1. We’re joining the call for urgent action on FOI

    Open Democracy’s recent Art of Darkness report highlighted the worsening state of Freedom of Information request-handling in central government, with concerns over a gravely dwindling response rate, stonewalled responses and a disregard for the ‘applicant blind’ principle.

    In combination, these deficiencies have served to erode government transparency at a time when scrutiny is vital. That’s we’ve signed Open Democracy’s open letter calling for an urgent investigation.

    In The Art of Darkness, report write Lucas Amin states, “Central government granted fewer and rejected more FOI requests in 2019 than ever before, according to official statistics collected by the Cabinet Office. The percentage of requests granted in full has declined every year since 2010 – from a high of 62% in 2010 to 44% in 2019. The percentage of requests withheld in full has steadily increased from 21% in 2010 to 35% in 2019.”

    The report also notes the the government’s increased use of a central ‘clearing house’ through which sensitive requests must be passed. Open Democracy have uncovered evidence that, contrary to the FOI Act’s principle of ‘applicant blindness’ (ie, information is accessible to all, with no consideration of who is making the request), this clearing house, which has been functioning since 2007, is in the practice of identifying which requests are made by journalists and exercising increased caution in their handling.

    With this report also picking up many fundamental procedural errors in the way in which requests are being handled, it seems particularly timely that at mySociety we’re working on a tool to help request-makers to understand the reasons for refused requests and guide them in seeking an internal review as part of wider updates within our own WhatDoTheyKnow service.

    But perhaps more importantly: as an organisation that campaigns for transparency from our authorities, and works closely with journalists, we recognise the danger of such practices going unquestioned.

    That’s why we’ve added our voice to those of the many editors, journalists, campaigners and citizens who call for an inquiry. You can do the same here.

    Image: Gianluca D’Intino

  2. Two FOI requests seeking information about COVID

    Here at mySociety, before pressing ‘post’, we sometimes pass the wording of a tweet or blog entry past a couple of colleagues, just to make sure it strikes the right tone. 

    So when we saw emails from the Department of Health and Social Care (DHSC) and the Cabinet Office’s ‘Rapid Response unit’ going back and forth to get the wording of a tweet absolutely correct, we sympathised.

    “The quote would need to be shrunk down to fit, what should the main focus be?”

    “Have added some bits, not sure what the highlighted section was meant to be?”

    “[Redacted] wants us to delete the tweet for relationship management purposes and replace with the below.”

    “I’ll check at this end, but isn’t doing that just going to reignite?”

    “It could potentially reignite it, yes. But the Mail Online did not approach us for a comment and their headline is very misleading so feel we should rebut with less confrontational language.”

    “But you can’t replace a tweet? You can only delete and then go back on the original article with a new comment, so you’re rebutting twice, only the second time around admitting that you went too hard first time? Which just creates another story. Isn’t it better to just leave it?”

    Admittedly the DHSC’s predicament was higher stakes than ours generally is — they were responding to a piece in the Mail Online and tackling disinformation about coronavirus statistics. The email that kicks off all this discussion reads:

    “Flagging growing engagement with a Daily Mail article claiming that Covid-19 statistics around fatalities and hospitalisation have been twisted to create fear among the public (6.6k interactions).

    “Although not very high engagement, the article has now been picked up by several high profile lockdown sceptics such as Simon Dolan and Adam Books.

    “Given these damaging claims could affect compliance, we recommend that the press office contact the Daily Mail to make them aware of the public health impact, and if possible, include a government line in the article.”

    For those who work in communications, and perhaps everyone else too, it is quite interesting to see the authority’s rebuttal process roll into action, with each statement requiring sign-off by a named person, presumably for accountability purposes (these names have, though, been redacted before release).

    Available thanks to FOI

    How did we come to see these internal memos? Because a WhatDoTheyKnow user requested them under the Freedom of Information Act. 

    We can’t know this user’s intent*: were they hoping to reveal evidence that there is indeed a governmental coverup over lockdown, or perhaps to argue the case that there is none? Either way, it seems pretty clear from the released email threads that if there is a conspiracy at play, the staff frantically scrambling to get the right message out to the public don’t know about it.

    This request is also notable because the user, spotting that the authority had not provided everything they had asked for, requested an internal review, as is anyone’s right if they believe their FOI request has not been handled correctly.

    To DHSC’s credit, they did go on to provide the missing data, and also went out of their way to give some background information “outside of the scope of the FOI Act, and on a discretionary basis”.

    It’s worth noting that, for all the effort put in by DHSC’s communications team, however, Mail Online does not appear to have amended the article.

    FOI as fact-checker

    As we’re in the midst of a fast-changing pandemic situation, it’s perhaps inevitable that there’s lots of misinformation and confusion flying around at the moment — and thanks to social media, it spreads fast.

    Freedom of Information requests can play one small part in countering ‘fake news’, by bringing background information into the public domain, helping us understand the full picture a bit better.

    Is it always useful for such data to be public? That’s a matter for debate, and a question that is baked into the ICO’s FOI guidance for authorities.

    We’ve been doing some in-depth work around exemptions recently, so it is interesting to see COVID-related requests like this one about ill-effects of vaccines in the light of Section 22 exemptions, which cover ‘information intended for future publication and research information’. We suspect a Section 22 exemption may be applied here.

    That request is for Adverse Drug Reaction (ADR) data, and includes the instruction, ‘This information should be made available now as raw data, not held back to be accompanied by any analysis.’ 

    Would that be desirable, or is the release of raw data just opening the door wide for potential misinterpretation and the drawing of erroneous conclusions? 

    When applying a Section 22 exemption, the ICO says that the authority must perform a public interest test to assess whether there is more public good in releasing the requested information than there would be in withholding it. 

    Their guidance specifically notes that “In most instances public authorities will not be able to argue that information is too technical, complex or misleading to disclose, or that it may be misunderstood or is incomplete, because they can explain it or set it into context.”

    And so, the ideal scenario is that the data is released, with robust explanations and in a way that can be understood by all. That would be a great outcome made possible by FOI**.

    * UPDATE: The request-maker has now added an annotation which explains their intent.

    ** UPDATE: Vaccine adverse reaction data is available, with context, on the GOV.uk website.

    Image: Garry Butterfield

  3. Want to run an Alaveteli site? The time is now

    We have the opportunity to help one organisation in Europe set up and run their own Freedom of Information website. Could you be that organisation?

    The background

    Thanks to ongoing funding from Adessium, we’ve been working with a number of partners right across Europe to set up new Alaveteli websites, and upgrade existing ones with the Pro functionality. The ultimate aim is to increase the quality, quantity and simplicity of European and cross-border Freedom of Information based investigations.

    So far we’ve helped organisations in France and Netherlands to launch their own sites, and we’ve added Pro to AskTheEU, Belgium, Sweden and Czechia.

    Now we have space to provide technical help and support for one more organisation who would like to launch their own brand new Alaveteli site.

    What would that involve?

    Running an Alaveteli website is no light undertaking, we’ll be the first to admit it. While we can help you with all the technicalities of getting the site up and launched, there is an ongoing commitment for the recipient organisation, who will need to factor in significant time to administer it, moderate content and help users.

    On the plus side, we have masses of experience that will get you set off on the right footing; we’ll do most of the technical stuff for you; and there’s a global community of other people running Alaveteli sites who are always quick to offer friendly advice when you need it.

    OK, sounds good – can we apply?

    There’s just one important detail: we’re looking for organisations in European countries or jurisdictions where there isn’t already an existing Alaveteli site. Take a quick look at our deployments page to see whether your country is already on the list.

    That’s the main requirement — but there are also a few details that the ideal organisation would fulfil.

    • So that you understand the service you’d be offering to citizens, you’d already have transparency or freedom of information as a remit or strand of your work
    • You might include some people with at least some basic technical or coding skills amongst your workforce;
    • You’ll have a source of income (or plans for how to secure one) that will allow you to keep running the site after we’ve got you all set up.

    We’re looking to start work in April, with a probable build phase that would take us to December 2021. All work is conducted remotely, and we’d have regular check-ins with you via video call to keep you updated.

    We’d then give you all the support you needed in the first few months after your site’s launch, then from March 2022, you’d be all set to take the training wheels off — although, as we say, we and the rest of the Alaveteli community would be around to offer help and advice on an ongoing basis.

    Right, that’s everything — so it only remains to say that if you’re still interested, please get in touch to have an initial chat. Or, if you know any organisations that might be a good fit for this opportunity, please send them the link to this post.

    Alaveteli sites launched or upgraded in 2020

    Banner image: Gia Oris

  4. A change in the law for school starters in Scotland — through FOI

    Kids in Scotland can start school at the age of four and a half, if that makes sense for them. The school year begins in August, and any child who turns four from the February before can enter Primary 1.

    But not every child is ready to progress from nursery to school, just because they’ve hit the age when they’re legally able to.

    We spoke to Patricia Anderson from the Give Them Time campaign about how Freedom of Information requests, sent via WhatDoTheyKnow, helped them get the law changed. From 2023, those kids who aren’t quite ready for school will still be able to benefit from more nursery time — and their parents will be able to rest easy that they won’t be charged fees for that extra year.

    A confusing state of affairs

    We began by asking Patricia to explain a bit more about the campaign, and to spell out the underlying issue for us.

    “Give Them Time is a grassroots movement which evolved in 2018 from parents across Scotland sharing their own, often difficult, experiences of applying for a further year of nursery funding for their child”, she told us.

    WhatDoTheyKnow has had an absolutely invaluable impact on the campaign.

    “No child in Scotland is legally required to be formally educated in Scotland until the August after they turn five years old. Therefore, any child still aged four at the school commencement date in August doesn’t need to start school (or be home educated) until the following August a year later.

    “This is set out in the Education (Scotland) Act 1980, section 32, sub-section 3. However, currently only those with January and February birthdays have an automatic entitlement to a free further year of early learning and childcare (nursery) whereas those children who turn five after the school commencement date in August and by 31st December have to apply to their local authority to be considered for this funding.”

    So in other words, while there is a recognition in law that any four-year-olds should have the option to defer, parents have to apply for the relevant funding for all but the youngest (those with birthdays in January or February), but have no certainty that they’ll receive it?

    “Yes”, says Patricia. “There seemed to be a lack of awareness of the legal right to defer any child who hadn’t reached the age of five by the school commencement date, as well as a lot of misinformation being passed around about whether parents could even apply to their local authority for funding for a further year of nursery or not.

    “With this in mind, I set up a Facebook group called Deferral Support Scotland in May 2018 as I felt there wasn’t a central place where parents could go to find out more about deferral options and what the process was for applying for continued nursery funding in their local authority area.

    “Three weeks later, after hearing disturbing stories of parents’ experiences which indicated varied practices across the country, members of the Facebook group decided to set up a campaign for a more transparent, consistent and child-centred approach to so called ‘discretionary’ deferrals. And so, Give Them Time was born.”

    FOI for gathering hard evidence

    As with so many campaigns, Facebook had proved to be an effective space for gathering like-minded folk together, and a catalyst for action. But how did Give Them Time move from Facebook to the use of Freedom of Information requests?

    “We realised from the outset that to be taken seriously, we needed hard evidence of national disparities rather than anecdotes, so that’s when we started submitting FOI requests to all local authorities across the country. We wanted to establish whether the anecdotal accounts could be supported by factual data.”

    WhatDoTheyKnow was very easy to use and the transparency it provided appealed to us, as we felt it would further enhance the credibility of the campaign.

    FOI was just one of the tools used by this savvy campaign, as they realised that data could be well supplemented with parents’ real life stories.

    These testimonies demonstrated the issue well, with one parent saying, “They knew but seem to try to put you off the idea, make statements like ‘they’ll be fine’, etc”.

    Others pointed to the stress and frustration of the bureaucracy and mixed messages they had to navigate, all while contending with worries about what was really best for their own child. Patricia explains how the campaign gathered these comments:

    “We used online surveys to gather evidence about people’s experiences of finding out about and applying to their local authority for continued nursery funding. The quantitative data provided by the FOI responses supported the findings of our qualitative surveys.”

    You can see all the data, qualitative and quantitative, on the Evidence page of the campaign’s website.

    The benefits of using WhatDoTheyKnow

    Using FOI is one thing, but the decision to do so via WhatDoTheyKnow does not always follow — so we were curious to learn what had informed the campaign in doing so.

    This WhatDoTheyKnow website is an absolutely phenomenal tool to have freely available to the public. It helps the public to use FOI legislation in the way it was intended without fear.

    “I discovered WhatDoTheyKnow by chance when searching online for deferral information. It was very easy to use and the transparency it provided appealed to us, as we felt it would further enhance the credibility of the campaign.

    “It’s very easy to share a link to an FOI response on WhatDoTheyKnow rather than search through emails and forward them on. It also removed the fear we had of potentially sharing confidential information by mistake as responses are published by WhatDoTheyKnow on the internet, and councils know this will happen in advance so it removed the onus on us to police this.”

    This was great to hear, as while we’ve heard many benefits to using WhatDoTheyKnow through the years, we don’t think we’ve heard this precise one before. Of course, the ease of publicly linking to a webpage is something that we appreciate, but the added dimension of mitigating the risk of sharing confidential information was a detail we hadn’t considered (and of course, that’s not to say that authorities don’t sometimes make mistakes, but it does add that extra layer of protection, for sure).

    Patricia added that WhatDoTheyKnow was integral to their success:

    “WhatDoTheyKnow has had an absolutely invaluable impact on the campaign. The credibility it helped us to achieve, as well as the actual data provided by the FOI responses, enabled us to successfully lobby the Scottish Government to change the law.

    “On 7 December 2020, the process was started to amend existing legislation so that from August 2023, any four-year-old deferring their primary one start will automatically be entitled to a free further year of early learning and childcare.”

    You can see some of the media coverage of this decision here.

    You should use it, too

    Finally, we asked if Patricia had any advice for anyone else wondering whether to use FOI for their campaign, or to help bring about a change in the law.

    “Don’t hesitate to use it. This WhatDoTheyKnow website is an absolutely phenomenal tool to have freely available to the public. WhatDoTheyKnow helps the public to use FOI legislation in the way it was intended without fear.”

    We often cover stories of corruption, injustice, finance and other very adult topics — and while those are all crucial matters that deserve transparency, it is also very gratifying to hear about the site being used to benefit thousands of children and their families, in a way that hurts no-one and removes worry and frustration for many. Well done to the Give Them Time campaign.

    Image: Jelleke Vanooteghem

  5. How you’ve been using our services to help the climate

    mySociety services help people be active citizens, whether by speaking truth to power, communicating directly with politicians, or demanding change on your doorstep —  and that’s true for the area of climate activism as much as it is for any other burning issue.

    By listing some of the ways you’ve been using our services to help the climate, we hope to inspire others to do the same, and to consider new ways in which you might be able to use them to push the climate agenda even further.

    At the beginning of 2020, mySociety made a commitment to the planet, adding Climate to our existing workstreams of Transparency, Democracy and Community.

    There are many experienced and knowledgeable organisations already working to fight the climate crisis. Accordingly, much of our work in this area has involved teaming up with these existing institutions, to offer the skills we do have and which they are often lacking: data wrangling, service design, site development, research and so on.

    But there’s another way in which we can be useful, with no extra development or resource required from us: thanks to our established suite of services, we can help individual citizens to take action. mySociety’s UK websites are already set up to help people find out facts, ask politicians questions, check how MPs are voting, and demand better for their local communities — all useful tools when you want to tackle climate change.

    We’ve had a look at the ways in which you’ve been using our websites in service of the climate, and we’ve found a huge variety of examples. Take a look through, and you might be inspired. And, if you’ve taken another type of climate action through our websites, do let us know so that we can add it to our list!

    Changes in your neighbourhood

    On FixMyStreet, we’ve seen people pointing out eco-unfriendly practices to the council, and asking for new amenities that would help locals to pursue a greener lifestyle.

    Trees filter air pollution, absorb carbon and provide shade, so it’s possible to argue that every tree is a benefit to the community. As Friends of the Earth advise, that’s all the rationale you need to lodge a request for a Tree Preservation Order, which means that an existing tree cannot be removed without reason. 

    Or perhaps there simply aren’t enough trees where you live? Then you can write to your council and request that new ones are planted.

    We know that climate change is driving bees away, so those who ask their councils to leave roadside verges unmown and allow wildflowers to grow are also doing their bit to help offset the damage. 

    Campaigning

    Meanwhile, WriteToThem can be used by any campaign which wants its supporters to email their politicians, and there are many with an environmental or climate agenda who have done just that. 

    Hyperlocal groups are campaigning against the loss of green spaces; the Possible organisation regularly rallies its supporters for innovative climate issues such as ground source heat from parks and better spaces for walking or cycling

    Badverts wants to stop the advertising industry from pushing high-carbon products, and Power For People is pushing for non-profit clean energy companies.

    And it’s not just campaigns that use WriteToThem, of course — tens of thousands of you use the site every month to tell your politicians what is important to you, how you’d like them to vote, or to alert them to wrongs that need to be set right. 

    Emails sent through WritetoThem are private between you and your representative, though, so unless you tell us about it, we can’t know what you’re writing about. All the same, we can say with absolute certainty that many of you are expressing your concerns about the climate — it’s such an important topic that you must be. 

    Requesting information

    Many councils declared a climate emergency in 2019 — but what does that mean in real terms, and what comes next? If your council hasn’t published its Climate Action Plan, and you want to ascertain whether they actually have one (or are perhaps working on it) then a Freedom of Information request might yield answers, and plenty of people have used WhatDoTheyKnow for just this purpose.

    Or, if the plans are already written and available to the public, there’s still lots more that might need disclosing: are they being adhered to and working as intended? And are the budgets accurate and adequate? How is money actually being spent? 

    This request enquired whether the commitment to the climate went as far as divestment from fossil fuels, and this one dug into whether a council was using renewable energy sources.

    FOI can be used in a huge variety of ways: for example, to collect disparate data from multiple authorities to make up a coherent dataset showing a nationwide picture — like this one, on behalf of Amnesty International, finding out how local authorities were reacting to childrens’ climate strikes.

    Thanks to our Alaveteli software, organisations all over the world are running sites like WhatDoTheyKnow that allow their citizens to ask for information. In Hungary, the KiMitTud site uncovered a river pollution scandal; and on AskTheEU the VW emissions misconduct was hinted at long before the story hit the public consciousness.

    Holding politicians accountable

    FOI requests can take a while to be processed by authorities, so while you’re waiting you might like to do something a bit more immediate and look up your MP’s voting record on TheyWorkForYou

    Each MP’s voting record includes a section on the environment, containing all parliamentary votes since 2010 that we’ve identified as relevant. The data — on policies from selling state-owned forests to higher taxes on air fares — comes from the Public Whip website, where votes are analysed and categorised. 

    In the interests of stressing the importance of the climate emergency, we’re keen to give this Environment section more prominence and detail, but of course we can only include the votes that have been held, and even then only the votes that were recorded in Parliament — not those that were just ‘nodded through’ (see more about this here). However, we’ll be keeping a keen eye open for the key climate-related votes of the future.

    Data

    The open data accessible through our sites can often be useful for researchers: one example of this is the TheyWorkForYou API, which allows for the analysis of everything said in Parliament, among other uses. 

    As examples of what can be done, Carbon Brief analysed Hansard to see which politicians mention climate change the most; and the Guardian, using TheyWorkForYou, gave a more rounded score to each MP which also took into consideration their votes and interests.

    So – that’s quite a long list, and just goes to show the breadth and diversity of the possibilities afforded by our various online services.

    If you’ve been feeling helpless about the climate crisis, perhaps this will give you a little hope, and inspire you to take a few small online steps yourself, in service of the planet and our future. Please do let us know how you get on.

  6. No boundaries to Freedom of Information

    A forthcoming tribunal will examine the blocking of FOI requests that have been placed by people living outside the UK.

    To those at mySociety and WhatDoTheyKnow, the matter is quite simple: the UK’s Freedom of Information Act was written explicitly to allow “any person” to request information from a public body. There’s no restriction to say that the requester must be a UK citizen.

    A phrase often used is that the FOI process must be ‘applicant blind’. An authority doesn’t have the right to refuse information because of what it knows about the requester. That applies to nationality as much as to any other characteristic.

    We vehemently defend this principle, not least because we have seen first hand that important investigations can result from cross-border collaborations — right now, we’re working to support journalists across Europe working on several stories that cannot be confined to one territory.

    Associates across the international FOI network are proof positive that this kind of collaboration is invaluable in getting to the truth. Last year, Arne Semsrott of German FOI site FragDenStaat told us of a project they are running in tandem with Spain-based AccessInfo, to find out more about the treatment of migrants in many countries.

    “You can file FOI requests for Frontex documents anywhere in Europe”, he said, “so we’re asking in different countries for ‘serious incident’ reports: these will tell you of human rights violations”.

    If each country insisted that its information was only accessible to its own citizens, there would be significantly less opportunity to uncover such cross-border instances of mistreatment, not to mention stories of corruption, malpractice, misspending and cronyism. And as we know, such phenomena are unlikely to respect jurisdictional boundaries.

    For a view from closer to home, we can consult a member of the experienced WhatDoTheyKnow volunteer team. Richard Taylor comments, “If UK FOI requests were restricted to British citizens or to those living in the UK, that could, depending on how it was implemented, seriously impact our ability to provide WhatDoTheyKnow’s service.

    “Providing proof of nationality or residence would be a significant additional hurdle for people making requests, and for us in managing them.”

    We question why there is a need for a tribunal to examine a point of the Act that is already quite clear — and, since there is to be one, call upon them to make a judgement that adheres to the letter, and spirit, of this country’s information law.

    Image: Max Böhme

  7. Challenging refusals: upholding the right to information

    We’re very pleased to say that we’ve been awarded funding by the Joseph Rowntree Charitable Trust to extend the Freedom of Information services we offer through WhatDoTheyKnow and WhatDoTheyKnow Pro.

    This work will support users in taking the next steps, if appropriate, when their requests for information are denied.

    A bit of background

    In the last few years, there has been a significant and sustained decline in FOI requests being granted by the UK government.

    According to the Institute for Government, the proportion of refused FOI requests reached a record level in the third quarter of 2019, with departments refusing to comply in full with more than half of all FOI requests that they received. This compares to around 40% in 2010 and around 30% in 2005.

    And yet, our research found that, when challenged, a large proportion of refusals were overturned, suggesting that the fault did not lie with the type of request being made. 22% of internal reviews resulted in the full or partial release of information, and a further 22% of appeals to the ICO led to all or some of the information being released.

    For local authorities, up to half of internal reviews – and just over half of all ICO appeals – led to the release of all or some of the information requested. In Scotland, with its own FOI regime, 64% of appeals to the Information Commissioner resulted in the full or partial release of information.

    And so, while acknowledging that some refusals are certainly legitimate, there is a clear case for challenging such responses. But to do so is daunting, especially for novice requesters who can understandably be discouraged by an official response citing exemptions in legalese.

    Our plan

    This new funding will allow us to approach the issue from four different, but interlinked directions, each intended to inform and support users in challenging government refusals of FOI requests.

    • When a WhatDoTheyKnow user confirms that they’ve received a refusal, we’ll be integrating context-sensitive advice. This will inform the user of their right to appeal, give clear guidance on how to assess whether the authority has complied with the law, and also advise on other channels, beside FOI, by which information may be obtained.
    • We’ll automatically identify which exemption has been cited in the refusal, giving us the ability to help users better understand why their request has been turned down.
    • Based on this finding, we’ll offer context-specific advice for the exemption identified. For example, if the request has been turned down because of cost, we’ll show how to reframe it to fall below the ‘appropriate limit’.
    • Finally, once the user has been fully informed, we’ll offer the support they need to escalate the request to an appeal.

    Ultimately we hope that this work will help reset the balance on the public’s right to access information, better enabling citizens, journalists and civil society to effectively scrutinise and hold authorities to account.

    As always, we’ll also be thinking hard about how to make all of this apply more universally, across the various legislatures that apply in jurisdictions where people are running sites on the Alaveteli platform.

    If this interests you, watch this space. We’ll be sure to update when we’ve made some progress on the project.

    Image: Tim Mossholder

  8. Beneficial ownership blog series

    Over the last few months, mySociety and SpendNetwork have been working on a project for the UK Government Digital Service (GDS) Global Digital Marketplace Programme and the Prosperity Fund Global Anti-Corruption programme, led by the Foreign & Commonwealth Office (FCO), around beneficial ownership in public procurement.

    We’ve gathered some of the things we learned in a series of blog posts:

    The entire series can be viewed here.

    Header image: Photo by Olga O on Unsplash

  9. Beneficial ownership data and preferential procurement

    Header image: Photo by Ricardo Rocha on Unsplash

    mySociety and SpendNetwork have been working on a project for the UK Government Digital Service (GDS) Global Digital Marketplace Programme and the Prosperity Fund Global Anti-Corruption programme, led by the Foreign & Commonwealth Office (FCO), around beneficial ownership in public procurement. This is one of a series of posts about that work

    While the main purpose of collecting beneficial ownership information is as part of an anti-corruption agenda, ownership information can also be used in public procurement as part of preferential procurement programmes. These are meant to increase the distribution of government contracts among different groups in a country. 

    South Africa is an example of a country with a system of preferential procurement through the Broad-Based Black Economic Empowerment (B-BBEE) programme. This programme gives preference to companies that (amongst other criteria) have more Black people and/or women in ownership and management.

    This works through a certification process where auditors convert evidence of ownership and management into a certification for the company, which is then used in the procurement process. While conceptually similar to beneficial ownership in many ways, this methodology differs from the requirement of disclosure of ownership that tends to be used in beneficial ownership. 

    Public disclosure of ownership could be made a component of preferential procurement or similar schemes, but this would also require understanding of ownership at lower thresholds than is currently common. Understanding the demographics of ownership requires a full picture of shareholders, and that may include adding up many with small shares. The Beneficial Ownership Data Standard (BODS), does allow for anonymous persons where a reason is given, and so information could be captured and released for demographic analysis while not disclosing the identities of owners below a threshold.

    BODS does not currently cover demographic information for individuals or certification for companies. Doing so could increase its applicability to broader procurement objectives such as B-BBEE. There is discussion on OpenOwnership’s BODS repository of what the inclusion of additional personal data fields would involve. In general BODS approaches field inclusion using the principle of data minimisation, where the data collected should be the smallest amount of personal information required to fulfil a valid purpose. There is an intentional decision to exclude gender information from the global standard/data store, with the argument that personal information included in the overall standard should be demonstrably useful for the purposes of disambiguation. This is seen as the main purpose of ownership information on a global scale, rather than demographic analysis. 

    Rather than inclusion in the global standard, localised extensions are seen as more appropriate for demographic information, as what is of interest will vary from place to place. While a gender field could be relatively universal, understandings of ethnicity are often culturally specific and a universal standard would be inappropriate. For instance, Australia’s Indigenous Procurement Policy (IPP) recommends the use of an Indigenous business register that in turn uses a ‘Proof of Aboriginality’ process that is more involved than self-certification. 

    The data standard would benefit from some abstract thinking about how country-specific demographic needs should best be reflected within BODS-formatted data. The specific questions are:

    • What should the general pattern be for extending BODS data with demographics? Remembering that demographics may be for individuals or organisations. 
    • Should self-certified data be logged differently from certified data? How should certification be acknowledged (often ‘certifying agency’ is available, but sometimes the certification certificate may have an ID number). 
    • Should there be a flag on demographic information that is stored in BODS, but shouldn’t be released publicly? Or does this logic belong outside the standard? If so, is there a generalised need for a ‘privacy schema’ and tool that can be applied to BODS to remove/anonymise particular fields?

    Demographic certification is a system of ownership collection and verification, and a general understanding of the ways in which BODS should and shouldn’t be a part of that would be useful for the future of the standard.

    See all posts in this series.

  10. Unequal impacts of open registers of ownership

    Header image: Photo by Erol Ahmed on Unsplash

    mySociety and SpendNetwork have been working on a project for the UK Government Digital Service (GDS) Global Digital Marketplace Programme and the Prosperity Fund Global Anti-Corruption programme, led by the Foreign & Commonwealth Office (FCO), around beneficial ownership in public procurement. This is one of a series of posts about that work

    A key privacy concern with beneficial ownership, and especially open registers of beneficial ownership, is that it is making private information publicly accessible. As an Engine Room/OpenOwnership report on the subject says:

    Justifying open registers therefore depends on answering two important questions: first, why is a central register necessary, as opposed to company reporting obligations, or trusts and corporate service providers (‘TCSP’) regulation? Second, why must the central register be publicly accessible, rather than closed or limited-access?

    Common across the countries we looked at as part of this research was concern from government stakeholders and the private sector about open registers, even while there is enthusiasm for them from civil society.

    The case for open registers is, broadly, that it allows many eyes to look at the data. This creates greater oversight and scope for investigations from civil society – NGOs, journalists and members of the public, as well as feedback mechanisms to improve the quality of the data. There are multiplier effects when multiple open registers are merged that allow the same beneficiaries to be followed across borders. Making these datasets easier to access also makes it easier for official bodies to pursue investigations by increasing discoverability and removing obstacles to use.

    A key benefit of forming companies is it provides limited liability – which protects the assets of shareholders from the legal liabilities or debts of the company beyond the size of their ownership of the company. The argument justifying releasing the personal information of owners is that this is a privacy trade-off made by individuals in exchange for the substantial benefits of limited liability.

    The resulting information is a safeguard against the use of legal entities in a way that is against the public interest because it allows investigation and discovery of abuses.

    Where this becomes more complicated is that the costs of that loss of privacy are not the same for everyone. Where privacy loss leads to greater risk, this may either result in harm to individuals or the fear of that harm may mean people avoid forming companies or tendering for government contracts.  As such, the collection and distribution of data needs to acknowledge different costs of disclosing information, and allow exceptions. From the Engine Room/OpenOwnership report:

    Governments and companies should not collect and disclose data beyond the minimum that is necessary to achieve their aim, or data that poses a significant risk of harm. The risk associated with different types of information will depend on the context of both the individual and the country where they reside. This highlights the need for carefully designed exceptions regimes tailored to risks in that context.

    A key potential risk of address information being public is stalking, and this is a risk that falls more on women than men. The UK has an open register of directors and persons of significant control (PSC), and the discussion around it reflects possible risks of open registers more broadly. The comments under a Companies House blog post about GDPR features people saying they were surprised that personal information such as signatures, month and year of birth and addresses are publicly available. One commenter explicitly said the experience of being stalked made her terrified about her address information being made available. While disclosure requirements often distinguish between company registration and home addresses, micro-businesses may be more likely to be registered from home, and so have an increased privacy cost to the owner.

    In the UK, there has been an exception regime that allows information to be concealed from the public register, if personal characteristics of a person when associated with a company put a person “or any person living with them, at serious risk of violence or intimidation”.  This was amended in 2018 to remove the need for evidence for certain kinds of changes and to allow people to remove home addresses (for a cost) from register documents without the need for exceptions or evidence. Current directors have to substitute another correspondence address; former directors can have the information reduced to the first half of the postcode. This was explicitly fast-tracked without consultation as a “number of cases have been raised […] where the people involved are at risk of violence or intimidation yet cannot have their address information protected.”

    A related problem involves changes of name. A requirement that directors list former names is a common sense requirement which prevents people with bad reputations avoiding scrutiny. But for transgender directors this is a public record of their transition that may either expose them to harm, or discourage company formation in the first place. This issue is one of the reasons for the exclusion of gender from the BODS standard, as a structure where old information is superseded but not removed raises this exact issue. We also heard of a similar problem when gender is encoded into ID numbers, and these ID numbers are used in public.

    While there are situations where the risk is foreseeable and evidenced (a domestic violence victim starting a company at a new home, but needing to conceal their address), in other cases the damage may already be done when the risk becomes apparent. Even if information is successfully removed from the original source, where data has been released and incorporated into other products, retrospective redaction is more difficult.

    This problem is analogous to one faced by political candidates in the UK, where a report about intimidation and harassment of candidates and politicians led to the removal of a requirement to have home addresses printed on the ballot paper. Increased acknowledgements of the risks posed to individuals as a more diverse set of people enter into registerable roles can require re-examination of previous standards. This is especially important if it is happening alongside the opening up of information that was previously legally (but not easily) accessible.

    While privacy risks of open registers have to be accounted for in their design, closed registries might still be a privacy/security risk. One concern raised by an interviewee was that even closed registers can leak or bribery could occur for access. If a cache of data is too sensitive to publicly release, and there isn’t the capacity to properly secure it, the information may be too sensitive to gather at all. The capacity to secure and manage access to personal information is an essential component of any register.

    These problems demonstrate the importance of finding methods of delivering the public benefits of having collected private identifying information, while minimising the amount of personal information that is released. We have explored possible design patterns to help accomplish this where unique identifiers are available.

     

    See all posts in this series.