.com/request/data_controller_registration_for
A three minute skim of the ICO’s public register of fee payers today shows that less than half of the 878 Town & Community Councils in Wales have registered (2022 ONS).
Assuming a similar ratio of 10,480 English Parish Councils adhering to the law (or not), means the ICO has failed to collect more than £2M of registration fees and fines due this year alone. Valuable funding the ICO could use to improve its service to citizens, and improve compliance to laws the Information Commissioner has a duty to see being upheld.
I am seeking to learn how to assess “reasonably accessible” for costs. The British Museum has refused my FOI request for several of its expedition reports, which they hold. Instead I have been directed to a subscription service for the reports. Is there an amount that the subscription service can charge that is unreasonable under the FOIA?
Assuming the information/charges are made available under the BM’s publication scheme, then the position is that the charge is reasonable. So unless the ICO could be persuaded to revoke approval of the scheme, there’s likely little you can do. See David v ICO & HSCIC https://www.casemine.com/judgement/uk/5b35bf8d2c94e01ed25506bf/amp