What is the Freedom Of Information Act (FOI)?

General Data Protection Regulation (GDPR) might arguably be the most extensive and comprehensive privacy regulation to date. But it is certainly not the first privacy regulation to come into effect. Indeed, it has multiple predecessors. New laws are introduced with time. The Freedom of Information Act (FOI) 2000 is one such act of parliament that received royal assent and came into force on 30th November 2000. 46,681 requests were reported in the FOI Act in 2017. Why is the FOI Act so popular? What kind of information? And how will it coexist with GDPR? The answers are here in this article.

What is the Freedom of Information Act (FOI) 2000?

The Freedom of Information (FOI) Act 2000 grants the general public the “right to access” information. Under this act, anyone can access information held by public authorities.

Before the implementation of the act, the general public only knew limited information published by the public authorities voluntarily. The official bill in 1999 received royal assent and came into force on 30th November 2000. As for Scotland, it has its own FOI. However, the FOI Act 2000 applies to UK-wide authorities based in Scotland.

Who comes under the purview of the Act?

Freedom of Information Act 2000 gives the public the right to access information possessed by and pertaining to the entities that perform functions funded by the taxpayer’s money and affect the life of the public, at large. Three types of bodies come under the FOI. These include:

Public Authorities: Any public authority that operates in the UK comes under the FOI. For clarity, a complete list of public authorities is provided in Schedule 1 of the Act. The military, local public bodies, schools, police, colleges and so on come under the definition of a public authority in the context of FOI.

Publicly Owned Companies: These are the companies that are wholly owned either by the public authorities listed in Schedule 1 or by the Crown.

Designated Bodies: Secretary of State designate this. These are public authorities if are performing public relevant tasks.

Who is qualified to request information under FOI?

There are no qualifying criteria to request information under FOI.

FOI entitles anyone to file a request for information under the Act, irrespective of the fact whether a person is a citizen or even a resident. Organizations can also make requests to get information about public authorities. Employees of a public authority can also request information under FOI 2000.

Relevant public authority will receive information, which they think holds the information they are looking for. The public authority is then liable to respond to that request.

What kind of information is requested under FOI?

Freedom of Information (FOI) promotes transparency. It achieves that purpose by making all the recorded information held by the public authority available to the public. So, it is not just official reports that can be requested under FOI. It also includes information security policy for emails, recorded phone conversations, video footage, official drafts, and more. It allows citizens to act as they

Public authorities share already recorded information. It does not have to create a document to answer the query raised under the Act. Freedom of Information (FOI) also does not cover the personal information held by the public authority for a person or an organization. For instance, personal employee records of the organization are off-limits.

Freedom of Information Act 2000: Information Commissioner’s Office (ICO) and organizations seek advice requests from the ICO.

How does Freedom of information act FOI 2000 differ from GDPR?

The primary objective of the General Data Protection Regulation (GDPR) is to secure personal data by improving the processes involved in its collection, storage, and processing. It aims to protect privacy. On the other hand, the FOI Act does not seek access to personal data, but information on the operations of a public authority.

GDPR is about ensuring the protection of the basic right of individuals to their privacy. In contrast, (FOI) Act involves removing opaque structures and bringing more transparency into the entire public system.


GDPR is a much stricter law than its predecessors. So, it will have a much more profound impact on the public than the Freedom of Information (FOI) Act. The personal information of people requires privacy.

So, it is the responsibility of the DPO to determine what information should be provided to data subjects under the GDPR. In certain cases, the public authority can deny access to certain personal records sighting the privacy rights of the individuals.

Freedom of Information (FOI) Act 2000 is a milestone in a democratic system. It bestows people’s rights. It is one of the most important checks and balances in the public space and introduces much-needed accountability. In a civil society, every member should be aware of this Act and should be able to use it to ensure that their government remains accountable.

Don’t Risk €20 Million in Fines
—Ensure Compliance Today

Worth €30/Month