Tag Archives: transparency

ICO breaching the law it’s meant to oversee

This may be complete coincidence, but on the WhatDoTheyKnow website, there are two Freedom of Information (FOI) requests, on similar themes, which requesters have made to the Information Commissioner’s Office (ICO), to which – at the time of writing – the ICO appears simply to be failing to respond, way beyond the statutory timescale of 20 working days.

Both requests are about procurement of external consultants. In the first, the requester asked

Please disclose all current agreements for provision of legal services by outside bodies such as barristers chambers, law firms etc. This should include the rates of pay agreed.

The request was made on the 19th February and more than three months on, has simply had no response (other than an automated acknowledgment).

In the second the (different) requester asked

how many times the Information Commissioner’s Office has engaged consultants, companies or other specialists to deliver services to the ICO without putting the work out to tender or otherwise advertising the opportunity externally

That request was made on the 26th February and, barring some holding responses, which seem to have dried up, it has had no substantive response.

The failure to respond is concerning, and the failure to communicate inexplicable. One wonders where the reluctance comes from.

My own recent experience of making FOI requests to them indicates a less-than-ideal level of compliance with the laws the ICO is meant to regulate. However, when, some time ago, I asked the ICO for compliance figures, they refused to disclose them, saying they would be published soon. Yet approximately six months on they still haven’t done so (which is not in compliance with the best-practice requirements of the section 45 FOI Code of Practice).

I offered the ICO an invitation to comment on this blogpost, and in response a spokesperson said: “We aim to resolve 95% of information requests within the statutory deadline, unless we have sought an extension. We acknowledge that we have fallen short of expectations in these instances but can confirm that the responses to both requests will be issued soon.” No comment was made on the wider point about compliance, and publication of compliance statistics. (I would also make the observation that it’s rather surprising ICO only aims to respond to 95% of requests within the statutory deadline – surely they would (and should) aim to respond to 100% within the timeframe mandated by the law?)

I’ve previously expressed concern about the ICO’s unwillingness to take enforcement action against recalcitrant, if not contemptuous, public authorities for poor FOI compliance. Elizabeth Denham has recently (and unsuccessfully) called for an extension of FOI law, saying

Part of my job is to make sure that the legislation my office regulates fulfils its objectives and remains relevant. When it does not, I will speak out

Will she also speak out about the fact that her office is not itself complying with the legislation it regulates?

The views in this post (and indeed all posts on this blog, unless they indicate otherwise) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under Freedom of Information, Information Commissioner, transparency

ICO hasn’t given own staff a GDPR privacy notice

The first principle of GDPR says that personal data shall be processed in a transparent manner. Articles 13 and 14 give details of what information should be provided to data subjects to comply with that principle (and that information should be provided at the time it is collected (if it is collected directly from the data subject)).

As the Information Commissioner’s Office (ICO) says

Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR. [emphasis added]

and

Getting the right to be informed correct can help you to comply with other aspects of the GDPR and build trust with people, but getting it wrong can leave you open to fines and lead to reputational damage

If you read the ICO’s Guide to GDPR, it is largely predicated on the understanding that privacy notices will be made available to data subjects, effectively as a prerequisite to overall compliance.

So, one thing a data controller must – surely – prioritise (and have prioritised, in advance of GDPR becoming applicable in May 2018) is the preparation and giving of appropriate privacy notices, including to its own employees.

With that in mind, I was interested surprised astounded well-and-truly-gobsmacked to see an admission, on the “WhatDoTheyKnow” website, that the ICO itself has – almost a year on from GDPR’s start – not yet prepared, let alone given, its own staff a GDPR privacy notice

I can confirm we do not currently hold the information you have requested. The privacy notice for ICO employees is currently under construction.

As getting the right to be informed wrong can leave one open to fines (as well as reputational damage), one wonders if ICO is considering fining itself for this fundamental infringement of a fundamental right?

The views in this post (and indeed all posts on this blog, unless they indicate otherwise) are my personal ones, and do not represent the views of any organisation I am involved with.

8 Comments

Filed under Data Protection, fairness, GDPR, Information Commissioner, privacy notice, transparency

Talk on the future of FOI

Mostly because I haven’t posted much on this blog recently, I’m uploading a version of a talk I gave at the recent conference of the National Police Chiefs Council (NPCC). I was asked to talk, alongside FOIKid Bilal Ghafoor, and tribunal judge David Farrer QC, about what the teenage years of the Freedom of Information Act 2000 might look like. After I’d reflected on this, I ended up rather more optimistic than I expected. YMMV, as they say.

Before I talk about the future, and FOI as it enters those awkward teenage years, I wanted to reflect a bit on its early infanthood. Has it achieved what it was hoped it would achieve? Has it worked well?

As is sometimes overlooked, Parliament declined to enact a purpose clause into the 2000 Freedom of Information Act (against the urging of the then Information Commissioner Elizabeth France). So when we talk about whether FOIA has achieved its aims, we are, to an extent, second guessing what Parliament intended. However, in 2012 the Justice Committee conducted post-legislative scrutiny of FOIA, and the Ministry of Justice (drawing on the original White Paper which preceded the Act) identified four objectives for it:

  • openness and transparency;
  • accountability;
  • better decision making;
  • and public involvement in decision making, including increased public trust in decision making by government

And the committee felt that FOIA has achieved the first three but the secondary objective of enhancing public confidence in Government had not been achieved, and was unlikely to be achieved.

And I think this is broadly right: we have seen more openness and transparency – when working well together FOIA feeds into the Transparency Agenda and vice versa. Huge amounts of public sector information have been made available where once it wasn’t. And with openness and transparency come, or should come more accountability and better decision making. But that final objective, involving increasing public trust in decision making, has almost been achieved in the negative – and that is partly to do with how the public hear about FOIA. Many, probably most, major FOIA stories run by the media almost inevitably involve scandal or highlight wasteful practice, and often go hand in hand with litigation aimed at preventing disclosure. The MPs expenses scandal was one of FOIA’s major victories (although, let us not forget, it was a leak to the Telegraph, rather than a final FOIA disclosure, that led to the full details coming out) but while it enhanced FOIA’s status, it’s hard to say it did anything but greatly damage public trust in government, and more widely, politicians.

But the Justice Committee report identified something else, and something very relevant when we start to look to the future of FOIA. It stated that “the right to access public sector information is an important constitutional right” – something which Lady Justice Arden also recognised in her recent Court of Appeal judgment in the Dransfield case. And when something is identified as part of our constitution, it becomes pretty hard to remove it, or amend it to any great extent. The Conservative government appear to be experiencing this at the moment, as their plans to repeal the Human Rights Act have been stalled. The Human Rights Act can also be said to have achieved constitutional status – by incorporating the European Convention on Human Rights into the domestic law of the UK, it represented a major shift in how individual rights are protected under British law. It may well end up being the case that the only way the Act could be repealed would be by replacing it with something essentially the same (or by pulling out of the Convention, and pulling out of Europe) and even then, as Lord Bingham said

“Which of these rights…would we wish to discard? Are any of them trivial, superfluous, unnecessary? Are any them un-British?”

The rights enshrined in the European Convention are fundamental, and they’re not going to go away, and when one considers that one of them – Article 10 – contains not just the right to freedom of expression, but the right to receive and impart information (subject to necessary and lawful conditions) one can begin to perceive that a Freedom of Information Act helps give effect to this fundamental right.

A majority of the Supreme Court, in the Kennedy judgment last year, went even further, and said that a (qualified) right to receive information from a public authority was not just enshrined in the Convention Rights, but existed (and always has existed) under the Common Law.

What I’m saying, by going off on a somewhat legalistic tangent, is that the right to request and receive public sector information is so fundamentally embedded in our legal and constitutional landscape, that I don’t see any realistic challenge to the principle (and I doubt any of you would). But it also means that any tinkering with the right becomes correspondingly difficult. And this is why although I think FOI will have some teenage tantrums, it won’t have a huge teenage meltdown and emerge from its bedroom a completely different individual.

But with that important caveat, what might we see?

Well, under Francis Maude in the Cabinet Office and Chris Grayling at the Ministry of Justice (although Lib Dem Simon Hughes had the actual FOI brief) we saw significant strides, and a lot of fine words, about the importance of transparency, with Maude even saying in 2012

“I’d like to make Freedom of Information redundant, by pushing out so much data that people won’t have to ask for it”

But they have all gone on to other things – Maude to the Lords, Grayling to Leader of the Commons and Simon Hughes back to his day job, after losing his seat last month. Will this lead to changes? Well, still very much in post is David Cameron, and he has spoken before about his concerns about FOI “furring up the arteries of government” and of FOI’s “buggeration factor”, which doesn’t bode well for those of us who support the Act. And minister with responsibility for FOI (under Michael Gove as Justice Secretary) is Dominic Raab. Raab is strong on civil liberties and is known to be a frequent user of FOI in his parliamentary and constituency work. One of his targets was the Police Federation – in 2011 he sent requests to all forces asking for figures on the number of police staff working full-time for the Federation. But Gove is reputed not to be so keen on FOI – indeed, in 2011 his then Department of Education was found to have used private email accounts to conduct government business, apparently in the belief that this took them outside FOIA.

It does seem clear that any changes to FOIA are not high on the government’s list of priorities: there was nothing in the Conservatives’ election manifesto, and there have been no obvious pronouncements in the early days.

For a flavour though of what might be on the cards it’s instructive to go back to the government response to the post-legislative scrutiny. On the subject of FOI cost limits there was a suggestion that further factors might be taken into account – so, added to the costs of locating and retrieving information it might become possible to take into account consideration and redaction time. This could have more profound effects that is immediately apparent – as most of you will know, those two activities can take up a large amount of time, and if that change were brought in I think we would see a huge increase in cost refusals.

Another related suggestion was that for costs purposes requests from the same person or group of persons could be aggregated EVEN where there was no similarity between the subject of the requests. It is not hard to see how this would be devastating for some journalists who make use of FOI.

And a further suggestion was the introduction of fees for appealing a case to the Information Tribunal. This would be unlikely to affect public authorities, but requesters could well be dissuaded. No doubt some of those would be the more speculative, persistent or frivolous of requesters, but I would be concerned that some well-intentioned requesters would decide not to exercise their rights if such a change were made.

On the more “pro-FOI” side, we are likely to see further public authorities made subject to FOIA. ACPO of course came in in 2012, Network Rail this year, and Theresa May has made clear that she would like to see the Police Federation covered.

But also discussions need to be had about the extent to which private contractors performing public functions are caught by FOI. The government has previously indicated that it thinks this can be achieved through appropriate contractual provisions, but I’m dubious – without a clear legal obligation, and associated enforcement mechanism, I struggle to see why this would happen.

So, despite my optimism that the fundamental principles of FOI are now constitutionally embedded, I don’t necessarily think there will be no changes. But I continue to think they will be essentially minor, and this is because I think there is a further factor which protects those fundamental principles. As I said, Dominic Raab has traditionally used FOI to gather information to better help him in his job. And thousands and thousands of other people do so. Journalists are the most obvious example (and when it comes to defenders of the right to receive information you couldn’t ask for a more vocal group) but campaign groups, other public authorities, academics and private citizens do so. And for this reason FOI is popular. Unlike the Human Rights Act there are no (or very few – I don’t know of any) journalists campaigning for FOIA’s repeal. Politicians don’t campaign on a platform of opposition to the right to receive public information.

FOI does promote better openness and transparency; better accountability; better decision making, and even if it hasn’t yet, and probably never will, improve the public trust in government decision-making, one thing which would further destroy that trust would be changes to make public authorities less accountable. And the media and campaigners would be lined up to make the point vociferously.

FOI may, in its teenage years, suffer from its own equivalent of angst, anger and acne, but it will have strong friends to support it.

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with..

4 Comments

Filed under Freedom of Information, transparency

Abuse survivors’ names published on home affairs committee website

Last week, in a testy exchange with Ben Emmerson QC, the Chairman of the House of Commons’ home affairs select committee, Keith Vaz, trumpeted his committee’s commitment to transparency. The committee was taking evidence on the Independent panel inquiry into child sexual abuse and, at one point, Mr Emmerson QC, who had been heavily criticised by panel member Sharon Evans at a previous committee session, was keen to known whether a letter she had written had been, as Mr Vaz had previously indicated, published on the committee’s website. Mr Vaz replied (at 16:34:46)

Yes, yes, all letters that we receive – we don’t believe in suppressing information. This is Parliament so we put everything on the website

However, it now transpires that, when he said “everything”, this might have been taken too literally. It appears that not just correspondence might have been published, but, also, the names of four survivors of abuse. Sky News reports that

Survivors of child sex abuse have received death threats after their personal details and confidential communications with an abuse inquiry were published online.

Members of the group have written to the Home Secretary expressing “grave concern” about the publication of documents they say were leaked by a member of an abuse inquiry panel

In response, Mr Vaz, the Telegraph reports, said “The names of all these individuals were already in the public domain”.

However, just because names of victims or alleged victims of sexual offences are in the public domain does not provide a defence, for instance, to a charge under section 5 of the Sexual Offences (Amendment) Act 1992, (SO(A)A) which provides lifetime anonymity for such people, insofar as no publication may be made of their name, or address, or a still or moving picture of them.

Moreover, even if personal data is in the public domain, the provisions of the Data Protection Act 1998 (DPA) apply, and in the absence of a legal basis for publication, there will be a contravention of that Act if personal data is published unfairly. Given that complaints have been made about this publication, it certainly seems to be the case that the data subjects did not consent to such publication, and would not have had a reasonable expectation that it would happen. That would tend to suggest unfair processing.

I have written before about the dangers of inadvertently disclosing personal data in pursuance of an over-eager transparency agenda. It may be that Mr Vaz’s commitment to transparency on the part of his committee has realised these dangers.

However (and contrary to what I suggested in the first draft of this post – thanks Rich Greenhill) it appears that information published by a parliamentary committee is likely to be covered by parliamentary privilege (pages 58-59 of the Select Committee Red Book), and Greg Callus informs me that I failed to check the early-Victorian statute book – the Parliamentary Papers Act 1840 lays the basis for parliamentary privilege. This would probably provide a defence to charge of breach of SO(A)A, but it wouldn’t necessarily completely oust the regulatory jurisdiction of the Information Commissioner, in the event that the publication was inadvertent, as opposed to deliberate, and to the extent that it evinced a lack of organisational and technical measures to safeguard against unlawful or unfair processing of personal data (in contravention of the seventh data protection principle). This is because the DPA exemption (section 35A) applying to parliamentary privilege does not cover the seventh principle.However, I’m sure this is purely an academic question.

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

6 Comments

Filed under Data Protection, sexual offences amendment act, transparency

FOI vs Transparency debate

Yesterday, after attending a fascinating and in-depth briefing from Network Rail on their journey towards being subject to the Freedom of Information Act 2000, I was privileged to appear on a panel debating “In a world of Freedom of Information, does voluntary transparency still matter?” Although rather daunted by the illustrious fellow panel members – the Campaign for Freedom of Information‘s Maurice Frankel, the Guardian’s Jane Dudman and Sir Alex Allan KCB1 – I delivered a short address on the subject (as did those others). Perhaps unsurprisingly, the panel were unanimous in feeling that voluntary transparency does still matter in a world of FOI, but, just as importantly, that voluntary transparency does not and should not make FOI redundant. This is broadly what I said, with added hyperlinks:

A very wise man called Tim Turner once wrote: “The point of FOI is that you get to ask about what YOU want to know, not what The Nice Man Wants To Tell You”. And this I think is the key point which distinguishes the access rights afforded to individuals under Freedom of Information and related legislation, from the transparency agenda which has led to the UK government again this week being pronounced the most open and transparent in the world, by Tim Berners Lee’s World Wide Web Foundation.

At the same time as that first place was announced, cynics amongst us might have pointed to the fact that in the 2013 Global Right to Information Ratings compiled by Access Info and the Canadian Centre for Law and Democracy, the UK was in 29th place, behind countries like Kyrgyzstan and Sierra Leone.

There’s clearly a gap in perception there, and one that is not simply explained away by questions about methodology.

In 2012 Francis Maude said “I’d like to make Freedom of Information redundant, by pushing out so much data that people won’t have to ask for it”. While this is in some ways a laudable aim, it is simply never going to wash: there will always be some information which Mr Maude doesn’t want disclosed, but which I, or, you, or someone else, does (to illustrate this one only has to look at how regularly the Cabinet Office claims FOI exemptions and refuses to disclose).

By the same token Network Rail, who have disclosed an impressive amount of valuable data over recent years, would not, I am sure, pretend that they expect only ever to disclose information in response to FOI requests, when they come under the Act’s coverage in a few months. There will clearly be information which they will not be able to disclose (and for perfectly valid reasons).

The transparency agenda cannot simply sweep away concerns about disclosure of commercially sensitive information, or of personal data, or of information which might prejudice national security. But there will always be people who want this information, and there will always be the need for a legal framework to arbitrate disputes about disclosure, and particularly about whether the public interest favours disclosure or not.

And, as a brief aside, I think there’s an inherent risk in an aggressive, or, rather, enthusiastic, approach to publication under a transparency agenda – sometimes information which shouldn’t be published does get published. I have seen some nasty erroneous, and even deliberate, disclosures of personal data within Open Datasets. The framework of FOI should, in principle at least, provide a means of error-checking before disclosure.

When FOI was in its infancy we were assured that effective and robust publication schemes would ultimately reduce the amount of time spent dealing with FOI requests – “Point them to the publication scheme” we were told…While I am sure that, on some level, this did transpire, no one I have spoken to really feels that proactive publication via a publication scheme has led to a noticeable decrease in FOI requests. And I think the same applies with the Transparency Agenda – as much as Mr Maude would like to think it will make FOI redundant, it has, and will continue to have, only a minor effect on the (necessary) burden that FOI places on public authorities.

I do not think we are going to see either the Transparency Agenda dispense with FOI, nor FOI dispense with the Transparency Agenda: they are, if not two sides of the same coin, at least two different coins in the same purse. And we should always bear in mind that public scrutiny of public authorities is not just about what the Nice Man Wants To Tell You, but is equally about what the Nasty Man Doesn’t Want To Tell You.

1I’m delighted to see from his Wikipedia entry that Sir Alex is a huge Grateful Dead fan, and that further research suggests that this isn’t just Wikipedian inaccuracy

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

1 Comment

Filed under Freedom of Information, transparency