The UK GDPR and Freedom of Information Act (FOIA or FOI Act) champion individuals’ legal rights to request information from the public and private sectors. Now in its 20th year, the FOI Act remains a pivotal legislation for improving transparency and accountability for public authorities. 

Over the last year, we’ve seen regulatory action against authorities like the City of London Police and Goldsmiths, University of London due to FOIA non-compliance. Even 20 years on*, organisations still fail to meet their obligations, leaving individuals unaware of the decisions impacting their lives. 

In this article, we will discuss the purpose of the Freedom of Information Act and the obligations required of public bodies.  

What Does the Freedom of Information Act Allow? 

The Freedom of Information Act (2000) allows individuals to access information held by public authorities. This data is either available through a FOI request or public records published about an authority’s activities, which is typically referred to as a publication scheme. 

The government first discussed freedom of information in a 1997 white paper, which aimed to increase transparency between the government and its people. At its core, the FOI Act helps individuals stay informed about the decisions made about their lives. This control gives us freedom of information.

Does the FOI Act Apply to Every Sector? 

The FOI Act only extends to public authorities. These include:

• Government departments ;
• The Armed Forces (except the special forces);
• Local authorities (Principal and parish councils, fire and rescue authorities);
• The NHS (GP surgeries, dentists and health practitioners); 
• The Police forces;
• Maintained schools, academy schools and further/higher education institutions; 
• Companies owned by the Crown; 
• Companies owned by the public sector; and, 
• Companies owned by the Crown and public sector. 

What Information Can You Access Under the FOIA? 

Under the FOI Act, you can access any recorded information a public body owns. This covers everything from printed documents, computer files and letters to emails and telephone recordings. 

The Act covers recorded details, such as metadata – the author and date of drafting. If a contractor holds information on behalf of a public authority, they must forward the request out of good practice. The FOI Act excludes personal data and information held on behalf of another person, body or organisation. 

How Does the FOIA, UK GDPR and DPA Align? 

The UK GDPR and Data Protection Act (DPA, 2018) sets requirements for handling personal data. The Freedom of Information Act covers information held by public authorities. The ICO regulates these legislations as they fall within the information rights category. 

While the GDPR and DPA honour our data privacy rights, the FOIA uncovers the truth behind decision-making that directly affects our lives. Overall, they achieve the same goal: transparency and accountability. 

Need Data Protection Training? 

At Data Protection People, we offer expert FOI and GDPR training for organisations in the public and private sectors. If you are a public body, we recommend completing our FOI request training, which guides you through handling information requests.

Get in touch with us today for more information on our training services. 

—-

*(The FOI Act was originally passed in November 2000 and came into force in January 2005).