In brief
The Freedom of Information Act 2000 provides public access to information held by public authorities.
It does this in two ways:
- public authorities are obliged to publish certain information about their activities; and
- members of the public are entitled to request information from public authorities.
The Act covers any recorded information that is held by a public authority in England, Wales and Northern Ireland, and by UK-wide public authorities based in Scotland. Information held by Scottish public authorities is covered by Scotland’s own Freedom of Information (Scotland) Act 2002.
Public authorities include government departments, local authorities, the NHS, state schools and police forces. However, the Act does not necessarily cover every organisation that receives public money. For example, it does not cover some charities that receive grants and certain private sector organisations that perform public functions.
Recorded information includes printed documents, computer files, letters, emails, photographs, and sound or video recordings.
The Act does not give people access to their own personal data (information about themselves) such as their health records or credit reference file. If a member of the public wants to see information that a public authority holds about them, they should make a data protection subject access request.
In more detail
What is the Freedom of Information Act for?
The government first published proposals for freedom of information in 1997. In the white paper Your Right to Know, the government explained that the aim was a more open government based on mutual trust.
“Openness is fundamental to the political health of a modern state. This White Paper marks a watershed in the relationship between the government and people of the United Kingdom. At last there is a government ready to trust the people with a legal right to information.”
Public authorities spend money collected from taxpayers, and make decisions that can significantly affect many people’s lives. Access to information helps the public make public authorities accountable for their actions and allows public debate to be better informed and more productive.
“Unnecessary secrecy in government leads to arrogance in governance and defective decision-making.” – Your Right to Know
Access to official information can also improve public confidence and trust if government and public sector bodies are seen as being open. In a 2011 survey carried out on behalf of the Information Commissioner’s Office, 81% of public bodies questioned agreed that the Act had increased the public’s trust in their organisation.
What are the principles behind the Freedom of Information Act?
The main principle behind freedom of information legislation is that people have a right to know about the activities of public authorities, unless there is a good reason for them not to. This is sometimes described as a presumption or assumption in favour of disclosure. The Act is also sometimes described as purpose and applicant blind.
This means that:
- everybody has a right to access official information. Disclosure of information should be the default – in other words, information should be kept private only when there is a good reason and it is permitted by the Act;
- an applicant (requester) does not need to give you a reason for wanting the information. On the contrary, you must justify refusing them information;
- you must treat all requests for information equally, except under some circumstances relating to vexatious requests and personal data (see When can we refuse a request? for details on these). The information someone can get under the Act should not be affected by who they are. You should treat all requesters equally, whether they are journalists, local residents, public authority employees, or foreign researchers; and
- because you should treat all requesters equally, you should only disclose information under the Act if you would disclose it to anyone else who asked. In other words, you should consider any information you release under the Act as if it were being released to the world at large.
This does not prevent you voluntarily giving information to certain people outside the provisions of the Act.
Are we covered by the Freedom of Information Act?
The Act only covers public authorities. Schedule 1 of the Act contains a list of the bodies that are classed as public authorities in this context. Some of these bodies are listed by name, such as the Health and Safety Executive or the National Gallery. Others are listed by type, for example government departments, parish councils, or maintained schools. Executive agencies are classed as part of their parent government department; for example, the DVLA is covered by the Act because it is part of the Department for Transport. However, arm’s-length bodies are not considered part of the department sponsoring them, and they are listed individually in Part VI of Schedule 1.
Section 5 of the Act gives the Secretary of State the power to designate further bodies as public authorities. If in doubt, you can check the latest position at http://www.legislation.gov.uk.
Certain bodies are only covered for some of the information they hold, for example:
- GPs, dentists and other health practitioners only have to provide information about their NHS work;
- the BBC, Channel 4 and the Welsh channel S4C (the public service broadcasters) do not have to provide information about journalistic, literary or artistic activities; and
- some bodies that have judicial functions do not have to provide information about these functions.
In addition to the bodies listed in the Act, with effect from 1 September 2013 the definition of a public authority now also covers companies which are wholly owned:
- by the Crown;
- by the wider public sector; or
- by both the Crown and the wider public sector.
These terms are defined in more detail in the amended section 6 of FOIA.
For example, some local authorities have transferred responsibility for services (eg social housing) to a private company (sometimes known as an arm’s-length management organisation or ALMO), which is wholly owned by the local authority. This type of company counts as a public authority in its own right and needs to respond to requests for information. Where a company is wholly owned by a number of local authorities it is also now a public authority for the purposes of FOIA.
Individual MPs, assembly members or councillors are not covered by the Act.
For further information, read our more detailed guidance:
When is information covered by the Freedom of Information Act?
The Act covers all recorded information held by a public authority. It is not limited to official documents and it covers, for example, drafts, emails, notes, recordings of telephone conversations and CCTV recordings. Nor is it limited to information you create, so it also covers, for example, letters you receive from members of the public, although there may be a good reason not to release them.
The Act includes some specific requirements to do with datasets. For these purposes, a dataset is collection of factual, raw data that you gather as part of providing services and delivering your functions as a public authority, and that you hold in electronic form. Your duties in relation to datasets are explained elsewhere in this Guide, where they are relevant.
Requests are sometimes made for less obvious sources of recorded information, such as the author and date of drafting, found in the properties of a document (sometimes called meta-data). This information is recorded so is covered by the Act and you must consider it for release in the normal way.
Similarly, you should treat requests for recorded information about the handling of previous freedom of information requests (meta-requests) no differently from any other request for recorded information.
The Act does not cover information that is in someone’s head. If a member of the public asks for information, you only have to provide information you already have in recorded form. You do not have to create new information or find the answer to a question from staff who may happen to know it.
The Act covers information that is held on behalf of a public authority even if it is not held on the authority’s premises. For example, you may keep certain records in off-site storage, or you may send out certain types of work to be processed by a contractor. Similarly, although individual councillors are not public authorities in their own right, they do sometimes hold information about council business on behalf of their council.
Where you subcontract public services to an external company, that company may then hold information on your behalf, depending on the type of information and your contract with them. Some of the information held by the external company may be covered by the Act if you receive a freedom of information request. The company does not have to answer any requests for information it receives, but it would be good practice for them to forward the requests to you. The same applies where you receive services under a contract, for example, if you consult external solicitors.
The Act does not cover information you hold solely on behalf of another person, body or organisation. This means employees’ purely private information is not covered, even if it is on a work computer or email account; nor is information you store solely on behalf of a trade union, or an individual MP or councillor.
For further information, read our more detailed guidance:
Who can make a freedom of information request?
Anyone can make a freedom of information request – they do not have to be UK citizens, or resident in the UK. Freedom of information requests can also be made by organisations, for example a newspaper, a campaign group, or a company. Employees of a public authority can make requests to their own employer, although good internal communications and staff relations will normally avoid the need for this.
Requesters should direct their requests for information to the public authority they think will hold the information. The public authority that receives the request is responsible for responding. Requests should not be sent to the Information Commissioner’s Office (ICO), except where the requester wants information the ICO holds.
For further information, read our more detailed guidance:
What are our obligations under the Freedom of Information Act?
You have two main obligations under the Act. You must:
In addition, three codes of practice contain recommended good practice when applying the Act.
The section 45 code of practice gives recommendations for public authorities about their handling of requests. It covers the situations in which you should give advice and assistance to those making requests; the complaints procedures you should put in place; and various considerations that may affect your relationships with other public bodies or third parties.
There is an additional section 45 code of practice on datasets. This provides guidance to public authorities on how to meet their obligations in relation to the dataset provisions in sections 11, 11A, 11B and 19 of the Act.
The section 46 code of practice covers good records management practice and the obligations of public authorities under the Public Records Acts to maintain their records in an ordered and managed way, so that they can readily retrieve information when it is needed.
These codes of practice are not directly legally binding but failure to follow them is likely to lead to breaches of the Act. In particular there is a link between following part II of the section 45 code of practice and complying with section 16 of the Act. Section 16 requires you to provide applicants with reasonable advice and assistance. This includes advice and assistance to members of the public before they have made their request.
For further information, read our more detailed guidance:
What do we need to tell people about the Freedom of Information Act?
Making information available is only valuable to the public if they know they can access it, and what is available. You should:
- publicise your commitment to proactive publication and the details of what is available. See What information do we need to publish?;
- publicise the fact that people can make freedom of information requests to you;
- provide contact details for making a request, including a named contact and phone number for any enquiries about the Act; and
- tell people who you think may want information that they can make a request, and tell them how to do this.
You should communicate with the public in a range of ways. This is likely to include websites, noticeboards, leaflets, or posters in places where people access your services.
You must also make your staff, contractors, customers or others you have contact with aware of how the Act may affect them. You should make it clear that you cannot guarantee complete confidentiality of information and that as a public body you must consider for release any information you hold if it is requested. You will need to consider each request individually, but it is worthwhile having policies or guidelines for certain types of information, such as information about staff.
How does the Freedom of Information Act affect data protection?
The UK General Data Protection Regulation (the UK GDPR) and the Data Protection Act 2018 (the DPA 2018) give rules for handling information about people. They include the right for people to access their personal data. The Freedom of Information Act and the DPA 2018 come under the heading of information rights and are regulated by the ICO.
When a person makes a request for their own information, this is a data protection subject access request. However, members of the public often wrongly think it is the Freedom of Information Act that gives them the right to their personal information, so you may need to clarify things when responding to such a request.
The UK GDPR and the DPA 2018 exist to protect people’s right to privacy, whereas the Freedom of Information Act is about getting rid of unnecessary secrecy. These two aims are not necessarily incompatible but there can be a tension between them, and applying them sometimes requires careful judgement.
When someone makes a request for information that includes someone else’s personal data, you will need to carefully balance the case for transparency and openness under the Freedom of Information Act against the data subject’s right to privacy under the data protection legislation. You will need to decide whether you can release the information without infringing the UK GDPR data protection principles.
See When can we refuse a request? for more information on the exemptions for personal data.
How does the Freedom of Information Act affect copyright and intellectual property?
The Act does not affect copyright and intellectual property rights that give owners the right to protect their original work against commercial exploitation by others. If someone wishes to re-use public sector information for commercial purposes, they should make an application under the Re-use of Public Sector Information Regulations. See the What is PSI? section of the National Archives website for more information on this. The ICO does not have any powers to regulate copyright or the re-use of information.
When giving access to information under the Act, you cannot place any conditions or restrictions on that access. For example, you cannot require the requester to sign any agreement before they are given access to the information. However, you can include a copyright notice with the information you disclose. You can also make a claim in the courts if the requester or someone else uses the information in breach of copyright. The ICO encourages public authorities to use the Open Government Licence provided by the National Archives.
In most cases re-use of information released under the Act is dealt with under RPSI. RPSI applies to most but not all public authorities; for example, universities in general are not covered by RPSI although their libraries are. For public authorities that are not subject to RPSI, there are some re-use provisions in the Act but they only apply to one type of information, namely datasets. Under these provisions, if you are releasing a dataset that is a ‘relevant copyright work’ and you are the only owner of the copyright or database rights, then you must release it under a licence that permits re-use. The licences to use for this are specified in the section 45 code of practice on datasets. If the dataset can be re-used without charge, then the appropriate licence will usually be the Open Government Licence.
For further information, read our more detailed guidance:
What other laws may we need to take into account when applying the Freedom of Information Act?
The Freedom of Information Act may work alongside other laws.
Some of the exemptions in the Act that allow public authorities to withhold information use principles from common law, for example the section 41 exemption refers to the law of confidence.
Also, section 44 of the Act allows information to be withheld when its disclosure is prohibited under other legislation, and section 21 can exempt information that is accessible to an applicant using procedures in other legislation. See When can we refuse a request? for more information on the exemptions.
When dealing with requests for information, you should continue to be aware of your obligations under the Equality Act 2010 (or Disability Discrimination Act 1995 in Northern Ireland). These Acts are not regulated by the ICO so they are not covered in this guidance.
You should handle requests for environmental information under the Environmental Information Regulations 2004. The Regulations also require you to make environmental information available proactively by readily accessible electronic means. If you are likely to be handling requests for information, you will need to familiarise yourself with the basics of the Regulations, especially the definition of ‘environmental information’, found in regulation 2(1).
If you are a public sector body as defined by RPSI then most of the information you hold as part of your public task must be made available for re-use on request. Most, but not all public authorities are public sector bodies under RPSI. Libraries, museums and archives are covered but they have discretion as to whether to permit re-use. RPSI applies to information in which you, as the public sector body, hold the intellectual property rights but does not generally apply to information that is exempt from disclosure under the Act or under the Environmental Information Regulations.
The Infrastructure for Spatial Information in the European Community Regulations 2009 came into force on 31 December 2009. You will need to take these into account when considering your duty under the Freedom of Information Act to proactively publish information, as they require public authorities to make ‘spatial data sets’ (sets of data linked to geographical locations) publicly available in a consistent and usable electronic format.
For further information, read our more detailed guidance:
Leave a comment