Tag Archives: Scottish Parliament

Post-legislative scrutiny of the Freedom of Information (Scotland) Act 2002

The Public Audit and Post-Legislative Scrutiny Committee of the Scottish Parliament is currently calling for views on the operation of the Freedom of Information (Scotland) Act 2002 (“FOISA”) as part of its post-legislative scrutiny of FOISA. I have submitted a response to the Committee, which addresses five issues in respect of FOISA (and also touches, where applicable, on the Environmental Information (Scotland) Regulations 2004 (“the Scottish EIRs”)). You can read my full submission here [pdf], but below is a summary of what I have discussed in my submission to the Committee.

The first thing that I have suggested is a possible change to the code of practice issued by the Scottish Ministers under section 60 of FOISA to deal with concerns raised about the processing of personal data in connection with FOI requests. I have covered this issue in more detail on this blog before. In my response I have suggested that this issue is probably best addressed through the code of practice rather than through a change to the wording of the Act.

I have also suggested that any concerns around a failure to make or keep records would not be an appropriate issue to address in the context of FOISA; however, it might be worthy of its own legislative project in the event that Parliament considered that this was an issue. This arises out of concerns expressed that FOISA has resulted in records not being made or kept so as to avoid the need to disclose them. I argue that it is inappropriate to bring this into FOISA; as FOISA has a different focus. FOISA is about giving a right of access to information that exists at the time it is requested and not about what information should be kept by Scottish public authorities. Furthermore, to introduce potentially detailed and technical rules around the making and keeping of records into FOISA could over-complicate FOISA.

I have also suggested that section 48 of FOISA be repealed; or, at least, amended. There is no equivalent provision within the UK Act and there doesn’t seem to be any issues under that legislative scheme that would suggest an outright ban on the Scottish Information Commissioner being able to look these requests is appropriate. Furthermore, it has a significant effect on requesters appeal rights and the alternatives available are not a proper substitute for an investigation by the Commissioner. In this context I also raised concerns about whether section 48 is compatible with our EU obligations as it also extends to requests made under the Scottish EIRs.

I have also suggested amending section 56 of FOISA so that appeals against decisions no longer go directly to the Court of Session. For quite a long time I have considered that this appeal route is prohibitive to most requesters and also to Scottish public authorities (especially smaller authorities with less in the way of financial resources). I’ve also suggested that this has affected the development of the law and Scotland lacks the same level of judicial authority in terms of what different parts of FOISA mean that exists under the UK Act. I’ve suggested, at the very least, appeals should be made to the new Upper Tribunal for Scotland in the first instance. I contrasted the Scottish appellate structure with that which applies under the UK Act. I have also suggested that the present appellate structure may mean that the law doe snot comply with EU law in respect of the Scottish EIRs.

Finally, I’ve also suggested that FOISA be updated to take account of advances in technology and in particular to allow the Scottish Information Commissioner to serve formal notices by E-mail rather than requiring them to be served by recorded delivery post (as is currently the case).

Alistair Sloan

If you would like advice or assistance in respect of freedom of information matters or any other information law matter then contact Alistair Sloan on 0141 229 0880 or by E-mail. You can also follow our dedicated information law twitter account.

Information Law Review of 2017

2018 is now upon us and this is a big year in the field of Information Law, the General Data Protection Regulation will at last become applicable in the United Kingdom.  If you are a data controller or a data processor, your preparations for the GDPR should be well under way; however, if you have not yet started to prepare for these regulations then it is not yet too late.  The lesser known brother of the GDPR also kicks in this year, the Law Enforcement Directive, which governs the processing of personal data by law enforcement agencies.

However, before I get stuck into what is coming this year in the field of Information law, I want to take a moment to look back at some of the things that happened in 2017.  At the tail end of 2017 the High Court in England issued its anticipated judgment in the case of Various Claimants v WM Morrisons Supermarket PLC  [2017] EWHC 3113 (QB)This represented a significant development in the data protection field and opens up a much wider range of circumstances in which data subjects can sue a data controller under Section 13 of the Data Protection Act 1998.

In October 2017, the Irish High Court made a reference to the Court of Justice of the European Union at the request of the Irish Data Protection Commissioner seeking a preliminary ruling on “Privacy Shield”, the successor to the Safe Harbour rules which had previously been held to be unlawful by the European Court.

In September 2017, the Grand Chamber of the European Court of Human Rights issued a decision concerning the application of the right to a private and family life contained in Article 8 of the European Court of Human Rights to the monitoring of a person’s communications by their employer.

Also in September 2017, the UK Government published its Data Protection Bill which will replace the Data Protection Act 1998, extends GDPR standards to areas not within the competence of the European Union and implements the Law Enforcement Directive, among other things.

Now looking ahead to 2018, it is possible that we might see a decision from the English Court of Appeal in the Morrisons case referred to above, the judge having granted permission to Morrisons to appeal his findings in relation to vicarious liability.  We may also see claims for compensation being made based upon the Morrisons decision.

In Scotland, we will be expecting to see some more progress made by the Scottish Parliament in its consideration of the Children and Young People (Information Sharing) (Scotland) Bill.  I provided written evidence to the Education and Skills Committee on this Bill last year.  The Committee has had some difficulty in completing its Stage 1 consideration of the Bill and the previous deadline of 22 November 2017 for completion of Stage 1 was removed by the Scottish Parliament.

It is also possible that we will see the Scottish Parliament’s Public Audit and Post-Legislative scrutiny Committee begin to undertake a post-legislative inquiry into the operation of the Freedom of Information (Scotland) Act 2002 (or announce that such an inquiry will take place in due course).  If such an inquiry does take place, it will be the first time that there will have been a complete review of the Scottish FOI Act and how it is operating.

Staying on the subject of Freedom of Information in Scotland, we are likely to see the outcome of the Scottish Information Commissioner’s formal intervention in respect of the Scottish Government’s compliance with the Freedom of Information (Scotland) Act 2002.  We are also likley to see an Order being made under Section 5 of the Freedom of Information (Scotland) Act 2002 designating Registered Social Landlords as scottish public authorities with effect from 1st April 2019.

By the end of 2018 we should also hopefully have a much better idea as to what the UK’s relationship with the European Union will be after it leaves, and in particular what impact this will have on data protection and privacy law in Scotland and the rest of the UK.

There will no doubt be a raft of new court decisions in relation to both Privacy/Data Protection and Freedom of Information over the course of the next 12 months and I will attempt to address the most important and unusual decisions here on the Information Law Blog from Inksters Solicitors.

Alistair Sloan

If you would like advice or assistance with Privacy and Data Protection matters (including GDPR preparation) or with UK and Scottish Freedom of Information requests contact Alistair Sloan on 0345 450 0123 or you can E-mail him.