Practical Law

Our quarterly freedom of information law blogs focus on the latest developments in freedom of information law under the Freedom of Information Act 2000 (FOIA) and the Environmental Information Regulations 2004 (SI 2004/3391) (EIR). The blog will enable readers advising on freedom of information law to catch up on the most important cases, issues or developments on the topic. This post looks at freedom of information law developments from July to September 2017. In this post, we look at:

• Court of Appeal decisions.
• Decisions of the First-tier Tribunal (Information Rights).
• ICO developments.
• Other European and governmental publications.
• Featured blogs.
• Recent Ask queries.

Please feel free to submit a comment below or send us an Ask query if you have any views on the cases, issues or developments that are covered, or if you think we have missed something that should be brought to the attention of freedom of information practitioners.

COURT OF APPEAL DECISIONS

Context of communications and data report renders it “environmental information” and subject to the EIR (Court of Appeal) (The Department for Business, Energy and Industrial Strategy v Information Commissioner and another)

On 29 June 2017, the Court of Appeal held that a communications and data focused component of a wider environmental measure was “environmental information” and that a request for it should be determined in accordance with the Environmental Information Regulations 2004 (SI 2004/3391) (EIR).

The requester and second respondent, Alex Henney, had asked the former Department for Energy and Climate Change (DECC) (which was succeeded by the Department for Business, Energy and Industrial Strategy) for information in a Project Assessment Review about the communications and data component of the government’s Smart Meter Programme (SMP). DECC refused the request and argued that the information was not “environmental” and should be considered under the Freedom of Information Act 2000.

The parties agreed that the SMP was an environmental measure in accordance with the EIR but it was disputed that the communications and data component was sufficiently connected to it in order to constitute environmental information.

The court held that the information was “environmental information” and that the request should be determined in accordance with the EIR. In particular, it considered that it was permissible to consider the context in which the information appeared, and not solely what the information was “specifically, directly or immediately about”. The court was also informed by the objectives of the Aarhus Convention and the Directive on public access to environmental information (2003/4/EC), which fostered public access to environmental information, and considered that disclosure would be consistent with these.

The case provides important clarity on the definition of environmental information, and the scope of the EIR. It serves as a reminder that the EIR may apply to information with little apparent intrinsic environmental value.

DECISIONS OF THE FIRST-TIER TRIBUNAL (INFORMATION RIGHTS)

NHS Trust required to confirm or deny whether it holds information concerning death of former mental health patient (Christopher Phillips v Information Commissioner)

On 9 August 2017, the First-tier Tribunal (Information Rights) (FTT(IR)) held that the West London Mental Health NHS Trust was required to confirm or deny whether it held information concerning the death of a former patient at Broadmoor Hospital, and could not rely on the exemptions in section 40(5)(b)(i) of the Freedom of Information Act 2000 (FOIA) (personal information) or section 41(2) (breach of confidence).

BBC internal report on Brexit coverage is held for purposes of journalism and outside scope of FOIA (Bradshaw v Information Commissioner)

On 3 August 2017, the FTT(IR) held that the BBC was entitled to refuse a request for an internal report concerning its coverage of the UK’s vote to leave the EU, on the basis that it was held for the purposes of journalism and did not engage FOIA.

Section 40(5) not an absolute exemption from the duty to confirm or deny whether personal information is held (Sweeney v Information Commissioner)

On 28 July 2017, the FTT(IR) held that the Chief Constable of West Midlands Police was not entitled to rely on the exemption in section 40(5)(a) of FOIA to refuse to confirm or deny whether the police held personal information requested by the appellant, about a man whom he alleged had assaulted him. The alleged assailant was interviewed by the police but was not charged with any offence or cautioned.

Council’s communications with joint venture company concerning property development withheld from disclosure as “internal” documents under regulation 12(4)(e) (Salford City Council v Information Commissioner and another)

On 4 July 2017, the FTT(IR) held that Salford City Council could rely on the exception in regulation 12(4)(e) (internal communications), amongst others, of the EIR, and withhold information arising from a proposed development.

Industrial approval authority required to disclose manufacturers’ technical information and diagrams (Vehicle Certification Agency v Information Commissioner and another)

On 12 July 2017, the FTT(IR) held that technical product information submitted by manufacturers to and for approval by the Vehicle Certification Agency (VCA) should be disclosed under the EIR.

Client Earth, the second respondent, requested information from the VCA relating to the VCA’s testing of the emissions produced by engines of motorised garden equipment, which it understood to exceed permitted emissions limits despite the VCA’s approval. The information requested included documents from applicant manufacturers that disclosed engines’ technical specifications, including photographs and technical drawings of the engine and some of its components, and diagrams illustrating certain performance characteristics.

The FTT(IR) held that the VCA could not withhold the information under the exception in regulation 12(5)(e) (confidentiality of commercial or industrial information where such confidentiality is provided by law to protect a legitimate economic interest) given that, since the products had been approved and made publicly available on the market, the information could be discerned by reverse-engineering. The common law conditions for confidentiality set out in Coco v A N Clark (Engineers) Ltd [1969] RPC 41 were not established. The FTT(IR) also held that the VCA could not rely on the exceptions in regulation 12(5)(a) (international relations) or regulation 12(5)(c) (intellectual property rights).

The case will be particularly relevant to public authorities, typically licensing bodies, that handle information that becomes publicly available by way of a physical item or product, and examines the limits of the regulation 12(5)(e) exception in this context.

ICO DEVELOPMENTS

Information Commissioner urges councils and other public bodies to disclose fire safety information

On 2 August 2017, the Information Commissioner (IC), Elizabeth Denham, recommended that councils and other public bodies disclose fire safety information on a proactive basis, rather than in response to Freedom of Information requests.

Request for information and messages from Cabinet Office’s cloud communications system (Slack) is vexatious under section 14 (ICO Decision notice: FS50667128)

On 26 July 2017, the IC held that a request for information and messages from the Cabinet Office’s (CO) cloud communications system (Slack) was vexatious in accordance with section 14(1) of FOIA.

Slack permitted internal users to communicate with each other via all-user channels (referred to in the decision notice as “public messages”), private channels and direct, private messaging. The CO instructed staff to use “official systems”, and not Slack, for their decision making but acknowledged that at least some messages sent through Slack would concern official business and be held for the purposes of FOIA.

The IC considered that complying with the request would have placed an undue burden on the CO, requiring it to manually review 65,000 public messages alone for potentially exempt information, and that it had correctly relied on the section 14 exemption.

This is the first time the IC has considered a request relating to Slack, and the decision notice is notable for the IC’s comments on the public interest in providing the public with insight into how the CO used Slack to communicate. It is, therefore, of relevance to public authorities that use Slack or alternative cloud communications tools internally and may be followed by further guidance from the ICO to public authorities.

ICO publishes Annual Report 2016/17

On 13 July 2017, the IC published her first Annual Report and Financial Statements since becoming the UK’s Information Commissioner in July 2016, taking over the post from Christopher Graham.

The IC said that the Information Commissioner’s Office (ICO), as well as preparing for changes in data protection law, has ensured that FOIA is well-regulated. The IC sees changes in the laws that the ICO regulates as an opportunity to improve the trust that the public feels in those who process their personal data or who make information available to the public; the ICO’s Information Rights Strategic Plan places that trust at the heart of what the ICO does.

OTHER EUROPEAN AND GOVERNMENTAL PUBLICATIONS

Consultation on the Re-use of Public Sector Information Directive launched by European Commission

On 19 September 2017, the European Commission issued a consultation on the review of the Re-use of Public Sector Information Directive (2003/98/EC). This forms part of its mid-term review on implementation of the Digital Single Market Strategy.

NAO guidance on cyber security and information risk for audit committees published

On 14 September 2017, the National Audit Office published cyber security and information risk guidance (guidance) for audit committees. The NAO found that while awareness of cyber security risks is rising, there is still considerable uncertainty about how audit committees across the public sector can best exercise their responsibilities in this area.

FEATURED BLOGS

We have published the following blog that may be of interest to information law practitioners:

• Employee “consent” under the GDPR.

RECENT ASK QUERIES

We have published the following Ask queries:

• Can a depublished planning objection letter, allegedly created by an identity thief, be disclosed under EIR/FOIA?
• Can a local Council disclose a public sector employee’s job title and reason for leaving to the press under the DPA or FOIA?
• Does a council’s duty not to disclose personal data under the DPA 1998 and FOIA regarding settlement agreements and salary information override the obligation to publish accounts under the Accounts and Audit Regulations 2015?
• Does the Freedom of Information Act 2000 prevent requested information being deleted to avoid disclsoure?
• Is it a breach of the DPA if a councillor forwards an email from a constituent to a third party?
• Under what legislation must public records be released after 20 years, and what are the effects of the 20 year rule under the Public Records Act 1958?
• What is the legal power for sharing employees’ personal data with a supplier and what is the common law position when you share employee data for contract purposes?
• When considering an FOIA request for disclosure of tender submissions, is there a requirement to check bidders’ position regarding disclosure?
• Where a local authority applies to itself for planning permission, does the exemption of confidential information under FOI and EIR still apply?