Book contents
- Frontmatter
- Contents
- Acknowledgements
- Abbreviations
- Introduction
- PART 1 UNDERSTANDING FOI
- PART 2 FOI IN CONTEXT
- 5 The Environmental Information Regulations
- 6 The FOIA, personal information and the GDPR
- 7 Records and archives
- 8 Publication schemes and proactive disclosure
- 9 Copyright and re-use of information
- PART 3 FOI IN PRACTICE
- Appendix 1 Methodology of the 2017 council survey on the administration of FOI requests
- Appendix 2 FOI response templates
- Appendix 3 Privacy notice for FOI requests
- Notes
- Index
6 - The FOIA, personal information and the GDPR
from PART 2 - FOI IN CONTEXT
Published online by Cambridge University Press: 08 June 2019
- Frontmatter
- Contents
- Acknowledgements
- Abbreviations
- Introduction
- PART 1 UNDERSTANDING FOI
- PART 2 FOI IN CONTEXT
- 5 The Environmental Information Regulations
- 6 The FOIA, personal information and the GDPR
- 7 Records and archives
- 8 Publication schemes and proactive disclosure
- 9 Copyright and re-use of information
- PART 3 FOI IN PRACTICE
- Appendix 1 Methodology of the 2017 council survey on the administration of FOI requests
- Appendix 2 FOI response templates
- Appendix 3 Privacy notice for FOI requests
- Notes
- Index
Summary
Introduction
The right to know and the right to privacy are inextricably linked. Many people believe they are in conflict, and certainly there are times when observing the rights of individuals prevents information about them being disclosed. However, the right to privacy often depends to some extent on transparency, since individuals cannot defend their right to privacy if they do not know what information is held about them, and what it is used for. There are times when an absolute approach to privacy would be damaging for society, and potentially individuals. What is necessary is a mechanism to balance the two rights.
As Figure 6.1 on the next page illustrates, the most commonly used exemption in the FOIA by far by UK central government bodies in 2017 was the exemption for personal information at s. 40. This demonstrates how important the relationship between these two rights is, and how often it needs to be considered in practice. Whatever an applicant may be interested in, very often personal information is interspersed within documentation. Names, addresses, telephone numbers, signatures – all can be found among documents that may not be primarily about an individual. As personal information is so prevalent across public authorities it is essential that FOI laws provide protection for it.
In the UK protection of personal information is provided by the exemption at s. 40 of the FOIA, and in the EIR by regs 5(3), 12(3) and 13. These provisions seek to avoid a conflict between FOI and the GDPR and the DPA 2018, the laws that govern the use of personal information in the UK. Internationally, many FOI laws incorporate data protection rules, recognising the close link between the two rights.
Around the world: personal information exemptions
Given that the GDPR applies across the whole of the EEA, and even countries outside that area have adopted, or are intending to adopt, compatible laws on handling personal information, pretty much every European state has mechanisms in their FOI laws to manage the relationship between the GDPR and the right to know.
Scotland's FOI(S)A has an exemption at s. 38 which is broadly the same as the FOIA s. 40 exemption. Like the UK's Act, the FOI(S)A and the Scottish EIR have been amended by the DPA 2018 to take account of the GDPR.
- Type
- Chapter
- Information
- The Freedom of Information Officer's Handbook , pp. 85 - 98Publisher: FacetPrint publication year: 2018