If you’ve recently received a refusal to a Freedom of Information request you sent through WhatDoTheyKnow, you might have noticed our latest feature.
As mentioned in a previous blog post we’ve been working on functionality to help people challenge refusals, and the first iteration of this is up and running.
You might now see an automated notice above a refusal, identifying which exemption may have been applied. These are visible only to the person who made the request, and do not appear in every case; see more about that below.
Click ‘get help to challenge it’ and you’ll be presented with a series of questions about your request and the reply you received from the authority, to see whether there is any scope for a challenge.
Your answers to these questions will generate tailored advice on what to do next, also presenting you with editable fragments of text that you can use to get started with any challenge or request for clarification.
What’s the thinking?
WhatDoTheyKnow has always existed to make it easier for anyone to make an FOI request, without having to be an expert in the law.
We think we’ve got the initial part of that down pretty well (with the obvious caveat that there are always improvements to be made) — but up until now we haven’t directed a lot of attention to what happens after the authority responds.
Even for seasoned users of FOI, but especially for those new to the whole area, it is daunting to receive a refusal from an authority. By their nature, FOI responses contain some legalese, and this can be enough to make the best of us think, ‘Ah well, they probably know more about it than I do’ — and give up.
But another way of looking at it is that this legalese is there to help you. A body can’t just turn down your request because it doesn’t want to answer it: it has to say which exemption it is using under FOI law. If you know your way around that law, it is the key to understanding what to do next, and in fact, it’s this legal bumph that our code will be using to check what questions to ask you.
Before we introduced this intervention, a good number of users just gave up when they received a refusal from an authority — and that’s fair enough. We’d been directing users to a generic help page with details of what options are broadly available for challenging a refusal, but only the very determined would take it further.
And as we mentioned in our previous post, 22% of internal reviews (where you ask the request to be examined again, by a different member of staff at the authority) result in the full or partial release of information. It’s clear that bodies can, and do make mistakes sometimes.
Our new functionality helps you discern where that might have happened, and put together a decent challenge.
How it works
When an FOI request is refused, the authority have to give the reason, and this has to be one of a set number of ‘exemptions’ — clauses in the FOI Act that list the circumstances under which an authority is not obliged to disclose information.
Our code scans the response to identify which exemption/s have been applied. Remember, though, that this is just an automated best guess, so it’s still very much up to the user to check whether it’s correct!
At the next stage the user will be asked: “Did the authority mention any of these exemptions when refusing your request?” and there is the chance to remove exemptions if they’re wrong, and add any that haven’t been picked up by the code.
Then, informed by guidance from the Information Commissioner’s Office (ICO) for the identified exemption, we present a series of questions which should help you understand whether there are grounds for asking for an internal review.
Depending on your answers, you’ll see some advice. This might simply tell you that the exemption seems to have been applied correctly; it might advise you to ask the authority to clarify areas where their response is unclear, or it could point out where it appears that there has been an error on the part of the authority.
Note the various variations on ‘you have/may have grounds for an internal review’ — this is because each conclusion has been generated by a different response to one of the questions. In this example, the user has four different potential challenges to the refusal:
- The exemption seems to have been incorrectly applied
- The authority hasn’t provided some evidence that they should have
- The user has identified something about the contract that means the exemption shouldn’t have been applied to every part of it
- The authority hasn’t demonstrated that disclosure would be prejudicial to business interests
Whew! But if that’s a little overwhelming, there’s still some more support for the user.
Click ‘request an internal review’ and you’ll be shown some fragments of text you can copy and paste into your reply to help you start composing it. These are just prompts: they can be edited or overwritten to reflect your specific situation, and to allow you to express yourself in the language you’d ordinarily use.
Know your exemptions
Some exemptions are used far more commonly than others: for example we discovered when we began this work that the most often applied was the Section 12 exemption, ‘where cost of compliance exceeds appropriate limit’ — that is, responding in full would cost the authority too much in terms of expense or manhours.
Other common exemptions are Section 14 (turning down ‘vexatious’ or repeated requests for the same information); Section 40 (where the release would contain someone’s personal information); and Section 21 (where the information is already available elsewhere).
It’s worth knowing basic facts around exemptions: for example, if some of the information you’ve requested is covered by an exemption (say, a portion of it would contain personal information) the authority should still be releasing the rest. And if they tell you it’s available elsewhere, they should also do all they can to point you to the relevant place.
Some exemptions require a public interest test, where the authority must weigh up whether it is more beneficial for society as a whole to release the information than it is beneficial under the conditions of the exemption to refuse it. An example may be where the information relates to the UK’s defence capability, but would reveal something so important for the public to be aware of that any potential threat to national security is outweighed.
For this first stage of the new functionality, we covered the 13 most commonly used exemptions out of the full 27. Also, our tool might miss some exemptions. If that’s the case, or the exemption can’t be identified, you simply won’t see anything on the request.
The ICO provides detailed guidance for authorities about each exemption, and this has also proved invaluable for us as we strive to point out where there may be room for requesting a review. As we’ve learned while creating this functionality, law is not precise: in many cases it is open to interpretation, and legal challenges at tribunal act as precedents, helping to consolidate its exact meaning. The ICO guidance is basically an attempt to unify such interpretation.
But the average person may not have the time to read up on the ins and outs of how this exemption or that should be applied, so we hope our sets of questions will give you a short cut towards understanding whether there’s a valid challenge to be made. Eventually, we hope it’s not too bold to suggest, the functionality may even increase the public’s understanding of FOI.
We are, of course, keen that this initiative doesn’t place an extra burden on authorities. The mechanism should work just as well in pointing out where the authority has acted correctly, and so discourage pointless challenges.
Where requests for internal reviews are made, the result should be that they are better informed, clearly structured and based on valid challenges. In time, this feature may even have the knock-on effect that authorities are incentivised to improve their initial responses, taking more care that exemptions are correctly applied.
We know this isn’t perfect yet, so if you’re from an authority and you want to share feedback, please do let us know. And if you’re a member of the public and you see anomalies in the wording or interface, please do also get in touch. You can contact us here.