The defeat of the Mysterious Veto?

FOIMan thinks it may be too soon to start celebrating yesterday’s ruling by the Court of Appeal that Prince Charles’ letters to Ministers should be disclosed, but argues that interpretation of European law may yet prove crucial in this case and for others.

An examination of s.53

FOIMan examines the offending section of FOIA

Yesterday’s judgment by the Court of Appeal, apparently overturning the use of the section 53 veto for the first time, was immediately welcomed by FOI campaigners, supporters and of course, journalists. And it is a victory – for now – for Rob Evans of the Guardian who has pursued the disclosure of letters from Prince Charles to Government ministers for 9 years.

Personally I would be very happy if this decision stuck. The ability of Ministers to overturn the considered decisions of the Information Commissioner, information tribunals, and ultimately the courts, is in my view as well as the Lord Chief Justice’s “a constitutional aberration” (para 2). But…I can’t help feeling that this decision is not the end of the road on this case.

Firstly, that’s a matter of fact. The Attorney General has been granted leave to appeal to the Supreme Court. And he’s already indicated that he intends to.

Secondly, as Jon Baines has already pointed out, the decision in relation to FOI seems at odds with the intention of Parliament. The reason for the veto was to allow ministers to overturn FOI decisions that they didn’t like. That was why the government of the day proposed the veto, and that was what Parliament voted for. That in the end was what Charles’ own mum gave assent to. The Master of the Rolls says that s.53 is “a remarkable provision”,

“because it seriously undermines the efficacy of the rights of appeal accorded by sections 57 and 58 of the FOIA.” (para. 39)

To which the answer is, well, yes, that was the point. Jack Straw, the Home Secretary who was responsible for taking FOIA through Parliament, told the Justice Select Committee (para 169) two years ago:

“Without the veto, we would have dropped the Bill. We had to have some backstop to protect Government.”

In its report at the conclusion of the post-legislative scrutiny, the Committee appeared to fully support the use of the veto in this way, and indeed suggested that its use ought not to be considered “exceptional”.

So my hunch – and I hope I’m wrong – is that the decision in relation to FOI will be overturned by the Supreme Court. Even if it isn’t, I could easily see an amendment to FOIA being passed with little opposition whatever party is in power to plug the gap. Celebrations of the death of the FOIA veto are likely to be short-lived.

However, I don’t think it’s all doom and gloom from this end of the bar. The Court of Appeal also ruled that the application of the veto to environmental information was unlawful. That seems to me a much stronger argument. The Environmental Information Regulations 2004 (EIR) are the UK government’s implementation of a European Union Directive. Article 6 of the Directive requires that:

“Member States shall ensure that an applicant has access to a review procedure before a court of law or another independent and impartial body established by law, in which the acts or omissions of the public authority concerned can be reviewed and whose decisions may become final…”

It is hard to see how the veto is compatible with that. And there would be little the government could do to change the law, short of leaving Europe altogether (which of course is possible but not in the immediate future).

The implications of that are several. First, many of Prince Charles’ letters apparently related to environmental issues, so if the Supreme Court quashes the Court of Appeal’s ruling on the FOI veto but upholds the ruling on EIR, then there may still be a significant disclosure of correspondence in this case. Second, there will be implications for another veto decision. Only at the end of January, the Transport Secretary vetoed the disclosure of a report on HS2. The report was viewed to constitute environmental information, so it is likely that if the Supreme Court upholds the Court of Appeal’s position on the veto and EIR, then that decision will be viewed as unlawful as well. Thirdly, it reinforces the already strong impression that EIR can be more effective at achieving disclosure than FOI (though of course this is only useful if you want to access environmental information – but that’s an increasingly broad spectrum of information thanks to case law).

Even in respect of my primary argument above, there is hope if the Supreme Court agrees that the veto is incompatible with European law. It was successfully argued in the Court of Appeal (paras 74-80) that the Attorney General had failed to consider in his certificate how the public interest in disclosure of non-environmental information would be affected if the environmental information had to be disclosed. If the Supreme Court does order the disclosure of the environmental information, it may therefore decide that the Attorney General’s veto certificate is flawed more generally – and rule that the rest of the letters must be disclosed as a result.

We’ll have to wait and see what the Supreme Court decides, so we have yet to hear the fat lady finish her scales let alone receive the rapturous applause of a satisfied audience. And as this particular battle for correspondence has so far taken 9 years, it appears a somewhat extreme example of the point I made in my last post. Getting access to correspondence is unlikely to be an easy – or quick – exercise.

Avoid using the C word

FOIMan explains why those requesting information under FOI should think twice before asking for correspondence.

FOIMan logo in stop position

Stop and think before asking for correspondence

When I was an FOI Officer there was one word in a request that would make my heart sink. That word was “correspondence”.

It wasn’t that I had any problem with individuals asking for it in principle. The Freedom of Information Act means that anyone can ask for whatever they want, and I’ve always been supportive of that. It was just that I knew that more often than not, a request for correspondence would result in internal grief, and a disappointed requester. Let me explain.

There are several reasons why requests for correspondence are inherently difficult. Firstly, just think about your domestic correspondence. Nowadays that includes letters that you might send and receive through the post as well as email you send and receive using any of your email accounts (and many of us have several). It might also include messages you send and receive via Facebook or other social media sites. It’s not simply a matter of checking your filing cabinet (if indeed you are organised enough to file your letters at home). There are lots of places that your correspondence is stored.

Now multiply that by the number of people in the public sector body you are interested in. Hopefully – but not necessarily – they will have record keeping policies that require emails, letters and so on to be filed in certain places. Maybe even most members of staff follow the policies. Even then that’s a lot of places to look. But if records management isn’t a priority for the organisation or its staff (there is, after all, very little in the way of legal requirement to improve record keeping), there will be even more to do.

Remember that contrary to popular perception, the FOI Officer does not have a big red friendly button that allows them to search all the email accounts and files of everyone in their organisation. They are usually reliant on the individuals themselves conducting a search of their email account. And of course any private email accounts that they have used for corporate business. The FOI Officer has to trust the individual to conduct that search thoroughly (and that they have the technical skills to be able to extract all relevant emails, which isn’t necessarily always the case). On more than one occasion it transpired that for whatever reason, only a small proportion of the information was provided to me at the first attempt.

Then there’s the fact that it is human nature to consider correspondence “personal”. In my experience, the most awkward discussions with colleagues about FOI related to requests for correspondence. Allegedly government ministers and their advisers will go a long way to try to avoid their correspondence being accessible through FOI (and Government departments will fight tooth and nail to defend their right to do so), and they are not alone. Most of the time there is very little to hide in the correspondence itself, they just feel uncomfortable. But there are also the times when they forgot themselves and wrote something embarrassing. “There is no exemption for embarrassment” is an oft-quoted mantra, but it doesn’t stop beleaguered politicians and officials wanting to create one. Which makes for some very long drawn-out conversations between them and the organisation’s FOI Officer.

For all of the above reasons, the chances of an FOI request for correspondence – unless very well defined – resulting in information being disclosed within 20 working days are considerably less in my experience than with requests for other information. The likelihood is that you will achieve one of the three following outcomes:

  • the request will be refused on the grounds that it exceeds the appropriate limit – i.e. it will cost too much/take too much time
  • the request will be refused on other grounds, perhaps under the policy formulation or effective conduct of public affairs exemption
  • the information will be supplied, but in all likelihood after the 20 working day deadline.

Of course, with any of these, you have the right to complain. Not answering within the statutory deadline is a breach of the legislation, for example. And maybe the Information Commissioner will give the authority a slap across the knuckles. But the effect will be the same. You won’t get any information very quickly if at all.

So what am I saying? That FOI has limited use in accessing correspondence? That there’s a de facto exemption for correspondence? No. But I do think that requesters have to box clever if they want to get to useful information. Here are some tips if you are thinking about making a request for correspondence:

  • think about whether you need correspondence to get the information you’re after – it may be possible to just ask the public authority what they have done rather than trawling through emails and letters to work it out for yourself.
  • do some research first. Work out which department or individual is most likely to hold the information.
  • using your research, be as specific as possible. The most effective way to use FOI in relation to correspondence is when you know a particular email or letter exists so you can ask for it. The least effective is to ask for all correspondence on a particular subject in the last 5 years.
  • often with FOI, the key is to see it as a long game. Maybe you make one or two FOI requests for other information first to establish a sequence of events and then ask for specific transactions that you know must have taken place to back your findings.
  • avoid requiring the public authority’s employees to interpret your request. If you ask the authority to provide “all correspondence on the funding of the new leisure facility”, not only are you asking someone who may well not be sympathetic to your aims to decide what counts as “funding” or “the new leisure facility”, but you are also asking them to read through every piece of correspondence to establish which emails or letters fall into their personal definition.

In sum, avoid the C word unless it is absolutely necessary. And if you must use it, do so with precision.

FOIMan provides a commercial service for journalists, campaigners and others to help them fine tune FOI requests and avoid wasting time with badly phrased requests. Contact me if you’d like a quote

Wanting to get data sharing right is not time-wasting

FOIMan is concerned that legitimate questions and concerns about data sharing are too often dismissed by those in a rush to exploit big data. And explains that this is nothing new.

Ambulances at A&E

Ambulances outside A&E

Years ago I worked for a hospital NHS Trust. Soon after I started, I was invited to a meeting with local police, council officers, a representative from the Department of Health and a manager from our own A&E department. The meeting was to discuss sharing A&E data with the police and local council.

This was part of a national programme sponsored by the Home Office. Academic research had found that where police had access to certain A&E data, crime – and particularly violent crime – dropped as they could target hotspots. A&E admissions also dropped. So win-win. The Home Office was obviously very interested in this and was pushing for all hospitals with an A&E department to share data in this way.

I was new to the job, and to data sharing, so I needed to know a few things. One of the key questions any DP Officer worth their salt needs to know in this situation is what legal power they have to share the data. So I asked, and nobody knew (which was interesting in itself, given this was supposedly a national project). They said they’d ask the doctor who’d done the original research to contact me and let me know.

So one afternoon I received a call from him. Initially he was very pleasant but he didn’t actually tell me what I needed to know. When I pushed him on this, his response was to angrily tell me that people were dying because I was delaying the project.

Eventually (and with no thanks to the researcher or the Home Office) I reached agreement with the community team. We would share some of the data they wanted (but not all), and the agreement stated that the police were not allowed to put the data together with their own to enable reidentification of individuals who may have been in contact with both organisations.

There seems to be an attitude from NHS England at the moment that is reminiscent of this episode. Reasonable questions about safeguards are being dismissed. Rational concerns about privacy are portrayed as preventing progress. I’m not someone who is blind to the benefits of care.data or other big data projects. But I want them to be handled properly and to have confidence in those looking after the data.

When concerns like these are dismissed as time-wasting or a failure to understand, it bothers me. And I suspect it bothers lots of other people too, whatever their views on the benefits of the individual project. It feels high-handed, as though the medical establishment doesn’t really care about the views or privacy of the public as long as they get their precious data. I’m sure that isn’t the case, but a continued failure to acknowledge legitimate concerns allows this impression to grow.

Photograph by D-G-Seamon [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Wikimedia Commons

CP and DP

FOIMan finds DP being breached in his own backyard.

Back in 1936, the Crystal Palace, originally built for the Great Exhibition in 1851, and later moved to parkland to the south-east of London, burnt down. It had been in decline for many years, so there was no rush to rebuild it. Indeed, nearly 80 years on, its site still stands bare, save for a few sphinx, crumbling steps and headless statues.

A sphinx in Crystal Palace Park

Plans to rebuild the Crystal Palace have kicked up a sphinx

One of the reasons that it has remained that way is that local residents kind of like it. There is a romantic air about the site, and the lack of a central attraction means that its surrounding parkland is a nice place for a quiet stroll, occasionally interrupted by a dinosaur. It’s our little secret.

So there are a few raised eyebrows in this suburb of south London at Boris Johnson’s excited pronouncement last year that a Chinese investor, Zhong Rong International (Group) Ltd,  wants to rebuild the Crystal Palace. And keen to drum up community support the consultants coordinating the project, Arup, have arranged a series of drop-in sessions where locals can ask questions and complete a questionnaire about their views on what should be built (or indeed whether anything should be built at all).

Mrs FOIMan and I are sceptical about the plans so we decided to pop along to today’s session. The first thing we were asked to do was to add our name, address and email address to a sheet by the door. Mrs F, on the ball as ever, asked why they were collecting the information. The slightly flustered looking lady on the door answered:

“It’s just so we can write to you with updates, that sort of thing.”

Needless to say there was nothing on the sheet to explain this and it wasn’t volunteered. The lady at the door just asked each person who arrived to fill in their details as though it was a requirement of entry.

After we’d chatted to the staff from the Greater London Authority (Boris’s HQ, and my former employer) and Bromley Council we dutifully completed our questionnaires. Before asking about the plans, it asked for some personal information. It explained this time that we didn’t have to give this, but that it would be used to contact us with updates on the plans. Which is fair enough. Except that apparently they needed our gender, ethnicity, and age group to contact us.

Now if you’re trying to reassure a sceptical public of your plans, collecting their details unfairly (ie without telling them what you’re going to do with it) and breaching at least two data protection principles in the process (1 and 3 as you ask) probably isn’t the best way to do it. As more high profile projects have found, this kind of thing can come back to bite you. And it doesn’t exactly smack of a professional, well-run operation.

We completed it anyway (apart from the data that they had failed to justify) and left. On the way out Mrs F turned to me and said “Damn, I wish I’d made a copy of my questionnaire”.

I considered this and replied helpfully:

“Well you could always make a subject access request…or at least you could have done if they’d told us who the data controller was.”

Sigh.

If you want to know how to collect personal information fairly, why not book on my Practical DP course through Act Now Training?

Care:crash

IMG_0337FOIMan despairs of the way the care:data project is being handled.

Care:data has literally kept me awake at night. Six months ago I wrote a piece which referenced care:data as an example of what I perceived to be a knee jerk reaction to any proposal to share personal data. That was a mistake. But that’s only part of the reason for my angst.

I still think that data protection practitioners need to be careful not to be known as “Doctor No”. I do worry that often, through a polarisation of views on these issues, there is a risk that “the baby is thrown out with the bathwater” in projects that involve personal data processing. And I also worry that because of the polarisation that happens, the debate – or argument, as too often it can be categorised – becomes bitter and often personal.

I have been concerned, and remain concerned, that it has been impossible for patients, practitioners and others to get to the bottom of what is happening with care:data. This is not just because of the failings of NHS England, who of course bear the primary responsibility for the problems that have emerged. But I have also felt uneasy about the information coming from opponents of care:data which has been one-sided, often verging on propaganda (for example, posters for GPs to place in their surgeries explaining only why patients should opt out are not really “informing patients” in my view). I also question whether activity that verges on trolling of NHS representatives on Twitter and elsewhere is the best way to make the case for privacy. These activities have alienated me, and perhaps many others who might have been persuaded by a more balanced approach (though I was pleasantly surprised to find that Phil Booth of MedConfidential and Nick Pickles of Big Brother Watch came over as measured during today’s committee hearing, and didn’t respond to the bait laid by some MPs asking them if they were insisting that care:data be made “opt-in” only).

But the truth is that just from watching this afternoon’s Health Select Committee session on care:data, it is clear to see that there are major problems with the project. They go way beyond communication – though that has been lamentable (no, I didn’t get the leaflet either). The witnesses from NHS England and the Health and Social Care Information Centre in particular were very poor. It was not unexpected that the MPs would want to ask about the disclosure to the Actuaries society reported in the Telegraph. So why wasn’t Max Jones of HSCIC better briefed beforehand? It is simply incredible to claim not to have any information on it because it happened when the organisation was in a previous form. There was time to establish the facts before the hearing. Tim Kelsey and Daniel Poulter appear to be in denial about problems, and despite promising to listen seem to have wax in their ears. “I don’t trust the performances I’ve seen here today” said one MP and I’m with her on that.

Agonising is the appropriate word to describe my attempts to make sense of care:data, so God help patients who haven’t been reading about it. Today’s committee wouldn’t have helped, with both MPs and witnesses appearing confused. Even the Information Commissioner’s Office has given conflicting statements on the project (within 48 hours they went from being satisfied with the communication of the project to dissatisfied, somewhat incredibly). My gut instinct is that I want my data to be used for medical research for the reasons articulated by Ben Goldacre in his brilliant article for The Guardian at the weekend. But unless NHS England, HSCIC and the Department of Health get their acts together, even I’ll be wanting to opt out. And that’s if it doesn’t get axed, which based on today’s performance is increasingly likely. It could well lead to this baby being pitched right out on its ear.