[reposted from my LinkedIn account]
When a public authority receives a Freedom of Information Act request and the requested information contains personal data (of someone other than the requester) it must first consider whether it can even confirm or deny that the information is held. For instance “Dear NHS Hospital Trust – please say whether you hold a list of embarrassing ailments suffered by Jon Baines, and if you do, disclose the list to me”. To confirm (or deny) even holding the information would tell the requester something private about me, and would contravene the data protection principles at Article 5(1) of the UK GDPR. Therefore, the exemption at s40 of FOIA kicks in – specifically, the exemption at s40(5A): the hospital can refuse to confirm or deny whether the information is held.
But suppose that, mistakenly, the hospital had perhaps confirmed it held the information, but refused to disclose it? The cork, surely, is for ever out of the bottle.
Upon appeal by the requester (this requester really has it in for me) to the ICO, I could understand the latter saying that the hospital should have applied s40(5A) and failure to do so was a failure to comply with FOIA. However, certainly of late, the ICO has engaged in what to me is a strange fiction: it says in these circumstances that it will “retrospectively apply s40(5A)” itself. It will pretend to put the cork back in the bottle, after the wine has been consumed.
And now, the Information Tribunal has upheld an ICO decision to do so, albeit with no argument or analysis as to whether it’s the correct approach. But even more bizarre it says
We are satisfied that the Commissioner was correct to apply section 40(5B) FOIA proactively, notwithstanding the information that has previously been provided by the Trust, to prevent the Trust from providing confirmation or denial that the information is held.
But the Trust had already done so! It can’t retrospectively be prevented from doing something it has already done. The cork is out, the wine all gone.
Am I missing something? Please excuse the sudden mix of metaphor, but can no one else see that the Emperor has no clothes?
The views in this post (and indeed most posts on blog) are my personal ones, and do not represent the views of any organisation I am involved with.
