Is a public authority allowed to question why you want information? FOI Man investigates.
It’s a standard mantra that we’ve all got used to trotting out, both within and outside of public authorities. All FOI requests should be dealt with irrespective of who has sent them and why they want the information. But just what is this based on?
The truth is that there is no directly stated requirement of this kind in the Act. As the Information Commissioner’s guidance states:
“There is no specific reference in the FOIA or the EIR to the principle that the identity of the requester should be ignored, but it is the absence of references in the legislation to the identity of the applicant from which the general principle is drawn.”
The same goes for the reason as to why the request is made (although the European Directive on which the EIR is based does say that applicants shouldn’t have to declare an interest). It’s really just that it is a practical inference from the way the legislation is drafted that as the authority is under an obligation to disclose requested information to anyone who asks, it shouldn’t matter who they are or why they are asking.
So if an authority does ask you why you are making a request, they’re not strictly contravening the Act. It is pretty broadly accepted that it is bad practice though. The Commissioner and anyone else looking at an appeal further down the line would undoubtedly take an adverse view of such questioning unless it could be justified. Which is probably why the s.45 Code of Practice says:
“Care should be taken not to give the applicant the impression that he or she is obliged to disclose the nature of his or her interest as a precondition to exercising the rights of access, or that he or she will be treated differently if he or she does (or does not).”
Having said that, it would be well worth you having a chat with an FOI Officer/member of an authority’s staff who does ask you why. It may well be that they are trying to (albeit clumsily) provide advice and assistance by establishing what you really want to know. It could be that your request hasn’t been clear enough, or that they think you’re asking the wrong question and want to point you in the right direction. But I’ve always trained staff to try to avoid the ‘why’ question because of the potential for misunderstanding.
So in summary, it’s a bad idea for authorities to ask you why you’re making a request, even though it isn’t directly prohibited by the Act (or the EIR). Thanks to Ross Pollard (@ishbroken on Twitter) for asking the question.
There is a slight contradiction to this in the ICO’s guidance on Section 14.1 (vexatious requests) http://www.ico.gov.uk/foikb/FOIPolicyVexatiousrequests.htm , where a “serious purpose” for the request is required to be demonstrated in order to help tip the balance in favour of the applicant…
Yes, there are exceptions – s.14 is one. The recent Tribunal decision on EIR suggested that motive might be relevant in deciding whether FOI or EIR apply in some cases (see today’s post on the Panopticon blog). And it has been suggested in the past (notably by Chris Pounder of Amberhawk) that it may be relevant in consideration of requests for personal data. But generally speaking authorities are supposed to remain purpose-blind. Anyone know of any other exceptions?
As a frequent requester, I don’t object at all to being asked this where the intention is to be helpful. It’s much better to have a practical discussion of the options than for everyone’s time to be wasted by a request that is badly phrased through ignorance. FOI officers and requesters both benefit when they talk sensibly to each other about requests rather than employing a purely formal and legalistic approach.
Is it possible for a proxy to make requests on behalf of a.n. other, who can’t do it themselves for whatever reason?
And if so, would this avoid any sanction (however unlikely) against the original requester? Would any motive be transferred to the agent?
I’ve looked through the Act but can’t find anything on this. Maybe I’ve missed it.
“So in summary, it’s a bad idea for authorities to ask you why you’re making a request, even though it isn’t directly prohibited by the Act (or the EIR). ”
Agree, but – Public sector jargon can be a nightmare for *us* – and we work here! – so we have every sympathy with requesters who confuse terms or use “old”/obsolete references or ask for information relating to organisations that no longer exist. So, if we pick up the phone or e-mail trying to understand your requirements, please don’t automatically assume we’re doing this to stall you. The reason will almost certainly be exactly as stated earlier in FOIman’s piece, and confirmed by Martin’s experience: we’re just trying to clarify exactly what you want and sometimes, the motive for the request *is* relevant.
I think it’s a shame that ‘repeated’ and ‘vexatious’ fall into the same category – I’ve used S14 occasionally to deny a *repeated* request from the same person – and have enclosed the previous recent response(s) with the exemption notice. No controversy there. ‘Vexatious’ is very different and unless there is something obviously wrong with the request itself (e.g. abusive language), application needs far more careful consideration.
ICO decisions that I’ve seen related to S14 show that most cases appear to be requests that fall into one or more of categories 2, 3 and 4 of the ICO guidance (designed to disrupt; have the effect of harassment; can be fairly categorised as obsessive/unreasonable). In these cases, there often appears to be a ‘history’ between the applicant and authority which does not just relate to FOI, but other communications with other authority staff/departments (e.g. complaints), and over a significant period of time (or a high volume of communication in a shorter time).
Any request that fell *only* into category 1 (burden of expense/distraction) would, under normal circumstances, surely more appropriately be exempted under Section 12 (cost of compliance).
Alex has picked on the ‘serious purpose or value’ – I suspect it is highly unlikely that a public authority’s case which rested on this alone would succeed, particularly given some of the bizarre requests we have answered (remember the round robin “how many hauntings in the last 10 years” anyone?)
In practice, we don’t have the resources to check identities of every FOI requester (NB rules for subject access – personal information – requests are different, ID is always verified, particularly if the request is for someone else’s information, e.g. a parent for a child). ICO also expects us to take a sensible view on this – guidance somewhere on the site, can’t find it off-hand, effectively says that if an FOI request itself is reasonable, just answer it. Anyone could set up a free e-mail account under any name and request information under FOI using that account: the public authority would have no real way of checking whether “Joe Bloggs” is the applicant’s real name and 99.999(recurring)% of the time, it doesn’t matter.
So the short answer to your question is yes. However, it is important to note that the Information Commissioner’s Office will not consider a requester’s appeal against any exemptions applied to the response if they do not disclose their real identity.
I presume by “sanction”, you mean exemption. In the vast majority of cases, exemptions should be applied to information itself – the identity of the requester should be irrelevant. If the public authority has good reason to believe that similar requests from different applicants are actually from the same individual, or are from a related group of individuals (e.g. campaigning against a local service being closed), then it might consider applying Section 14 (repeated/vexatious requests). Obviously, there would have to be some ‘history’ of communications related to the topic for the authority to be able to identify this.
There are some other grounds.
In considering the extent to which FOIA s40(2) applies, or more to the point whether schedule 2 paragraph 6 DPA applied, the extent to which the disclosure was ‘necessary in the legitimate interests’ etc was considered.
The case of Roberts considered the reasons as to why information was being requested and whether the social need for the information outweighed the individual’s privacy. The evaluation for the social need could only be carried out by knowing what the information was required for (academic research).
In this case there was effectively a public interest test carried out on whether the disclosure of an individual’s personal data was overridden by an individual’s interest in the meta data of the record for academic purposes.
“[…] although the motive behind any particular request is not relevant, we do have to take account of the Appellant’s proposed research when considering, in particular, the legitimate expectations of the relevant data subjects and (for the purpose of paragraph 6 (1) of Schedule 2) the interest intended to be served.”
From the first decision, “The public interest in favour of disclosure was said by Professor Roberts to lie in the research work which the requested information would enable him to carry out and thereafter to publish for the benefit of the public generally. … having carefully considered what he has said about the value of metadata in research in the area of organisation-environment relationships, and having read an earlier research paper he provided to us, we have to say that, with great respect to Professor Roberts, we were not convinced that it would be of such value in terms of the public interest as to outweigh the factors in favour of maintaining the exemption, as summarised”
“For the reasons set out in the First Decision we do not regard the outcome of the research under consideration here to be so valuable as to convince us that such a need for disclosure exists.”
So knowing ‘why’ is sometimes necessary
Of course this is specific to this exemption but nonetheless…….. 🙂