The identity of people making FOI requests would be made public if a new private member’s bill succeeds. The bill, which will have serious implications for the privacy of individual requesters, is being introduced by Karl McCartney, the Conservative MP for Lincoln, who came 8th in the ballot for bills. [Update: in the event Mr McCartney did not attend the House of Commons to move his bill, which has therefore not been introduced.]
In a note to fellow MPs at the time Mr McCartney wrote: “I am proposing that individuals who make FOI requests should be required to disclose their identity.” He adds that the objective is “to allow those individuals or organisations who are subject to any FOI requests to rightfully know who is requesting the information of them”.
FOI applicants have no right to make requests anonymously. Guidance from the Information Commissioner’s Office states that authorities “are entitled to treat as invalid requests where the real name of the applicant (whether an individual or corporate body) has not been used.” Requests made anonymously or using a pseudonym are commonly refused as invalid. See for example:
However, Mr McCartney suggests that his bill is also intended to ensure that requesters’ names are made public. The Justice Select Committee’s 2012 post legislative scrutiny of the FOI Act also proposed this. It suggested that where authorities publish a disclosure log, showing what information has been released under FOI, the requester’s name should also be included. The implication was that this would draw public attention to, and perhaps deter, those making excessive use of the Act.
The government rejected this recommendation stating:
“The Government does not share the view that publishing the names of requesters in disclosure logs would be beneficial in terms of burdens. Such a move would have implications for the data protection of requesters, and there is no evidence that it would have any positive impact either on transparency or on reducing the burdens of FOIA. As such, the Government is not minded to accept that recommendation at this time.”
What is the problem in requiring the publication of requesters’ names? Once requests have been answered, there may be no objection to identifying the requesting organisations such as media bodies, campaign groups, professional bodies or companies.
Identifying individual requesters is a different matter. Many people use the FOI Act to obtain information about matters which directly affect them. The information they seek may not be personal, but their interest in it is. Someone who asks a social services department about the support provided to people with a particular condition living in particular circumstances may be describing their own situation. Publishing their names will suggest this to others. Where the inference is correct, the disclosure would be highly intrusive. As the law stands, it would also breach the Data Protection Act (DPA). There should be no question of identifying requesters seeking information about issues they face such as mental illness, child abuse, domestic violence, sexual orientation or learning disability.
Someone who believes they have been wrongly suspected of committing an offence may seek information from the police about the incident. Publishing their names may publicly identify them as a suspect.
A request may be prompted by suspicion that an authority or other body has behaved improperly. Naming the requester may reveal them as a potential whistleblower, exposing them to possible reprisals.
When someone asks for information about the spending, conduct or truthfulness of a minister or council leader, the first thing the politician may want to know is who is asking. If that person is an employee or someone dependent on the authority for a service, naming them may leave them vulnerable. Some FOI officers refuse to circulate the requester’s name to others within their organisation, partly for these reasons.
The FOI Act is meant to be ‘applicant blind’. Authorities are required to consider whether information can be made public – not whether information should be released to the person making the request. So the identity of the requester is normally irrelevant to the disclosure decision (though an exception may be made for potentially vexatious requests). The applicant blind principle ensures that authorities are not tempted to disclose information to those who are sympathetic to them, while placing obstacles in the way of critics.
Mr McCartney suggests that his bill would help reveal whether requesters are foreign citizens whose requests impose a burden on UK taxpayers. However, someone’s nationality cannot be deduced from their name or even address (though if the intention is to disclose addresses, the measure would be even more starkly intrusive).
If the bill is really intended to identify foreign nationals using the UK Act, requesters are going to have to submit proof of nationality with their requests, a staggering piece of bureaucracy. The Act was deliberately made accessible to ‘any person’ including non-citizens, as are the US and many other FOI laws.
Mr McCartney suggests that the bill would help avoid ‘potential abuse of the FOI regime’ by allowing individuals and organisations to know who is making FOI requests about them. It is not clear exactly why this constitutes an abuse.
If someone asks for information about a company’s commercial activities, the authority will consider whether the disclosure will be harmful if it reaches a competitor – regardless of whether the requester actually is a competitor. If the information would prejudice the company’s commercial interests and the public interest does not nevertheless favour disclosure, it will not be disclosed to anyone, regardless of the requester’s identity.
As for FOI requests made about individuals, the only people likely to be the subject of successful requests are public figures such as ministers, MPs, local politicians and senior officials or office holders.
Is it an abuse for someone whose name is not disclosed to seek information about, say, an MP’s activities or correspondence? If a political opponent has obtained information with a view to using it against the MP it does not seem unfair to identify the requester. In fact, the MP may be able to obtain this already by making a subject access request under the DPA. The identity of someone who has made a request about you is your personal data. If the requester was, say, a political party its identity would probably be disclosed. An opposing political candidate arguably might be identified on the grounds that this is ‘reasonable in all the circumstances’. But the identity of an ordinary member of the public who had sought the information would be withheld.
The new proposal would apparently identify even the individual. Suppose this is a dissatisfied constituent who feels let down by their MP. How does identifying them further the public interest? What would the MP do with the information? Cold shoulder the constituent next time they seek his or her help? Publicly denounce the constituent for wasting the authority’s resources? Investigate the requester’s background for signs of undeclared political affiliations? It’s the MP who should be accountable to the constituent not the other way round and the bill should not seek to change that.
Director, Campaign for Freedom of Information