Line to take - LTT21 - Exemptions and exceptions not claimed by a public authority
- FOI/EIR: FOI, EIR
- Section/Regulation: s50, reg 18
- Issue: Exemptions and exceptions not claimed by a public authority
- Source: Information Tribunal
- Details: Bowbrick / City of Nottingham (28 September 2006); King / DWP (20 March 2008); DBERR / Friends of the Earth (29 April 2008); Ofcom (4 September 2007); Home Office and MoJ v ICO (20 November 2008); Sugar v ICO and BBC (29 May 2009); Berr v ICO and Peninsula Business Services Ltd (28 April 2009); DEFRA v ICO (15 October 2009)
- Related Lines to Take: LTT92, LTT190, LTT193
- Related Documents: FS50063475, EA/2005/0006 (Bowbrick), EA/2007/0085 (King), EA/2007/0072 (DBERR), EA/2006/0078 (Ofcom), EA/2008/0062 (Home Office/MOJ), EA/2005/0032 (Sugar v ICO and BBC), EA/2008/0087 (Berr v ICO and Peninsula Business Services Ltd), EA/2009/0039 (DEFRA)
- Contact: PB/LB/GF
- Date: 18/01/2011
- Policy Reference: LTT21
- © Copyright Information Commissioner's Office, re-used with permission
- Original source linked from here: LTT
Line to take
Where a public authority has not referred to a particular exemption or exception when refusing a request for information, the Commissioner may exercise his discretion and decide whether, in the circumstances of the case, it is appropriate to take the exemption or exception into account if it is raised by the public authority in the course of his investigation. The Commissioner will be pragmatic, taking into consideration the potential risks associated with disclosure of the information in question, This will include considering the topic of the information: its profile, its sensitivity and the impact of release.
The Commissioner does not accept the argument in Creekside Forum v ICO & DCMS (EA/2008/0065) that he is automatically obliged to consider any exemption or exception relied upon by the authority, no matter at what point it is claimed.
The Commissioner is under no positive duty to pro-actively consider exemptions or exceptions which have not been referred to by a public authority but may do so if it seems appropriate to him in any particular case. However, he will carefully consider his obligations under the Human Rights Act 1998 and his jurisdiction for data protection in assessing the risks associated with disclosure.
On the validity of late claims for exemptions / exceptions, the ICO will follow the approach endorsed by the Tribunal in the case of the Department for Business, Enterprise and Regulatory Reform v ICO and Friends of the Earth. The Tribunal questioned whether a new exemption can be claimed for the first time before the Commissioner, concluding that the Tribunal (and presumably the Commissioner) may decide on a case by case basis whether an exemption can be claimed outside the time limits set by [sections] 10 and 17 depending on the circumstances of the particular case. The Tribunal added that "it was not the intention of Parliament that public authorities should be able to claim late and/or new exemptions without reasonable justification otherwise there is a risk that the complaint or appeal process could become cumbersome, uncertain and could lead public authorities to take a cavalier attitude towards their obligations".
Factors which the Tribunal has accepted as being reasonable justifications for the application of exemptions before the Commissioner and/or the Tribunal for the first time include:
- the nature of the information in question which the exemption is designed to protect, taking into consideration risks associated with disclosure;
- where some of the disputed information is discovered for the first time during the Commissioners investigation, and therefore the public authority has not considered whether it is exempt from disclosure (see also LTT193);
- where the authority has correctly identified the harm likely to arise from disclosure however applies these facts and reasoning to the wrong exemption; and,
- where the public authority had previously failed to identify that a statutory bar prohibited disclosure of the requested information, and therefore ordering disclosure would put the public authority at risk of criminal prosecution.
In considering the circumstances of the case when exercising his discretion on whether to accept late claims for exemptions / exceptions, the Commissioner will be pragmatic, taking into account the potential risks associated with disclosure of the information in question. This will include considering the topic of the information; its profile, its sensitivity and the impact of release.
With this is mind, when assessing the circumstances of the case, the Commissioner must carefully consider his obligations as a public authority under the Human Rights Act 1998 (HRA), which prevent him acting incompatibly with rights protected by the HRA. It will therefore be difficult for the Commissioner to refuse to consider any exemptions that relate to rights under the convention (e.g. articles 6 and 8). This would include sections 38 and 40 and in some cases 30, 31, 32 and 41. Given the circumstances surrounding National Security it would also be difficult to envisage a circumstance where the Commissioner would refuse to consider sections 23 and 24 as late exemptions. The exemptions under sections 26 and 27 may also carry similar risks.
In light of the above obligations, there may also be circumstances in which the Commissioner is required to raise an exemption / exception on behalf of the public authority during his investigation.
Where the public authority claims an exemption / exception late
In BERR v ICO and Peninsula Business Services Ltd, the public authority claimed s32 and s40 for the first time in their Notice of Appeal. As well as considering the factors set out in Bowbrick and Home Office and MoJ v ICO at paragraph 20, the Tribunal considered the ICO's acceptance of the late claim for s32, taking into account the nature of the information s32 seeks to protect (information contained within court records, ensuring that FOI does not impinge on other access regimes) as well as the case being in the early stages of the implementation of the Act (paragraph 21).
- The Tribunal noted that Peninsula (the additional party) did not object to the exemption being claimed at a late stage. In addition to these arguments, at paragraph 24, the Tribunal also considered the origin of the information that would be caught by s.32, were that exemption to be engaged:
- If the information had been generated by the public authority, and was disclosed as a result of a failure to claim the s32 exemption at an earlier stage, the public authority could be said to be the author of its own misfortune. However, the information in question is held as a result of BERR (MoJ) providing administrative services through the ETS (TS). Furthermore, the information had been provided by individuals and companies, who had a reasonable expectation that it would not be disclosed at an early stage in proceedings, especially given the abolition of the Public Register in 2004. The Tribunal should consider the interests of those who supplied the information to the public authority (and who are not represented in these proceedings), as well as the interests of the public authority itself. Those former interests are best protected by ensuring that if disclosure is to occur, that should be as a result of a decision of the Information Commissioner or of the Information Tribunal. Disclosure should not occur solely because of a failure of BERR to claim the s32 exemption at an earlier stage.
Therefore, the Commissioner will consider the nature of the information the exemption in question is designed to protect and where relevant, the origin of the information and the risks associated with disclosure in considering the late application of exemptions.
In the case of Home Office and Ministry of Justice v ICO, the public authorities sought to rely, largely in the alternative, on other exemptions they had not previously raised either with the applicant or the Commissioner. The IT accepted a late claim for s40(2) (third party personal data) in light of the ICO’s jurisdiction for data protection, but rejected other claims of 31(1); 35(1)(a); 42 and 43(2). The IT stated that it did not accept that it was obliged to accept the late claiming of exemptions; and in this case saw no reasonable justification for doing so (paragraph 75).
Similarly, the Tribunal in the case of DEFRA v ICO (EA/2009/0039) were of the firm view that there was no reasonable justification to allow claims of regulation 12(5)(b) and (d) that were raised for the first time in the Notice of Appeal. The IT noted that the relevant period of delay was substantial; the exceptions now claimed were not considered by the PA nor the Commissioner at the time they should have been by reference to the relevant existing conditions; no explanation was offered for failure to raise earlier and there were no specific third party interests that would be affected (in contrast to if the information was personal data or commercially confidential) (paragraph 12).
Case officers wishing to not consider exemptions or exceptions raised for the first time during an investigation to should seek advice from their group manager or team leader
Request initially considered under the wrong regime
One major reason why an authority may have failed to consider the correct exemptions or exceptions at the time of the request is where it initially dealt with the request under the incorrect regime.
The Tribunal in Kirkcaldie v ICO & Thanet District Council (EA/2006/0001) determined that the Council could rely on the exception at 12(5)(b) of the EIR (adversely affect the course of justice) having previously relied on s42 of the FOIA (legal professional privilege). The Tribunal stated that "we would be reluctant to find that a public authority could not argue that a similar exemption or exception could not [sic] be applied under the correct legal instrument". This relied on the similarity between the arguments relevant to the exception and the Tribunal "would not necessarily extend this finding to other exemptions or exceptions which had no relationship to the original exemption or exception claimed".
However, the Commissioner successfully argued in Archer v ICO & Salisbury District Council (EA/2006/0037) that "each case must be considered on its own facts" (para 45) and not determined solely on whether the exception in question is similar to the exemption originally claimed. In other words, this situation is the same as others in which exemptions or exceptions are claimed out of time, in that the Commissioner has discretion over whether to consider them and will exercise his discretion in the public interest.
It should be noted, though, that these cases arose early in the FOIA / EIR regime when neither we nor the public authorities had as much expertise in identifying environmental information. We would now hope to identify very early on in an investigation whether all or some of the information is environmental. When the Commissioner determines that the wrong regime has been applied, the normal approach will be to require the authority to reconsider the request and cite exceptions or exemptions as appropriate (see LTT190) In such cases, we are inviting the authority to apply different exceptions or exemptions, and would not then refuse to consider them should a further complaint come to us.
Information considered for the first time during investigation
Where information has not previously been located, or has not been considered as part of the request, any exemptions or exceptions claimed during the investigation will necessarily be late.
See LTT193 for how to approach cases in which the information is only found to be held and to be within the scope of the request during the investigation.
Where the Commissioner cites an exemption / exception on behalf of a public authority
In Bowbrick, the Tribunal commented that the Commissioner, although not under a positive duty to do so, was entitled to consider exemptions not referred to by the public authority in appropriate cases. For instance, it endorsed that the Commissioner could refer to section 40 in a decision notice where the public authority had not sought to rely upon that exemption, in line with the obligations discussed above, although the primary responsibility for identifying personal data in need of protection still rests with the public authority.
The Tribunal also stated that a public authority would not be entitled to appeal against a decision notice on the basis that the Commissioner ought to have considered a particular exemption which the public authority had not itself considered.