Earlier this year the freedom of information (FOI) laws in both Scotland and the rest of the UK celebrated 20 years of being in force. Tony Blair was famously quoted as indicating that the introduction of this legislation was one of his biggest mistakes while in office: “Freedom of Information Act. Three harmless words. I look at those words as I write them, and feel like shaking my head 'til it drops off. You idiot.”
Despite Blair’s regrets, the increased transparency that accompanied the legislation has had several positive consequences, including the publication of some of the biggest news stories over the last two decades, which would not have happened without access to information obtained through FOI requests. In any case, there is no doubt that those bodies subject to FOI need to dedicate significant resources to meeting their obligations.
Since their inception there have been various calls for the FOI laws to be updated, particularly to take account of the changing ways in which public services are provided. Concerns have also been raised over the years that public bodies can avoid their transparency obligations by using private and third sector bodies not caught by FOI to provide certain services.
The UK FOI laws, which differ slightly between Scotland and the rest of the UK, have hardly been touched over their 20 years of existence. The Scottish laws were updated in in 2016 to include privately operated prisons and grant-aided schools, with a final change to include housing associations in 2019. Nonetheless, there have been continuing calls for further updates to the FOI laws in Scotland, in particular around the process for designating additional public bodies, culminating in the introduction of a private members bill – the Freedom of Information Reform (Scotland) Bill (the Bill) – at Holyrood on 2 June.
As currently drafted, notable provisions of the Bill include:
- In addition to the current powers of the Scottish Ministers, the Scottish Parliament will be able to designate organisations under FOI where the organisations are exercising public functions or delivering public services under contract. This can only be done where the Parliament has first gone through a consultation process.
- Scottish Ministers must consider proposals received from the Scottish Information Commissioner to designate bodies.
- Where public authorities (PAs) are considering the application of exemptions, the starting point will be a presumption in favour of disclosure unless disclosure is prohibited by an absolute exemption.
- PAs will be required to appoint an FOI officer with responsibility for FOI compliance by the PA (this is akin to the requirement for certain organisations to appoint a data protection officer under UK GDPR).
- If a clarification is sought from the requestor, that will only pause the 20 Working Day timetable for response, not reset it.
- New provisions around publication of information by the PAs replacing the model publication scheme with a publication code.
- Creating an offence of destruction of information to avoid it being requested under FOI.
The Scottish Information Commissioner has welcomed this new bill, stating: “After 20 years … it’s undoubtedly time for a refresh – not least because there have been massive changes in both the way we access information and the way public bodies deliver their services.”
The Scottish Government has indicated its intention to consult on bringing social care providers (who are not keen to embrace an additional administrative burden) within the ambit of FOI, although the consultation was postponed in December last year while the Bill was being prepared.
The Bill is currently only at Stage 1 of its progress through the Scottish Parliament. A report on the Bill by the Standards, Procedures and Public Appointments Committee will be provided before a debate in Parliament on the general principles of the Bill. We will provide further updates as the Bill progresses through the parliamentary stages.
If you have any questions or need any assistance regarding the above, please contact our Data Protection and Privacy team.