Memorandum submitted by the Campaign for Freedom of
Information
4. EXEMPTIONS
Substantial harm
We welcome the proposal that most of the Act's exemptions
(the exceptions are discussed separately below) should be based
on a test of whether disclosure would cause "substantial
harm" rather than the straightforward "harm" that
now applies under the open government Code of Practice.
This is an important aspect of the proposals. It indicates
that an authority seeking to withhold information must meet a
significant burden of proof, and be able to demonstrate that material
damage is likely to result from disclosure. It should avoid the
tendency towards reflex refusals of requests for material not
disclosed in the past, and should encourage authorities to discount
inconvenience or speculative risks.
Department's initial responses under the Code are sometimes
poorly argued, and show little sign that the possibility of harm
has been considered rigorously. Having refused a request, the
burden of proof thereafter is on the applicant to disprove
the department's claims. The requester is often obliged to speculate
on the unstated reasoning which has led to a claim for exemption.
Success in identifying and rebutting such arguments may lead the
department to invoke previously unmentioned exemptions. This process
may continue even during an investigation by the Parliamentary
Ombudsman, prompting the former Ombudsman, Sir William Reid, to
report:
"there is a tendency in some departments to use every
argument that can be mounted, whether legally-based, Code-based
or at times simply obstructive, to help justify a past decision
that a particular document or piece of information should not
be released instead of reappraising the matter in the light of
the Code with an open mind. I have found it time-consuming to
have to consider a whole series of different defences, even when
many of them prove to have no real foundation."[25]
We hope the stronger presumption of openness implied by the
"substantial harm" test will help to deal with this
problem. To demonstrate that substantial harm is likely to result,
authorities refusing information should be required to inform
the applicant of:
(a) the nature of the information within the scope of
the request whose disclosure would cause this harm;
(b) the specific harm which they believe would be likely
to result;
(c) the mechanism by which they believe this harm would
be caused;[26]
(d) why they believe it would be "substantial"
and
(e) the measures they have considered (e.g., aggregating,
anonymising, or excluding part of the data, or seeking the consent
of a third (party) to make the information discloseable.
Such details should accompany any initial refusal, and not
be the end product of a prolonged correspondence during internal
review.
Statutory factors
The Act is to specify particular factors identifying the
circumstances in which substantial harm may arise.[27]
These should not be capable of being seen as a one-sided checklist,
whose elements all point in the direction of withholding information.
Ideally, they should also be able to identify the circumstances
in which the appropriate harm test has not been met. A
useful example may be the privacy exemption in British Columbia's
Freedom of Information and Privacy Act, which sets out the factors
which tend to favour both the disclosure and the withholding of
personal information. This may be more elaborate than would be
needed here, but the even-handedness in describing factors on
both sides of the argument is helpful.[28]
The protected interests
The White Paper proposes that there should be seven protected
interests (exemptions). Although broadly stated, we note that
none of them appears to permit the withholding information on
grounds equivalent to the Code of Practice's exemption for information
harmful to "the proper and efficient conduct" of an
authority's affairs.[29]
We welcome the exclusion of this catch-all provision.
The sections below contain some initial observations on the
protected interests.
(a) National security, defence, international relations, law
enforcement
The White Paper suggests that the "substantial harm"
test may not apply to information which is subject to the Official
Secrets Act (OSA). Authorities will be expected to ensure that
decisions on disclosure are consistent with other relevant legislation.
The White Paper adds:
"we are concerned to preserve the effectiveness of the
Official Secrets Act, and there may in some cases be a need to
ensure that a decision taken under the FOI Act would not force
a disclosure resulting in a breach of the harm tests that prohibit
disclosure under the Official Secrets Act".[30]
The Act establishes a range of different harm tests.[31]
Some are equivalent to "substantial damage". For example,
offences are committed by persons making unauthorised disclosures:
- of defence information which cause "serious
damage" to military equipment[32];
- relating to defence or international relations which
"seriously obstruct" the promotion of UK interests
abroad[33];
- likely to "lead to loss of life or injury"
to service personnel.[34]
Other harm tests are expressed in terms which arguably are
less demanding than "substantial harm" if only because
a term equivalent to "serious" does not appear. For
example:
- defence disclosures which "damage"
the capability of any part the armed forces[35];
or
- disclosures relating to defence or international
relations which "endanger " the UK's interests
abroad;[36] [37]
- disclosures of information obtained in confidence
from other governments or intergovernmental bodies where, regardless
of the substance of the information disclosed, the breach of confidence
is itself likely to "endanger " the UK's interests
abroad;[38]
- disclosures relating to security and intelligence
which, though not harmful in themselves, "fall within
a class or description "of information likely to "damage"
the work of any part of the security and intelligence services;[39]
- disclosures relating to or obtained under warrants
under the Interception of Communications Act or the Security Service
Act - these are absolute offences and no reference to harm appears;[40]
- disclosures likely to "impede "
the prevention or detection of offences or the apprehension or
prosecution of suspected offenders;[41]
- a disclosure on any subject which is likely to "result
in the commission of an offence ".[42]
The weak harm tests relating to the security services, and
the absolute offences relating to the specified warrants, are
not directly relevant for FOI purposes, so long as it is proposed
that all such information will fall outside the Act's scope.
But the test relating to the committing offences contains
no reference to seriousness, as might for example have been provided
by limiting the provision to disclosures likely to result in indictable
offences.[43] Arguably
a disclosure about the sparsity of traffic wardens in a particular
area could trigger an Official Secrets prosecution if it was felt
this might facilitate a parking offence. In practice, such prosecutions
would presumably not be brought, but if OSA harm tests are imported
into the FOI Act, the traffic warden data would be exempt. (This
example also raises the question of whether traffic wardens may
be amongst those bodies whose law enforcement functions are to
be excluded from the scope of the Act altogether).
The fact that some of the tests relating to defence information
are equivalent to substantial harm, and some lower, is likely
to cause confusion (and the same is true in relation to the varying
international relations tests). There is no suggestion that "substantial
harm" will require the disclosure of information likely to
threaten essential national interests. Genuine military secrets
will be protected whichever test is adopted. However, the test's
purpose, according to the White Paper, is to define the burden
of proof "in specific and demanding terms".[44]
It is not clear what advantage there is, to the country's essential
interests, in avoiding such a test. But to do so may dilute the
impact of the FOI Act.
We question the assumption that absolute consistency is
needed between the Freedom of Information and Official Secrets
harm tests. Their purposes are different. The OSA is not designed
to prevent the disclosure of information, its purpose is
to deter leaking.
Ministers frequently provide information to Parliament whose
unauthorised leaking by an official would be an offence. Almost
every official announcement about the work of the security and
intelligence services, including the naming of the head of MI5,
Stella Rimington's 1995 televised lecture about the security service's
work and the publication of any of the reports of the Intelligence
and Security Committee, would have been offences under section
1 of the 1989 OSA, had the information been leaked. The same is
certainly true of much published information about defence and
international relations.
If consistency between the two statutes is thought essential,
it should be achieved by amending the Official Secrets Act to
bring it into line with the proposed "substantial harm"
test. Support for such a rigorous test can be traced back to the
1972 report of the Franks Committee. Its report on the now repealed
section 2 of the 1911 Official Secrets Act recommended that only
disclosures causing "serious injury" to the national
interest should be offences, commenting:
" . . . strong measures are clearly justified in preventing
serious injury to the nation. It is less clear that the criminal
law must be brought in to reinforce other means of protection
where the possible injury is of a less serious nature. The most
obvious example is defence. Some defence information is highly
secret: its unauthorised disclosure would cause serious injury
to the nation, and it requires full protection. Some defence information
is public knowledge. In between these two extremes, there is a
continuous gradation. There is some defence information which
could be published without harm, or with little harm, to the nation.
And there is a considerable range of information the unauthorised
disclosure of which would be prejudicial to the interests of the
nation, but would not cause serious injury . . . In our view,
the appropriate test on this basis, in relation to national security,
is that unauthorised disclosure would cause serious injury to
the nation.
This means that the criminal law would not apply to information
the unauthorised disclosure of which would cause some injury to
the interests of the nation, but short of serious injury."[45]
This view was reflected by the Labour Party during the passage
of the 1989 Official Secrets Act, and can be found in Labour proposals
to reform the 1989 Act. In February 1992, the Labour front bench
published its Right to Information Bill which would have
introduced both a FOI law and a replacement for the 1989 OSA.
The Labour proposals would have retained criminal sanctions only
for information about defence, international relations or the
security and intelligence services whose unauthorised disclosure
was likely to cause "serious damage" to the UK's interests,
or equivalent harm to law enforcement[46]
as well as establishing a new public interest defence for those
charged with official secrets offences.
Other exemptions
(b) Personal privacy
We assume that information in personal files held by public
authorities on identifable individuals who have done nothing to
merit special public attention, will not normally be available
to third parties under the FOI Act, and such disclosures will
generally be regarded as involving "substantial harm".
However, we agree with the White Paper's statement that the
right to privacy cannot be absolute.[47]
The right to privacy may need to be balanced against the public
interest in disclosure, or the rights of another individual. Such
balancing may be especially appropriate where:
(a) the individual is a public official and the information
relates to his or her functions as such;
(b) the information indicates misconduct, particularly
by a public official;
(c) access is necessary for the proper scrutiny of government
decision-making;
(d) access is necessary to improve the protection of
public safety or;
(e) if a person against whom some adverse action may
be taken is to adequately defend him or herself (for example against
allegations made by an individual whose identity would otherwise
be protected on privacy grounds).
(c) Commercial confidentiality
Commercial confidentiality can also not be given absolute
protection. This is already recognised in a variety of ways. For
example labelling provisions requiring companies to disclose the
ingredients of foods, pharmaceutical or toxic products involve
the disclosure of information to consumers which might be of assistance
to competitors. The Companies Acts requirements for the publication
of annual accounts, in the interests of shareholders and suppliers,
require the disclosure of information which will often be of value
to rivals or potential predators.
A precursor of the proposed substantial harm test may be
found in the Environmental Protection Act 1990 which requires
public registers containing applications to operate potentially
polluting processes, monitoring results, and other data. Information
may be withheld if it is commercially confidential. This is defined
as information whose disclosure "would prejudice to an
unreasonable degree the commercial interests" of the
person from whom it was obtained.[48]
This is a double harm test, requiring that disclosure be prejudicial
and that the prejudice be more than is reasonable. On top of this
the Secretary of State may "in the public interest"
order that particular types of information be included in the
registers "notwithstanding that the information may be commercially
confidential".[49]
The White Paper's test precisely mirrors part of the corresponding
American FOI Cat exemption, which protects trade secrets and confidential
commercial or financial information. "Confidential"
is judicially defined as incorporating two tests; one relating
to the Government's future ability to obtain similar information;
the other that disclosure "would cause substantial harm
to the competitive position of the person from whom the information
was obtained". [50]
However, such rigour is often conspicuously absent in government's
handling of the concept of commercial confidentiality, which at
times it regards as synonymous with "information about a
commercial entity".[51]
We suggest that the following criteria might be applied under
this exemption:
(a) it should only apply to information which the business
concerned has supplied to government in confidence - and not in
information generated by government itself, for example through
its own product testing;
(b) the business should have consistently treated the
information as confidential - companies which have shared information
at technical conferences or with selected journalists should not
be able to claim exemption when it is sought by a pressure group;
(c) it should not be available from published sources
or obtainable in other ways (e.g., from market research firms,
or by analysing a product) at modest cost;
(d) the information should be likely to cause substantial
competitive harm to the business, by allowing a rival to exploit
the information in order to manufacture or sell more effectively;
(e) for such competitive harm to occur there must be
competition, a test which will not be met in a monopoly situation;
(f) even where competitors exist, they must be capable
of making substantial use of the information. Where other barriers
to market entry (e.g., the product development costs, or the reluctance
of government to license particular types of facility, such as
nuclear reprocessing plants) prevent potential rivals from actually
engaging in competition, or where competitors are already irrevocably
committed to alternative manufacturing processes and cannot benefit
from details of the originating company's process, substantial
harm will not occur;
(g) a disclosure which harms the originator by promoting
consumer choice - for example by revealing that its products are
inferior to a rival's - should not be exempt;
(h) a disclosure which harms share prices in a similar
way - e.g., because investors anticipate that customers will stop
buying a substandard product, or that government may impose new
restrictions on a dangerous product - should also not be exempt.
(However where government has been given confidential information
about a business's future plans, the share price implications
of disclosure would become a legitimate consideration).
None of the above considerations should prevent public authorities
releasing details of their specifications for a contract, its
terms, value, performance bonuses, penalty clauses or similar
information. Apart from considerations of accountability for public
funds, such information is the authority's, and not obtained by
it in confidence from the contractor. Moreover, any disadvantage
to the contractor is likely to arise by more effective competition
from others for future contracts - and so serve the public interest
in promoting more effective use of public funds.
25 Parliamentary Commissioner for Administration, Annual
Report for 1995, p. 51. Back
26
For example, in claiming disclosure of a report would damage commercial
confidentiality, departments sometimes fail even to indicate whether
the damage would be caused by revealing manufacturing process
secrets, pricing information or the identities of customers. Back
27
Para 3.9. Back
28
Section 22(2) states: "In determining . . . whether a disclosure
of personal information constitutes an unreasonable invasion of
a third party's personal privacy, the head of a public body must
consider all the relevant circumstances, including whether (a)
the disclosure is desirable for the purpose of subjecting the
activities of the government of British Columbia or a public body
to public scrutiny, (b) the disclosure is likely to promote public
health and safety or to promote the protection of the environment,
(c) the personal information is relevant to a fair determination
of the applicant's rights, (d) the disclosure will assist in researching
or validating the claims, disputes or grievances of aboriginal
people, (e) the third party will be exposed unfairly to financial
or other harm, (f) the personal information has been supplied
in confidence, (g) the personal information is likely to be inaccurate
or unreliable, and (h) the disclosure may unfairly damage the
reputation of any person referred to in the record requested by
the applicant." A variety of additional factors are also
separately listed. These indicate that the disclosure of certain
types of personal information (such as medical information and
information relating to social security applications) are "presumed"
to involve an unreasonable invasion of privacy, whereas other
specified disclosures (e.g., concerning an individual's functions
as a public employee) are deemed not to be. Back
29
Exemption 7(b). Back
30
Para 3.19. Back
31
The Act applies to information relating to (1) security and intelligence
(2) defence (3) international relations (4) information supplied
in confidence by other governments or international organisations
(5) information whose disclosure is likely to result in an offence
being committed or impede law enforcement and (6) information
relating to, or obtained under, a warrant under the Interception
of Communications Act 1985 or the Security Service Act 1989. These
categories roughly correspond to the first two of the white paper's
protected interests. Back
32
OSA section 2(2)(a). Back
33
OSA sections 2(2)(b) and 3(2)(a). Back
34
OSA section 2(2)(a). Back
35
OSA section 2(2)(a). Back
36
OSA section 2(2)(b) and 3(2)(a). Back
37
The "endangering" test under section 3(2(a) has attracted
particular concern. It may apply to disclosures of information
supplied in confidence by another government or intergovernmental
organisation, and the endangering may result either because of
the damaging nature of what has been disclosed, or because a breach
of confidence is in itself regarded as damaging (regardless
of the actual information involved). One implication might be
that it could be an offence to leak EU documents containing nothing
more inherently sensitive than proposals for a directive which
the UK might soon be required to implement. Back
38
OSA section 3(2)(a) and 3(3)(a). Back
39
OSA section 1(4)(b). Back
40
OSA section 4(3). Back
41
OSA section 4(2)(a)(iii). Back
42
OSA section 4(2)(a)(i). Back
43
It is worth noting that the 1992 Labour front bench Right to
Know Bill which proposed to reform the 1989 Official Secrets
Act would have replaced this provision with one which penalised
only disclosure likely to result in indictable offences. Back
44
Para 3.7. Back
45
Departmental Committee on Section 2 of the Official Secrets Act
1911, Chairman Lord Franks, Vol 1, paras 117-118, Cmnd 5104, September
1972. Back
46
Right to Information Bill, Clause 60. The Bill was presented by
home affairs spokesman Robin Corbett MP, and its sponsors included
Neil Kinnock, Roy Hattersley, Barry Sheerman, Alistair Darling,
Stuart Randall, Joan Lestor, Eric Illsley and Andrew Bennett. Back
47
Para 3.11§3. Back
48
Environmental Protection Act 1990, section 22(11). Back
49
Environmental Protection Act 1990, section 22(7). Back
50
National Parks and Conservation Association v Morton (1)
498 F 2d at 770 (DC Cir 1974). Back
51
For example, in response to a series of identical parliamentary
questions in 1994-95 seeking information about the value of individual
consultancy contracts, or the names of consultancies paid more
than £1,000 a day, some departments refused answers on grounds
of commercial confidentiality, while others readily disclosed
the requested information in full. (Government departments
"misguided" on commercial confidentiality, Campaign
for Freedom of Information, press release, 27 October 1997). Back
|