AI-driven legal access to information: DSARs, FOI requests, and the emerging landscape

Generative artificial intelligence (AI) ('large language models' or LLMs) use can be broadly defined as systems that are able to perform tasks requiring human-like intelligence.

With platforms like ChatGPT boasting 800 million users, with the majority falling in the age range of 25-34, AI has become an everyday tool for many. 

Tools such as ChatGPT and similar chatbots can imitate formal writing, summarise complex topics and even cite laws, all without human intervention: when fed a prompt, they can produce content almost instantly, that at a glance can appear indiscernible from non-AI generated content. 

In legal contexts, this means that laypeople can now leverage AI to research and compose basic documents that previously would have required a solicitor. In effect, AI is enabling access to legal drafting by providing virtual assistance in structuring arguments, applying statutory language, and suggesting template wording, removing the need for legal oversight.

Rising public trust in AI generated legal documents

Recent studies show that laypeople are not only able, but are willing, to trust AI with their legal enquiries. As published in The Conversation, it was found that when non-experts were presented with legal advice of unknown origin, they were more willing to rely on advice from ChatGPT than from a human lawyer. Even when explicitly informed which advice came from AI and which from a lawyer, participants were equally willing to act on the AI-generated guidance.

Why? The study suggested that most participants struggled to reliably tell AI and human answers apart. These findings indicate a rising public deference in AI produced legal information. This may be due to perceptions of AI as objective and unbiased, or simply that individuals value its quick-witted responses. In any case, the impact is clear: as generative AI improves and its use spreads, we should expect laypeople’s confidence in AI-crafted legal requests to continue growing.

DSARs and FOI requests in UK law

Under UK law, individuals have important rights to request information:

• Data Subject Access Request (DSAR): Under the UK GDPR (as adopted in the Data Protection Act 2018), anyone has the right to access their personal data held by an organisation. The ICO explains that the 'right of access (commonly referred to as a subject access request)' lets individuals obtain a copy of their personal data and supplementary information (why it’s used, etc.). Organisations must ensure full compliance unless a specific exemption applies.
• Freedom of Information (FOI) requests: The Freedom of Information Act 2000 gives everyone (UK or foreign, individuals or organisations) the right to request recorded information from public authorities. FOI requests must be made in writing (email or letter) and clearly describe the information sought. Public bodies must either provide the information or explain why it is withheld. 

AI empowering drafting of DSAR/FOI requests

Generative AI tools now allow laypeople a virtual 'legal assistant' to draft and refine their information requests. By prompting ChatGPT for instance, an individual can quickly obtain:

• Legal research and advice: ChatGPT can summarise the law on DSARs or FOI requests and advise what should be included in the request, it does so by assisting with the specification of the request to ensure it is framed correctly. AI can further generate the necessary information into templates such as a formal letter or email in a matter of minutes.
• Legalistic language: LLMs tend to mimic legalistic and complex language. They often produce requests that are well-structured and professional, which may surpass what a layperson could produce without its input. This reduces the barrier of phrasing a request correctly, and in turn allows for a review to be considered by the tone under which it was drafted.

In practice, this means any smartphone user or individual with internet access can ask an AI: “Help me write a Subject Access Request to my employer,” or “Draft a Freedom of Information request to the council for all emails about X from 2020,” and receive a near-complete draft. As AI expert Andrew Perlman noted, ChatGPT’s ability to “absorb an enormous amount of information and then create new, original content” means we can now draft sophisticated documents in moments.  

Implications for clients

These trends have wider implications for data controllers and public bodies:

• Increased volume of requests: AI lowers the effort of making requests, so more individuals may submit DSARs and FOI requests. This is already evident: UK statistics show FOI requests and DSAR’s following an upwards trend. As such corporate legal teams should anticipate higher caseloads.
• Disguised requests: AI-generated requests will often be written in formal legal style. The substance may be more precise, which can make it increasingly difficult for organisations to spot requests with little basis – they may appear initially legitimate.
• AI-generated bulk requests: There is a risk that disgruntled individuals may utilise use AI to generate multiple similar requests or to fan any dissatisfaction. the quantity could strain resources. Organisations should watch for patterns of repeated or template-based requests.
• Requests with legal traps: we have seen requests that seek to pre-empt the application of exemptions or advance legal arguments for how requests should be treated in order to put pressure on the controller/public sector body to release certain information, or to support a forthcoming complaint to the ICO or legal claim based on non-compliance. 

Data Protection Officers (DPOs) and information governance teams should identify these requests at an early stage, flag any potential legal traps and consider possible exemptions. For example, the ICO’s guidance is clear that organisations can refuse or ignore requests that are “manifestly unfounded” or “manifestly excessive”. For example, if a DSAR is clearly sent with no genuine intent to claim rights, or is one of many near-identical requests, it may be refused. 

Similarly, FOI legislation allows refusal on grounds of cost or vexatiousness. The ICO has specific guidance on refusals and assistance. For DSARs, see their 'When can we refuse to comply a request?' guidance. 

For FOI requests, the ICO’s section on vexatious requests and their detailed guidance (section 14) outline how to assess abuse of process. 

Conclusion

AI is rapidly reshaping how the public accesses and interacts with legal information. Tools like ChatGPT make it much easier to research legal rights and draft formal requests under DSAR or FOI rules to get access to information. 

As AI opens the door to greater legal accessibility, organisations must adapt too. Awareness of these tools is critical, as is investing in robust response strategies, which incorporates AI literacy to manage the risks created by AI generated requests.

Our data protection team can help by providing training on how to best handle DSAR/FOI requests in the age of AI, and assist in updating any applicable internal policies. Please don’t hesitate to contact us with any questions about this article or the implementation and use of AI generally.