The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Colleagues from the ICO’s FOI Directorate share their experiences and involvement in raising awareness of our regulation of access to information legislation.

Continued support to reflect these unprecedented times - 9 October 2020

Informed by what we are being told by organisations, we have made further changes to our regulatory approach.

This marks another step towards returning to our pre COVID-19 approach, but with the caveats and exceptions that reflect the reality of these unprecedented times. Our approach remains pragmatic and we will continue to support public authorities to ensure people’s information rights are protected.

Our revised regulatory approach states that we will:

  • continue to accept new information access complaints;
  • expect public authorities, with request backlogs, to establish recovery plans to return to compliance with the Freedom of Information Act within a reasonable timeframe;
  • consider unpausing formal monitoring and regulatory action that was in train before the pandemic;
  • encourage public authorities to proactively publish important information; and
  • expect organisations to appreciate the ongoing importance of proper record keeping.

These changes were announced in an open letter to organisations from the Information Commissioner.

FOI and coronavirus – preparing for recovery - 17 July 2020

As the UK’s response to COVID-19 continues to evolve towards recovery we have made changes to our adapted regulatory approach.

We have remained pragmatic and empathetic to the pressures public authorities are facing, and our focus continues to be one of supporting and offering advice on how to respond to the challenges the pandemic brings.

Although we have maintained this approach, we now also want to see public authorities putting clear plans in place to get back on track with their freedom of information work.

To help with this we have launched an FOI toolkit designed to help public authorities self-assess performance in responding to FOI requests. The toolkit can be completed in stages or in full, and generates a bespoke report which helps to identify areas for improvement and where action needs to be taken.

We hope the toolkit will become a staple part of FOI practitioners’ continual learning and that it will promote good practice.

We would also like to thank the Scottish Information Commissioner and his team for their assistance during the toolkit’s development stage.

How we will regulate freedom of information during coronavirus - 16 April 2020

As the coronavirus crisis began to take hold, we blogged about the unprecedented challenges facing public authorities and how redirecting resources and switching priorities would impact on their compliance with freedom of information.

Now we have more detail and further advice. The ICO has published a document setting out our regulatory approach during the COVID-19 pandemic.

This includes deciding how we exercise our enforcement powers, how we deliver technical advice and guidance to organisations, and how we support the public, dealing with their complaints and queries.

We will continue to support transparency in public decision making but our regulation of freedom of information must be pragmatic and empathetic during the pandemic.

Our approach is also aligned with the International Conference of Information Commissioners’ vision, which supports a flexible approach that takes into account the compelling public interest in the pandemic, while safeguarding the values of the right to access information.

FOI and the coronavirus: a measured approach - 16 March 2020

The ICO recognises the unprecedented challenges all are facing during the coronavirus (COVID-19) pandemic.

In particular we understand that resources, whether they are finances or people, may be diverted away from usual compliance or information rights work. Whilst we can’t extend statutory timescales, we will not be penalising public authorities for prioritising other areas or adapting their usual approach during this extraordinary period.

To further support our information rights colleagues, we will tell people through our own communications channels that they may experience understandable delays when making information rights requests during the pandemic.

We are a reasonable and pragmatic regulator, one that does not operate in isolation from matters of serious public concern. Regarding compliance with information rights work when assessing a complaint brought to us during this period, we will take into account the compelling public interest in the current health emergency.

We are here to help you, information is available on our website or via our helpline on 0303 123 1113.

What you hear, what you know - addressing common misconceptions of FOIA and EIR - 06 February 2020

Those of us working in public authorities have become accustomed to the processes of the Freedom of Information Act (FOIA), but the law may still seem complex for many members of the general public, so we need to be mindful of that when responding to people who make requests.

This blog post sets out some common public misconceptions and explains how we can smooth the path for people wishing to exercise their information rights.

What you hear

I can use the Freedom of Information Act to request information from any organisation that receives public funding.

What you know

Just because you receive public funds, doesn’t mean you’re a public authority that falls within scope of the FOIA.

Under FOIA, ‘public authority’ means any organisation listed in Schedule 1, designated under section 5 or a publicly-owned company as defined by section 6.

Remember the FOIA may apply to information in the possession of other organisations, like contractors, who hold it on behalf of a public authority.

What you hear

The Freedom of Information Act and the Environmental Information Regulations can give me access to my personal data.

What you know

A person can’t make a request for their own personal data through FOIA or the Environmental Information Regulations (EIR). As a public authority, you should explain that you need to handle this as a ‘data protection subject access request’ under data protection legislation.

Remember, personal information about a third party can be requested under FOIA or EIR, but you must consider whether disclosure of third party personal data would contravene data protection legislation.

What you hear

I want to make a request for information but I need to know if I use FOIA or EIR first.

What you know

You can’t refuse to deal with someone’s request simply because they don’t know which law to follow. It is your responsibility to process the request under the correct regime, and you should let the individual know which one their request falls under. You should also make it known, perhaps via your website, that people do not need to specify which regime they are making their request under.

What you hear

I’m only going to receive information from a public authority in the format that it was originally recorded.

What you know

A person has the right to specify their preferred means of communication in their initial request and you must make the information available in the requested format, so far as reasonably practicable. What is reasonably practicable will depend on factors such as how the information is held, the cost of complying with the preference, your resources and security. You may also charge a fee to cover the cost of communicating the information.

If you’re not communicating the information by the preferred means, it is good practice to discuss this with the individual to find an acceptable alternative. However, if information is not being disclosed and the request is being refused, you’re not obliged to respond in the format requested (eg by post). In this case, you may provide your response by any means reasonable.

ICO attends the second ICIC FOI case handling workshop -23 January 2020

Hosted by the Gibraltar Regulatory Authority, the annual workshop provides an opportunity for different jurisdictions across the globe to share working practices and ideas. ICO colleagues in attendance provide an overview of the event.

During the two day workshop a number of presentations, Q&A sessions, group discussions, and case studies took place and it was interesting to hear the similarities, but also the differences between the various information access regimes.

We delivered a presentation setting out our new ways of working sharing our new online complaint form, our early resolution pilot, and our draft service guide and service charter. We participated in some interesting group discussions on proactive disclosure, outsourcing, records management, and costs. We found a common theme was a number of the jurisdictions use our external FOI guidance to support the creation of their own lines to take and guidance. Our own guidance is beginning to be reviewed and updated, in line with ‘Opennness by Design: The Information Commissioner’s strategic plan 2019/20-2021/22’.

Many jurisdictions do not have provisions for authorities to refuse a request on the basis of the cost of complying with it. We were asked lots of questions regarding the application of section 12 FOIA in the UK and how we regulate public authorities’ use of this. We explained that when investigating a section 12 case we will usually require a public authority to complete a sampling exercise so that they have some evidence to base their cost estimate upon and to be able to demonstrate that the estimate is reasonable.

Update from our peers:

  • The Freedom of Information Act 2018 will soon be enacted in Gibraltar. Some key differences to our legislation include applicants must be over 18 and a resident of Gibraltar, an applicant must specify that the request is being made under the Freedom of Information Act and there is an application fee for making a request. The legislation does not currently have a cost limit threshold (similar to section 12 FOIA) however this is currently under discussion.
  • In Slovenia responses can be extended to 30 working days where ‘third party’ interests are involved to allow consultation on disclosure / the application of exceptions. When investigating complaints, Slovenian colleagues have the power to inspect and search premises and fines can be imposed if a body does not comply with an investigation or decision. There is no tribunal process to appeal a decision, if a body disagrees with a decision they can only challenge this through the courts.
  • The Cayman Islands highlighted a real culture shift to a much more pro-active release of information such as travel expenses and meeting minutes. In this jurisdiction, it was however interesting to hear that requests can be made using pseudonyms and that 80% of requests come from the media.
  • Hungary delivered an interesting presentation on the impact of the requirements of disclosure of information under other pieces of legislation and how this sits with its Freedom of Information law.
  • The Philippines explained that despite not having FOI legislation, almost all agencies implemented FOI and that they are currently in the process of applying to join the ICIC.

Out attendance at this annual event provides us with an international platform to showcase the working of our office and promote best practice. Indeed it was encouraging to hear that a number of our colleagues across the globe use our guidance in their own policy formation. We also came away with interesting ideas to share across our own FOI Directorate.

The ICO has recently been accepted as a member of the ICIC – something that we would encourage all of our international colleagues to look into doing. Further information can be found on the ICIC website.

ICO accepted as an International Conference of Information Commissioners (ICIC) member - 09 January 2020

2020 signals fifteen years since the Freedom of Information Act 2000 came fully into effect. Gill Bull, the ICO’s Director of Freedom of Information Complaints and Compliance, notes a further milestone as the ICO is formally accepted as a member of the ICIC.

We’re delighted to start the decade by being formally accepted as a member to the ICIC, the global network that fosters the protection and promotion of access to information. Following on from the establishment of a the new formal governance framework for the ICIC, known as the Johannesburg Charter, it’s important for the ICO to play its part in this growing network.

Indeed in her recent speech for Mexico City’s National Transparency Week conference, Information Commissioner Elizabeth Denham said:

“Access to information is a growing right. Data that UNESCO has compiled shows the number of states with Freedom of Information laws has risen by almost a third in the past five years.

“But it remains a fragile right. Statute, secrecy exemptions or under-use can all contribute to the erosion of that right. By sharing our experience and expertise internationally we guard against that.

“Such a responsibility is an important part of the work of the International Conference of Information Commissioners – the ICIC. The group brings together countries from all over the world, brought together to share best practice, to learn how we can improve, and to defend, promote, protect and develop access rights.

“Our role is to protect and promote access to public information around the world. We are a collective voice in the international community, raising awareness of issues that impact upon access to public information

“Crucially, we discuss how to bring information access statute to life. How do we make it work on the ground? How are we working with people requesting information, to make the process as straightforward as possible? How are we making sure this is a right available to every level of society and to every community?

“Because access to information is a human right, only where people believe it is their right to use.”

We look forward to working with our international colleagues in the pursuit of protecting and promoting access to public information. We also encourage other Information Commissioners to join the growing ranks of the ICIC. It’s easy to do and further information is on the ICIC website.

Gill Bull is Director of Freedom of Information Complaints and Compliance at the Information Commissioner’s Office where she is responsible for the ICO’s Freedom of Information and Environmental Information casework and compliance.


Access to Information in Turbulent Times - 19 November 2019

This is the first in a series of blog posts covering our regulation of access to information legislation. The first post is by Gill Bull, ICO’s Director of Freedom of Information Complaints and Compliance, who delivered the 2019 Bond Lecture at the British Records Association on 13 November 2019.

Last week, I was delighted to present the annual Maurice Bond lecture for the British Records Association at the Paul Mellon Centre in London. Maurice Bond was Clerk of the Records for the House of Lords Record Office from 1946-1981 and he is regarded as one of the most innovative and influential archival figures of the post-war period.

I wanted to use the lecture to reflect on the many intersections between the work of archivists and access to information within the context of ‘everyday FOI’. I also wanted to take a step back and reflect on how issues of trust and trustworthiness and the current public debate about the notion of kindness in public policy, relate to access to information. 

And of course I began by challenging the view that access to information can be seen as a dry topic and one that is principally about systems. For me, this is about people. And rather than being just about the past, it is as much about the future. I spoke about the role that access to information has in creating trust and in democracy itself and quoted UNESCO’s Guy Berger who described access to information as an issue that “goes with the grain of history”.

I spoke about the ICO’s call for contractors carrying out public services to be held accountable under the Freedom of Information Act and the Environmental Information Regulations. The law has not kept pace with the way services are provided or with public expectations. Next year, 2020 will be the fifteenth year since the legislation came into force. It is inevitable that the environment in which the legislation operates has changed.

People must be able to feel that outsourced services are trustworthy. FOI can shine a spotlight and create the conditions for where it is reasonable for us to place our trust. It stands to reason that where that spotlight is not allowed to shine, trust is less likely to follow.

I questioned whether we need to develop some new framing for access to information rights. The information we hold as organisations isn’t ours. If we’re a public authority, it’s the public’s information and while there will always be a request and receive aspect of access to information rights, I queried whether we need to start talking about a more fundamental duty to provide information. 

The full text of the lecture is available here, and it will also be published in the British Records Association journal.

Gill Bull is Director of Freedom of Information Complaints and Compliance at the Information Commissioner’s Office where she is responsible for the ICO’s Freedom of Information and Environmental Information casework and compliance.