Friday, 23 December 2011

Barnet Council correspondence with the ICO

Barnet Council correspondence with the ICO

Notification Correspondence

ICO+Barnet Correspondence Re ENQ0391446

Wednesday, 14 December 2011

Eversheds briefing note - An Overview of the Transparency Agenda and its Impact on Freedom of Information Law for the Local Government Sector

Welcome to Eversheds' local government briefing note 78/2011

13 December 2011
Protection of Freedoms Bill - Part I
An Overview of the Transparency Agenda and its Impact on Freedom of Information Law for the Local Government Sector


The Protection of Freedom Bill was placed before Parliament on 11 February 2011 and in addition to dealing with many other ‘freedoms’ also proposes changes to the existing Freedom of Information Act 2000 (“FOIA”) as part of the Government’s commitment to greater transparency. The Bill is currently at Committee Stage in the House of Lords and needs to go through the Report Stage and 3rd Reading in that House before final Consideration of Amendments takes place and the Bill receives Royal Assent.

Key changes to FOIA are:

extending the regime to cover subsidiary companies even if not wholly owned by a single public authority – a significant loophole in the original legislation; and

imposing an obligation on public authorities to disclose datasets in a reusable format.

So What?

The Bill will extend FOIA to more bodies and will increase their FOIA obligations. However, in the context of the wider Government changes proposed for transparency and Information Commissioner’s Office (ICO”) consultations, the impact of changes on public authorities will be potentially complex and onerous. Naturally, they will affect not only those public authorities but also those working with such public authorities.

The Bill does not make changes to FOIA’s equivalent legislation in Scotland, so the regimes in the two jurisdictions will continue to diverge. Although the Bill only directly amends FOIA and not the Environmental Information Regulations 2004 (“EIR”), since the definition of an EIR public authority is partially dependent on the FOIA definition, there will also be an impact in relation to the EIR.
Public authority subsidiaries

FOIA applies to public authorities listed in its Schedule 1. In addition, it applies to any “publicly-owned company” defined under FOIA in Section 6 as being any company which is wholly owned by either the Crown or, subject to minor exceptions, by any public authority listed in Schedule 1. As such, companies owned by more than one local authority presently fall outside the scope of FOIA.

As currently drafted, Clause 101 of the Bill widens this definition to cover companies that are wholly owned by the Crown, the “wider public sector” or an amalgamation of the two. The effect of this is that, subject to a few limited exceptions, the FOIA will be extended, as a minimum, to cover companies that are wholly owned by any combination of public authorities.

Unfortunately, at present the Bill has no definition of what is meant by “the wider public sector” which will cause confusion and increase complaints: does it mean FOIA public authorities, any public sector body even if currently outside FOIA, bodies providing public functions or services who may be private and doing so on an outsourced basis, the third sector, or any combination of them? This is a particular risk for local government when working in partnership with other bodies, including in the private sector, such as through joint venture vehicles.

The ICO criticised this aspect of the Bill in February 2011 when it was in the House of Commons and again in October 2011 in relation to its progress in the House of Lords when it stated the term was “unclear and there is a strong need to give legal clarity to the term”. The ICO’s view is that the reference to ‘wider public sector’ should extend FOIA to “bodies that are receiving significant public funds, are subject to public sector control and/or are delivering important services to members of the public” – which would significantly extend the ambit of FOIA and is likely to impact private bodies engaged in such service delivery in partnership with or on behalf of the public sector.

Unless the definition is confirmed by the Bill, the meaning of the term will have to be decided by later decisions by the ICO, First-Tier and Upper Tribunal and the High Court, creating uncertainty and causing unnecessary risk and expense in the meantime.
Disclosure of datasets

The proposals put forward in Clause 100 of the Bill will amend Section 11 FOIA (preferences of applicants in relation to information requested). It will insert a new Section 11A into FOIA, the combined effect of which will be to impose additional obligations on public authorities in relation to the release and publication of datasets.

Thankfully a “dataset” is defined and means: “a collection of information held in electronic form where all or most of the information...

(a) has been obtained or recorded for the purpose of providing a public authority with information in connection with the provision of a service by the authority or the carrying out of any other function of the authority,

(b) is factual information which -

(i) is not the product of analysis or interpretation other than calculation, and

(ii) is not an official statistic...and

(c) remains presented in a way that...has not been organised, adapted or otherwise materially altered since it was obtained or recorded.”

Interestingly, the definition in the Bill does not refer to or carve out personal data. However, the whole Government transparency agenda is targeted at ‘public data’, ie factual, non-personal data on which public services are run or assessed and on which policy decisions are based, or which are collected or generated in the course of public service delivery. The ICO seems relaxed about the definition which it believes “should be workable” with the caveat that “it should be monitored closely during early periods of operation”. The ICO’s concern is not that the definition is too wide, quite the opposite. The ICO is concerned to ensure public authorities do not construe datasets too narrowly and wants to ensure that the ability to exclude information which is the product of analysis or interpretation is not interpreted too widely.

Although it is clear that the provision would capture raw, electronic data such as spend data, it may also capture additional details, such as survey results and metrics on service delivery and performance – depending upon how the definition is interpreted.

Public authorities will in the future have to release such electronic datasets which they hold (or which others hold on their behalf) on written request. In addition, the public authority, must, so far as is reasonably practicable, provide the dataset in a re-useable (i.e. capable of being manipulated rather than, for example, as a PDF) electronic format where the applicant states a preference for the information to be provided in an electronic form.

Once a dataset has been requested, the public authority must, unless it is satisfied that it is not appropriate to do so, publish such datasets held (including up-dated versions) through its publication scheme, in electronic form, capable of re-use.

Where the dataset concerned is protected by copyright which is owned solely by that public authority, when disclosing or publishing the dataset, the public authority must “make the relevant copyright work available for re-use by the applicant in accordance with the terms of [any] specified licence”. The specified licence details will be set out in the section 45 FOIA Code of Practice which is currently being revised but which has not yet been published. It seems likely that the licence will either be or be similar to the Open Government Licence terms managed by the National Archives.

The Bill provides that a public authority may charge the fee permitted by the relevant specified licence; there may be different licence terms and fees depending upon the circumstances of the licence and fees may allow for a return on investment. Where the authority already has other powers to charge for particular information, they can continue to do so under that regime. The latest comments on the Bill from the ICO make clear that guidance should be issued to clarify that “charging should not be the default”.

The ICO views these provisions as a partial means of achieving its ambition to update FOIA to take account of new internet technologies, sometimes described as ‘FOI 2.0’ and wants to encourage public authorities to increase their transparency accordingly.

Although the Bill does not prescribe how an authority selects the required re-usable open format, nor explain when it would not be “appropriate for the dataset to be published” the ICO wants further clarification to be added to the Bill to ensure the potential get out is not abused by public authorities. The ICO presumes that “not appropriate” means FOIA exempt but has not mentioned whether any technical (or related financial) issues with the required open electronic format should be considered.

The draft dataset legislation overlaps with a number of other areas of relevant policy development in play at present and which may have a major effect on its impact.
The Transparency Agenda and Open Data

The Coalition Government formed the Public Sector Transparency Board in June 2010. Chaired by Sir Francis Maude, the Board has been driving greater transparency through central government with the aim of improving open data and accountability in respect of ‘public data’. This is to be achieved following eleven principles including that: 1) transparency will be driven by the public; 2) public data will be published in re-usable and machine readable format; 3) it will be released under the same open licence to facilitate re-use, including commercial re-use; 4) it will be available and easy to find from a single, on-line access point (the proposed, please click here);

5) it will be published using open standards; and 6) public authorities must maintain and publish their data inventories.

Although specifically excluding personal data, many of the developments in making information available on central government have included, as well as publishing spend information, details of organisation’s internal reporting structures, individuals leading organisations or teams within them, their direct reports, their roles and their salary details where £150,000 or more. Where individuals have objected to such disclosure the ICO has supported government and decided that public sector employees earning those amounts must reasonably expect disclosure of those details and that their publication is legitimate.

The roll out of this policy has varied across the public sector depending upon the jurisdiction and type of sector in which a public authority is based. Most attention has been focussed on local government in England only. However, we expect that approach to spread to other sectors and jurisdictions over time, especially bearing in mind proposed developments summarised below.

Local Government has been strongly encouraged voluntarily to publish more public data, very much like central government. Those expectations are set out in the Code of Recommended Practice to Support Local Government Transparency issued in September 2011. Voluntary disclosure of many details, including the following is expected:

Spend data over £500 (including cost, supplier and transaction information, even if with a sole trader in a business capacity);

Senior employee salaries ie £58,200 or more (with names unless consent is refused), job description, responsibilities, budget, staff numbers and overall salary cost of reporting staff;

Organisation chart of staff structure, including salary bands and vacant posts;

The Pay Multiple;

Copy contracts with and tenders to business / charities;

Grants; and

Policies, performance, external audits, key inspections and indicators on fiscal and financial position.

The Code specifically details acceptable recommended open, machine readable formats for publication which facilitate re-use.

The recommended but non mandatory disclosure regime presents challenges for public authorities who, absent the statutory defences provided by FOIA, cannot override third party copyright or contractual confidentiality provisions to make disclosures of those details with impunity.
Government Consultations on Open Data and the Public Data Corporation

The Government had recently closed two related consultation exercises: one on open data and the other on the Public Data Corporation (a corporation to control the Government’s information trading funds, such as Ordnance Survey, which have historically charged for their data). We await their outcome but the results will impact public authorities and their approach to disclosing and publishing datasets.

Although the ICO statement on the open data consultation mentioned that the development was welcomed, the detailed response of the ICO to the consultation is more enlightening. The consultation exercise relates only to England, with a proposed sharing of best practice with the devolved administrations who would develop their own approaches to open data.

The paper focuses on ‘public services’ which the consultation paper states ‘are either provided by public bodies, or providers who have been funded, commissioned or established by statute to provide a service.’. In other words, open data may impact both public and private sectors, partnerships between them and all those caught in the ‘wider public sector’, referenced in the Bill. The ICO is concerned to ensure it is clear what public services / functions and which public service providers are caught and wants to ensure that there is not a two tier system between FOIA / EIR public authorities and other bodies subject to open data obligations. The ICO wants FOIA provisions to be universal but may tolerate very specific open data obligations being limited to specific sectors only. Although the consultation paper also refers to datasets, this does not match the Bill’s definition, so its scope is unclear, especially in relation to unstructured data, as the ICO comments in its response.

The paper makes clear that further changes to FOIA and the EIR are likely, not only following the current post legislative scrutiny of FOIA but also following the results of this consultation. Areas of potential change include:

Creating a stronger presumption in favour of disclosure to the public (the ICO would like this adding to FOIA in respect of all information);

A presumption that data should be published unless exempt or excepted;

Greater pro-active and more regular publication by the wider public sector (and potentially relabeling ‘publication schemes’ according to ICO comments);

Enhanced challenge right to an independent body re non publication, such body to have power to mandate disclosure and the format, quality and regularity of publication (the ICO would like to take on this role);

Reducing the availability of the costs threshold under current fee regulations to avoid disclosures (the ICO is keen to explore this subject to ensuring that the burden of the changes is properly assessed);

Ensuring that the ICO has sufficient FOIA / EIR enforcement powers (the ICO agrees and wants to be able to order disclosure via publication scheme as well as to applicants) and requests audit powers of public bodies);

Imposing statutory time limits for dealing with internal FOIA / EIR appeals;

An ‘on-line by default’ regime;

Corporate board level responsibility for compliance; and

Extending the approach of the Sector Transparency Board to other sectors which hold datasets of great value.

It is likely that the approach in the Local Government Transparency Code will be extended to apply to other sectors as a result, with corresponding increases in the amount and type of data which should be pro-actively published and the ICO agrees the value of this approach. Although open data raises some concerns in relation to the interaction of privacy issues for personal data with increased transparency – which the ICO agrees must be handled carefully, the ICO does not feel further legislation is necessary to deal with this but will be issuing a Code of Practice on Anonymisation to assist public authorities with this challenge.

In relation to the section 45 FOIA Code of Practice being revised, the ICO may cover the need to use standard contractual clauses and templates with third party ICT providers to ensure that open data standards are embedded in new systems and services.

The consultation proposes high quality open data releases, an approach the ICO agrees is important. It is not clear how this will impact current practice under FOIA / EIR which does not cover data quality, or how this sits with the recommended Open Government Licence terms which specifically state that information is licensed ‘as is’.

How this interaction between FOIA, open data and datasets will work is not yet completely apparent.
ICO Consultation on revising publication schemes and ‘Tell Me More’

On 25 November, the ICO launched it’s ‘Tell Me More’ consumer campaign, designed to encourage the public to inform the ICO what they want to know upfront about public authorities. Although the publicity refers to local government and central government, this is likely to shape policy for all public authorities in the future. The public, journalists and campaign groups are all being encouraged to complete the survey.

This survey overlaps with the current publication scheme consultation being run by the ICO and which is open until 21 December 2011. The formal consultation picks up the theme of the transparency agenda and references in the Bill to datasets as well as to FOI 2.0. However, the consultation is not limited to datasets but applies to any information (whether structured or unstructured) if suitable for ‘general publication on a regular basis’.

For central and local government the ICO will update the definition documents element of their prescribed publication schemes by March 2011. This will include the transparency initiative already underway ie the Code referenced above for local government and the Cabinet Office publication standards for central government. This will change the voluntary nature of compliance with those expectations.

There are queries about the whole current approach to publication schemes, such as whether main sector indexes should be developed, as well as questions about widening classes of information included, although it is clear that the ICO is open to sector specific approaches.

Building on the transparency agenda, the ICO queries whether open data formats should be recommended for use in the ‘guide to information’ in publication schemes, such as non-pdf format. In relation to the Bill, the ICO proposes recommending that public authorities provide all datasets listed in their publication schemes in open, re-usable formats, in line with current guidance (please click here to view). This may be set out in surrounding guidance, or in the model publication scheme itself.

Finally, to deal with the re-use of public information, the ICO makes clear its support for the Open Government Licence terms. Reference to these may be inserted in the model publication scheme itself, or sector definition documents. In this regard, the ICO wants reference to make clear that the licence does not extend to third party copyright / database material and further will expect public authorities to make clear to users which material is owned by a third party. The ICO may also recommend that all web based publication schemes make use of a permanent URL to facilitate the automated harvesting of publication scheme locations and contents.
Conclusion

Despite the Government’s aim of making understanding access to data clear, simple and efficient, the same cannot be said to be true at present for those expected to understand and implement those obligations across the local government sector. It is to be hoped that as the various consultations and deliberations finalise policy and guidance, that the outcome is certain, achievable and fair to those affected and properly takes account of the changes and resources required to implement the new regime.

The most significant of these obligations is likely to be the requirement to proactively publish datasets once they have been released. In the short term these additional requirements are likely to create a significant burden on public authorities, both in terms of time and cost. However, in theory the more that information is made publicly available, the less information requests for such information will be necessary and so the long term effect of the changes should be to reduce this burden. It remains to be seen whether this will be the case or whether this approach will simply ignite further curiosity and thereby lead to more requests for information being made.

For more information, please contact:

Judith Barnes
PartnerTel: 0845 498 4059
Intl: +44 113 200 4059
judithbarnes@eversheds.com