The Freedom of Information Act 2000 (‘FOIA’) allows members of the public to request information from public bodies. As guidance issued by the Information Commissioner explains, the main principle behind FOIA is that people have a right to know about the activities of public authorities, unless there is a good reason for them not to.
This article is taken from January's public matters newsletter. Click here to view more articles from this issue.
The Freedom of Information Act 2000 (‘FOIA’) allows members of the public to request information from public bodies. As guidance issued by the Information Commissioner explains, the main principle behind FOIA is that people have a right to know about the activities of public authorities, unless there is a good reason for them not to. One such exemption is where the requested information concerns the personal data of third parties(1) and complying with the request would breach any of the data protection principles now contained in Article 5 of the General Data Protection Regulation (‘GDPR’).
The most common justification for withholding information under this exemption is that the processing (i.e. the disclosure of the information) would not be lawful, fair or transparent under Article 5(1)(a) of the GDPR(2). The interaction of FOIA and GDPR in this respect has two unusual consequences for public authorities. First, the public authority will in most cases need to apply the legitimate interests gateway contained in Article 6(1)(f) of the GDPR, which is permitted because section 40(8) FOIA overturns the usual position contained in Article 6 that prevents public bodies from relying on this gateway. Second, whilst there is usually a presumption in favour of disclosure under FOIA, the assumption is reversed and a justification is needed for the disclosure of personal data.
If the legitimate interests gateway is relied upon, the public authority must ask itself the following three questions (See South Lanarkshire Council v Scottish Information Commissioner [2013] UKSC 55 at [18]):
The real difficulty for public authorities arises in relation to the third question. This is different from the usual public interest test that public authorities apply under FOIA. In many cases the outcome will not be clear cut and for those finely balanced cases the requestor or third party (or both) may be unhappy with the decision because either too much or too little personal data has been released.
The touchstone is one of proportionality; any disclosure must not cause an unwarranted interference with the third party’s rights. The Information Commissioner has set out in guidance some relevant factors for public bodies to consider when going about this task:
In many cases the personal data in issue will be that concerning employees of the public authority. In this context the type of information will also be a critical factor and the Information Commissioner has also produced more detailed guidance here covering salaries and bonuses, termination of employment, organisational tasks, job descriptions, employee names in documents, registers of interests, and disciplinary files. In most cases, however, the level of seniority of the employee and the extent to which the information intrudes into the employee’s private life (for instance, exact salaries or performance information) will need to be given weight.
One final quirk about this area of FOIA is that the motive of the requestor can matter – a departure from the usual position which requires public authorities to disregard motive. The Information Commissioner’s position is that it is unlikely that a disclosure under FOIA based on purely private interests meets the final limb of the three part test set out above. Conversely, a requestor’s lack of motivation to publicise the information requested is not a relevant consideration – any disclosure under FOIA remaining a disclosure to the world at large (See Information Commissioner v Halpin [2019] UKUT 29 (AAC)).
Given that public authorities will not want to either breach their obligations under the GDPR or their statutory obligations under FOIA the balancing exercise required by the legislation can be a difficult task. Browne Jacobson has an experienced team of information lawyers on hand to guide public bodies through this process.
(1) In other words, the personal data of a person other than the requestor. If a person is requesting access to their own personal data the request should be treated as a subject access request made pursuant to the data protection legislation (see s.40(1) of FOIA)
(2) If the disclosure is lawful because it overcomes the legitimate interests hurdle then in most cases it will also satisfy the requirement of fairness due to the balancing exercise discussed below that needs to be undertaken by the public authority. However, it remains possible that the information could be withheld because its disclosure would not be fair or transparent (possibly, for example, because its release would be inconsistent with the public authority’s privacy notice)
Senior Associate
matthew.alderton@brownejacobson.com
+44 (0)330 045 2747
Law firm Browne Jacobson has collaborated with Wiltshire Council and Christ Church Business School on the launch event of The Council Company Best Practice and Innovation Network, a platform which brings together academic experts and senior local authority leaders, allowing them to share best practice in relation to council companies.
In the Autumn Statement delivered on 17 November, rises to the National Living Wage and National Minimum Wage rates were announced, to take effect from 1 April 2023.
Announced in September but scrapped on 17 November the investment zone proposals were very short lived. The proposal has now morphed into the proposal for a smaller number of clustered zones earmarked for investment.
Settlement agreements are commonplace in an employment context and are ordinarily used to provide the parties to the agreement with certainty following the conclusion of an employment relationship.
On 2 November 2022, the Supreme Court handed down its judgment in the much awaiting case of Hillside Parks Ltd v Snowdonia National Park Authority [2022] UKSC 30. The Court’s judgment suggests that the long established practice of using drop-in applications is in fact much more restricted than previously thought. This judgment therefore has significant implications for both the developers and local planning authorities.
Across the UK, homelessness is an urgent crisis, and one that is set to grow amid the rising cost of living. Local authorities are at the forefront of responding to this crisis, but with a lack of properties that are suitable for social housing across the UK, vulnerable individuals and families are often housed in temporary accommodation.
A deepfake of Bruce Willis is advertising Russian mobile phones. Many great artistic and metaphysical questions are raised by this performance. However, this article is going to look at the intellectual property law implications, from a UK perspective.
Settlement agreements in an employment context are ordinarily used to provide both parties with certainty following the conclusion of an employment relationship – but what happens when there is alleged discrimination after entering into a settlement agreement?
The Digital Services Act (the “DSA”) has today (27 October) been given the go-ahead by the EU Council and will enter into force by early 2024.
Updates include UK Shared Prosperity Fund, contracts, Subsidy Control Bill, data controller liability, Government Covid-19 procurement and Highway Code revisions.
The complex and rather nebulous transitional subsidy control regime set out in the UK-EU Trade and Co-operation Agreement and the UK’s wider international commitments has made it difficult for public authorities and those working with them to proceed with certainty where subsidies are involved.
Investment zones have been introduced by the Conservative party to get the United Kingdom (UK) ‘working, building and growing’. They are to be designated sites which provide time-limited tax incentives, streamlined planning rules and wider support for local growth to encourage investment and accelerate the development of housing and infrastructure that the UK needs to drive economic growth. Processes and requirements that slow down development will be stripped back with the intention of attracting new investment.
Created at the end of the Brexit transition period, Retained EU Law is a category of domestic law that consists of EU-derived legislation retained in our domestic legal framework by the European Union (Withdrawal) Act 2018. This was never intended to be a permanent arrangement as parliament promised to deal with retained EU law through the Retained EU Law (Revocation and Reform) Bill (the “Bill”).