ICO – Martin Rosenbaum

FOI: Which complaints are upheld by the ICO?

Data analysis, FOI / 18 July 2024 / ICO

Freedom of information requests can be rejected for a range of reasons, but some are much more likely to be overturned by the Information Commissioner’s Office than others.

The details of this are made clear by my analysis of a dataset recently released by the ICO covering nearly 22,000 decisions issued by the information rights regulator since FOI came into force.

For example, the ICO has upheld nearly half the complaints received from information requesters against FOI refusals linked to protecting commercial interests. But it has upheld only one in six objections to refusals based on international relations.

This table shows, for each of the legal grounds for dismissing FOI requests, the number of complaints about that reason which the ICO has ruled on and the percentage which it has upheld (ie backing the requester and overriding the public authority).

Subject matter (section of FOI Act)	Number of complaints	Percentage upheld
The economy (29)	27	56
Relations within UK (28)	17	53
Commercial interests (43)	1010	47
Future publication or research (22/22A)	213	44
Health and safety (38)	119	42
Policy formation (35)	622	38
Already accessible (21)	332	36
Effective conduct of public affairs (36)	967	35
Audits (33)	38	34
Confidential information (41)	605	34
Law enforcement (31)	860	30
Vexatious or repeated (14)	1498	23
Investigations (30)	318	21
Personal data (40)	3097	18
Monarchy and honours (37)	181	18
Defence (26)	41	17
National security (24)	299	17
International relations (27)	292	16
Legal privilege (42)	507	16
Otherwise prohibited (44)	406	14
Cost (12)	1491	12
Court records (32)	108	8
Security bodies (23)	304	7
Parliamentary privilege (34)	12	0

Source: Martin Rosenbaum, based on ICO data

Or in chart form:

So during FOI’s two decades of operation, the ICO has been much happier to overrule public authorities on matters like commercial interests and policy formation than on topics like defence, security and international affairs.

My analysis uses three spreadsheets with details of ICO rulings which were recently disclosed via the What Do They Know website, in response to a request from Alison Benson. The spreadsheets list the ICO’s formal decision notices from the first one in 2005 until last month.

The ICO maintains that it provided this material voluntarily ‘on a discretionary basis’, arguing that the information would be already available through its routine publication of decision notices.

However the supply of these three files makes the statistical analysis of ICO rulings much more practical than by trying to process all the individually published decisions. The ICO’s release of this dataset is therefore a positive and welcome step in terms of its own transparency.

Environmental information

Note that my analysis excludes environmental information, which falls under a different law, the Environmental Information Regulations. The EIR exceptions do not exactly correspond to the FOI exemptions, so the data cannot be combined.

The numbers of EIR cases are fewer than for FOI, but a similar pattern emerges. Thus the ICO has more frequently overruled public authorities when they base an EIR refusal on commercial confidentiality or the internal nature of communications, rather than when authorities rely say on protecting the course of justice.

Delay

It is also possible to analyse aspects of the dataset in more detailed ways. Here is one example.

This table shows the 15 public authorities against whom the ICO has most often upheld complaints about delay in processing FOI requests (under section 10 of the FOI Act), and how many times this has happened since 2005.

Public authority	Upheld complaints about FOI delay
Home Office	303
Ministry of Justice	173
NHS England	162
Cabinet Office	161
Dept of Health and Social Care	84
Metropolitan Police	82
Dept for Work and Pensions	79
Foreign Office	74
Sussex Police	74
BBC	60
Ministry of Defence	58
Dept for Education	54
Wirral Council	43
Croydon Council	39
Information Commissioner’s Office	35

Source: Martin Rosenbaum, based on ICO data

On this measure the public authorities with the biggest record of delay since FOI was implemented are the Home Office, the Ministry of Justice, NHS England and the Cabinet Office.

Ironically the authority which comes 15th on this list of shame is the ICO itself! This is clearly a very bad record for an organisation which should be setting a good example of prompt compliance with the law, but at least as a regulator it has been willing to point out its own failings.

Notes: 1) My analysis amalgamates bodies which at some point since 2005 had some change of name or scope but remained essentially the same organisation (eg NHS England with NHS Commissioning Board; Department of Health and Social Care with Department of Health). 2) The ICO is thoroughly and annoyingly inconsistent when naming authorities (eg sometimes using ‘Metropolitan Police Service’ and sometimes using ‘Commissioner of the Metropolitan Police Service’. I hope I have spotted all such instances and combined the figures accordingly, but it is possible I have missed some.

FOI: Which complaints are upheld by the ICO? Read More »

The ICO’s tougher FOI enforcement policy

FOI / 20 September 2023 / ICO

This article was originally published on the website of Act Now Training, which provides training and consultancy on information law and governance.

Last month the Information Commissioner’s Office announced it was issuing another two Enforcement Notices against public authorities with extreme backlogs of FOI and EIR requests; the Ministry of Defence and the Environment Agency. From the published notices it is clear that both authorities had consistently failed to tackle their excessive delays, despite extensive discussions over many months with the ICO.

The ICO also issued Practice Recommendations, a lower level of sanction, to three authorities with a poor track record on FOI; Liverpool Council, Tower Hamlets Council and the Medicines and Healthcare Products Regulatory Agency. This brings the total of Enforcement Notices in the past year or so to six, and the number of Practice Recommendations to 12.

As Warren Seddon, the ICO’s Director of FOI, proclaimed in his blog on the subject, both these figures exceed the numbers previously issued by the ICO in the entire 17 years since the FOI Act came into force.

From my point of view, as a frequent requestor, this is good news. For requestors, the ICO’s current activity represents a welcome tougher stance on FOI regulation adopted by Seddon and also the Commissioner, John Edwards, since the latter took over at the start of last year.

Under the previous Commissioner Elizabeth Denham, any strategic enforcement regarding FOI and failing authorities had dwindled to nothing. The experience of requestors was that the FOI system was beset by persistent lengthy delays, both from many authorities and also at the level of ICO complaints.

The ICO’s Decision Notices would frequently comment on obstruction and incompetence from certain public bodies, as I reported when I was a BBC journalist, but without the regulator then making any serious systematic attempt to change the culture and operations of these authorities.

Under Denham the ICO had also ceased its previous policy of regularly and publicly revealing a list of authorities it was ‘monitoring’ due to their inadequate processing of FOI requests. Although this was in any case a weaker step than issuing formal enforcement notices and practice recommendations, in some cases it did have a positive effect.

Working at the BBC at the time I saw how, when the BBC was put into monitoring by the ICO, it greatly annoyed the information rights section, who brought in extra resources and made sure the BBC was released from it at the first opportunity.

On the other hand, other public authorities with long-lasting deficiencies, such as the Home Office and the Metropolitan Police, were kept in ICO monitoring repeatedly, without improving significantly and without further, more effective action being taken against them.

The ICO’s FOI team has also made important progress in the past year in rectifying its own defects in processing complaints, speeding things up and tackling its backlog. This led to a rapid rush of decision notices.

One result is that delay has been shifted further up the system, as the First-tier Tribunal has been struggling to cope with a concomitant increase in the number of decisions appealed. I understand that the proportion of decisions appealed did not change, although I don’t know if the balance between requestor appeals and authority appeals has altered.

Another consequence has been that decision notices now tend to be shorter than they used to be, especially those which support the stance of the public authority and thus require less interventionist argument from the ICO. Requestors may need to be reassured that the pressure on ICO staff for speedier decisions does not mean that finely balanced cases end up predominantly being decided on the side of the authority.

More generally I gather there is some concern within the ICO about its decisions under sections 35 and 36 of FOI, to do with policy formulation and free and frank advice, that some staff have got into a pattern of dismissing requestors’ arguments without properly considering the specific circumstances which may favour disclosure.

As part of its internal operational changes, a few months ago the ICO introduced a procedure for prioritisation amongst appeals and expediting selected ones. I have seen the evidence of this myself. A complaint I made in April was prioritised and allocated to a case worker within six weeks and then a decision notice served within another six weeks (although sadly my case was rejected). All done within three months.

On the other hand a much older appeal that I submitted to the ICO in May 2022 has extraordinarily still not even been allocated to a case worker 15 months later, from what I have been told. This is partly because it relates to the Cabinet Office, which accounts for a large proportion of the ICO’s oldest casework and has been allowed a longer period of time to work through old cases.

It is interesting to note that the ICO does not proactively tell complainants that their case has been prioritised, even when they have specifically argued it should be at the time of submitting their complaint.

The ICO wants to avoid its staff getting sucked in to disputes about which appeals merit prioritisation. If you want to know whether your case has been prioritised, you have to ask explicitly, and then you will be told.

The ICO has not yet officially released any statistics about the impact of its new prioritisation policy. However I understand that in the first three months about 60 cases were prioritised and allocated to a case officer to investigate within a month or so. This is a smaller number than might have been expected.

Around 80 percent of these were prioritised in line with the criterion for the importance of the public interest involved in the issue. And about 60 percent of decisions to prioritise reflected the fact that the requestor was in a good position to disseminate further any information received, possibly as a journalist or campaigner.

In most of the early decision notices for prioritised complaints the ICO has backed the authority and ruled against disclosure. So if you are a requestor, the fact that the ICO has decided to prioritise your appeal does certainly not mean that it has reached a preliminary decision that you are right.

The ICO’s tougher FOI enforcement policy Read More »

ICO sets out new targets for improvement

FOI / 15 July 2022 / ICO, John Edwards

*Information Commissioner John Edwards launching his new strategy*

John Edwards is clearly adapting to life in the UK, seven months after he arrived here from New Zealand to take up the role of Information Commissioner.

Launching his three-year strategic plan for the Information Commissioner’s Office yesterday, he succeeded in saying ‘day-ta’ most of the time, although he did manage to come out with at least one ‘dar-ta’.

While data protection (however pronounced) is certainly the main focus of his attention and indeed the dominant activity within his budget, the new Edwards plan is also important for those concerned about the FOI side of the ICO’s work.

To his credit Edwards has recognised publicly as well as privately that the substantial delays in the ICO’s handling of FOI complaints are not acceptable. In his speech he said that the administering of FOI law ‘requires fundamental change, and that change has to start in my office’.

He and his team have also shown a welcome willingness to engage with the FOI community and discuss (in his words) ‘how we fix a system that clearly needs fixing’.

As the ICO leadership itself recognises, things are now at the stage where requesters need to start seeing practical results rather than just hearing expressions of intention.

As part of its plan the ICO announced new objectives for its work on handling complaints under FOI law and the Environmental Information Regulations (EIR). These include:
• ensuring that less than 1% of its caseload is over 12 months old
• reaching a decision on 80% of complaints within six months
• ensuring that 66% of tribunal appeal decisions go in the ICO’s favour

The current serious casework delays are illustrated by new up-to-date statistics which the ICO also released yesterday, with a commitment to do this regularly.

This is a valuable improvement, because in recent periods the ICO has only been publishing an inadequate series of datasets which are outdated, patchy and limited to closed cases.

The latest figures (for end of June 2022) show that 7.2% of active cases were over 12 months old. The ICO had reached a ‘first decision’ within six months on only 67.7% of cases.

The new dataset of open casework reveals that the ICO is still investigating one complaint relating to Brent Council nearly 26 months after it was made in May 2020.

There are 25 FOI/EIR cases that were still unresolved over 18 months after they were received. Of these, one of them actually involves a complaint about the ICO itself.

But the public authority which features by far the most frequently in these long-delayed cases is the Cabinet Office, which accounts for nearly half of them – 11 of the 25 involve complaints about its refusal to supply information requested. It is not clear whether this is because the Cabinet Office handles especially tricky issues or whether it is particularly slow and difficult about cooperating with ICO investigations, or indeed both.

As for the ICO’s performance objective for when its decisions are appealed by dissatisfied requesters or authorities, I have done a very quick analysis of tribunal cases so far this year, and the target of 66% appears pretty close to the current success rate. My rough calculation produced a figure of 68% (it is based on the summary outcome listed on the tribunals website without checking the details of individual cases).

ICO staff accept that some of their decision notices will inevitably get overturned, but there is always a risk that faster processing of cases can lead to more reversals later.

The ICO says its new approach will include more active prioritisation of significant cases and greater attempts at speedy resolution of disputes without the issuing of a formal decision notice.

For the ICO to improve its FOI casework handling is important and will be a relief to frustrated requesters.

However it is essential as well for the ICO to tackle the crucial systemic issues of poor performance on FOI by numerous public authorities. This week the ICO also released a new framework for regulatory action.

While it is understandable that ICO staff wanted to have this revised policy in place before implementing a tougher stance, it is unclear for the moment how much tenacity will be deployed in carrying out its series of measures and enforcing better standards.

One early promising sign could be the practice recommendation it delivered this week to the Department of Health and Social Care, reprimanding the department over its failure to properly search non-corporate communication channels when responding to FOI requests.

In the Q&A session at the launch I raised one particularly egregious example of FOI deficiency, the fact that in the latest set of government statistics the Department for International Trade had breached the legal deadline for replying to requests an extraordinary 55% of the time.

I asked Edwards what more evidence he would need before taking enforcement action against a badly performing authority and he replied simply: ‘None’.

If this does indicate a much firmer attitude is being adopted, that then is good news and will be strongly welcomed by requesters pursuing their legal rights to information.

I understand the ICO has taken up the issue directly with the DIT. But how persistently determined it will actually be in tackling this sort of blatantly inadequate FOI record remains to be seen.

Edwards announced that he had persuaded government to set up a cross-Whitehall senior leadership group to drive improved compliance on data protection within the civil service. There is some hope within the ICO that this could in future be extended to cover systemic issues of government FOI compliance too.

Unlike his predecessor Elizabeth Denham whose extent of contact with the Cabinet Office had become minimal by the end of her tenure, Edwards says he’s happy with the level of engagement he has been getting from the Cabinet Office.

Edwards also stated that the ICO will be publishing its internal staff training materials on both FOI and data protection, and this is expected to happen soon.

The ICO has initiated a consultation exercise on the three-year plan. If you want to express your views, you can do so here.

ICO sets out new targets for improvement Read More »

The perils of @JCE_IC

FOI / 20 March 2022 / ICO, John Edwards, Twitter

From the internal briefings prepared for the new Information Commissioner John Edwards, it’s clear there has been rather a lot of angst among his senior colleagues about how he conducts his personal Twitter feed.

His account’s tone was casual and folksy when he was New Zealand’s Privacy Commissioner, combining some serious policy points with jokey remarks, funny videos and cultural criticism, while slipping into the occasional political controversy. As I said when I wrote about it before, I like its friendly informality, but I’m not at all surprised that his new cautious-minded colleagues seem deeply wary about the ‘risks’.

The induction documents recently released under FOI reveal how the ICO management assembled a battery of arguments and research to try to persuade him to adopt a more corporate approach for his tweeting.

They fear that his unofficial posts could be seen as the ICO’s organisational view and policy – perhaps they’re thinking of the time he described Facebook as ‘morally bankrupt pathological liars’.

They’re worried that his personal tweets could be ‘misconstrued’ – perhaps they saw the time he pointed out that a New Zealand opposition politician sent emails in comic sans.

They’re concerned that he could be seen as endorsing individuals or sub-tweeting – linking to a Guardian article that’s seven years old to explain to him the tricky etiquette of sub-tweeting.

They certainly don’t want him conversing with other Twitter users or getting involved in Twitter spats, recommending he should ‘reduce or limit interaction with other Twitter users’.

They warn him that ‘UK media have form of going through old tweets to try and find content that could be used critically’ and so maybe he should delete some of them, though obviously I worked through his back catalogue ages ago.

They would like him to change his Twitter bio so that it directs enquiries to @ICONews, but that hasn’t happened – yet.

And naturally they want him to focus his feed on ICO work and events, and tweet about this in a timely way. They’ve done their research and thus can draw attention to the anodyne content of the personal Twitter feeds of various other heads of UK public agencies – who are largely content to retweet their organisations’ press statements, with a little extra stuff on the wonderful work of whichever outpost they have just visited, perhaps a picture of some conference they’ve spoken at, and minimal interaction with anyone else. This familiar flow of earnest tedium is presented as ‘good practice’ in corporate social media.

Still it’s not all negative – they point out that the @ICONews Twitter account has ten times the followers that Edwards has personally, and therefore they ‘can help to grow’ his follower base.

Has it changed the tone of his tweets? Maybe Edwards is being a bit more careful and corporate, but we’re still getting the muppet videos and the cautionary tales of how to behave on trains.

The perils of @JCE_IC Read More »

Inducting Mr Edwards

FOI / 19 March 2022 / BIMs, ICO, John Edwards

John Edwards *(Photo credit: PrivacyMaven – CC BY-SA 4.0)*

In New Zealand they’re called BIMs – Briefings to Incoming Ministers – and it’s routine for these induction documents explaining background and policy options for the new office-holders to be published. It’s one example of how NZ outdoes the UK on government openness in policy formulation.

So perhaps the new Information Commissioner John Edwards, a New Zealander, was not surprised that someone (not me, by the way) put in a freedom of information request for the internal briefings he received on taking up his post in January.

In response the ICO has now released a large batch of material covering 21 documents – there’s a lot to read when you want to be someone – and it sheds some fascinating light on the thinking within the organisation’s senior management team.

One point first: Anyone familiar with how FOI works in practice will note that the ICO has disclosed some internal discussion points which many UK public authorities would have sought to keep secret, claiming it would harm the free exchange of views (until the ICO overrules them several months later if the requester bothers to complain). Of course they’ve acted rightly in line with the public interest and set the correct example by releasing this material, but still credit to them for doing so. (Some information has been withheld, to protect frankness of discussion, their investigations, international relations, and legal advice.)

While much of the content is about data protection, and there’s some revealing analysis on the ICO’s overall strategy, I’ll focus on my interest, which is the FOI side of their work.

The ICO is clearly very sensitive to two common criticisms. Firstly, that it concentrates on data protection and privacy issues at the expense of FOI. Secondly, that it has failed to tackle the substantial and apparently growing delays affecting its FOI appeals casework – many complainants are now told they will have to wait nine months just for their appeal to be allocated to a case officer.

This can be seen in the briefing paper on developing FOI strategy. It argues against a simple focus on casework and enforcement with limited involvement in policy debate, largely because that would play into fears about the ICO neglecting FOI and encourage the view that FOI responsibilities should be given to another organisation.

The briefing papers also contain numerous references to the knock-on problems stemming from the ICO’s inability to stay on top of its FOI appeals caseload (which involves complaints about the handling of FOI requests by other public bodies).

The FOI strategy paper acknowledges that the delays in complaint handling ‘do understandably draw criticism’, although it argues the ICO is ‘hampered’ due to available resources. It also accepts that the ICO’s current enforcement powers are ‘arguably underused’.

A draft communications plan for the new commissioner’s ‘first 100 days’ is revealing when it expresses worry about initiating a campaign for Edwards to speak out about the ‘continued value’ of FOI. The fear is of resultant publicity risks, namely ‘poss criticism around a significant casework backlog’.

I have to confess that on this point the ICO comms team have got people like me bang to rights. When the ICO press office drew attention to Edwards talking about the benefits of FOI in a media interview, this is indeed the theme I picked up on.

This briefing also notes concern that it could open up questions of charging for FOI requests, a topic Edwards surprisingly raised at his select committee appointment hearing, to the consternation of openness campaigners. He later told me that it was an ‘off the cuff response’ linked to his experience in New Zealand. But the paper also argues this would be an ‘opportunity to set record straight and keep civil society stakeholders at bay for a while’.

Another campaign idea considered is one to ‘highlight how FOI has informed public debate’ and ‘remind people how to make FOI requests’. But the document again points out a possible downside for an organisation which can’t handle its current caseload: generating more FOI requests would ultimately put ‘increased pressure’ on the resources of the ICO.

A paper on overall strategic planning includes this for a ‘draft enduring strategic objective’: ‘We will not continue to simply grow the approach of dealing with more and more appeals with static or net reductions in grant-in-aid funding but will instead focus on encouraging public authorities to be more transparent and open, publishing more information routinely and so avoiding the need for the public to escalate appeals to the ICO.’

However, the notion that more routine publication will avoid ICO appeals is a futile and irrelevant hope. Proactive release of information is a good thing, but there is very limited overlap between the material organisations will willingly agree to publish routinely, and the contentious requests for material that requesters really want to access which reach the ICO.

What would cut ICO casework is getting authorities to adopt habits of responding on time and releasing the information that they should release, which needs tougher enforcement.

When Chris Graham became Information Commissioner in 2009, he made it his top priority to reduce the organisation’s then appalling FOI casework backlog. He felt it was necessary so that the ICO could speak with credibility and authority. By thoroughly reviewing processes and structures within existing resource levels, and bringing a spirit of determination that boosted morale and swept aside the fatalism of some staff, he succeeded.

These documents indicate how today’s ICO is constrained by its organisational failure to stay on top of its FOI casework.

There are other interesting themes to be gleaned from all the induction briefing papers, including:

A report on the backlog in the ICO’s own FOI requests (this is distinct to the backlog for complaints about other organisations), which says that by the end of June they expect to reach their target of answering 92% of requests within the legal time limit.
A paper from the ICO’s Parliament and Government Affairs department, its lobbying team, which states that one of PGA’s ‘important functions’ is to ‘facilitate any necessary engagement’ between government and the ICO’s enforcement and casework sections – which surprised me and suggests an uneasy crossover of internal roles for a regulator.
A list of what the management think the other ranks might ask Edwards at an initial all-staff Q&A session, from matters of top-level strategy to the vexed issues of car parking and will he base himself in Manchester or London;
A media guide containing the press office’s views, positive and negative, on certain journalists;
And a lot of unease about the new Commissioner’s personal Twitter feed, which merits a blog post of its own.

Inducting Mr Edwards Read More »

The ICO monitors the ICO

FOI / 24 January 2022 / ICO

The information law regulator has reached an agreement with itself to hold a regular series of meetings with itself, so that its staff can check up on how its staff are doing on answering freedom of information requests.

One of the tasks of the Information Commissioner’s Office is to try to improve the performance of public authorities with a particularly bad track record on dealing with FOI applications, such as … the Information Commissioner’s Office.

Last month the ICO revealed it would writing to the, um, ICO, to find out about the ICO’s plans to do better in future and so avoid being further criticised by, yes, the ICO.

This has now happened, and in an unusually speedy response to my FOI request, the ICO has sent me the correspondence.

It reveals that in the first nine months of the current financial year, the ICO only responded to 71% of FOI requests on time. At Christmas there were three requests that were over a year overdue.

The group manager for complaints wrote to the head of corporate planning to say: “We cannot ignore the fact that we have had an increasing number of complaints reported to us about the ICO in relation to late compliance with information requests. Adverse media coverage and blogs have also reported on these issues … We are therefore requesting a formal update on your recovery plans”.

The reply says “We recognise our performance is not where it should be”.

The recovery plan has now been published on the ICO website. It says they are recruiting and reallocating staff, with the aim of ensuring that 90% of FOI requests are responded to on time by the end of June, while requests over a year overdue should be cleared by the end of February.

This is all to do with the FOI requests which the ICO itself receives, not the complaints it assesses about the processing of FOI requests sent to other public bodies. That side of the ICO’s operations is also affected by serious delays.

The disclosed correspondence shows that the complaints team will meet monthly with the information access team to review progress. All those who comment agree that the ICO should treat itself in the same way it would treat any other public authority with an inadequate record of compliance with FOI law.

It does seem somewhat absurd, but it is nevertheless better than alternative arrangements – such as the ICO not being subject to FOI requests at all, or not falling under the oversight of an information rights regulator, or being let off the hook by its own staff rather than publicly and embarrassingly rebuked.

On the other hand, this process wouldn’t be necessary if the ICO actually responded promptly and efficiently to information requests.

While this request was responded to quickly, another of my FOI requests has not had a reply from the ICO nearly three months after it was submitted.

The ICO monitors the ICO Read More »

John Edwards, the kindly stranger and the funny tweets

FOI / 3 January 2022 / ICO, John Edwards, luggage trolleys

The new UK Information Commissioner, John Edwards, takes office today, after recently flying across the globe from New Zealand where he was Privacy Commissioner – and, as he reported on Twitter, encountering on arrival a kindly stranger at Gatwick airport who gave him a pound coin to unlock a luggage trolley.

However the UK’s FOI community are not convinced that Edwards himself will turn out to be a kindly stranger. Indeed his arrival in the post is regarded with some trepidation.

This is primarily because of the surprising and indeed disconcerting remarks which Edwards made in September to the House of Commons DCMS committee, at his pre-appointment hearing.

In the FOI section he quickly and without prompting raised the topic of what he called the “extraordinary administrative burden” arising from some FOI requests, and added that “it is legitimate to ask a requester to meet the cost of some of that administration, otherwise you see there is a potential for cross-subsidisation of people who are overusing or even abusing those rights”.

Edwards also expressed a distinct lack of enthusiasm for expanding freedom of information further for private sector bodies who are contracted to deliver public services – “I suppose extending FOI to cover those organisations would be one option”, he replied rather guardedly to this suggestion from an MP.

These statements are a contrast to the stronger pro-transparency stances adopted by previous UK Information Commissioners, who have opposed fees for freedom of information requests, defended FOI against rhetoric about “burden” and “abuse”, and advocated such a broadening of the FOI system.

Nevertheless, for those who like a more positive take, there is a more optimistic viewpoint. This is that Edwards was effectively talking about the situation in New Zealand rather than the UK.

From his remarks he seemed unaware of the tight legal cost limits that apply to FOI responses in the UK. These curtail the administrative effort and cap costs, and also push requesters (or at least the more effective ones) into making narrower rather than wide-ranging applications. Such specific limits do not exist in New Zealand, where the law instead does allow charging for some FOI requests but for a range of reasons public bodies often do not make requesters pay.

Possibly Edwards had briefed himself inadequately on the FOI part of his new role. But that could also turn out to be a problem, if it is symptomatic of a neglect of FOI.

This has already been a serious issue at the UK Information Commissioner’s Office, whose resources, public statements and high profile casework in recent years have increasingly been dominated by the data protection side of their responsibilities, to the detriment of their FOI work.

And in New Zealand as Privacy Commissioner for eight years, Edwards himself was focused on the data protection and privacy field. The country’s freedom of information system is enforced by a different regulator, the Ombudsman (Edwards worked there much earlier in his career).

However, there are some positive views on government transparency in the personal blog Edwards wrote when a lawyer in private practice, before becoming Privacy Commissioner.

In one 2011 piece he argued for the disclosure of free and frank policy advice as “precisely what the electorate needs”. In 2012 he praised the release of briefings for incoming ministers, even if this meant they were then written with a view to public consumption, on the basis that “officials should prepare advice that to the greatest extent possible can stand up to public scrutiny”.

The disclosure of internal government policy advice and especially cabinet papers, particularly once decisions have been taken, has gone much further in New Zealand than under FOI in the UK (although journalists there are still not happy about what they don’t get). If it turned out that Edwards actually wanted to import some of that culture and practice from back home into the UK FOI system it could have a big effect on the role of the ICO.

(Incidentally, his blog also reveals that the Gatwick luggage trolley incident was not the first time he was saved financially by a helpful representative of Britain. As a young budget traveller he once faced a tricky situation with some Bolivian officials who demanded an extortionate sum to stamp his passport. Fortunately he was rescued by the intervention of the British Consul and her insistence on “bureaucratic banalities” – she maintained that any such payment would need a receipt, which for some reason the law enforcers of La Paz were reluctant to provide. And whether for good or ill, Edwards is now about to encounter more of the bureaucratic banalities of the British state).

Ensuring that freedom of information does get enough attention from his office and is pursued with energy and commitment is one crucial challenge facing the new Commissioner. Another is rectifying the sorry state of how the ICO itself complies with FOI law.

The Privacy Commissioner’s office in NZ is subject to the information rights regime of the country’s Official Information Act (OIA). In the four-year period of 2017-21 it received 130 information requests, of which only one was answered outside the legal timeframe. And the Ombudsman’s office tells me that during Edwards’ tenure as Privacy Commissioner it did not uphold a single OIA complaint against the PC.

If Edwards can grasp the issue here with determination and replicate something like that sort of performance at the ICO it would indeed be a major achievement, but the ICO is a much bigger and more complex organisation with a much larger casework, and a very poor track record recently on handling its own FOI requests, which often gives the ICO the embarrassing task of rebuking itself.

In his valedictory office webinar in New Zealand, Edwards cautiously stressed the “constant tension” and “balance” between assisting organisations to achieve their objectives and being an assertive regulator and enforcer. That was in the context of data protection, but in the FOI area as well his impact will depend on which side of that balance he actually gives most weight to.

It will also rest on what is now his personal balance between seeing the world through the perspective of administratively minded state officials or that of a lawyer representing the individual rights of citizens.

One of his New Zealand habits that it looks like Edwards will maintain is his personal Twitter feed. Informal, folksy, casual and sometimes glib, its tone and content will be rather unusual for a top-ranking British public figure at a state regulatory body.

He has combined serious points on privacy policy and some later deleted stinging criticism of Facebook (“morally bankrupt pathological liars”), with comments on the latest cinematic releases, lots of jokey remarks and funny videos, and an occasional willingness to get involved in political controversy.

It sometimes caused him trouble in New Zealand, and unless he’s very careful I predict it will cause him more trouble here (in many ways I think that’s a shame, as I like his friendly informality, but that’s how things work), despite the proclamation in his pinned tweet below:

His recent “I could have been someone” tweet also captured above was presumably a Christmas reference to the lyrics of Fairytale of New York. Whatever deeper personal meaning may lie hidden in his gnomic expression we can only guess at. Still, if you meet him your opening conversational gambit could be “Well, so could anyone” (perhaps after you’ve offered him a pound coin).

What kind of “someone” will he turn out to be as UK Information Commissioner?

Somebody in New Zealand who has observed Edwards’ work closely over many years told me: “He genuinely cares about people’s well-being and that institutions are well governed”.

If Edwards wants to deliver on these two notions in the freedom of information field here, he needs to ensure (a) that people’s individual rights to access public sector information are enforced rigorously and assertively, defended against resistance and backlash, and ideally extended; and (b) that the ICO itself becomes a prompt and efficient and well-governed institution in handling information casework and requests.

We shall see. Meanwhile I find it difficult to imagine any of his predecessors as Information Commissioner so gleefully tweeting this video.

Update

John Edwards has responded to my blog above with the following comments on Twitter:

“I think any trepidation of the sort you mention, based as it is on a single off the cuff response at select committee, informed, as you say, by my NZ experience, is misplaced. I have always been a strong advocate for FOI, and will continue be in my new role.”

“Also, what you have characterised as “a distinct lack of enthusiasm for expanding freedom of information further for private sector” was more in the nature of a thoughtful pause to consider the various different ways that could be achieved.”

He also said: “I didn’t even know those old blog posts were still accessible!”

John Edwards, the kindly stranger and the funny tweets Read More »

ICO latest casework dataset

FOI / 13 August 2021 / ICO

The incoming Information Commissioner will face a serious challenge in getting on top of the ICO’s increased backlog of FOI cases.

The ICO currently has 2,317 open complaints under the Freedom of Information Act and Environmental Information Regulations, according to the latest database of their open casework which I have obtained from them.

It shows 79 cases which the ICO has already taken over a year to process. Of these, nine concern complaints about the Cabinet Office and six about the Foreign Office, including several relating to the FOI exemption for security bodies.

The oldest case goes back over two years and involves Transport for London and the use of the cost limit exemption.

The ICO states this dataset for open casework can’t be directly compared to the active FOI caseload obtained from May by the Campaign for Freedom of Information, which listed 1,748 open complaints. The new dataset includes various cases not in that one, including EIR complaints, and also cases where the ICO is awaiting further information before launching an investigation – according to the ICO there is a “subtle difference” between what it calls its “active caseload” and its “open casework”.

The ICO says: “We have plans in place to address the rise in work over the coming financial year, particularly as the new staff we have recently recruited complete their training and ways of working return to normal.”

ICO latest casework dataset Read More »

ICO and the pre-pandemic delays

FOI / 27 July 2021 / ICO

The latest performance data issued by the Information Commissioner’s Office confirms how the ICO was falling behind on dealing with FOI cases before the pandemic.

Yesterday the ICO released a new batch in its ‘proactive disclosure’ of monthly complaints data. This is somewhat old given it covers a period two years ago, from April to August 2019, but it does show how its record on processing FOI and EIR casework was deteriorating even before the disruption caused by Covid.

The average time taken on a case closed in this period which involved a decision notice was 176 days. Comparing this to the same 5-month timeframe in previous years where data is still available gives the following, according to my calculations based on the ICO datasets:

Average time taken to close FOI/EIR cases which involve decision notices:

Apr-Aug 2014: 142 days
Apr-Aug 2015: 122 days
Apr-Aug 2016: 141 days
Apr-Aug 2017: 158 days
Apr-Aug 2018: 159 days
Apr-Aug 2019: 176 days

Analysing the monthly complaints data demonstrates a disturbing pattern of increasing delay over these years.

From around 2017 the ICO started to deal more quickly with simple cases it could reject easily on procedural grounds (eg because the complainant failed to ask the public authority involved for an internal review before approaching the ICO). But the delays have got even longer for complaints which go to a formal ICO decision notice – and these would include the significant cases that really matter.

Since the pandemic took hold matters have of course got worse, as was revealed in data obtained by the Campaign for Freedom of Information.

There’s also a very useful analysis of numerous aspects of ICO operational data in this report by the researcher Lucas Amin for the campaign group openDemocracy.

The latest ICO annual report said: “There will be a focus on these matters as lockdown restrictions are lifted to be able to progress the oldest cases as soon as possible, nonetheless, there is an obvious effect on both those cases over 12 months old as well as the age profile generally. It is anticipated that this will be rectified in the medium term.”

What constitutes “the medium term” is not clear.

ICO and the pre-pandemic delays Read More »