Freedom Of Information Act 2000

The Freedom of Information Act 2000 enables information which does not relate to individuals to be obtained from public bodies. If the cost of providing that information is considered to be excessive, then requests may be refused. It may also be refused on the grounds of, ‘public interest’ which means that it is considered not to be in the public interest to disclose the information. These two reasons are routinely used to prevent disclosure by civil servants. Appeals can be made firstly to the Office of the Information Commissioner and then to the Information Tribunal.


The full Act can be found on


Changes to the Freedom of Information Act

The evolution of the Freedom of Information Act (FOIA) reached a key milestone on 1st September, as the new open data rights came into force.

Changes to the law not only give new rights to request data in a form that means it can be re-used, but also give users the right to re-use that data, even commercially.

It is a welcome upgrade for FOIA. The strong foundation we have in the current legislation is being enhanced by additional rights. Put simply, the more usable the data, the greater the potential to enhance accountability, transparency and economic growth.

The ICO is keen to play its part in the process. They’ve published new guidance on the changes, as well as an at-a-glance list of what public authorities can do to get ready for the changes. We’ve also highlighted a couple of possible pitfalls in providing the information.

What’s changed? 

The changes are all about datasets, something defined in the new legislation. Section 102 of the Protection of Freedoms Act 2012 has amended sections 11 and 19 of the Freedom of Information Act, giving new rights to receive datasets in a form capable of re-use (e.g. CSV). For the first time, the Act now gives users the right to re-use datasets, under the terms of a specified licence - in most cases likely to be the Open Government Licence (OGL). The amendments also require public authorities to publish any requested datasets as part of their publication scheme, if appropriate.

It is important to note that the changes do not give new rights of access – they are concerned with format and the ability to re-use datasets, once the public authority has decided that no exemptions or other provisions (e.g. costs, vexatious) in the legislation apply.

The new Freedom of Information (Release of Datasets for Re-use) (Fees) Regulations 2013 have also been published today. These new regulations set out how a public authority can charge for making certain datasets available for re-use - the costs they can recover and a reasonable return on investment.

How is the ICO helping?

The ICO has published new guidance that explains the provisions in more detail and gives examples. It’s in addition to the guidance contained in the new section 45 code of practice on datasets published by the Ministry of Justice (MoJ) last month. The ICO has consulted and worked with a group of practitioners on the guidance, and they’ve worked with the Cabinet Office and MoJ to provide input into the section 45 Code.

The ICO will also update the model publication scheme to reflect these changes and the accompanying guidance on how to operate a scheme.

What should public authorities be doing to prepare?

It was hard to envisage open data and its potential when the internet was in its infancy, when work started on developing FOIA back in 1997, but three years into the current initiative open data is still going strong and is clearly here to stay. Some great examples are emerging of open data in action, and the Open Data Institute is doing some great work to demonstrate the benefits of open data.

Public authorities need to embrace that spirit. In the same way that the Act contains the underlying principle of an “assumption in favour of disclosure”, it’s important now to adopt an approach of “open data by default”.

Here are the key first steps:

1. Start to think about the definition of dataset: what information or categories of information do you have that fits the definition?

2. Promote the key principles of open data in your organisation: use an open format and open licences by default and only deviate from this when you have good reasons to do so.

3. Charging for re-use is not encouraged but can be justified in some situations: do you have existing powers that allow you to charge? If you charge for re-use under the new regulations, can you justify the cost recovery and return on investment?

4. Make sure you know who owns the intellectual property rights (IPR) in your datasets?

5. Familiarise yourself with the licencing framework and the new version 2.0 of the OGL. FOI officers may need to learn a little more about copyright.

6. In some organisations open data is not part of the remit of the FOI officer. It’s crucial to make sure these two functions have an understanding that they need to work together.

7. Consider what datasets you can make available for re-use proactively in your publication scheme.

Looking longer term, the ICO advise public authorities to think about open data requirements when they are procuring new IT systems. The ICO has often talked about privacy by design - they also want public authorities to think about transparency by design.

If data controllers already feel they are doing well with open data they may want to apply for a certificate from the Open Data Institute. This isn’t a guarantee of legal compliance but a great way to demonstrate their commitment to open data standards (the certificate is currently in beta form).

The risk of revealing too much

These changes to FOIA don’t affect the way exemptions are applied but they may encourage new requests for datasets that contain personal data. Last year the ICO published their code of practice - anonymisation: managing data protection risk. This contains guidance on how to make decisions about anonymising personal data. 

It is also worth reminding everyone of the risks of disclosing data in pivot tables again.

Working together

The ICO has some learning to do as well – they may end up considering complaints about the re-use of information for the first time. They’ve been working closely with their colleagues from the Office for Public Sector Information at the National Archives, who regulate the Re-use of Public Sector Information Regulations. They will continue to regulate re-use of all non-dataset information.

The ICO has updated their MoU and have put in place a new co-operation agreement. This enables them to share information and knowledge with each other, to ensure there is as much consistency as possible in their regulatory approaches.

The ICO says that they can do more to open up their own data. As well as complying with these new obligations the ICO will be thinking proactively about how they can improve the range and quality of open data they provide on their website. The ICO is starting a project to upgrade their website and open data capability will be one of the objectives. If you have ideas about how the ICO should open up their data, including ideas about the type of open data the ICO should be publishing and how they should do it, let them know.