The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.


Data Protection Act

Read the Data Protection Act 1998 in full.

The Annotated Data Protection Act 1998  includes references to laws that have impacted on the Data Protection Act since it was introduced.

Privacy and Electronic Communications Regulations

Read the Privacy and Electronic Communications Regulations in full.

These regulations were amended in 2004 and again in 2011. The changes are set out in:

European Commission Regulation 611/2013 sets out more detailed rules on notification of security breaches.

Freedom of Information

Read the Freedom of Information Act in full.

There are a number of Statutory Instruments which relate to the Freedom of Information Act. This is legislation which provides more detail and in some cases further obligations for organisations. Relevant Statutory Instruments include the following:

Other Statutory Instruments relating to the Freedom of Information Act, including those which amend the list of bodies covered by the Act, are available on

The Section 45 Code of Practice sets out the practices that public authorities should follow when dealing with requests for information under the Act.

Environmental Information Regulations

Read the Environmental Information Regulations in full.

The Code of Practice on the discharge of the obligations of public authorities under EIR sets out good practice recommendations for public authorities to follow in meeting their obligations under the Regulations.

The Regulations implement the European Union Directive on public access to environmental information and the Directive therefore assists in the interpretation of the Regulations.

The Directive in turn is based on the Aarhus Convention. This is an international agreement, part of which sets out the obligations of the signatories in terms of providing access to environmental information. Both the European Union and the United Kingdom have ratified the Convention. The Aarhus Convention and accompanying Implementation Guide also help in interpreting the Regulations.

INSPIRE Regulations

Read the INSPIRE Regulations in full.

You can also read more about the INSPIRE regulations and the role of the ICO.

Records management

The Section 46 Code of Practice gives guidance on good practice in records management. This is relevant to both the Freedom of Information Act and the Environmental Information Regulations.

Scottish public authorities

The Freedom of Information Act, Environmental Information Regulations and INSPIRE regulations only apply to public authorities in England, Wales and Northern Ireland. Access to information held by Scottish public authorities is provided by the Freedom of Information (Scotland) Act 2002 and the Scottish Environmental Information Regulations. Scotland has complementary INSPIRE Regulations. For more information on Scottish legislation visit the Scottish Information Commissioner's website.