Archive for Comment

Don’t Google your requesters

FOIMan explains that searching for FOI requesters is not a great idea – and is ethically (and legally) dubious.

This blog originally aimed to give the practitioner’s view of FOI. Far too often, the important role of FOI officers and public officials in making FOI work has been ignored. So an increasing interest in how FOI really works behind the scenes is to be celebrated.

We’ve seen it in two recent reports on FOI in local authorities. The first from MySociety looked at FOI in local government across the UK. The second, from the Campaign for FOI, focussed on how London boroughs managed their FOI obligations. Interestingly, the findings of the two reports on practices in local councils are broadly in line with my own research which you can read about in the free chapter from The Freedom of Information Officer’s Handbook that I wrote about in my last post.

The Campaign for FOI’s research commented on the London Borough of Lambeth’s practices, and I was reminded of this when my attention was drawn last week to a post by a local blogger who had obtained Lambeth’s internal staff guidance for handling FOI requests. The News from Crystal Palace blog published the guidance pretty much in full, highlighting a number of practices which they felt were of concern.

Having read through it, much of the guidance is pretty standard stuff, and in fact I would go as far as to suggest that there is some very good practice in Lambeth. For example, strict timelines and service standards are a good way to ensure that requests are answered within statutory deadlines.

One particular section is of concern, however. Staff allocated a request are told:

‘You may want to consider all or some of the following when you are assessing a request:

  • Google the requester to understand who is making the request, why and assess the likely impact to the council (e.g. political, media, legal, commercial, personal data).
  • Review previous requests from the requester in iCasework.’

No. I can, at a pinch, understand the human instinct of curiosity that might lead an uninformed member of staff to use a search engine to find out about a requester. But FOI officers should be discouraging this practice, and certainly not making it official policy.

I know all the excuses. Often it is linked to a policy whereby an authority’s Press Office is informed when a journalist makes a request. In principle I don’t have a problem with that, as long as public authorities are open about the fact that they do it. The problem is that some journalists, perhaps suspicious that they will be treated differently, don’t identify themselves as such. The Act doesn’t require them to do so. The argument goes that therefore every requester has to be googled in order to identify the very small percentage of requesters that are unidentified journalists.

I’m going to suggest that this is flawed logic. Firstly, since most public authorities, and certainly councils, are suffering the effects of cuts to their budgets, why are they encouraging staff to waste precious staff time on the off-chance that someone might be a journalist? Even if they are, it shouldn’t make any difference to the outcome of the request, so surely this is a complete waste of time?

Secondly, how does the council know that someone who isn’t a journalist in the formal sense won’t blog or Tweet about disclosed information? Or pass it to a journalist for that matter? Given this, the fact that one or two journalists might not be picked up doesn’t seem that important.

Thirdly, whilst I recognise that Press Officers have a job to do, I don’t see why they necessarily need to know who is making a request. The sensitivity of a request surely ought to be judged on the subject matter, irrespective of who has made it. Lambeth apparently circulate a list of requests to their Press Office and the Leader’s Office. If this just describes the subject matter of the request this should normally be enough for them to identify where they might need to be prepared for controversy (which really should be the limit of their involvement following an FOI request).

There will be a director of public relations somewhere barking “well, why shouldn’t we?”, so here are a few points in answer to that question.

  • what’s your lawful basis? An individual’s FOI request, their identity, biographical information about them is personal data. You need a lawful basis to justify the handling of personal data – including searching for information about someone online. I presume you’ve completed a legitimate interest assessment and successfully justified how your need to know whether or not someone is a journalist outweighs the rights and freedoms of requesters? Even if you decide that you do have such a basis, are you otherwise complying with the requirements of the GDPR? Are you telling requesters that if they make a request it will result in the council looking them up online?
  • they can find out that you’re doing it. If the requester has a website, the most commonly used analytics tools will provide enough information to them so that they will spot unusual spikes in interest from your general location just after they made a request to you. There’s an example of this happening described in my book if you don’t believe me.
  • it’s creepy. Most comment on Twitter in response to revelations about Lambeth’s practice was to the effect that Lambeth were ‘spying’ on their residents. If a public authority is so concerned about its reputation that it employs Press Officers, shouldn’t it be just a little uncomfortable about gaining a public image associated with the fiction of George Orwell?

FOI is a right. Full stop. If people choose to exercise it, that is their business. If a public authority has good reason to believe that someone is misusing this right – perhaps harassing a member of staff, for instance – there are mechanisms for dealing with that. It is not usually necessary for a public authority to snoop on people to identify this kind of misuse.

Don’t google requesters. There’s usually no good reason, and it has the potential to do a lot of harm.

 

EIR charges curbed by ICO

FOIMan reports on a move by the Information Commissioner to clamp down on charges for environmental information.

Wind turbine in countrysideA new decision from the Information Commissioner moves the regulator’s position on charges under the Environmental Information Regulations (EIR) on from the policy announced in 2016. If the decision stands, it means that public authorities will not be able to charge for environmental information if they wouldn’t be able to charge for it under the Freedom of Information Act (FOIA).

In a decision issued to Folkestone and Hythe District Council the Commissioner  has ruled that a charge of £325 to access environmental information was not reasonable. In effect, the ICO’s decision sets out that it cannot be reasonable to charge for environmental information below the appropriate limit set out in the FOIA fees regulations. Although the fees regulations do not directly apply to EIR, the Commissioner’s view is that the appropriate limit (of £600 for central government and £450 for other public authorities) provides a useful starting point when considering charges under the regulations.

More generally, the ICO are keen to reduce inconsistencies in charging policies in relation to environmental information. In a blog post accompanying the decision, Gill Bull, the ICO’s Director of Freedom of Information states that authorities should avoid routinely charging for environmental information, and is unlikely to be sympathetic when charges are made for information falling beneath the appropriate limit. She links the decision to Parliament’s declaration of a ‘climate change emergency’, pointing out that it is more important than ever for people to be able to play a full and informed part in debate about the environment. This should not be hampered by financial barriers, she argues.

This decision emphasises the important relationship between access to information and the major issues that face society. The ICO will be updating their guidance later in the year to reflect this change in approach.

What we don’t know

FOIMan explains why some truths we cling to about the UK’s FOIA are not quite what they seem.

A few months ago I was delivering some FOI training to a local authority (always available at competitive rates, folks!). I was explaining how far council officers were expected to go when searching for information to answer an FOI request. In particular I stated that if it was known that information had been deleted but still potentially existed on a backup, the backup should be searched.

The council’s FOI officer cautiously picked me up on my assertion. They had, they told me, had a written statement from the Information Commissioner’s Office (ICO) that contradicted me. So surely I was wrong?

The truth is that despite what we are often led to believe, there are some aspects of FOI law that are not certain. The legal system has not yet settled on the ‘right’ answer. This is the case when it comes to debates about information held on backups and whether it is considered held. In the example above, neither I nor the ICO are technically wrong; but then strictly speaking we’re not right either. We’re both interpreting the existing law, and both interpretations are arguable.

This is because English law revolves around the concept of precedent. But precedent can only be set by courts that make a decision beyond a certain stage. In a recent Upper Tribunal decision (LO v Information Commissioner, [2019] UKUT 34 (AAC) (29 January 2019)), Judge Jacobs was critical of the Information Commissioner for treating decisions of the First-Tier Tribunal (FTT) as ‘authoritative statements of the law’. Strictly speaking, they’re not. When it comes to backups, we only have rulings of the FTT to go on, so there is no definitive answer yet on that issue. Interestingly, on this issue, the ICO choose not to accept the FTT’s approach without question in their guidance.

My latest piece for PDP’s Freedom of Information JournalWhat we don’t know (which you can access here) – looks at this issue in more depth – looking at the backups query, but also a couple of other questions which have not yet been answered definitively – perhaps surprisingly. You’ll see that there are disputes between the ICO, the FTT and the s.45 Code of Practice which will only be resolved if those matters reach the Upper Tribunal. It ends by asking what questions you may have about FOIA or the EIRs – as I’ve mentioned before, we’d like to answer some of your conundrums in a future issue of the Journal.

Are Housing Associations subject to EIR?

FOIMan highlights an FTT decision which provides the latest word on accessing information from housing associations.

Despite governments undertaking to examine the addition of housing associations to the Freedom of Information Act’s (FOIA’s) coverage, it has yet to happen. The Information Commissioner is the latest to call for this change.

There has been debate though as to whether Housing Associations are subject to the Environmental Information Regulations (EIRs). Generally the Information Commissioner has decided not, but last year she put the cat amongst the proverbial pigeons with a decision that an East London housing association was subject due to its ‘special powers’. Lynn Wyeth wrote an excellent piece in the Freedom of Information Journal in the Autumn comparing the Commissioner’s decisions on this issue and seeking to explain why the decision in relation to Poplar Housing and Regeneration Community Association (Poplar HARCA) was different. In summary: it’s complicated.

Well, the FTT has now decided that perhaps it isn’t complicated after all: they’ve upheld Poplar HARCA’s appeal and have concluded that it is not subject to the EIRs. In the course of the appeal, the Commissioner in fact suggested that she’d got it wrong in an earlier case (Richmond – FER0700353), which explained the variation. The FTT agreed that the Commissioner had got it wrong, but in their view it was the Poplar decision that was incorrect. 

As with a lot of disputes over the coverage of the EIRs in the last few years, the case revolved around the Fish Legal case that was referred to the European Court of Justice in 2014. That case examined the definition of public authority at regulation 2(2)(c) of the EIRs and the underlying Directive. It concluded that to ‘carry out functions of public administration’, a body had to have been ‘entrusted with the performance of services under a legal regime’; the services had to be of public interest; and it had to have been vested with ‘special powers’ in order to provide those services.

In the Poplar case, the FTT found that Fish Legal had defined ‘legal regime’ as meaning that there had to be a national law entrusting the body with the performance of those services. This was where the ICO’s case fell down: the FTT could not identify such a law. Without the ‘narrow’ definition of a legal regime set down in Fish Legal, the FTT would have taken a different view – but effectively its hands were tied.

For now then, private housing associations will not be subject to FOI nor the EIRs. Until the government either chooses to extend FOI and the EIRs to them, or inadvertently entrusts them with performance of services under another national law. Or until there is a successful appeal to the Upper Tribunal – whichever of these is sooner.

 

London councils: how good are they at FOI?

FOIMan highlights a new report from the Campaign for FOI on good practice – and whether London councils are meeting it.

The Campaign for FOI has conducted research into the way London local authorities meet their FOI obligations – and has found a mixed picture. They found that:

  • whilst some councils answered almost all requests within 20 working days in 2017-18, three quarters of them failed to meet the ICO’s expectation of 90% answered on time, and seven councils answered on time less than 70% of the time
  • some councils even ignored the ICO’s interventions
  • a third of councils did not publish FOI stats as of December 2018, and very few councils publish figures on refusals
  • four councils do not publish an email address that applicants can use to make requests, instead insisting that requests are submitted via a form, and half of councils do not publish a telephone number so that applicants can ask for advice
  • two-thirds of London councils do not have a disclosure log
  • some councils reported having no internal guidance on FOI, and only a handful published their guidance on their website
  • some council guidance contained errors such as suggesting that staff could charge applicants.

The report makes 14 recommendations including quarterly publication of statistics (which is in any case what is required now under the new s.45 code), that the ICO be clear with authorities that they could face enforcement action, that stats, internal guidance and disclosure logs be published, and that authorities be more helpful to applicants. The full report can be read via the Campaign for FOI’s website (and you may want to consider donating to the Campaign if you find the report interesting).

If you’re working for a council and struggling with FOI, you will find The Freedom of Information Officer’s Handbook addresses all of these issues. You can, of course, also get in touch for training and for help with revising FOI policies and procedures – if that’s of interest, drop me a line.