WhatDoTheyKnow is a project of mySociety, run by a small team of staff and dedicated volunteers.
In 2022 WhatDoTheyKnow users made 109,653 Freedom of Information requests via WhatDoTheyKnow.
Those requests, and the responses they received, are public on the website for anyone to see.
What’s not quite so visible is the work that the WhatDoTheyKnow team, which is largely made up of volunteers, do behind the scenes.
Some of their most difficult calls arise around the removal of information. WhatDoTheyKnow’s guiding principle is that it is a permanent, public, archive of Freedom of Information requests and responses, open to all.
The team works incredibly hard to maintain the archive in the face of challenges, including the reduction of legal risks; dealing fairly and transparently when people ask for information to be removed from the site; answering users’ questions; supporting citizens to use their rights to FOI; dealing with misuse of the service which breaches our house rules inappropriate content and keeping everything ticking over.
Our default position is not to remove substantive public information requests and responses; however, we act quickly if problematic content is reported to us. And, to help everyone understand exactly what has been removed and why, where possible we record these details on the request page.
To allow for a full 12 months of data, the date range used throughout this report is 1 November 2021 to 31 October 2022.
Headline facts and figures
- 16,354,872 visits to WhatDoTheyKnow.com this year.
- 16,217 new WhatDoTheyKnow user accounts created this year, taking the total number of accounts to 239,540. This represents an increase of 7.6% in the total number of site users since last year.
- 8,912 total number of email threads in the support inbox in 2022… that’s an increase of 11.2%, making it all the more crucial that we continue to recruit volunteers to help spread the load.
- 1,381 requests hidden from WhatDoTheyKnow in 2022
…in the context of 109,653 requests made in the year, and a total of 867,303 requests currently published on the site.
- 171 published requests where we redacted some material in 2022
…usually due to the inappropriate inclusion of personal information, or defamation.
And in more detail
Requests made on WhatDoTheyKnow flagged for our attention
The table below shows the reasons that requests were reported by our users via the site for admin attention this year.
Note that we also receive many reports directly by email, so while not comprehensive, this is indicative.
|Reason for attention report||Total number|
|Not a valid request||109|
|Contains personal information||89|
|Request for personal information||85|
|Contains defamatory material||33|
*The number of requests flagged for attention this year is up 40% on last year. This is largely related to a single campaign of misuse.
Material removed from the site
The following tables show where members of the admin team have acted to remove or hide requests from WhatDoTheyKnow in the last year, and the reason why.
At WhatDoTheyKnow we have a policy of removing as little material as possible, while seeking to run the site responsibly and take different viewpoints into account. Removing substantive FOI requests and responses is a last resort and something we do very rarely. However, we act quickly to remove problematic material.
|Request visibility||Total number|
|Discoverable only to those who have the link to the request||2|
|Visible only to the request maker||1,282|
|Hidden from all site visitors||97|
|Reason for removing from public view||Total number**|
|Not a valid FOI request||1,117|
|Vexatious use of FOI||43|
|Other (reason not programmatically recorded*)||221|
* Current processes do not create an easily retrievable list of reasons beyond the two above, however due to site improvements made in autumn of this year we expect to be able to provide more detailed information on this in the future.
** The number of requests hidden or removed from the site this year is up by 68% on last year. As above, this increase is largely related to a single campaign of misuse.
|Censor rules (targeted redactions to hide the problematic part/s of a request)||Total number|
|Number of censor rules applied||746|
|Number of requests with censor rules applied||171|
|Number of requests with censor rules applied which are still publicly visible, but with problematic material hidden||165|
* Censor rules are used for many purposes, including redacting problematic content and removing personal data which should not be present
Cases relating to GDPR rights
These are typically cases relating to requests to remove data published on the site as per the rights afforded under GDPR, the UK’s General Data Protection Regulations.
|Right type||Total number of cases*|
|GDPR Right to Erasure||214|
|Data breaches by third parties||79|
|GDPR Right to Rectification||15|
|GDPR Right of Access||21|
|Data breach – internal**||6|
|GDPR Right to Object||<5|
* Not all issues raised resulted in material being removed from the site.
* “Data Breach – internal” refers to cases where WhatDoTheyKnow has identified that a data breach may have been caused due to our own staff actions. We take our obligations seriously, and use such instances as a learning opportunity, so these are recorded by us even if very minor, and often when they’re nothing more than a near miss.
High risk concerns escalated for review
Our policies ensure that certain issues can be escalated for review by the wider team and, where more complex, by a review panel that includes mySociety’s Chief Executive. Escalation is typically prompted by threats of legal action, complaints, notifications of serious data breaches, potential defamation concerns, safeguarding, complex GDPR cases, or cases that raise significant policy questions.
|Case type*||Total number|
|GDPR Right to Erasure||33|
|Safeguarding / Public harm||13|
|GDPR Right of Access||9|
|Police user data requests||7|
|Data breach – internal||5|
* Email threads may be either automatically categorised by the system, or manually categorised by the WhatDoTheyKnow admin team on the basis of the information given by the person reporting them. Some cases can relate to two types: for example a GDPR Right to Erasure request may also be a complaint. For the purposes of this table, such instances have been included in the counts for both concerns.
|WhatDoTheyKnow users with activated accounts||239,540|
|New user accounts activated in 2022||16,217|
|Reason for banning users in 2022||Total|
|Other site misuse||300|
|Total number of users banned in 2022||2,460|
|Accounts anonymised in 2022||139|
* Accounts are anonymised at the user’s request, generally to comply with GDPR Right to Erasure requests.
Users are banned and their accounts may be closed due to site misuse and breach of the House Rules. Anonymised and banned users are no longer able to make requests or use their accounts.
User data requests
|Type of request||Total|
|Police/law enforcement requests for user data||7|
|Other requests for user data||6|
|Number of requests, where court orders were produced and we provided the material as required||2|
Thank you for reading
We produce this report as we demand transparency from public authorities and it’s only right that we also practise it ourselves.
Additionally, we hope that the report goes some way to showing the type of work the team do behind the scenes, and that running a well-used site like WhatDoTheyKnow is not without challenges.
If there are specific statistics that you’d like to see in subsequent Transparency reports, or you’d like to know more about any of those above, do drop the team a line.
Image: Meriç Dağlı