Freedom of Information

The Upper Tribunal (Administrative Appeals Chamber) in IC v Miller [2018] UKUT 229 (AAC) has rejected an appeal brought by the Information Commissioner (IC), which was in relation to a First-Tier Tribunal (FTT) decision finding that “small data” (i.e., data concerning five or fewer individuals or households) was not exempt from disclosure under the Freedom of Information Act 2000 (FOIA).

The FTT decision

A request for disclosure under FOIA was made to the Ministry of Housing, Communities and Local Government (MHCLG) (then named Department for Communities and Local Government (DCLG)). The request for information concerned data held by local authorities with regards to homelessness between 2009 and 2012, which had not been published by the MHCLG. The MHCLG refused to disclose the data.

The matter went to the FTT, which found that the small data did not constitute “personal data”, as defined by section 1(1) of the DPA 1998, and it was not exempt from disclosure under section 40(2) of FOIA.

The IC appealed the FTT’s decision on various grounds, including that in relation to small data, the information was exempt from disclosure under section 40(2) of FOIA.Continue Reading Upper Tribunal says “small data” is not exempt under FOIA

On 18 July 2015, the Re-use of Public Sector Information Regulations 2015 (SI 2015/1415) (‘the New Regulations’) came into force, replacing the 2005 Regulations of the same name (SI 2005/1515).

The New Regulations permit individuals and businesses to apply to public authorities to re‑use public sector information (‘PSI’) that was previously generated for a different purpose. As the New Regulations implement a 2013 Directive (2013/37/EU), EU Member States have had two years in which to prepare for this change.

Among its provisions, the New Regulations:

  • Impose a general duty on public sector organisations to permit re-use and provide guidelines as to how re-use requests should be treated, charged for, and responded to, thus making it easier for PSI to be re-used
  • Introduce shorter time limits (20 working days) for public bodies to respond to requests
  • Expand the reach of the rules to include libraries, museums and archives
  • Allow public sector organisations to introduce conditions on re-use where they feel it is appropriate to do so, such as administration costs. Organisations will, however, still be prevented from imposing conditions which discriminate between applicants who seek re-use for comparable purposes.
  • Amend the Freedom of Information Act 2000 (‘FOIA’) when dealing with requests for specific information in certain datasets. As a result, re-use of those datasets will be subject to the New Regulations, rather than the FOIA.

Continue Reading Re-use of Public Sector Information Regulations 2015 finally in force

This post was written by Nick Tyler.

The Information Commissioner’s Office (ICO), the UK’s data protection and freedom of information regulator, has launched a high level “Information Rights Strategy”.

In it, the ICO identifies the following priority areas: Internet and mobile services; health; credit and finance; criminal justice; and information security.

The ICO will

This post was written by Nick Tyler.

In a case involving the “extraordinary rendition and related issues” of individuals detained or captured by UK soldiers in Iraq and Afghanistan, the Upper Tribunal (Administrative Appeals Chamber) has taken what many will view as a practical and realistic approach to when personal data can be anonymised effectively and thereby fall outside the scope of the UK Data Protection Act 1998 (DPA), so enabling disclosure without constraint.

The Tribunal dismissed the concerns of both the data controller, the Ministry of Defence (MoD) and the UK’s data protection regulator, the Information Commissioner, about the extent to which the information requested could be appropriately redacted to ensure anonymisation while the MoD continued to hold the original source personal data, including identifying information.

The long-held view among European data protection regulators has been that anonymisation cannot be achieved unless the key to identification – almost always held by a data controller – is permanently destroyed. This ruling challenges that prevailing view.

The Tribunal took the view that careful redaction of the key information that would enable identification of any individual, can mean that data is not personal data and so falls outside the scope of the DPA.Continue Reading Plain Vanilla or Rocky Road? – UK Tribunal ruling on release of anonymised data sure to court controversy

This post was also written Nick Tyler.

Now that the UK Coalition Government has published its Protection of Freedoms Bill (the Bill) the big question is whether the proposed changes will achieve their objective “to restore the rights of individuals in the face of encroaching state power, in keeping with Britain’s tradition of freedom and fairness”.

Key aspects of the Bill will impact data protection and freedom of information:Continue Reading ‘Protection of Freedoms Bill’ published – will ‘common sense’ prevail?

This post was also written by Nick Tyler.

Last week the UK Government announced a package of measures focused on extending the scope of the Freedom of Information Act (FOIA) and strengthening the independence of the UK’s data protection and freedom of information regulator, the Information Commissioner’s Office (ICO).

The anticipated Freedom Bill (to