Tag Archive for Valid requests

What we don’t know

FOIMan explains why some truths we cling to about the UK’s FOIA are not quite what they seem.

A few months ago I was delivering some FOI training to a local authority (always available at competitive rates, folks!). I was explaining how far council officers were expected to go when searching for information to answer an FOI request. In particular I stated that if it was known that information had been deleted but still potentially existed on a backup, the backup should be searched.

The council’s FOI officer cautiously picked me up on my assertion. They had, they told me, had a written statement from the Information Commissioner’s Office (ICO) that contradicted me. So surely I was wrong?

The truth is that despite what we are often led to believe, there are some aspects of FOI law that are not certain. The legal system has not yet settled on the ‘right’ answer. This is the case when it comes to debates about information held on backups and whether it is considered held. In the example above, neither I nor the ICO are technically wrong; but then strictly speaking we’re not right either. We’re both interpreting the existing law, and both interpretations are arguable.

This is because English law revolves around the concept of precedent. But precedent can only be set by courts that make a decision beyond a certain stage. In a recent Upper Tribunal decision (LO v Information Commissioner, [2019] UKUT 34 (AAC) (29 January 2019)), Judge Jacobs was critical of the Information Commissioner for treating decisions of the First-Tier Tribunal (FTT) as ‘authoritative statements of the law’. Strictly speaking, they’re not. When it comes to backups, we only have rulings of the FTT to go on, so there is no definitive answer yet on that issue. Interestingly, on this issue, the ICO choose not to accept the FTT’s approach without question in their guidance.

My latest piece for PDP’s Freedom of Information JournalWhat we don’t know (which you can access here) – looks at this issue in more depth – looking at the backups query, but also a couple of other questions which have not yet been answered definitively – perhaps surprisingly. You’ll see that there are disputes between the ICO, the FTT and the s.45 Code of Practice which will only be resolved if those matters reach the Upper Tribunal. It ends by asking what questions you may have about FOIA or the EIRs – as I’ve mentioned before, we’d like to answer some of your conundrums in a future issue of the Journal.

What Do I Know? A Postscript

Well, this blog has come of age this week. The Campaign for FOI described my last post as “Interesting and provocative”. And it certainly has provoked more comment than anything I’ve previously written.

Before addressing the most controversial issue raised in the comments, I just want to highlight some great advice that WhatDoTheyKnow have given to FOI Officers if they want to follow my suggestion and encourage their requesters to submit requests through WDTK (to facilitate its use as a Disclosure Log):

  • The simplest method is to link to the WDTK site – you can link directly to the part of the site for your organisation – WDTK have no problem with you doing this and you don’t have to let them know you are doing it
  • I would suggest that if you’re going to do this effectively, you should at the very least provide instructions on your website to potential requesters explaining how they can make their request through WDTK alongside your direct contact details; it’s up to you how far you promote this as a method of making requests (ie is it your preferred method or just one of several?)
  • Alex from WDTK has suggested that “If an authority wants to go a bit further, e.g. by having all their requests on the site or wanting a branded request service, then they should talk to us in the first instance to discuss their requirements.”

So there you go, those are your options if you want to try this out.

The most controversial of the points I raised related to the suggestion that WDTK advised requesters on how to avoid providing their name when making requests. I’ve got to say that at this stage I’m unapologetic about this point (though if I’m persuaded otherwise I may post on this topic again). My reasons for this are:

  • It’s there in black and white at section 8 – a request is only valid if it “states the name of the applicant”; the Information Commissioner also takes this view and explains why in his guidance (CFOI disagree with the Commissioner on his view)
  • There’s good reason – much as you as a requester may not like it (especially if you are on the fringes of acceptability when it comes to your dealings with the authority), if we don’t have a name, it is difficult to identify requesters that are making repeat or vexatious requests, or to apply the fees regulations where costs could be aggregated
  • It costs money to answer requests; arguably we should not be spending this money on requests that are not valid, or can be refused for other reasons. We have a duty not just to those who use FOI but also to other taxpayers.

To me, it always comes back to the Act itself. Someone commented that ‘vexatious’ is “redundant and subjective”. It’s not. A vexatious request is defined in the Act and in numerous ICO and Tribunal decisions now. The ICO’s guidance is clear on when it can be applied. We are not talking about vague concepts here, but about specific behaviour which goes beyond what public officials should be expected to put up with. In 6 years, I’ve only used section 14 once, and this was for an individual who had written well over 100 times (not all FOIs) in a year, and had made threats of physical violence to a politician at the authority. But to apply it depends on being able to demonstrate who is making the requests in the first place.

I completely accept that some people might have a reason for remaining anonymous (CFOI cited an example where someone lost their job as a result of making a request). And ultimately, who’s going to know if you do use a (subtle) pseudonym? But I stick by my view that in general, if you’re making a request you should follow the rules just as you expect a public authority to do.

In passing, I should recommend a blog posting from a barrister on WDTK’s liability if they publish documents containing libellous material. This wasn’t an issue discussed in my post, but is certainly of interest.

Thanks for your continued support – nearly 1400 of you have read the blog at some point in the last 6 weeks, and whether I agree with you or not, its also great to receive your comments. Do continue to spread the word – if you have access to other forums or blogs, please do mention this blog if they touch on subjects I’ve discussed. More next week.