Archive for Uncategorized

New FOI Exemption becomes law

FOIMan reports on a new amendment to the UK Freedom of Information Act.

On Wednesday 14 May, the Intellectual Property Act 2014 received Royal Assent. Section 20 of the Act amends the Freedom of Information Act, introducing a new section 22A. This is the exemption lobbied for by Universities UK and others during the post-legislative scrutiny two years ago for unpublished research. The exemption covers “Information obtained in the course of, or derived from, a programme of research” whilst there is a continuing intention to publish. The new section can be found at http://www.legislation.gov.uk/ukpga/2014/18/section/20/enacted. It is expected that it will come into force in the Autumn.

The defeat of the Mysterious Veto?

FOIMan thinks it may be too soon to start celebrating yesterday’s ruling by the Court of Appeal that Prince Charles’ letters to Ministers should be disclosed, but argues that interpretation of European law may yet prove crucial in this case and for others.

An examination of s.53

FOIMan examines the offending section of FOIA

Yesterday’s judgment by the Court of Appeal, apparently overturning the use of the section 53 veto for the first time, was immediately welcomed by FOI campaigners, supporters and of course, journalists. And it is a victory – for now – for Rob Evans of the Guardian who has pursued the disclosure of letters from Prince Charles to Government ministers for 9 years.

Personally I would be very happy if this decision stuck. The ability of Ministers to overturn the considered decisions of the Information Commissioner, information tribunals, and ultimately the courts, is in my view as well as the Lord Chief Justice’s “a constitutional aberration” (para 2). But…I can’t help feeling that this decision is not the end of the road on this case.

Firstly, that’s a matter of fact. The Attorney General has been granted leave to appeal to the Supreme Court. And he’s already indicated that he intends to.

Secondly, as Jon Baines has already pointed out, the decision in relation to FOI seems at odds with the intention of Parliament. The reason for the veto was to allow ministers to overturn FOI decisions that they didn’t like. That was why the government of the day proposed the veto, and that was what Parliament voted for. That in the end was what Charles’ own mum gave assent to. The Master of the Rolls says that s.53 is “a remarkable provision”,

“because it seriously undermines the efficacy of the rights of appeal accorded by sections 57 and 58 of the FOIA.” (para. 39)

To which the answer is, well, yes, that was the point. Jack Straw, the Home Secretary who was responsible for taking FOIA through Parliament, told the Justice Select Committee (para 169) two years ago:

“Without the veto, we would have dropped the Bill. We had to have some backstop to protect Government.”

In its report at the conclusion of the post-legislative scrutiny, the Committee appeared to fully support the use of the veto in this way, and indeed suggested that its use ought not to be considered “exceptional”.

So my hunch – and I hope I’m wrong – is that the decision in relation to FOI will be overturned by the Supreme Court. Even if it isn’t, I could easily see an amendment to FOIA being passed with little opposition whatever party is in power to plug the gap. Celebrations of the death of the FOIA veto are likely to be short-lived.

However, I don’t think it’s all doom and gloom from this end of the bar. The Court of Appeal also ruled that the application of the veto to environmental information was unlawful. That seems to me a much stronger argument. The Environmental Information Regulations 2004 (EIR) are the UK government’s implementation of a European Union Directive. Article 6 of the Directive requires that:

“Member States shall ensure that an applicant has access to a review procedure before a court of law or another independent and impartial body established by law, in which the acts or omissions of the public authority concerned can be reviewed and whose decisions may become final…”

It is hard to see how the veto is compatible with that. And there would be little the government could do to change the law, short of leaving Europe altogether (which of course is possible but not in the immediate future).

The implications of that are several. First, many of Prince Charles’ letters apparently related to environmental issues, so if the Supreme Court quashes the Court of Appeal’s ruling on the FOI veto but upholds the ruling on EIR, then there may still be a significant disclosure of correspondence in this case. Second, there will be implications for another veto decision. Only at the end of January, the Transport Secretary vetoed the disclosure of a report on HS2. The report was viewed to constitute environmental information, so it is likely that if the Supreme Court upholds the Court of Appeal’s position on the veto and EIR, then that decision will be viewed as unlawful as well. Thirdly, it reinforces the already strong impression that EIR can be more effective at achieving disclosure than FOI (though of course this is only useful if you want to access environmental information – but that’s an increasingly broad spectrum of information thanks to case law).

Even in respect of my primary argument above, there is hope if the Supreme Court agrees that the veto is incompatible with European law. It was successfully argued in the Court of Appeal (paras 74-80) that the Attorney General had failed to consider in his certificate how the public interest in disclosure of non-environmental information would be affected if the environmental information had to be disclosed. If the Supreme Court does order the disclosure of the environmental information, it may therefore decide that the Attorney General’s veto certificate is flawed more generally – and rule that the rest of the letters must be disclosed as a result.

We’ll have to wait and see what the Supreme Court decides, so we have yet to hear the fat lady finish her scales let alone receive the rapturous applause of a satisfied audience. And as this particular battle for correspondence has so far taken 9 years, it appears a somewhat extreme example of the point I made in my last post. Getting access to correspondence is unlikely to be an easy – or quick – exercise.

Wanting to get data sharing right is not time-wasting

FOIMan is concerned that legitimate questions and concerns about data sharing are too often dismissed by those in a rush to exploit big data. And explains that this is nothing new.

Ambulances at A&E

Ambulances outside A&E

Years ago I worked for a hospital NHS Trust. Soon after I started, I was invited to a meeting with local police, council officers, a representative from the Department of Health and a manager from our own A&E department. The meeting was to discuss sharing A&E data with the police and local council.

This was part of a national programme sponsored by the Home Office. Academic research had found that where police had access to certain A&E data, crime – and particularly violent crime – dropped as they could target hotspots. A&E admissions also dropped. So win-win. The Home Office was obviously very interested in this and was pushing for all hospitals with an A&E department to share data in this way.

I was new to the job, and to data sharing, so I needed to know a few things. One of the key questions any DP Officer worth their salt needs to know in this situation is what legal power they have to share the data. So I asked, and nobody knew (which was interesting in itself, given this was supposedly a national project). They said they’d ask the doctor who’d done the original research to contact me and let me know.

So one afternoon I received a call from him. Initially he was very pleasant but he didn’t actually tell me what I needed to know. When I pushed him on this, his response was to angrily tell me that people were dying because I was delaying the project.

Eventually (and with no thanks to the researcher or the Home Office) I reached agreement with the community team. We would share some of the data they wanted (but not all), and the agreement stated that the police were not allowed to put the data together with their own to enable reidentification of individuals who may have been in contact with both organisations.

There seems to be an attitude from NHS England at the moment that is reminiscent of this episode. Reasonable questions about safeguards are being dismissed. Rational concerns about privacy are portrayed as preventing progress. I’m not someone who is blind to the benefits of care.data or other big data projects. But I want them to be handled properly and to have confidence in those looking after the data.

When concerns like these are dismissed as time-wasting or a failure to understand, it bothers me. And I suspect it bothers lots of other people too, whatever their views on the benefits of the individual project. It feels high-handed, as though the medical establishment doesn’t really care about the views or privacy of the public as long as they get their precious data. I’m sure that isn’t the case, but a continued failure to acknowledge legitimate concerns allows this impression to grow.

Photograph by D-G-Seamon [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Wikimedia Commons

CP and DP

FOIMan finds DP being breached in his own backyard.

Back in 1936, the Crystal Palace, originally built for the Great Exhibition in 1851, and later moved to parkland to the south-east of London, burnt down. It had been in decline for many years, so there was no rush to rebuild it. Indeed, nearly 80 years on, its site still stands bare, save for a few sphinx, crumbling steps and headless statues.

A sphinx in Crystal Palace Park

Plans to rebuild the Crystal Palace have kicked up a sphinx

One of the reasons that it has remained that way is that local residents kind of like it. There is a romantic air about the site, and the lack of a central attraction means that its surrounding parkland is a nice place for a quiet stroll, occasionally interrupted by a dinosaur. It’s our little secret.

So there are a few raised eyebrows in this suburb of south London at Boris Johnson’s excited pronouncement last year that a Chinese investor, Zhong Rong International (Group) Ltd,  wants to rebuild the Crystal Palace. And keen to drum up community support the consultants coordinating the project, Arup, have arranged a series of drop-in sessions where locals can ask questions and complete a questionnaire about their views on what should be built (or indeed whether anything should be built at all).

Mrs FOIMan and I are sceptical about the plans so we decided to pop along to today’s session. The first thing we were asked to do was to add our name, address and email address to a sheet by the door. Mrs F, on the ball as ever, asked why they were collecting the information. The slightly flustered looking lady on the door answered:

“It’s just so we can write to you with updates, that sort of thing.”

Needless to say there was nothing on the sheet to explain this and it wasn’t volunteered. The lady at the door just asked each person who arrived to fill in their details as though it was a requirement of entry.

After we’d chatted to the staff from the Greater London Authority (Boris’s HQ, and my former employer) and Bromley Council we dutifully completed our questionnaires. Before asking about the plans, it asked for some personal information. It explained this time that we didn’t have to give this, but that it would be used to contact us with updates on the plans. Which is fair enough. Except that apparently they needed our gender, ethnicity, and age group to contact us.

Now if you’re trying to reassure a sceptical public of your plans, collecting their details unfairly (ie without telling them what you’re going to do with it) and breaching at least two data protection principles in the process (1 and 3 as you ask) probably isn’t the best way to do it. As more high profile projects have found, this kind of thing can come back to bite you. And it doesn’t exactly smack of a professional, well-run operation.

We completed it anyway (apart from the data that they had failed to justify) and left. On the way out Mrs F turned to me and said “Damn, I wish I’d made a copy of my questionnaire”.

I considered this and replied helpfully:

“Well you could always make a subject access request…or at least you could have done if they’d told us who the data controller was.”

Sigh.

If you want to know how to collect personal information fairly, why not book on my Practical DP course through Act Now Training?

Care:crash

IMG_0337FOIMan despairs of the way the care:data project is being handled.

Care:data has literally kept me awake at night. Six months ago I wrote a piece which referenced care:data as an example of what I perceived to be a knee jerk reaction to any proposal to share personal data. That was a mistake. But that’s only part of the reason for my angst.

I still think that data protection practitioners need to be careful not to be known as “Doctor No”. I do worry that often, through a polarisation of views on these issues, there is a risk that “the baby is thrown out with the bathwater” in projects that involve personal data processing. And I also worry that because of the polarisation that happens, the debate – or argument, as too often it can be categorised – becomes bitter and often personal.

I have been concerned, and remain concerned, that it has been impossible for patients, practitioners and others to get to the bottom of what is happening with care:data. This is not just because of the failings of NHS England, who of course bear the primary responsibility for the problems that have emerged. But I have also felt uneasy about the information coming from opponents of care:data which has been one-sided, often verging on propaganda (for example, posters for GPs to place in their surgeries explaining only why patients should opt out are not really “informing patients” in my view). I also question whether activity that verges on trolling of NHS representatives on Twitter and elsewhere is the best way to make the case for privacy. These activities have alienated me, and perhaps many others who might have been persuaded by a more balanced approach (though I was pleasantly surprised to find that Phil Booth of MedConfidential and Nick Pickles of Big Brother Watch came over as measured during today’s committee hearing, and didn’t respond to the bait laid by some MPs asking them if they were insisting that care:data be made “opt-in” only).

But the truth is that just from watching this afternoon’s Health Select Committee session on care:data, it is clear to see that there are major problems with the project. They go way beyond communication – though that has been lamentable (no, I didn’t get the leaflet either). The witnesses from NHS England and the Health and Social Care Information Centre in particular were very poor. It was not unexpected that the MPs would want to ask about the disclosure to the Actuaries society reported in the Telegraph. So why wasn’t Max Jones of HSCIC better briefed beforehand? It is simply incredible to claim not to have any information on it because it happened when the organisation was in a previous form. There was time to establish the facts before the hearing. Tim Kelsey and Daniel Poulter appear to be in denial about problems, and despite promising to listen seem to have wax in their ears. “I don’t trust the performances I’ve seen here today” said one MP and I’m with her on that.

Agonising is the appropriate word to describe my attempts to make sense of care:data, so God help patients who haven’t been reading about it. Today’s committee wouldn’t have helped, with both MPs and witnesses appearing confused. Even the Information Commissioner’s Office has given conflicting statements on the project (within 48 hours they went from being satisfied with the communication of the project to dissatisfied, somewhat incredibly). My gut instinct is that I want my data to be used for medical research for the reasons articulated by Ben Goldacre in his brilliant article for The Guardian at the weekend. But unless NHS England, HSCIC and the Department of Health get their acts together, even I’ll be wanting to opt out. And that’s if it doesn’t get axed, which based on today’s performance is increasingly likely. It could well lead to this baby being pitched right out on its ear.