General Data Protection Regulation (GDPR) might arguably be the most extensive and comprehensive privacy regulation to date. But it is certainly not the first privacy regulation to come into effect. Indeed, it has multiple predecessors. Over time, different laws have been enacted to make the system more transparent to the public. The Freedom of Information Act 2000 is one such act of parliament that received royal assent and came into force on 30th November 2000. In 2017 alone, 46,681 requests were received under the FOI Act. Why is the FOI Act so popular? What kind of information can be requested under it? And how will it coexist with GDPR? The answers to these and many more questions are explored in detail here.
What is the Freedom of Information Act (FOI) 2000?
The Freedom of Information (FOI) Act 2000 grants the general public the “right to access” information. Under this act, anyone can access information held by public authorities. The information can public via voluntary publications or the members of the public can request specific information from the public authority.
Before the implementation of the act, the general public only knew limited information published by the public authorities voluntarily.
Under this Act, any information in the public authorities in England, Northern Island, and Wales must access the general public, when requested. As for Scotland, it has its own FOI. However, the FOI Act 2000 applies to UK-wide authorities based in Scotland.
Who comes under the purview of the Act?
Freedom of Information Act 2000 gives the public the right to access information possessed by and pertaining to the entities that perform functions funded by the taxpayer’s money and affect the life of the public, at large. Three types of bodies come under the FOI. These include:
Public Authorities: Any public authority that operates in the UK comes under the FOI. For clarity, a complete list of public authorities is provided in Schedule 1 of the Act. The military, local public bodies, schools, police, colleges and so on come under the definition of a public authority in the context of FOI.
Publicly Owned Companies: These are the companies that wholly owns either by the public authorities listed in Schedule 1 or by the Crown.
Designated Bodies: These designates by the Secretary of State. They treat as public authorities if they are performing a function similar to a public authority or are contracting to do work that has provisions for public authority.
Who is qualified to request information under FOI?
There are no qualifying criteria to request information under FOI.
FOI entitles anyone to file a request for information under the Act, irrespective of the fact whether a person is a citizen or even a resident. Organisations can also make requests to get information about public authorities. Employees of a public authority can also request information under FOI 2000.
What kind of information can request under FOI? (Freedom of Information Act)
Freedom of Information (FOI) has created to promote transparency and it achieves that purpose by making all the recorded information held by the public authority available to the public. So, it is not just official reports that can requests under FOI. It also includes information security policy for emails, recorded phone conversations, video footage, official drafts, and more. Freedom of Information (FOI) also includes metadata, since technically, it is recording of information. So, the applicant has the right to not only ask for a document but also request details such as the author of the document and the time at which it creates.
Public authorities only require to share already recorded information. So, if a Freedom of Information Act (FOI) request is in place with an organisation, it is only liable to share the relevant information that is already in the recorded format. It does not have to create a document to answer the query raised under the Act. Freedom of Information (FOI) also does not cover the personal information held by the public authority for a person or an organisation. For instance, personal employee records of the organisation are off-limits.
How does FOI 2000 differ from GDPR? (Freedom of Information Act)
The primary objective of the General Data Protection Regulation (GDPR) is to secure personal data by improving the processes involved in its collection, storage, and processing. It also aims to create transparency by providing people access to their data. And give them better control over how that data processes. On the other hand, the FOI Act does not seek access to personal data. But information on the operations of a public authority.
GDPR is about ensuring the protection of the basic right of individuals to their privacy. In contrast, (FOI) Act involves removing opaque structures and bringing more transparency into the entire public system.
In fact, public authorities are mandatorily required to appoint a Data Protection Officer (DPO) under GDPR. So, it is the responsibility of the DPO to determine what information should be provided to data subjects under the GDPR. In certain cases, the public authority can deny access to certain personal records sighting the privacy rights of the individuals.
Freedom of Information (FOI) Act 2000 is a milestone in a democratic system. It bestows people’s right to question their government and the affiliate organisations regarding how their tax money is spending. It is one of the most important checks and balances in the public space and introduces much-needed accountability. In a civil society, every member should be aware of this Act. And should be able to use it to ensure that their government remains accountable.