Category Archives: judgments

January 29, 2026 · 6:00 am

Tribunal – Soil Association certification subsidiary is subject to EIR

The Soil Association Ltd, is a company limited by guarantee and a not-for-profit registered charity. It is not a public authority for the purposes of the Freedom of Information Act 2000 (FOIA), nor, I think, has anyone proposed that it is a public authority for the purposes of the Environmental Information Regulations 2004 (EIR). Yet the Information Commissioner’s Office, in a decision now upheld by the Information Tribunal, has determined that a subsidiary company of the Soil Association – SA Certification Limited – is a public authority for the purposes of the EIR. I think this is probably the correct position, and the judgment of the Tribunal is helpful in explaining why.

A body is a public authority for the purposes of FOIA primarily by way of designation or ownership (if the body is listed in Schedule One of FOIA, or designated by Order, or is wholly owned by one or more other public authorities, then it falls under the regime). The EIR are different: a body is determined to be an EIR public authority if it is a FOIA one, but it might also be one by virtue of what it does or is empowered to do. Under regulation 2(2)(c) if the body is a “natural or legal [person] having public responsibilities or functions, or providing public services, in relation to the environment, under the control of a body or person [who is a public authority]” then it will be a public authority for the purposes of the EIR.

The case law has established that one of the core tests for this is whether the body has been vested with “special powers” of a public nature, “beyond those which result from the normal rules applicable in relations between persons governed by private law’” (C-297/12 Fish Legal v Information Commissioner).

SA Certification Ltd is an accredited certification body for the delivery of certification under a number of regulations and standards, and is designated by DEFRA as a “control body” for the purposes of its “control system” for the labelling of organic products. This, held the Tribunal, confers a special power on SA Certification to certify as organic and to suspend or terminate certification, and this was sufficient to render it a public authority for the purposes of the EIR.

The views in this post (and indeed most posts on blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under access to information, Environmental Information Regulations, Freedom of Information, Information Commissioner, Information Tribunal, judgments

Tagged as ,

January 15, 2026 · 6:37 am

Russell Group is not a public authority for the purposes of FOIA

For those interested in the general question of what is a “publicly owned company” for the purposes of sections 3 and 6 of the Freedom of Information Act 2000 (FOIA), and the specific question of whether the Russell Group is a public authority for the purposes of the FOIA, the Information Tribunal judgment in Farfan v Information Commissioner & Anor [2026] UKFTT 48 (GRC) will make fascinating reading. For the remaining 69.2 million people in the UK, it will be impenetrable.

A company will be a publicly owned company for the purposes of section 3(1)(b) of FOIA if all of its members are themselves public authorities listed in schedule 1 of FOIA.

So, in short, the answer to the second question is “no”, because a) 22 of the 24 members of the Russell Group are university institutions, not the governing bodies of those institutions (and it is the latter which are listed in schedule 1), b) in any case, even if the Tribunal had decided that there was no distinction between the university institutions and their governing bodies, the remaining two members of the Russell Group are the Universities of Glasgow and Edinburgh, and they are not listed in schedule 1 of FOIA (rather, they are public authorities for the purposes of the Freedom of Information (Scotland) Act 2002).

Get reading, you crazy FOIA (and FOISA) nerds.

The views in this post (and indeed most posts on blog) are my personal ones, and do not represent the views of any organisation I am involved with.

4 Comments

Filed under FOIA, FOISA, Freedom of Information, Further education, Information Commissioner, Information Tribunal, judgments, Uncategorized

Tagged as

January 14, 2026 · 7:59 am

A DSAR disclosure horror story

If anyone who deals with data subject access requests, or disclosure exercises in general, wants to read a horror story, they should look at the recent judgment in Forsters LLP v Uddin [2025] EWHC 3255 (KB).

This was an application for an interim injunction for breach of confidence, seeking delivery up by the defendant of confidential and privileged documents. Forsters, a law firm, act for Mr and Mrs Alloatti, who are in a dispute with their neighbour, Mr Uddin. No doubt in an attempt to advance his case, Mr Uddin made a DSAR directly to Forsters. But instead of disclosing Mr Uddin’s personal data to him, Forsters disclosed the entire contents of the file containing information responsive to a systems search for the name “Uddin”. This resulted not only in the disclosure of personal data of people unconnected to the dispute, but also in disclosure of around 95% (3,000+ pages) of the Alloatti client file, much of it confidential and privileged.

Unsurprisingly, Forsters were successful in their application. This was a very clear case of “obvious mistake” (see Fayed v Commissioner of Police of the Metropolis [2002] EWCA Civ 780). And

where a party to litigation discloses documents to the opposing party which are confidential and privileged and the court is satisfied that it is a case of ‘obvious mistake’, which was either known to or ought to have been known to the receiving party, the Court will intervene by injunction to, so far as possible, put the parties back into the position they would have been had the error not occurred. This will usually involve granting an injunction that requires the recipient to deliver up the documents, to destroy any copies he has made of them and which restrains him from making any use of the information contained in the documents.

Further proof that this was a mistake lay in the fact that Mr Uddin, on receiving the disclosure, immediately notified Forsters of the breaches of confidence and GDPR. Although he later sought to row back on this in order to retain and use the information in his dispute with the Alloattis, his argument that the disclosure was lawful as a DSAR response was doomed.

One argument that found greater favour with the judge was that the “erroneous disclosure to him has undermined the confidentiality and privilege in the information he has seen”. But although the judge accepted that Mr Uddin could not “un-know” some of what he had seen he held that

Nonetheless, the court can help the Claimant to regain control over the 3,300 documents themselves and over the way in which information from those documents is deployed in the two claims. In this way, the court can remedy most of the mischief which this inadvertent disclosure has caused

Accordingly, in addition to delivery up and deletion, he was injuncted from using any of the documents, or information from them, in the underlying claim or in a separate claim in harassment against two Forsters employees.

The views in this post (and indeed most posts on blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under Breach of confidence, Data Protection, judgments, subject access

Tagged as

November 29, 2025 · 6:41 am

NCND for personal data – a qualified exemption?

[reposted from my LinkedIn Account]

I’ve been known to criticise First-tier Tribunal (FTT) judgments in the freedom of information jurisdiction. By contrast, this one is superb.

In it, the FTT dismantle the argument (and the decision notice) of the Information Commissioner’s Office that Bolton NHS Foundation Trust were entitled to “neither confirm nor deny” (NCND) holding reviews, including a review by PWC, into the Trust’s governance and management. The PWC review was the subject of an article in the Health Service Journal, and the requester was the journalist, Lawrence Dunhill.

Firstly, the FTT noted that the ICO “case begins with an elementary error of fact. It treats the Trust as having given an NCND response to the entirety of the Request when it did no such thing” (the Trust had only applied NCND in respect of the request for a PWC report, but had confirmed it held other reviews). Oddly, the Trust, in its submissions for the appeal, simply ignored this error (the FTT chose not to speculate on “whether that omission was accidental or tactical”).

Secondly, and notably, the FTT found a fundamental error of law in the ICO’s approach (and, by implication, in its guidance) to NCND in the context of personal data. Section 2(3)(fa) of FOIA provides that section 40(2) is an absolute exemption (therefore not subject to a public interest test). But section 2(3) does not include section 40(5B) (the personal data NCND provision) in the list of absolute exemptions. As far as I know, the ICO has always taken the view, however, that it is an absolute exemption – certainly its current guidance says this).

That approach, held the FTT, is “simply wrong…the exemption under FOIA, s40(5B)(a)(i) is qualified and the public interest balancing test applies”. And but for that error, they said, the ICO might have reached a different conclusion.

As it was, the FTT held that the legitimate interests balancing test under Article 6(1)(f) of the UK GDPR was sufficient to determine the issue: merely confirming or denying whether the PWC review was held would not cause unwarranted prejudice to a named individual when balanced against the requester’s legitimate interests.

It will be interesting to see if the ICO appeal this. Given the strength of the criticism it would perhaps be bold to do so, but it might be that the only alternative will be to have to rewrite their guidance on s40(5), and rethink their long-held view on it.

The views in this post (and indeed most posts on blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under Data Protection, FOIA, Freedom of Information, Information Commissioner, Information Tribunal, judgments, NCND, UK GDPR

Tagged as , ,

November 13, 2025 · 5:10 am

Chief Constable in contempt over body-worn-video footage disclosure failures

The Court of Appeal has handed down an extraordinary judgment (Buzzard-Quashie v Chief Constable of Northamptonshire Police [2025] EWCA Civ 1397) in which the Chief Constable of Northamptonshire was forced to admit civil contempt of court, after camera footage, which the police force had repeatedly insisted, including before the lower courts, and also in response to an express order of the county court, did not exist, was found to exist just before the appeal hearing.

The appellant/applicant, Ms Buzzard-Quashie, had been arrested and initially charged with an offence in 2021. The arrest had involved three officers, all of whom had deployed body-worn-video cameras. Ms Buzzard-Quashie had complained about the arrest very shortly afterwards, and had sought copies of the footage. Although the charge was dropped, the force made only “piecemeal” disclosure, before determining that there was no further footage, or what there had been, had been destroyed.

At that point, she complained to the Information Commissioner’s Office, who told her that it had told the force “to revisit the way it handled your request and provide you with a comprehensive disclosure of the personal data to which you would be entitled as soon as possible”. (Here, the court – I believe – slightly misrepresents this as an “order” by the ICO. The ICO has the power to make an order, by way of an enforcement notice, but it does not appear to have issued a notice (and it would be highly unusual for it to do so in a case like this).)

The force did not do what the ICO had told it to do, so Ms Buzzard-Quashie issued proceedings in the Brentford County Court and obtained an order requiring the force to deliver up to her any footage in its possession or, if none was available or disclosable, to provide a statement from an officer “of a rank no lower than Inspector” explaining why it could not. It also required the force to pay her costs.

Remarkably, the force did not comply with any element of this order. This failure led to Ms Buzzard-Quashie initiating contempt proceedings in the High Court. At that hearing the Chief Constable, in evidence, maintained that that a full search had already been performed; all the footage had been produced; no other footage existed; and he was not in contempt. The judge found that Ms Buzzard-Quashie had not succeeded in establishing to the criminal standard that the Chief Constable was in contempt.

Upon appeal, and just before the hearing, primarily through the efforts of Ms Buzzard-Quashie and her lawyers (acting pro bono), the force was compelled to admit that footage did still exist: its searches had been manifestly inadequate.

The CoA found that eight pieces of information and evidence (and this was “only a selection”) had not been true, and that “the Chief Constable had not only failed to comply with the [County Court] Order in both substance and form, but had advanced a wholly erroneous factual case before that court, and before this court as well”. Ms Buzzard-Quashie clearly succeeded in her appeal.

The judgment records that the issue of sanction for the contempt found “must wait until the next round of the process”, which presumably will be a further (or perhaps remitted) hearing.

There are any number of issues arising from this. It is, for example, notable that the data protection officer for the force was involved in the searches (and, indeed, she gave the initial statement that the County Court had ordered be given by an Inspector or above).

But a standout point for me is how incredibly difficult it was for Ms Buzzard-Quashie to vindicate her rights: the police force, for whatever reason, felt able to disregard both the statutory regulator and an order of a court. She and her pro bono lawyers showed admirable tenacity and skill, but those features (and that pro bono support) are not available to everyone. One welcomes the fact that all three judges noted her efforts and those of the lawyers.

The force has referred itself to the Independent Office of Police Conduct, and the Court of Appeal has reinforced that by making the referral part of its own order.

In this post I’ve tried to summarise the judgment, but I would strongly encourage its reading. The screenshot here is merely part of the damning findings.

The views in this post (and indeed most posts on blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under access to information, Body worn video, Data Protection, Information Commissioner, judgments, police, subject access

Tagged as , ,

June 29, 2025 · 8:19 am

Oral disclosure of personal data: a new domestic case

“Pretexting” and “blagging” are forms of social engineering whereby someone attempts to extract information from a source by deception. One (unethical) example is when a journalist purports to be someone else in order to gather information for a story.

A recent misuse of private information and data protection judgment in the High Court deals with a different, and sadly not uncommon, example – where an estranged, abusive partner convinced a third party to give information about their partner so they can continue their harassment of them.

The claimant had worked at a JD Wetherspoon pub, but had left a few months previously. She had given her contact details, including her mother’s mobile phone number, to her manager, and the details were kept in a paper file, marked “Strictly Private and Confidential”, in a locked filing cabinet. During the time she was employed she had been the victim of offences by a former partner of serious violence and harassment which involved subjecting her to many unwanted phone calls. He was ultimately convicted of these and sentenced to 2 ½ years in prison. Her employer was aware of the claimant’s concerns about him.

While her abuser was on remand, he rang the pub, pretending to be a police officer who needed to contact the claimant urgently. Although the pub chain had guidance on pretexting, under which such attempts to acquire information should be declined initially and referred to head office, the pub gave out the claimant’s mother’s number to the abuser, who then managed to speak to (and verbally abuse) the claimant, causing understandable distress.

She brought claims in the county court in misuse of private information, breach of confidence and for breach of data protection law. She succeeded at first instance with the first two, but not with the data protection claim. Wetherspoons appealed and she cross-challenged, not by appeal but by way of a respondent’s notice, the rejection of the data protection claim.

In a well-reasoned judgment in Raine v JD Wetherspoon PLC [2025] EWHC 1593 (KB), Mr Justice Bright dismissed the defendant’s appeals. He rejected their argument that the Claimant’s mother’s mobile phone number did not constitute the Claimant’s information or alternatively that it was not information in which she had a reasonable expectation of privacy: it was not ownership of the mobile phone that mattered, nor ownership of the account relating to it – what was relevant was information: the knowledge of the relevant digits. As between the claimant and the defendant, that was the claimant’s information, which was undoubtedly private when given to the defendants and was intended to remain private, rather than being published to others.

The defendant then argued that there can be no cause of action for misuse of private information if the Claimant is unable to establish a claim under the DPA/GDPR, and, relatedly, that a data security duty could not arise under the scope of the tortious cause of action of misuse of private information. In all honesty I struggle to understand this argument, at least as articulated in the judgment, probably because, as the judge suggests, this was not a data security case involving failure to take measures to secure the information. Rather, it involved a positive act of misuse: the positive disclosure of the information by the defendant to the abuser.

The broadly similar appeal grounds in relation to breach of confidence failed, for broadly similar reasons.

The counter challenge to the prior dismissal of the data protection claim, by contrast, succeeded. At first instance, the recorder had accepted the defendant’s argument that this was a case of purely oral disclosure of information, and that, applying Scott v LGBT Foundation Limited, this was not “processing” of “personal data”. However, as the judge found, in Scott,

the information had only ever been provided to the defendant orally; and…then retained not in electronic or manual form in a filing system, but only in the memory of the individual who had received the original oral disclosure…In that case, there was no record, and no processing. Here, there was a record of the relevant information, and it was processed: the personnel file was accessed by [the defendant’s employee], the relevant information was extracted by her and provided in written form to [another employee], for him to communicate to [the abuser].

This fell “squarely within the definition of ‘processing’ in the GDPR at article 4(2)”. Furthermore, there was judicial authority in Holyoake v Candy that, in some circumstances, oral disclosure will constitute processing (a view supported by the European Court in Endemol Shine Finland Oy).

Damages for personal injury, in the form of exacerbation of existing psychological damage, of £4500 were upheld.

The views in this post (and indeed most posts on blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under Breach of confidence, Data Protection, data sharing, GDPR, judgments, misuse of private information, Oral disclosure

Tagged as , ,

June 9, 2025 · 12:36 pm

Defamation rules are applied to UK GDPR claim

An interesting recent judgment in the High Court considers the extent to which rules in defamation law might also apply to data protection claims.

In July 2024 His Honour Judge Lewis struck out a claim in defamation brought by Dale Vince against Associated Newspapers. The claim arose from a publication in the Daily Mail (and through the Mail+ app). The article reported that the Labour Party had returned a £100,000 donation made by another person, who was said to be “a high-flying City financier accused of sex harassment”, but also said that the claimant had donated £1.5m to the Labour Party, but then caused the Party embarrassment by joining an “eco-protest” in London, which had blocked traffic around Parliament Square. The article had the headline “Labour repays £100,000 to ‘sex harassment’ donor”, followed by eleven paragraphs of text, two photographs of the claimant and the caption “Road blockers: Dale Vince in London yesterday, and circled as he holds up traffic with Just Stop Oil”.

The strike-out succeeded on the basis that a claim in libel “may not be founded on a headline, or on headlines plus photographs and captions, in isolation from the related text, and it is impermissible to carve the readership into different groups, those who read only headlines (or headlines and captions) and those who read the whole article”, following the rule(s) in Charleston v News Group Newspapers Ltd [1995] 2 AC 65 (the wording quoted is from the defendant’s strike-out application). When the full article was read, as the claimant conceded, the ordinary reader would appreciate very quickly that he was not the person being accused of sexual harassment.

A subsequent claim by Mr Vince, in data protection, under the UK GDPR, has now also been struck out (Vince v Associated Newspapers  [2025] EWHC 1411 (KB)). This time, the strike out succeeded on the basis that, although the UK GDPR claim was issued (although not served) prior to the handing down of judgment in the defamation claim, Mr Vince not only could, but should have brought it earlier:

There was every reason why the UKGDPR and defamation claims should have been brought in the same proceedings. Both claims arose out of the same event – the publication of the article in Mail+ and the Daily Mail. Both claims rely on the same factual circumstances, namely the juxtaposition of the headline, photographs and caption, and the contention that the combination of the headline and the photograph created the misleading impression that Mr Vince had been accused of sexual harassment. In one claim this was said to be defamatory, in the other the misleading impression created was said to comprise unfair processing of personal data

This new claim was, said Mr Justice Swift, an abuse of process – a course which would serve only “to use the court’s process in a way that is unnecessary and is oppressive to Associated Newspapers”.

Additionally, the judge would have granted Associated Newspapers’ application for summary judgment, on the grounds that the rule in Charleston would have applied to the data protection claim as it had to the defamation claim:

in the context of this claim where the processing relied on takes the form of publication, the unfairness relied on is that a headline and photographs gave a misleading impression, and the primary harmed caused is said to be reputational damage, the law would be incoherent if the fairness of the processing was assessed other than by considering the entirety of what was published

This last point, although, strictly, obiter, is an important one: where a claim of unfair processing, by way of publication of personal data, is brought in data protection, the courts are likely to demand that the entirety of what was published be considered, and not just personal data (or parts of personal data) in isolation.

The views in this post (and indeed most posts on blog) are my personal ones, and do not represent the views of any organisation I am involved with.

1 Comment

Filed under Data Protection, defamation, fairness, judgments, UK GDPR

Tagged as , ,

June 6, 2025 · 8:44 am

Hinkley Point C construction company is a public authority under the EIR

The Information Tribunal has ruled that the Nuclear New Build Generation Company, a subsidiary of EDF Energy, created to construct s new nuclear power plant at Hinkley Point C (HPC), is a public authority for the purposes of the Environmental Information Regulations 2004 (EIR)

In the last fifteen years or so, a very interesting body of case law has been built up regarding the extent to which certain private persons have accrued, or have been conferred upon them, the status of a public authority for the purposes of the EIR. Some of the bodies who have been held to be public authorities (at least in a limited EIR sense) are water companies, BT, public gas transporters, and port authorities. Some which have not been held to be include Heathrow Airport and housing associations.

The EIR create a scheme for public access to environmental information held by public authorities, which runs in parallel to the scheme under the Freedom of Information Act 2000 (FOIA). Where FOIA, though, specifically designates public authorities, the EIR (which implemented an EU Directive, emanating in turn from the 1998 UNECE Aarhus Convention) define a public authority by virtue of its actions and powers.

Whether a person is a public authority will often turn on whether it “carries out functions of public administration”. The tests for this derive from the “Fish Legal ” in the CJEU: whether they are “entrusted, under the legal regime which is applicable to them, with the performance of services of public interest, inter alia in the environmental field, and…are, for this purpose, vested with special powers beyond those which result from the normal rules applicable in relations between persons governed by private law”

In NNB Generation Company (HPC) Ltd v Information Commissioner & Anor [2025] UKFTT 634 (GRC), the Tribunal, considering an appeal by HPC from a decision by the Information Commissioner’s Office that it was an EIR public authority (and in which Fish Legal were again the applicant), held that the relevant Development Consent Order, and the electricity and nuclear licences granted to HPC constituted entrustment with the performance of public services in relation to the environment, and the powers accruing from that entrustment “go far beyond what a private person without the benefit of such powers would be able to do in those circumstances, for example in empowering HPC to make byelaws, even if it opts not to do so”.

Decisions of this sort are nuanced and complex, and for that reason, often amenable to appeal. I would not be surprised if this one goes to the Upper Tribunal.

The views in this post (and indeed most posts on blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under access to information, Environmental Information Regulations, FOIA, Information Commissioner, Information Tribunal, judgments

Tagged as

May 27, 2025 · 7:42 am

Liz Truss leadership election not amenable to JR

Was the leadership election in which Liz Truss was elected as leader of the Conservative Party (and as a result of which she was recommended to the Queen by the outgoing Boris Johnson, and appointed by the Queen as her Prime Minister) a decision amenable to judicial review?

Whether a person is a public authority for the purposes of the Freedom of Information Act 2000 is, in principle, a relatively straightforward issue: is it listed in Schedule 1 to FOIA?; or has it been designated as such by order under section 5?; or is it wholly owned by the public sector?

Whether a person is a public authority under section 6 of the Human Rights Act 1998, or whether a person is a public authority amenable to judicial review, are more complex questions.

It was the last of these that the Court of Appeal had primarily to consider in Tortoise Media Ltd, R (On the Application Of) v Conservative and Unionist Party [2025] EWCA Civ 673. Tortoise Media had written to the Party seeking certain information in relation to the leadership election process, and argued that the public effects of the leadership election meant that, in those circumstances, the Party was exercising a public function for the purposes of CPR 54.1(2). The follow-on argument was that the judgment of the ECtHR in Magyar Helsinki Bizottság v Hungary meant that the domestic courts should read down Article 10 of the ECHR (as incorporated in domestic law in the HRA) as imposing, in some cases, a positive obligation on a body to provide information to the media, who act as “watchdogs” in the public interest.

Perhaps unsurprisingly, though, the Court of Appeal did not accept that the effects and circumstances of the Party leadership election made the decision of the Party amenable to JR:

the nature of the act of electing a party leader…is at all times a private act. The fact that it has important, indirect consequences for the public does not transform a private act into a public one.

For that reason, the Court did not need to consider the Article 10/Magyar arguments (but on which, one feels – having regard to the submissions on behalf of the Duchy of Lancaster, as intervener, which argued that the Supreme Court’s decisions in Sugar and in Kennedy (which did not follow the reasoning in Magyar) bound all inferior courts – the claimants would have in any case lost).

It’s an interesting read, even if it was – to put it mildly – an ambitious case to bring.

The views in this post (and indeed most posts on blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under access to information, Article 10, Freedom of Information, human rights, judgments, judicial review

Tagged as ,

April 17, 2025 · 7:17 am

FOIA s11 – All or nothing or a sliding scale?

When a public authority receives a request for information it must, under the Freedom of Information Act 2000, determine and communicate whether the information is held (subject to any exemption which removes the obligation to confirm or deny whether it is held), and then determine whether any exemptions to disclosure apply. These latter exemptions include the procedural ones at ss12 and 14 of FOIA (costs grounds and vexatiousness or repeatedness) and the substantive ones at Part II (ss21 to 44). It is only then that, if the requester has requested the information in a specific format (such as a specific software format) the public authority must, under s11, consider whether it must “so far as reasonably practicable” give effect to that preference.

That this is the correct order of things is confirmed by an important (albeit quite niche) judgment of the Upper Tribunal, in Walawalker v The Information Commissioner & Anor [2023] UKFTT 1084 (GRC). Both the ICO, and the First Tier Tribunal, had elided/confused the staged process above, with the result that the appeal before the Upper Tribunal was on the meaning of s11, despite prior findings not having been fully made on the application of exemptions.

Nonetheless, what the Upper Tribunal had to decide was, where (for instance as was the case here) a request was for transcripts of a 50-odd audio recordings of distress calls at sea, and the act of transcribing them would be very resource-heavy, did the obligation to give effect to the preference for transcripts “so far as reasonably practicable” impose an “all or nothing” or a “sliding scale duty”? In this example, did the Maritime and Coast Agency have to transcribe as many of the calls as it could before it became no longer reasonably practicable, or did the exercise as a whole constitute something that was not reasonably practicable?

It was the latter, said the judge: s11 applies to “the information” requested (what the ICO in its submissions, described as being a “unitary concept” – and the judge said this was a “helpful perspective”) not a subset of extract of the information. What Mr Walaker had requested was “all calls”, and it was that “unitary concept” which as at issue in the s11 analysis. It was not reasonably practicable to transcribe all calls, and so the s11 duty did not apply.

The views in this post (and indeed most posts on blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under Freedom of Information, Information Commissioner, Information Tribunal, judgments, Section 11, UK GDPR

Tagged as ,