Tag Archive for Michael Gove

Will FOI be humbled?

The Cabinet Office

FOIMan gazes into his crystal ball to see what will result from the government’s response to the House of Commons’ Humble Address.

Amongst everything else that happened this very unusual week (although aren’t they all lately), the House of Commons made a ‘humble address’ to the Government requesting access to a document outlining plans for a no-deal Brexit, and perhaps more controversially, communications between certain named civil servants and special advisers relating to the prorogation of Parliament. These communications were to include those in private email accounts, WhatsApp, text messages and various other cited forums.

Late on Wednesday, Michael Gove in his capacity as Chancellor of the Duchy of Lancaster (and therefore in charge of the Cabinet Office and no-deal planning – and come to that, government FOI policy), wrote to the instigator of the humble address, Dominic Grieve, refusing to provide the communications. He argued that it was an improper use of the humble address mechanism to seek such communications of officials. He further suggested that this information would be exempt under FOI, mentioning section 35 (formulation of government policy) and section 36 (specifically maintenance of ministerial collective responsibility), and concerns about breaching the Data Protection Act (as others have pointed out, it would be the General Data Protection Regulation that would potentially be breached, but that’s an academic point in this regard).

A humble address is not an FOI request. And with Parliament prorogued, it is difficult to know what Dominic Grieve and colleagues can do about the Government’s effective partial refusal. So what happens next? And is it going to prove possible for the communications to be disclosed? I’ve polished my crystal ball to gaze into the future. A caveat – all of the following assumes that a political deus ex machina fails to come to the rescue. And assumptions in the current climate are, of course, hugely dangerous… But excepting a change in government or similar that results in a more sympathetic ear to this request, here are my predictions.

First, even if Dominic Grieve hasn’t followed up with an FOI request for the refused communications, I’m sure that the Cabinet Office is right now receiving a deluge of almost identical requests asking for them.

Second, the Cabinet Office will (eventually, as they will almost certainly delay responding to after the 20th working day) refuse these requests claiming variably that they are vexatious (poor harassed Dominic Cummings); exceed the cost limit;  and claiming a) the communications are not held, and b) that even if they were, they are exempt under s.35 and/or s.36, or that disclosure would breach data protection laws so they are exempt under s.40(2) of FOIA. It is very easy to challenge the arguments that they will use (see below), but that won’t stop them.

Third, several requestors will (having had no luck with an internal review), complain to the Information Commissioner. The Information Commissioner will discard the vexatious argument (as long as you haven’t been too rude) and the cost argument. We’ve seen before what happens when Michael Gove’s officials use private channels to communicate about their work – so the Information Commissioner would rule that the communications were held as long as they related to government business (which the discussion of prorogation clearly is). Anything not related to the conduct of government business would be excluded so many of the privacy concerns raised by Mr Gove will not be at issue (Gove suggests in his letter that compliance with the humble address would require some sort of intrusive intervention, but as the Commissioner indicated in the decision I’ve alluded to here, and in her guidance, such a search would merely involve asking the individual concerned to supply relevant correspondence – there is no question of anyone else searching through their private communications).

In respect of the communications which are judged to be ‘held’ for the purposes of the request, it is certainly the case that communications will be or contain personal data of the individuals listed in the humble address. However, data protection laws do not prevent disclosure of personal data in all circumstances. Public authorities are expected to consider if there is a legitimate interest in disclosure of the requested data (in this case, Michael Gove himself alludes to the ‘legitimate desire from Parliamentarians on all sides to understand the impact that leaving the EU without a deal would have’ and there is an obvious legitimate interest given the controversy around prorogation of Parliament, including accusations that the Prime Minister lied to the monarch, in the public being able to find out for themselves what the truth of these allegations may be); whether disclosure is necessary to meet that interest (there isn’t another way to find out how and why this decision was reached); and whether the rights and interests of affected individuals override the identified legitimate interest (highly unlikely – these are senior high profile officials who should expect to have their work scrutinised – it’s part of the job). It therefore seems unlikely that disclosure of the requested communications would breach GDPR, so the Commissioner will rule that the personal data exemption does not apply to some (at least) of the communications. The arguments in favour of s.35 and/or s.36 will probably be harder to discount. The exemptions are relatively easy for a determined government department to apply – s.35 is phrased so broadly that it is easy to show that communications fall within its scope. The use of s.36 turns on the opinion of a Minister being ‘reasonable’ – something which whilst it’s easy to snigger at, is easier to demonstrate in law. However, both s.35 and 36 are subject to a public interest test. In the circumstances (and for pretty much the same reasons as there is a legitimate interest in disclosure of personal data), it seems likely that the Commissioner would plump for disclosure of at least some of the communications described. The Commissioner will issue a decision notice to this effect.

There is a risk during this period that the communications are deleted, the officials concerned claiming that they didn’t realise they were subject to FOI. This would put them at risk of prosecution under s.77 for deliberately destroying information which is subject to a current request. However, it is very difficult to successfully prosecute under this provision as the Commissioner would have to demonstrate that the deletions were a deliberate act, designed to thwart the FOI requests, within 6 months of them happening. Despite undertaking several times to make it easier for the Commissioner to prosecute, the government has failed to make this change.

Assuming the Cabinet Office doesn’t suddenly claim that the communications have mysteriously disappeared, their next step will be to veto disclosure. Of course they could just appeal to the First-Tier Tribunal (FTT), but following the Independent Commission on FOI’s report in 2016, the government (in the guise of Matt Hancock at that time) undertook to only use the veto after the Commissioner had ruled, and before any Tribunal involvement, so that the executive would not be seen to be overruling the judiciary.

Beyond this, if anyone still cares (which they might on a point of principle), there may be a judicial review of the use of the veto. Given the ruling of the Supreme Court in the ‘Black Spider Memos’ case in 2015, it would not be surprising if the government lost. Several times. Those who can think back that far will recall that the Supreme Court’s ruling resulted from an appeal against the application of the ministerial veto by the then Attorney General, a certain…Dominic Grieve. Ironically then, Dominic Grieve’s defeat in the past may well help him win in the future. It’s like something from science fiction.

By now, the Cabinet Office (or Boris’s feted SPADs) will be calculating, the year is 2025 (at least). In this dystopian future, nobody gives two hoots whether Nikki da Costa (or whoever) thought closing Parliament for five weeks 6 years before was once considered a sensible option.

It may well be that in this scenario, Parliament and the Freedom of Information Act have been shown to be toothless in their scrutiny of the government. I’m hoping someone sees a flaw in my reasoning above and there is a way to force the Cabinet Office to provide these communications whilst they are still useful to ongoing debate. By rights it seems they should be disclosed – at least in part – but by the time anyone is able to enforce that on a reluctant government, it will in all probability be too late to help anyone save historians of these ‘interesting times’.

GDPR is coming – BREXIT or not

FOIMan points to a comment from a BREXIT campaigner which reinforces the message that a vote to leave the EU would have little effect on the adoption of the new General Data Protection Regulation in the UK.

On my data protection courses I’ve come to expect the obvious question whenever I mention that the General Data Protection Regulation (GDPR) will come into force on 25 May 2018 and will apply across the European Union (EU). Which is, of course:

What happens if we vote to leave the EU on 23 June?

I’m no constitutional expert, but I’ve been reassured by the fact that my usual answer has been in line with what many other commentators have said on this question. GDPR is coming whether we leave the EU or not. The latest comments from the BREXIT camp if anything seem to me to reinforce this view.

Firstly, one of the most likely flavours of BREXIT is that the UK would join the wider European Economic Area (EEA) – the group that Norway is a member of. Nations in this group still have to comply with many EU laws, and this would include GDPR. Result of this option: GDPR would apply.

Secondly, if the UK goes for another flavour of BREXIT, then it wouldn’t have to adopt GDPR itself, but following the European Court’s decision on Safe Harbor last October, if UK businesses were to continue to do business with European companies and public bodies then it would almost certainly have to adopt an “equivalent” level of data protection. Result of this option: a new Data Protection Act that is to all intents and purposes the GDPR by another name.

One complicating factor is that it has previously been assumed that post-BREXIT negotiations would take two years to complete. This would mean that however we vote, the GDPR would apply for a matter of months after 25 May 2018. If businesses and public bodies have to do enough to comply with the regulation for a few months, what would be the point of lowering standards that they have already worked to meet?

Now comments by one of the leading BREXIT campaigners seem to me to make it even more important for businesses to assume that GDPR is on the way – and will be here to stay. Michael Gove recently suggested that negotiations post-BREXIT would be unlikely to be complete by the time of the General Election in 2020. If BREXIT happens more than 2 years after GDPR has been brought into force, it seems less likely than ever that BREXIT would affect GDPR.

The bottom line is: whatever the outcome on 23 June, the GDPR is on the way and organisations need to prepare for it now.

Mr Gove’s Internal Review

FOIMan explains why he is worried for the future of FOI as a result of the Justice Secretary’s comments yesterday.

Ministry of JusticeNews reports over the weekend suggested that the new Justice Secretary, Michael Gove, was planning a renewed attack on FOI. Well now we know for certain.

Speaking in the Commons yesterday, Mr Gove responded to questions from MPs about the media story that he thinks “we do need to revisit the Freedom of Information Act.” I’ve indicated before that I thought FOI would receive more attention this Parliament, but Mr Gove’s comments are particularly concerning as they seem to indicate that he is inclined to go further than the news stories suggested.

Anyone familiar with recent FOI history will have expected that this majority Conservative government would attempt to amend the fees regulations to make it easier for requests to be refused on grounds of cost. Indeed such an intention was expressed nearly three years ago when the government responded to the Justice Select Committee’s post-legislative scrutiny of FOI. The fact that the last government failed to follow through on its intentions appears to have been the result of a rearguard action by Liberal Democrat ministers.

Furthermore, David Cameron indicated after the Supreme Court’s ruling over Prince Charles’ letters to ministers that he wanted to change the law to reinforce the ability of the government to veto FOI disclosures. With the inconvenience of a general election out of the way, it would appear that there is little to stop his Justice Secretary from pursuing this desire now.

When the news stories emerged over the weekend, I paid little attention. As I’ve suggested, these moves were always likely now that internal opposition has been removed. I’m not happy about the idea of an enhanced veto or reduced cost limits, but I had already conceded to myself that such changes were probably inevitable in the current political climate.

However, Michael Gove’s comments yesterday appeared to indicate that he wants to go further than the “two-pronged assault” predicted in the media. He said:

“It is vital that we get back to the founding principles of freedom of information. Citizens should have access to data and they should know what is done in their name and about the money that is spent in their name, but it is also vital that the conversations between Ministers and civil servants are protected in the interests of good government.”

Mr Gove appears to be making a distinction between “data” such as how much is spent by a government department, and “information” which might include correspondence between government officials. This suggests a far more draconian restriction on FOI than we had been expecting. It seems likely that the exemption protecting the formulation of government policy may come under scrutiny. At present, the exemption is subject to a public interest test, which means that on occasion – not regularly – government departments are ordered to disclose such information by the Information Commissioner or the courts. The most likely change therefore is that the exemption may be made absolute – more difficult to overturn. As the Campaign for FOI has commented, this would be bad enough and would chip away at the fundamental principles of our current FOI law. But it is hard to discount anything from Mr Gove’s comments, which appear to suggest that this “review” of FOI may be more comprehensive than many had suspected.

Mr Gove’s comments are particularly ironic bearing in mind that he made them on the same day as a speech in which he argued that:

“The rule of law is the most precious asset of any civilised society. It is the rule of law which protects the weak from the assault of the strong; which safeguards the private property on which all prosperity depends; which makes sure that when those who hold power abuse it, they can be checked; which protects family life and personal relations from coercion and aggression; which underpins the free speech on which all progress – scientific and cultural – depends; and which guarantees the essential liberty that allows us all as individuals to flourish.”

It appears now that we breathed a premature sigh of relief in 2012 when the Justice Select Committee’s report turned out to be more supportive of FOI than we had expected. The biggest threat to the UK FOI Act is here and now.

Whatever your interest in FOI, if you believe that it ought to be stronger, not weaker, consider supporting the Campaign for Freedom of Information. Over the coming months there will be other ways to express our views, but ensuring that the Campaign can bring its expert knowledge and determination to bear is a good way to start.

 

Cabinet Office issues new guidance on private email accounts

FOI Man looks at new guidance issued by the Cabinet Office which appears to directly contradict the Information Commissioner.

Email is a fraught subject for information managers. Take this recent (and rather excellent) blog post from records management consultant James Lappin. As James makes clear, few – if any – organisations have really got a handle on how the valuable information held in email should be retained and managed.

And that’s just the email held in corporate accounts. If staff or others use their own private email accounts to conduct organisational business that creates a whole new complication. Especially if you’re a public authority and that business might be subject to the requirements of the Freedom of Information Act.

Now unless you have a very short memory, you will recall that the Coalition Government has had its fingers burnt in this area before. Through clever use of both FOI and the Data Protection Act (and useful leaks), Financial Times journalist Chris Cook established that Education Secretary Michael Gove and some of his special advisers (or Spads) had been using private email accounts to conduct business which appeared to many (eventually including the Information Commissioner) to be Government business. It was suggested that this had been done to avoid potential disclosure of the emails through FOI.

Following this controversy, the Information Commissioner issued guidance to public bodies which confirmed that email held within private email accounts could indeed be subject to FOI, and what his approach to this tricky issue was.

If I were a Government that had been accused of trying to avoid proper and lawful scrutiny through the use of private email accounts to conduct government business, I think I might want to take a “whiter than white” approach to these matters in future. I’d want to make sure that I followed the Information Commissioner’s line on the issue to the letter, so that nobody could put so much as a hair between my approach and that of the regulator. That seems sensible doesn’t it?

So imagine my surprise as I read the Cabinet Office’s new Guidance to Departments on the Use of Private Email, published perhaps less surprisingly late last Friday afternoon. The guidance starts off by pointing out that it should be read in conjunction with the Information Commissioner’s guidance. So, obedient to the last, I’ve done just that. Let’s see what they say, shall we?

Information Commissioner:

“There is a need to have a clear demarcation between political and departmental work.”

Cabinet Office:

“The originator or recipient of a communication should consider whether the information contained in it is substantive discussions or decisions generated in the course of conducting Government business…”

Information Commissioner:

“In order to avoid the complications of requesting searches of private email accounts, and other private media, records management policies should make clear that information on authority-related business should be recorded on the authority’s record keeping systems in so far as reasonably practicable.”

Cabinet Office:

“Civil servants and Ministers are generally provided with access to Government email systems. Other forms of electronic communication may be used in the course of conducting Government business.”

Information Commissioner:

“When a request is received, public authorities should consider all locations where relevant information may be held. This may include private email accounts.”

Cabinet Office:

“As set out above, it is expected that Government business should be recorded on government record systems. It will generally be reasonable to search only within those systems when a request has been received.” [so presumably, any FOI Officer asking a Minister if they have emails relating to Government business in their private email account will be considered unreasonable]

Information Commissioner:

“Public authorities should also remind staff that deleting or concealing information with the intention of preventing its disclosure following receipt of a request is a criminal offence under section 77 of FOIA.”

Cabinet Office:

[Silence falls. Tumbleweed rolls down Whitehall.]

Now to be fair to the Cabinet Office (no, come on), some may see these differences as subtle and perhaps it is only my world-weary cynicism that leads me to see conflict. But the final section of the Cabinet Office guidance dealing with The Freedom of Information Act and searches for information sees the Cabinet Office take a running jump away not just from the Information Commissioner’s guidance, but also from any reasonable interpretation of the legislation itself.

“The FOI Act allows people to request information; it does not give the requester any power to dictate where the department should search for that information. It is for the department to consider where the information might be and to take reasonable steps to find it.”

I’m sure that it’s just a coincidence that Chris Cook has made a spate of requests to the Cabinet Office and Department for Education asking for information sent by individuals on Government business using private email accounts. Surely the Cabinet Office couldn’t be so touchy as to write a policy just to thwart the efforts of a single journalist?

But the point is that FOI doesn’t place any limitations on the way that requesters should ask for information. They merely have to describe “the information requested” (FOI, s.8). If that description happens to include the location that they believe the information can be found in, the only reasons why a public authority would not be obliged to provide that information is if an exemption applies to it, if the request is considered to be vexatious, or if to provide the information in that location would exceed the appropriate cost limit.

But you don’t have to take my word for it. The Information Commissioner’s Office issued a decision notice (not yet available on the ICO website) to the Cabinet Office the week before this guidance was published making exactly the same point.

Chris Cook had made a request for “copies of emails relating to the government’s education reforms, sent between the Prime Minister and a special adviser, using non-GSI email accounts”. Given the events described above in relation to the Secretary of State for Education, it can perhaps be understood why such a request might be made. The Cabinet Office argued (as in their guidance) that FOI did not allow requests for information by reference to a particular location or medium, and that Chris’s request was therefore not a valid request. The Information Commissioner concluded that Chris’s request was indeed valid for the reasons I’ve suggested above.

So the week after the Information Commissioner has explicitly stated to them that a request for information held in a specific location is a perfectly valid request, the Cabinet Office have published official guidance to Government departments contradicting the Commissioner’s view. Not for the first time, this Government appears to be interpreting the law to suit itself in the face of all the facts, and raising a single finger in the direction of the Information Commissioner.