Freedom of information requests can be rejected for a range of reasons, but some are much more likely to be overturned by the Information Commissioner’s Office than others.
The details of this are made clear by my analysis of a dataset recently released by the ICO covering nearly 22,000 decisions issued by the information rights regulator since FOI came into force.
For example, the ICO has upheld nearly half the complaints received from information requesters against FOI refusals linked to protecting commercial interests. But it has upheld only one in six objections to refusals based on international relations.
This table shows, for each of the legal grounds for dismissing FOI requests, the number of complaints about that reason which the ICO has ruled on and the percentage which it has upheld (ie backing the requester and overriding the public authority).
| Subject matter (section of FOI Act) | Number of complaints | Percentage upheld |
| The economy (29) | 27 | 56 |
| Relations within UK (28) | 17 | 53 |
| Commercial interests (43) | 1010 | 47 |
| Future publication or research (22/22A) | 213 | 44 |
| Health and safety (38) | 119 | 42 |
| Policy formation (35) | 622 | 38 |
| Already accessible (21) | 332 | 36 |
| Effective conduct of public affairs (36) | 967 | 35 |
| Audits (33) | 38 | 34 |
| Confidential information (41) | 605 | 34 |
| Law enforcement (31) | 860 | 30 |
| Vexatious or repeated (14) | 1498 | 23 |
| Investigations (30) | 318 | 21 |
| Personal data (40) | 3097 | 18 |
| Monarchy and honours (37) | 181 | 18 |
| Defence (26) | 41 | 17 |
| National security (24) | 299 | 17 |
| International relations (27) | 292 | 16 |
| Legal privilege (42) | 507 | 16 |
| Otherwise prohibited (44) | 406 | 14 |
| Cost (12) | 1491 | 12 |
| Court records (32) | 108 | 8 |
| Security bodies (23) | 304 | 7 |
| Parliamentary privilege (34) | 12 | 0 |
Or in chart form:
So during FOI’s two decades of operation, the ICO has been much happier to overrule public authorities on matters like commercial interests and policy formation than on topics like defence, security and international affairs.
My analysis uses three spreadsheets with details of ICO rulings which were recently disclosed via the What Do They Know website, in response to a request from Alison Benson. The spreadsheets list the ICO’s formal decision notices from the first one in 2005 until last month.
The ICO maintains that it provided this material voluntarily ‘on a discretionary basis’, arguing that the information would be already available through its routine publication of decision notices.
However the supply of these three files makes the statistical analysis of ICO rulings much more practical than by trying to process all the individually published decisions. The ICO’s release of this dataset is therefore a positive and welcome step in terms of its own transparency.
Environmental information
Note that my analysis excludes environmental information, which falls under a different law, the Environmental Information Regulations. The EIR exceptions do not exactly correspond to the FOI exemptions, so the data cannot be combined.
The numbers of EIR cases are fewer than for FOI, but a similar pattern emerges. Thus the ICO has more frequently overruled public authorities when they base an EIR refusal on commercial confidentiality or the internal nature of communications, rather than when authorities rely say on protecting the course of justice.
Delay
It is also possible to analyse aspects of the dataset in more detailed ways. Here is one example.
This table shows the 15 public authorities against whom the ICO has most often upheld complaints about delay in processing FOI requests (under section 10 of the FOI Act), and how many times this has happened since 2005.
| Public authority | Upheld complaints about FOI delay |
| Home Office | 303 |
| Ministry of Justice | 173 |
| NHS England | 162 |
| Cabinet Office | 161 |
| Dept of Health and Social Care | 84 |
| Metropolitan Police | 82 |
| Dept for Work and Pensions | 79 |
| Foreign Office | 74 |
| Sussex Police | 74 |
| BBC | 60 |
| Ministry of Defence | 58 |
| Dept for Education | 54 |
| Wirral Council | 43 |
| Croydon Council | 39 |
| Information Commissioner’s Office | 35 |
On this measure the public authorities with the biggest record of delay since FOI was implemented are the Home Office, the Ministry of Justice, NHS England and the Cabinet Office.
Ironically the authority which comes 15th on this list of shame is the ICO itself! This is clearly a very bad record for an organisation which should be setting a good example of prompt compliance with the law, but at least as a regulator it has been willing to point out its own failings.
Notes: 1) My analysis amalgamates bodies which at some point since 2005 had some change of name or scope but remained essentially the same organisation (eg NHS England with NHS Commissioning Board; Department of Health and Social Care with Department of Health). 2) The ICO is thoroughly and annoyingly inconsistent when naming authorities (eg sometimes using ‘Metropolitan Police Service’ and sometimes using ‘Commissioner of the Metropolitan Police Service’. I hope I have spotted all such instances and combined the figures accordingly, but it is possible I have missed some.