Tag Archives: ICO

[reposted from LinkedIn]

In a Freedom of Information Act (FOIA) matter there are two parties with express rights and obligations – the requester and the public authority (PA) – with the potential for the regulator – the Information Commissioner’s Office – to become involved if there is a dispute.

But there is often a third party involved, and one who has no express rights under FOIA – the person to whom requested information relates. This can be a corporate, but sometimes it will be an individual (think, for example of MPs whose expense claims were sought from the Commons many years ago).

The code of practice issued by the Cabinet Office under section 45 of FOIA recommends as best practice that, where a PA receives a request for information where a third party’s interests are engaged, the third party should be consulted, and given the opportunity to make representations. But the Code is clear that those representations cannot bind the PA, and that the decision on disclosure is ultimately for the PA to make.

All of this should, of course, run its course within the 20 working days that FOIA allows for responding to a request. So quite how a request from 2019, to the Legal Services Agency (LSA) for Northern Ireland, regarding the grant of legal aid to a self-styled peace campaigner, has only just been determined in the High Court is a pressing question. Nonetheless, the judgment (though slightly odd) is worth reading.

The man in question, Raymond McCord, was invited to make representations on the request (made by a unionist MP), having been informed of the LSA’s intention to disclose. He brought immediate judicial review proceedings to prevent disclosure and the LSA undertook not to disclose until the ICO had given a view on the lawfulness of processing (I pause to note that the LSA’s suggestion that McCord had an alternative remedy by way of a complaint to the ICO after disclosure for a determination as to whether FOIA had been complied with was wrong in law, and flawed in logic).

The ICO gave an opinion in June 2020 that disclosure would likely be both unfair and unlawful, but stressed that the opinion “is in no way legally binding in this case, however, it should be of assistance to the court in making a final decision.”

No explanation is given in the judgment of why it then took over four years for the court to rule on the application. This is simply ridiculous.

Nevertheless, the court conducted a rather eccentric analysis of the authorities on disclosure of personal data under FOIA (and of various non-authoritative prior ICO decision notices) before determining, five whole years (rather than twenty working days) after the FOIA request, that the information should be disclosed, holding that “the applicant cannot complain of any breach of privacy in respect of his pursuit of high‑profile public interest litigation in circumstances where he himself has commented publicly on the issues”.

The judgment, ultimately, is rather unsatisfactory. The interim judgment (in 2020(!)) of Keegan J, which noted the undertaking by the LSA not to disclose pending the ICO’s ruling, discusses alternative remedies, and implies that McCord would have a right to appeal the ICO’s decision to the First tier Tribunal. However, this predates the Killock and Delo cases which make clear that there is no substantive data subject right of appeal from an ICO data protection decision through the tribunal system. In Killock the Upper Tribunal made clear that a substantive data subject challenge (rather than a procedural one) to the ICO should, indeed, be by way of judicial review proceedings.

And it remains the case that, if you are a third party who has an interest (maybe a profound interest) in information which a public authority is proposing to disclose, in response to a FOIA request, your rights are unclear and limited.

The views in this post (and indeed most posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.