All Things Newz
Law \ Legal

Strictly For The Record: Scope Of FOI Exceptions Contrasts With Access Rights Under The GDPR – Data Protection



To print this article, all you need is to be registered or login on Mondaq.com.

Last week the Minister for Public Expenditure and Reform
announced a full public consultation of the Freedom of Information
Act 2014 (the “FOI Act“), which will
inform the direction of travel for FOI policy into the future.
Having carried out a survey that closed in December 2021, the
Department has prepared a consultation paper that seeks responses
from the public on themes grouped into two areas: structural issues
and incremental reform.

One of the structural issues themes that has been identified for
consultation is streamlining of regimes.  Some of the
responses at the scoping stage identified that the variety of
access mechanisms may give rise to “regulatory
arbitrage
” or “forum shopping“, which
can often involve public bodies being required to process multiple
requests under different frameworks. By their nature, slightly
different outcomes may arise out of requests under different legal
rules.

In this context, it is interesting to consider the different
underlying purposes of the freedom of information regime and the
right of access to personal data provided in the GDPR. A recent
High Court judgment in Director of Public Prosecutions v
the Information Commissioner
 [2021] IEHC 752 demonstrated
the potentially broad scope of freedom of information requests for
public bodies and limited nature of available exemptions. In this
briefing, we consider how this interpretation of FOI contrasts
against the access right under data protection law.

Background

DPP v the Information Commissioner concerned an
request for records made by a Sunday Times journalist (the
Requester“) under the FOI Act, which
sought correspondence between public bodies (including the DPP) and
the Department of Public Expenditure and Reform (the
Department“) in relation to fees paid
to barristers and solicitors.

The Department refused access to its records of the
correspondence on the basis of section 42(f) of the Act, which
creates an exemption for records “held” or
“created” by the DPP or the Attorney General. The
Requester appealed to the Information Commissioner, who ruled that
the letters sent to the Department by the DPP were not subject to
disclosure as these records had been “created” by the
DPP. However, copies of letters sent by the Department to the DPP
could not benefit from the exception in section 42(f) and were
subject to disclosure. The DPP appealed the treatment of these
records to the High Court on a point of law.

For the Record: Narrow Parameters of Section 42(f)
Exception

  • In his judgment, Simmons J noted that the “conundrum”
    presented by the appeal as for the purposes of the FOI Act there
    were two sets of records: the original correspondence issued by the
    Department to the DPP and the duplicate copies of that
    correspondence held by the Department.

  • The Court noted the test from Minister for Health v
    Information Commissioner 
    [2019] IESC 40 where the
    Supreme Court held that there are two questions to be asked in
    considering requests for records:

    • whether it is a record held by the public body, which was
      easily answered as the Department held copies or originals of all
      the correspondence between it and the DPP.

    • whether the requester has a right of access. This question
      turned on whether copies and originals can be considered the same
      “record” and the DPP made two arguments. The first was
      that the copies or originals held by the DPP are the same
      “record” as the counterpart held by the Department and
      hence, they all are within the scope of the section 42(f)
      exception. The second argument was that any alternative
      interpretation of the parameters of section 42(f) would subvert the
      intention of the legislature and permit access to exempted records
      by the back door.


  • The Court rejected the first argument on the basis of the
    natural and ordinary meaning of the definition of a
    “record” in section 2 of the FOI Act, which
    “indicates that a copy of a thing, which is itself a record,
    is also a record”. The legislative intent of this definition
    was to ensure that a public body could not refuse a request on the
    basis that the original is held with a different public body.
    Therefore, the DPP and the Department do not hold the same
    “records” even though the information is identical in
    both.

  • The Court also rejected the purposive argument as the
    legislative intention of ensuring sufficient protection of
    sensitive information was served with the presence of other
    exemptions in the FOI Act, such as the exemption for legal
    professional privilege or where the record itself could reasonably
    be expected to prejudice the prevention, investigation or
    prosecution of or enforcement of any law. The Court’s view was
    that the DPP’s interpretation would result in a “radical
    reduction in the right of access”, particularly as the same
    exception applied to documents created or held by the Attorney
    General. Simmons J observed that potentially any record could be
    excluded from a request merely by the fact of sending a duplicate
    to the Attorney General or the DPP.

  • On this basis, the Court found that the DPP and the Department
    do not hold the same “record” for the purpose of the FOI
    Act, even if one holds a copy of a record sent by or to the other
    and notwithstanding that the same information may be contained in
    both records. As such, the Court held that the Requester was
    entitled to the records or parts of records comprising the
    Department’s responses to requests from the DPP where those
    records are held by the Department; notwithstanding the fact that
    the DPP may hold identical records.

Show me the Data: Contrast with the Article 15 GDPR Access
Right

  • This judgment shows both the potentially broad nature of a
    request for records under the FOI Act and the narrow scope of
    exceptions for public bodies under the FOI regime. Some of the
    factors underpinning the High Court’s judgment, such as the
    concept of a “record”, contrast sharply with the access
    right for data subjects to their personal data under data
    protection law.

  • In FOI, the regime is tied to the concept of a
    “record” held by the FOI body. As noted by the High
    Court, there can be two records for FOI purposes, even where the
    two documents are near copies of each other, containing the exact
    same information. However, as these records are distinct for FOI
    purposes, they can be treated differently in the application of
    exceptions.

  • This contrasts with the access right contained in Article 15
    GDPR, where the entitlement is to the personal data itself, i.e.
    the underlying information regardless of the format in which that
    personal data is held. As the Article 15 right is linked to the
    underlying information, there is no obligation on a controller to
    provide multiple copies of the same personal data (even where that
    same personal data is held in different formats). Additionally, as
    the Article 15 right is focussed on personal data, any exceptions
    applied under data protection law should be consistent across all
    versions of the personal data.

Takeaway for FOI bodies

For public bodies, there are clear challenges of managing access
to records and data across overlapping but distinct
regimes. At present, the Department is conducting a public
consultation seeking views on the structural issues and incremental
reform themes set out in the public consultation document
(available 
here
), which will close on 12 August. It will be
interesting to see if the practical and operational challenges for
public bodies are considered when the report of the consultation is
published later this year. In the meantime, the challenges for
public bodies of successfully addressing the different access
regimes remain.

This article contains a general summary of developments and
is not a complete or definitive statement of the law. Specific
legal advice should be obtained where appropriate.

POPULAR ARTICLES ON: Privacy from Ireland

Data Privacy Comparative Guide

Kobylańska Lewoszewski Mednis sp. j.

Data Privacy Comparative Guide for the jurisdiction of Poland, check out our comparative guides section to compare across multiple countries



Source link

Related posts

Deadline For Transparency In Coverage Compliance Fast Approaching – Employee Benefits & Compensation

California Appellate Court Rules That Purely Digital Retail Businesses Are Not Covered Under The Unruh Civil Rights Act – Civil Law

IRS Anuncia Amnistía Fiscal Internacional Nueva Hasta El 30 De Septiembre De 2022 – Tax Authorities