Category Archives: local government

February 28, 2023 · 8:29 pm

FOI embarrassment

At a recent awards event, recognising high-performing Freedom of Information officers and teams (fantastic idea by the organisers/sponsors, by the way*) I gave a brief talk where I stressed that it was important to recognise how much FOI has achieved in its 23 (or 18**) years, and to remember that every day thousands of disclosures are made by thousands of public authorities. It’s very easy to snipe at bad practice, and I often do, but if we don’t acknowledge the benefits, the real opponents of FOI might start arguing for its repeal.

So. Celebrate success. Accentuate the positive. Eliminate the negative.

However.

Then you see a decision notice from the Information Commissioner (ICO), in which a large London council had refused to disclose, under FOI, information on how many enquiries (MEQs) each of its councillors*** had submitted to the council on behalf of constituents. The reason for refusal was that this was the personal data of the councillors (well, yes) and that disclosure would infringe those councillors’ rights under the data protection law (hell, no).

This isn’t time for legal analysis. It really is as extraordinary as it sounds.

Thankfully, the ICO had no truck with it (and the notice does have legal analysis).

Frankly, though, the council should be ashamed.

______________________

*I have no personal or professional interest

**The Act commenced in 2000, but the main provisions didn’t commence until 2005

***At the end of the notice there is a big hint as to the role of the person who made the request – see if you can guess

.

The views in this post (and indeed most posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under access to information, Data Protection, Freedom of Information, Information Commissioner, local government

Tagged as , ,

February 6, 2021 · 12:30 pm

High Court – subject access, breach of confidence and the offence of reidentification (part 2)

In June last year I wrote about an unsuccessful strike-out application by the defendant in the High Court in proceedings arising from a very unfortunate incident, whereby Lambeth Council had imperfectly redacted highly sensitive data when responding to a subject access request.

The requester was the father (“AM”) of a child about whom a referral had been made to Lambeth social services, and the person whose identity was inadvertently revealed (when AM disapplied redactions made using Adobe software) was the person who made the referral – “HJ” – who happened to be AM’s sister.

The substantive proceedings have now come to trial, with a judgment now published (London Borough of Lambeth v AM (Judgment No. 2) [2021] EWHC 186 (QB)). Unsurprisingly, the judge held that AM acted in breach of confidence by removing the redactions, by retaining a copy of the information and refusing to return or destroy it, and by using the information to write a letter before action accusing HJ of malicious defamation, breach of confidence and harassment.

There were no further allusions to an apparent criminal prosecution of AM by the Information Commissioner’s Office. One waits to see if further news about that emerges.

The views in this post (and indeed most posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under access to information, Data Protection, local government

June 5, 2020 · 5:08 pm

High Court – subject access, breach of confidence and the offence of reidentification

(See also the follow-up piece here)

An interesting case is being heard in the High Court, arising from an apparent error whereby, in responding to a subject access request (SAR), the London Borough of Lambeth allowed the recipient (and now defendant) data subject to electronically manipulate the information sent to him. This in turn enabled him to remove redactions, and identify someone who had made allegations against him and his wife (about the care they were providing to their child).

This is nightmare scenario for a controller – to inadvertently disclose extremely sensitive information, while responding to a SAR. In this instance, Lambeth have now brought a claim in breach of confidence against the defendant data subject, on the grounds that: the data was provided to the data subject in circumstances where he knew it was confidential; that he breached that confidentiality by unredacting the data, retaining an unredacted copy of the file, using the evidence to write a pre-action letter to the person who made allegations against him and his wife and threatening to bring court proceedings against them based on the information; and that it is integral to the work of Children’s Services that people who bring to its attention instances of perceived inadequate care or neglect of children are able to do so under conditions of confidentiality and can be assured that their confidentiality will be respected.

The instant proceedings were primarily concerned with a strike-out application by the defendant data subject, on the grounds of non-compliance by Lambeth with its (litigation) disclosure obligations. This application was roundly dismissed, and the matter will proceed to trial.

But of particular note is that, notwithstanding that the original error was Lambeth’s, it was revealed in the proceedings that the Information Commissioner’s Office (ICO) is also prosecuting the defendant data subject on charges of committing the offences of knowingly or recklessly re-identifying de-identified personal data, without the consent of the data controller, and knowingly or recklessly processing re-identified personal data, without the consent of the data controller. These are new offences created by sections 171(1) and 171(5) of the Data Protection Act 2018, and, when that Act was passed, it appeared that the mischief the provisions sought to address was the risk of hackers and fraudsters attempting to identify data subjects from large datasets (see the debates at Bill stage). It will be interesting to see if the ICO’s prosecution here results in a conviction. But it will also be interesting to see if ICO considers similar prosecutions in other circumstances. Although there is a public interest defence (among others) to section 171 charges, it is not an uncommon occurrence for public authorities (particularly) to inadvertently disclose or publish information with imperfect redactions. It certainly appears, on a plain reading of section 171, that someone re-identifying de-identified personal data (even if, say, for idle reasons of curiosity) might not always be able to avail themselves of the public interest defence.

And what is unsaid in the judgment, is whether Lambeth are facing any sort of civil, regulatory action from the ICO, arising from their error in sending the imperfectly redacted information in the first place.

The views in this post (and indeed most posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under anonymisation, Data Protection, Data Protection Act 2018, Information Commissioner, local government, subject access

Tagged as , , ,

June 29, 2017 · 8:39 pm

Data Protection (and other) compensation awarded against Ombudsman

I’ve been helpfully referred to a rather remarkable judgment of the Leeds County Court, in a claim for damages against the Local Government Ombudsman for, variously, declaratory relief and damages arising from discrimination under the Equality Act 2010, and breach of the Data Protection Act 1998 (DPA). The claim was resoundingly successful, and led to a total award of £12,500, £2,500 of which were aggravated damages because of the conduct of the trial by the respondent.

The judgment has been uploaded to Dropbox here.

I will leave readers to draw their own conclusions about the actions of the Ombudsman, but it’s worth noting, when one reads the trenchant criticism by District Judge Geddes, that one of the office’s strategic objectives is to

deliver effective redress through impartial, rigorous and proportionate investigations

One can only conclude that, in this case at least, this objective was very far from met.

Of particular relevance for this blog, though, was the award of £2500 for distress arising from failure to prepare and keep an accurate case file recording the disability of the claimant and her daughter. This, held the District Judge, was a contravention of the Ombudsman’s obligations under the DPA. As is now relatively well known, the DPA’s original drafting precluded compensation for distress alone (in the absence of tangible – e.g. financial – damage), but the Court of Appeal, in Vidal Hall & ors v Google ([2015] EWCA Civ 311), held that this was contrary to the provisions of the Charter of Fundamental Rights of the European Union and that, accordingly, there was a right under the DPA to claim compensation for “pure” distress. The award in question here was of “Vidal Hall” compensation, with the judge saying there was

no doubt in my mind that the data breaches have caused distress to the claimant in their own rights as well as as a result of the consequences that flowed.

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under 7th principle, accuracy, Data Protection, human rights, local government

December 9, 2014 · 12:42 pm

Making an FOI request to oneself…

Can the executive of a local authority make an FOI request to itself?

The Brighouse Echo reveals that Stephen Baines (no relation, of course), the Leader of Calderdale Council, resorted to submitting a Freedom of Information (FOI) request in exasperation, after apparently failing to get answers from officers at the Council

I asked officers on November 10 if there was there was any truth in these allegations [about officers ignoring warnings about the legality of a parking scheme], and I hadn’t received a reply, and last Friday I’d had enough – I finally lost it and put in a Freedom of Information request. It’s highly probable that I’m the first council leader to have done this, but I was just getting so frustrated.

But did he need to make an FOI request? In fact, could he even make an FOI request?

I would say that it is strongly arguable that in a council operating executive arrangements – as Calderdale does – under part 9C(3) of the Local Government Act 2000 (LGA 2000), whereby a Leader with a Leader-appointed Cabinet constitute the executive, the executive are deemed generally to be in control of information relating to the council’s functions. So in general terms, the Leader and Cabinet are “the Council”. Section 9D(3) of LGA 2000 provides that “any function of the local authority which is not specified in regulations…is to be the responsibility of an executive of the authority under executive arrangements” (the regulations in question are The Local Authorities (Functions and Responsibilities) (England) Regulations 2000 (as amended). Put another way, the executive are the ones who should take any decision on access to documents, rather than officers (other than officers who have had that decision delegated to them). The exceptions to this general principle would be where the documents relate to functions which are not the responsibility of the executive. Effectively, the executive will be the possessors/controllers of all council information for which the executive has the functional responsibility.

I feel bolstered in this suggestion by Part 5 of The Local Authorities (Executive Arrangements) (Meetings and Access to Information) (England) Regulations 2012. This gives “Additional rights of [access of] members of the local authority and of members of overview and scrutiny committees” and sections 16 and 17 talk in terms of the right of a member, or a member of an overview and scrutiny committee, to inspect certain documents which are “in the possession or under the control of the executive of a local authority”. No interpretative guide is given to what “in the possession or under the control of the executive of a local authority” means, but it is clear that there must be a category of documents which are “in the possession or under the control of the executive of a local authority”. That being the case, one might ask “which documents are not ‘in the possession or under the control of the executive of a local authority’?” To which I am tempted to answer “those which do not relate to the functions for which the executive has responsibility”.

So, if it is, for instance, a function of a local authority to provide library services (section 7 of the Public Libraries and Museums Act 1964).  This function is the responsibility of the executive (because regulations do not specify otherwise). Delivery of the function will normally be by delegation to officers, but I cannot see how those officers, or others, could then restrict a member of the executive from seeing a document relating to the exercise of executive functions. And if, as I understand is the case, civil enforcement of parking contraventions is also an executive functions (surely delegated to officers) one wonders also if officers can restrict a Leader from seeing a document relating to the exercise of that specific function.

So, my argument goes, a leader of a council cannot make an FOI request to the council for information about the exercise of an executive functions, because in that regard he is the council. Comments welcomed!

And n.b. I have not even begun to consider where a councillor’s, or a leader’s, common law right to know fits in to this…

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

6 Comments

Filed under Freedom of Information, local government

Tagged as ,

November 12, 2014 · 9:57 am

A strict test for compliance with access to information laws

The High Court has quashed planning permission for a wind turbine because the Council involved failed to make information available beforehand, in breach of its legal obligations

The statutory rights to information held by public authorities which commenced in January 2005 – when the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 came into effect – are not the only legal mechanism whereby people can or must have public information imparted to them. For instance, sections 100A-E of the Local Government Act 1972 (as inserted by the Local Government (Access to Information) Act 1985) deal with access to meetings of and information relating to meetings of specified local authorities (broadly, County, Borough, District, City or Unitary Councils). Section 100B deals with access to agendas and reports and section 100D with access to background papers. In both cases these must be “open to inspection by members of the public at the offices of the council” at least five clear days before the meeting (“clear days” refers to weekday working days and does not include the day of publication or the day of the meeting (R v Swansea City Council, ex p Elitestone Ltd (1993) 66 P. & C.R. 422)).

But what happens if these obligations are not complied with? what, for example, happens if background papers are not available for inspection for five clear days before a meeting? Often, nothing happens at all, but sometimes such a failure can be significant and costly. In a recent case (Joicey, R (on the Application of) v Northumberland County Council [2014] EWHC 3657) this is exactly what transpired. A planning application for a wind turbine was at issue,1 with a meeting scheduled for 5 November 2013 to consider it. The judgment informs us that “the officer’s report recommending approval…subject to conditions, was made available on 23 October” (it is not clear whether this means made available only for inspection, or whether it was also available on the Council’s website, although nothing turns on this). A Dr Ferguson, opposing the application (and a friend of the applicant Mr Joicey) noticed from the officer report that an external noise assessment report had been commissioned and produced. He emailed the Council on 30 October asking about the noise assessment report, getting no immediate reply, and attended the Council offices on 1 November to inspect the files, but no noise assessment report was included. On 4 November, the day before the committee meeting, he received a reply to his 30 October email, with a copy of the noise assessment report attached. The same day a copy of the report was uploaded to the Council website.

The committee approved the application, despite Mr Joicey addressing the meeting in the following terms

Noise impact assessment has been carried out again, in full, for this application, but I don’t suppose any of you have seen it, because this highly relevant document (74 pages of it) appeared only yesterday, and that was after requests to see it. If you study it, and you are properly armed with the knowledge of previous planning history connected with this site, you will find that it is actually fundamentally flawed, again, and that it shows that this application must actually be refused on noise grounds.

Mr Joicey brought judicial review proceedings on six grounds, but the one which concerns us here is the first: the non-availability of the noise assessment. As the noise assessment report was not included in a list of the background papers for the report to the committee, and was not available for inspection five clear days before the meeting there was, said Mr Justice Cranston

no doubt that there were a number of breaches of the public’s right to know under the Local Government Act 1972

Furthermore, the fact that the report was not available on the Council’s website was a breach of its undertakings in its Statement of Community Involvement (SCI) prepared pursuant to its obligations under section 18(1) of the Planning and Compulsory Purchase Act 2004. The Council’s SCI stated that “Once a valid planning application has been received we will…Publish details of the application with supporting documentation on the council website.” The Council even conceded that, although the report had been uploaded on 4 November, it had been described as published on 9 September, and the judge took a “dim view of any public authority backdating a document in a manner which could give a false impression to the public”. The undertaking in the SCI went further, said the judge, than the statutory obligations in the 1972 Act, and constituted a continuing promise giving rise to a legitimate expectation on the part of the public, and “otherwise the public’s right to know what is being proposed regarding a planning application would be frustrated”.

But what was the effect of these failings? The Council submitted that no prejudice had been caused to the claimant, because the planning committee’s decision had been inevitable and, adopting the test in Bolton MBC v Secretary of State for the Environment (1990) 61 P. & C.R. 343, if the court was uncertain whether, absent the failings, there would be a real possibility of a different decision being there was no basis for concluding that it was invalid. However, Mr Justice Cranston held that the correct test was different: drawing on the authorities of Simplex GE Holdings Ltd v Secretary of State for Environment (1988) 3 PLR 25 and R (on the application of Holder) v Gedding District Council [2014] EWCA Civ 599 he said that

the claimant will be entitled to relief unless the decision-maker can demonstrate that the decision it took would inevitably have been the same had it complied with its statutory obligation to disclose information in a timely fashion [emphasis not in original]

And in this case the Council failed to persuade him that the decision would inevitably have been the same if the noise assessment report had been made available earlier: the issue of noise had been a key one in earlier challenges to the developments and remained so now, and Mr Joicey could have made further representations and sought further expert opinion which might have persuaded the planning committee.

Some of Mr Joicey’s other grounds of challenge succeeded, and some failed, but the merits of the successful challenges led to the planning permission being quashed.

Local authorities would do well to note the strictness of the test here: breaches of the access to information provisions of the 1972 Local Government Act, and of the undertakings in a Statement of Community Involvement, will mean decisions taken are liable to be quashed upon challenge, unless the decision would inevitably have been the same without the breaches. Inevitability is a hard thing to prove.

1Northumberland County Council, despite its name, is a unitary authority, and, therefore, a local planning authority

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under local government, transparency

Tagged as