Category Archives: access to information

The wheels of the Ministry of Justice

do they turn so slowly that they’ll lead to the Lord Chancellor committing a criminal offence?

On 21 December last year, as we were all sweeping up the mince piece crumbs, removing our party hats and switching off the office lights for another year, the Information Commissioner’s Office (ICO) published, with no accompanying publicity whatsoever, an enforcement notice served on the Secretary of State for Justice. The notice drew attention to the fact that in July 2017 the Ministry of Justice (MoJ) had had a backlog of 919 subject access requests from individuals, some of which dated back to 2012. And by November 2017 that had barely improved – to 793 cases dating back to 2014.

I intended to blog about this at the time, but it’s taken me around nine months to retrieve my chin from the floor, such was the force with which it dropped.

Because we should remember that the exercise of the right of subject access is a fundamental aspect of the fundamental right to protection of personal data. Requesting access to one’s data enables one to be aware of, and verify the lawfulness of, the processing. Don’t take my word for it – look at recital 41 of the-then applicable European data protection directive, and recital 63 of the now-applicable General Data Protection Regulation (GDPR).

And bear in mind that the nature of the MoJ’s work means it often receives subject access requests from prisoners, or others who are going through or have been through the criminal justice system. I imagine that a good many of these horrendously delayed requests were from people with a genuinely-held concern, or grievance, and not just from irritants like me who are interested in data controllers’ compliance.

The notice required MoJ to comply with all the outstanding requests by 31 October 2018. Now, you might raise an eyebrow at the fact that this gave the MoJ an extra eight months to respond to requests which were already incredibly late and which should have been responded to within forty days, but what’s an extra 284 days when things have slipped a little? (*Pseuds’ corner alert* It reminds me of Larkin’s line in The Whitsun Weddings about being so late that he feels: “all sense of being in a hurry gone”).

Maybe one reason the ICO gave MoJ so long to sort things out is that enforcement notices are serious things – a failure to comply is, after all, a criminal offence punishable on indictment by an unlimited fine. So one notes with interest a recent response to a freedom of information request for the regular updates which the notice also required MoJ to provide.

This reveals that by July this year MoJ had whittled down those 793 delayed cases to 285, with none dating back further than 2016. But I’m not going to start hanging out the bunting just yet, because a) more recent cases might well be more complex (because the issues behind them will be likely to be more current, and therefore potentially more complex, and b) because they don’t flaming well deserve any bunting because this was, and remains one of the most egregious and serious compliance failures it’s been my displeasure to have seen.

And what if they don’t clear them all by 31 October? The notice gives no leeway, no get-out – if any of those requests extant at November last year remains unanswered by November this year, the Right Honourable David Gauke MP (the current incumbent of the position of Secretary of State for Justice) will, it appears, have committed a criminal offence.

Will he be prosecuted?

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

1 Comment

Filed under access to information, Data Protection, Directive 95/46/EC, GDPR, human rights, Information Commissioner, Ministry of Justice, Uncategorized

(Data)setting an example

Is the ICO failing to comply with its own obligations under FOI law?

Some UK regulators are subject to the laws or rules they themselves oversee and enforce. Thus, for example, the Advertising Standards Authority should avoid advertising its services in contravention of its own code of advertising practice, the Environment Agency should avoid using a waste carrier who is not authorised to carry waste, and the Information Commissioner (ICO) – as a public authority under Schedule 1 of the same – should not breach the Freedom of Information Act 2000 (FOIA). However, I think I can point to numerous examples (I estimate there are 57 on its own website at the time of writing this) where the last has done precisely this, possibly unknowingly, or – if knowingly – with no contrition whatsoever.

In 2012 sections 11 and 19 of FOIA were amended by the Protection of Freedoms Act 2012 (POFA). POFA inserted into FOIA what are colloquially known as the “dataset provisions”. For our purposes here, what these say is that

Under its publication scheme a public authority should publish datasets that have been requested [under FOIA], and any updated versions it holds, unless it is satisfied that it is not appropriate to do so.

In short – and I take the wording above from ICO’s own guidance – if someone asks ICO for a dataset under FOIA, ICO must disclose it, put it on its website, and regularly update it (unless it is “not appropriate” to do so).

“Dataset” has a specific, and rather complex, meaning under POFA, and FOIA. However, the ICO’s own guidance nicely summarises the definition:

A dataset is a collection of factual information in electronic form to do with the services and functions of the authority that is neither the product of analysis or interpretation, nor an official statistic and has not been materially altered.

So, raw or basic data in a spreadsheet, relating to an authority’s functions, would constitute a dataset, and, if disclosed under FOIA, would trigger the authority’s general obligation to publish it on its website and regularly update it.

Yet, if one consults the ICO’s own disclosure log (its website page listing FOI responses it has made “that might be of wider public interest”), one sees multiple examples of disclosures of datasets under FOI (in fact, one can even filter the results to separate dataset disclosures from others – which is how I got my figure of 57 mentioned above) yet it appears that none of these has ever been updated, in line with section 19(2A)(a)(ii) of FOIA.

Some of the disclosures on there are of datasets which are indeed of public interest. Examples are: information on how many FOI etc requests ICO itself receives, and how timeously it handles them; information on the numbers and types of databreach reports ICO receives, and from which sectors; information on how many monetary penalties have been paid/recovered.

It’s important to note that these 57 disclosures are only those which ICO has chosen, because they are “of wider public interest”, to publish on its website. There may well be – no doubt are – others.

But if these dataset disclosures are, as declared, of wider public interest, I cannot see that ICO could readily claim that its reason for not updating them is because it is “not appropriate” to do so.

It may be that ICO feels, as some people have suggested, that the changes to FOIA wrought by POFA might not have met any pressing public demand for amended dataset-access provisions, and, therefore, compliance with the law is all a bit pointless. But there would be two problems with this, were it the case. Firstly, ICO is uniquely placed to comment on and lobby for changes to the law – if it thinks the dataset provisions are not worth being law, then why does it not say so? Secondly, as the statutory regulator for FOIA, and a public authority itself subject to FOIA, it is simply not open to it to disregard the law, even were it to think the law was not worth regarding.

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

1 Comment

Filed under access to information, datasets, Freedom of Information, Information Commissioner

FOI needs a strong regulator

Slightly more than twenty working days ago I made a request to a government department under the Freedom of Information Act 2000. Following the structure of section 1(1) of the same, I asked

Please confirm whether you hold [X information] regarding [Y]

If you hold this information, please disclose it.

There are relatively mundane reasons why I am keen to know the first point, and, following on from that, to have the information if it exists.

On the twentieth working day (give or take a bank holiday or two) I received a reply to the first point, but total silence on the second:

I can confirm that [government department] does hold [X information] regarding the [Y].

Although this is rather a bizarre approach to an FOI request (FOIA is after all, primarily about access to information, not just knowledge that it exists) I have no reason to think that the failure to note the second point of my very short request was anything other than an innocent mistake.

Accordingly, I pointed the mistake out to the government department, asking them to send the information by return. (I had to do this by email, because no phone number is given on the correspondence or on the relevant (sparse) website (query whether the service is accessible, therefore, to people who may have difficulties in communicating in writing.)) However, not only did I not get the information by return, I got a template reply, and a new reference number, indicating that my follow-up email is being treated as a wholly new request. I would not be surprised for it to take another twenty working days to get a substantive reply (if I’m wrong, I will update this post accordingly).

So what to do? Well, I could complain to the government department, or ask for an internal review, but that would likely take at least another twenty working days to get a response. I could complain to the Information Commissioner’s Office, but, anecdotally, I understand they are taking some months to allocate and deal with complaint, and the only likely outcome would be a declaration that the government department had failed to comply with its section 10 and section 17 FOIA obligations, and giving them another period of days to comply. I can’t make an application for judicial review because a) the idea is completely ridiculous (have you seen my bank balance?) and b) in March the High Court rather peremptorily dismissed an argument that JR should be available for FOIA cases of urgency (on the grounds that the right of appeal under the statutory scheme was sufficient.

And FOIA delays are not isolated incidents; the BBC’s Martin Rosenbaum has written recently, following up his and others’ research, about the apparent contempt with which some public authorities treat FOIA and the Information Commissioner. Yet the latter appears unwilling, despite having the powers to do so, to act. As the Campaign for Freedom of Information recently noted, her recent draft regulatory action policy effectively ignored the fact that she is responsible for FOIA regulation, as well as for data protection and eprivacy.

Data protection and privacy are certainly hot topics (try counting the number of arriviste consultants who’ve sprung up over the last year to get an idea of how hot) but freedom of information laws are a legislative expression of another fundamental human right. I don’t think it’s the case that as a society we just don’t care about FOI (look back to the MPs’ expenses scandal to see how important and high-profile it can be) so why is it that there appears to be no effective mechanism to enforce our rights in a timely way against a recalcitrant public authority?

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

5 Comments

Filed under access to information, Article 10, Freedom of Information, Information Commissioner, Uncategorized

The first time Parliament heard the term “Freedom of Information”

…if there is one matter on which I feel more strongly than another it is that in a democratic community the foundation of good government lies in freedom of information, freedom of thought, and freedom of speech: You can not have a country, which is governed by its people, wisely and well governed, unless those people are permitted access to accurate information, and are permitted the free exchange of their views and their opinions: That is essential to good government: It is quite true that if you grant that freedom there will be abuses: It is quite true that foolish people advocate foolish views: That is one of the many unfortunate corollaries

Although the past is a foreign country, some of its citizens can seem familiar: the quotation above is from Liberal politician Sir Richard Durning Holt, and was made in a parliamentary debate seven months short of a hundred years ago. It contains the first recorded parliamentary use of the term “freedom of information”. It was said as part of a debate about conscientious objectors to the “Great War” (Holt was drawing attention to what he saw as the unfair and counter-productive prosecutions of objectors). He may not have meant “freedom of information” in quite the way we mean it now, but his words resonate, and – at a time when our own Freedom of Information Act 2000 is under threat – remain, as a matter of principle, remarkably relevant.

I found the quotation using Glasgow University’s extraordinary corpus of “nearly every speech given in the British Parliament from 1803-2005”. I commend it to you, and, a century on, commend Sir Richard’s words to Jack Straw and his fellow members on the Independent Commission on Freedom of Information.

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

1 Comment

Filed under access to information, Freedom of Information, Uncategorized

Chris Graham and the cost of FOI tribunals

When Information Commissioner (IC) Christopher Graham speaks, people listen. And so they should: he is the statutory regulator of the Freedom of Information Act 2000 (FOIA) whose role is “to uphold information rights in the public interest”. A speech by Graham is likely be examined carefully, to see if it gives indications of future developments, and this is the reason I am slightly concerned by a particular section of his recent speech at an event in Scotland looking at ten years of the Scottish FOI Act.

The section in question dealt with his envy of his Scottish counterparts. They, he observed, have relatively greater resources, and the Scottish Information Commissioner, unlike him, has a constitutional status that bolsters her independence, but also he envied

the simple and straightforward appeals mechanism in the Scottish legislation. The Scottish Commissioner’s decision is final, subject only to an appeal to the Court of Session on a point of law.

By contrast, in England, Wales and Northern Ireland, under section 57 of FOIA, there is a right of appeal to a tribunal (the First-tier Tribunal (Information Rights)). Under section 58(2) the Tribunal may review any finding of fact by the IC – this means that the Tribunal is able to substitute its own view for that of the commissioner. In Scotland, by contrast, as Graham indicates, the commissioner’s decision is only able to be overturned if it was wrong as a matter of law.

But there is another key difference arising from the different appellate systems: an appeal to the Tribunal is free, whereas in Scotland an application to the Court of Session requires a fee to be paid (currently £202). Moreover, a court is a different creature to a tribunal: the latter aims to “adopt procedures that are less complicated and more informal” and, as Sir Andrew Leggatt noted in his key 2001 report Tribunals for Users: One System, One Service

Tribunals are intended to provide a simple, accessible system of justice where users can represent themselves

It is very much easier for a litigant to represent herself in the Information tribunal, than it would be in a court.

Clearly, the situation as it currently obtains in England, Wales and Northern Ireland – free right of appeal to a Tribunal which can take a merits view of the case – will lead to more appeals, but isn’t that rather the point? There should be a straightforward way of challenging the decisions of a regulator on access to information matters. Graham bemoans that he is “having to spend too much of my very limited resources on Tribunals and lawyers” but I could have more sympathy if it was the case that this was purely wasted expenditure – if the appeals made were futile and changed nothing – but the figures don’t bear this out. Graham says that this year there have been 179 appeals; I don’t know where his figures are from, but from a rough totting-up of the cases listed on the Tribunal’s website I calculated that there have been about 263 decisions promulgated this year, of which 42 were successful. So, very far from showing an appeal to be a futile exercise, these figures suggest that approximately 1 in 5 was successful (at least in the first instance). What is also notable though, is the small but significant number of consent orders – nine this year. A consent order will result where the parties no longer contest the proceedings, and agree on terms to conclude them. It is speculation on my part but I would be very interested to know how many of those nine orders resulted from the IC deciding on the arguments submitted that his position was no longer sustainable.

What I’m getting at is that the IC doesn’t always get things right in the first instance; therefore, a right of appeal to an independent fact-finding tribunal is a valuable one for applicants. I think it is something we should be proud of, and we should feel sorry for FOI applicants in Scotland who are forced into court litigation (and proving an error of law) in order to challenge a decision there.

Ultimately, the clue to Graham’s disapproval of the right of appeal to Tribunal lies in the words “limited resources”. I do sympathise with his position – FOI regulation is massively underfunded by the government, and I rather suspect that, with better resourcing, Graham would take a different view. But I think his speech was particularly concerning because the issue of whether there should be a fee for bringing a case in the Tribunal was previously raised by the government, in its response to post-legislative scrutiny of FOIA. Things have gone rather quiet on this since, but might Graham’s speech herald the revival of such proposals?

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

2 Comments

Filed under access to information, Freedom of Information, Information Commissioner, Information Tribunal