The Freedom of Information Act is widening access to companies’ data

While Brexit grabs the headlines, and the data protection world is fixated on the GDPR, there are signs that the scope of the UK’s Freedom of Information Act (FOI) is likely to be extended to companies providing services to public sector organisations (p.23). The case for this reform has been made consistently by the Campaign for Freedom of Information, headed by the tireless Maurice Frankel, its director since 1984.

But the current impetus in this direction has been provided by wider economic and political trends. A year ago this week, Carillon, the company to which many service were outsourced, collapsed and went into liquidation. The House of Commons library stated “Carillion was a major supplier to the public sector in the UK, delivering around 450 contracts with government across a range of areas…. Carillion owed around £2 billion to its 30,000 suppliers, sub-contractors and other short-term creditors.”

As a result of this and other similar cases, Government, Parliament and the media are giving much more attention to the wide range of public service contracts outsourced to private companies. The once fashionable public-private partnerships, for example, for building and managing schools and running prisons still serve their purpose of keeping such contracts less visible in terms of government debt. But the Chancellor, Philip Hammond, has now responded to the Carillon collapse by announcing in his budget last November that there would be no more major infrastructure projects using Private Finance Initiatives.

The ICO argues the case for extending the FoIA to the private sector

The ICO has evidently picked up this trend and has chosen a time later this month to send a report to Parliament arguing the case for extending the FoIA to include private companies to the extent that they carry our public sector contracts. The 14th January blog, Openness by Design: ICO’s access to information strategy, by Gill Bull, Director of Freedom of Information at the ICO, may have been drowned out by Brexit cacophony.

But the message for companies is clear. She states: “The transparency brought about by freedom of information is ….an essential part of our democracy… being able to access accurate and timely public information assumes increasing importance…..the information people can access holds those in power to account and asks questions of those who run our society and deliver our public services.”

Goal #4 Promote the reform of information rights legislation so it remains fit for purpose

“Since FOIA and Environmental Information Regulations (EIR) were implemented, there have been significant developments and changes in the way public services are commissioned and delivered, with increasing blurring of the boundaries between ‘public’ and ‘private’. The legislation has not kept pace with these changes and as a result there is an increasing ‘transparency gap’ that undermines access to information rights and public trust.”

“We will be publishing a report to Parliament in January 2019 making recommendations for change in relation to outsourced public services and some other categories of public service provision that are not within the scope of current legislation.”

I started publishing the PL&B United Kingdom Newsletter in December 2000 to ensure that we covered not only the Data Protection Act but also the FOIA from the start. Aware of the potential for extending the FoIA to the private sector, I wrote “The right of access will extend to two categories of private sector companies: those carrying out public functions to be designated by order; and those carrying out public functions under a contract.” Over the last 18 years, we have covered the gradual extension of the FOIA in this direction and we will continue to do so.

The election last October of Elizabeth Denham to the role of Chair of the International Conference of Data Protection and Privacy Commissioners received widespread publicity. But it is less know that at the same time, she holds the post of Chair of its FoI equivalent, the International Conference of Information Commissioners. As a result, the ICO is arguably the world’s most influential Information Regulator. This is a good position for her office and the UK in a post-Brexit world.

You can see on p.22 information about PL&B’s next three events in London, Dublin and Cambridge. We look forward to meeting you there.


Stewart Dresner, Publisher


UK Report 101

Lead story:

Brexit: What now for the UK’s data protection position?

Theresa May, Prime Minister, suffered a crushing Parliamentary defeat to her deal for withdrawing from the EU before surviving a “no confidence motion” the next day.

Contents also include:

  • Comment: Which data protection law will apply after Brexit?
  • Vendors and experts meet at Data Protection World Forum
  • Clinical trials under the GDPR: What should sponsors consider?
  • Preparing to deal with a data breach – the role of the DPO
  • Maintaining momentum for the GDPR and the UK’s DP Act
  • Pre-Brexit steps for EU-US Privacy Shield participants
  • Data Protection training – in search of the holy grail
  • Finding the data protection ‘sweet spot’
  • Events Diary
  • ICO consults on its proposed Freedom of Information strategy
  • ICO fines SCL Elections £15,000
  • Jersey’s DPA appoints four non-executive directors
  • Scotland’s GP surgeries assigned DPOs
  • ICO speaks out on regulating Internet harms
  • Competition authorities should challenge Facebook, says MP
  • ICO to revise its Direct Marketing Code
  • Data ethics centre up and running