House of Commons - Public Administration

Select Committee on Public Administration Third Report

ENFORCEMENT

Information Commissioner and the Information Tribunal

129. The Bill establishes an Information Commissioner to enforce the obligations placed on authorities under the Bill. The job will be combined with that of the Data Protection Commissioner under the Data Protection Act 1998, thus combining responsibility for access to personal information and access to other information. The term of office of the current Data Protection Registrar expires at the end of August this year, and the Government expects to reappoint her for a further five year term thereafter.[240] As with the Commissioner, the Bill borrows its tribunal from the Data Protection Act 1998. The provisions relating to the Tribunal are identical with those in that Act. By combining the functions of the Commissioner and Tribunal under the Bill with those of the Data Protection Commissioner under the 1998 Act, the Bill brings together the systems for Freedom of Information and Data Protection.

The Commissioner's powers

130. The powers of the Information Commissioner and Information Tribunal are closely related to those given to the Data Protection Commissioner under the Data Protection Act 1998. We have already referred from time to time in this Report to her powers, especially in relation to discretionary disclosures under clause 14 of the Bill (see above, paragraphs 30-37). Here we comment more generally on the Commissioner's powers.

131. There will be two ways in which the Commissioner enforces the Bill's provisions. First, through practice recommendations issued under clause 41, she may indicate to an authority that it is failing to follow one of the Codes of Practice issued by the Secretary of State or the Lord Chancellor, or to conform with its own Publication Scheme, made under clause 7 of the Bill. A practice recommendation must be given in writing. It has no direct coercive force. If an authority fails to act in response to a practice recommendation the Commissioner cannot force it to do so except in rare cases by means of judicial review. As the Home Office have suggested, however, she could draw attention to an authority's lack of adherence to the Code in a report to Parliament (see below, paragraph 140).[241]

132. Second, the Information Commissioner has a more effective means of resolving complaints that an authority has failed to deal properly with a Freedom of Information request by improperly withholding information, by not communicating its decision to the applicant in the proper way, by not considering the public interest, or by failing to explain the refusal properly. In such a case she may issue a decision notice. Such notices can order the authority to disclose information, or to take any other steps that she thinks appropriate. If the authority fails to comply the Commissioner could report to the court, which could "deal with the authority as if it had committed a contempt of court". We have already considered in some detail the extent of the Commissioner's powers to oversee the way authorities consider the public interest under clause 14 (see above, paragraphs 30-37).

133. The Commissioner is given powers to obtain information from any authority whose conduct she is investigating, by means of an information notice under clause 44 of the Bill. If she has reasonable grounds for suspecting that an authority has failed to comply with the requirements of Part 1 of the Act, or with a decision notice or an information notice, she is also given powers under clause 47 and schedule 3 to apply to a judge for a warrant to enter and search premises, to inspect and seize documents, and to inspect, examine and test equipment. These powers are essentially the same as those given to the Data Protection Registrar under the Data Protection Act 1998.

Self-incrimination (clause 44(7))

134. Clause 44(7) releases a public authority from the duty to furnish the Commissioner with information "if the furnishing of that information would, by revealing evidence of the commission of any offence other than an offence under this Act, expose the authority to proceedings for that offence". The same provision exists in the Data Protection Act, referring to individuals (s.43 (8)). The Home Office explains it thus: "The privilege against self-incrimination in the 1998 Act was designed to have due regard to the rights of private data controllers under the European Convention on Human Rights not to be required to produce incriminating information under penalty, but made no distinction in this respect between public and private data controllers".[242] The provision does not apply in any case to a public authority which is part of the Crown: "since the Crown cannot be made subject to criminal prosecution, the issue of self incrimination does not arise".[243] The provision should not, the Home Office stressed, work to prevent the disclosure of information to the public, if the information was not exempt. It deals simply with cases where the Information Commissioner "seeks to exercise her powers to force information out of an authority over and above what it would be required to disclose under clause 8".[244]

135. Lord Lester said that the provision was not required by the Convention: "It is in conflict with the public interest in enabling the media and NGOs in acting as public watchdogs in exposing the misuse of power by public authorities. In my view, the fundamental right to a fair trial can be effectively protected without an exemption of this breadth". As an alternative, he pointed to section 52 of the Race Relations Act 1976, in which the Commission for Racial Equality is given strong powers to obtain information by compulsion, but is prevented from disclosing information it has collected in the course of an investigation except "on the order of any court", or with the individual's consent, or in the form of a summary "which does not identify the informant", or "in a report of the investigation", or "for the purpose of any civil proceedings. . .to which the Commission are a party, or any criminal proceedings". Lord Lester suggested that this alternative showed how it was possible to design a provision which would not enable the authority to withhold evidence from the Commissioner to avoid criminal misconduct coming to light.[245] He went on to explain: "Article 6 of the European Human Rights Convention, which is the one that guarantees a fair trial says, in subsection (2) that everybody is entitled to the presumption of innocence, and as part of the presumption of innocence in a criminal trial one is protected against self-incrimination. That is a vital principle of English law as well as European law... So the Home Office are perfectly right in pointing to the need to protect the individual's right to the presumption of innocence and the privilege against self-incrimination. However, that does not mean that an entire organisation must be protected against self-incrimination; it means that when a particular named individual is prosecuted for criminal misconduct evidence must not be used against him which has been obtained by compulsion from him orally".[246] Similar provisions do exist in overseas Acts to avoid evidence obtained by the Commissioner being used to prosecute an individual for an unrelated offence.[247] One of the difficulties with which the draft Bill has had to contend has been its wide application: some of those to whom it applies are in fact individuals. Lord Williams of Mostyn has accepted that there might be a case for making a distinction between the right as applied to individuals (an example given was a doctor, who would be a public authority for the purposes of Schedule 1) and as applied to bodies or corporations.[248] We believe that an authority should not be able to withhold information from the Commissioner on the grounds that it might provide evidence of the commission of an offence by the authority. If it is necessary to protect an individual's right to be presumed innocent, this must apply only to individuals. We recommend that the Bill be amended accordingly.

The Information Tribunal

136. Under the White Paper proposals, there was no right of appeal beyond the Information Commissioner to the courts (although a disclosure order would have been subject to judicial review). It said that "overseas experience shows that where appeals are allowed to the courts, a public authority which is reluctant to disclose information will often seek leave to appeal simply to delay the implementation of a decision. The cost of making an appeal to the courts would also favour the public authority over the individual applicant".[249] In the draft Bill, both the requester and the public authority are entitled to appeal to the Information Tribunal against a decision notice. The authority may appeal against a notice requiring it to pass information to the Commissioner—an "Information Notice"—or against an Enforcement Notice. There is appeal from the Tribunal to the High Court (or Court of Session) on a point of law. The Tribunal can also hear appeals either from the Commissioner or an applicant against a certificate by a Minister indicating that information is exempt under clauses 18 or 19 (in other words either because it was supplied by one of the security services or else because exemption is required for the purpose of safeguarding national security). The Tribunal may quash the certificate.[250]

137. We asked the Data Protection Registrar whether she could predict, from her experience of the Data Protection Tribunal, the number of appeals that would be made to the Information Tribunal, and how long they might take to determine. As she told us, few data protection cases go as far as the Data Protection Tribunals, and in any case it would not be normal to settle a case before it got to a hearing. Since the Data Protection Act came into force in 1987 only 36 formal enforcement notices had been issued of which 15 went to appeal. Although the Tribunal would not take long to decide a case, it may be a long time before it went right through the system.[251] Undoubtedly there is some risk that recourse to the Tribunal may be used to delay disclosure of information. Also, because no legal aid is available, it may be difficult for many people to make a case before a Tribunal. However, adding a Tribunal stage to the enforcement system does provide a necessary element of procedural fairness to the system. We would expect systems of informal resolution to prevent all but the most intractable cases proceeding as far as the Tribunal, and we would expect no case to take longer than 9 months to settle. Lord Lester welcomed the addition of a Tribunal to the Bill,[252] and so do we. The Tribunal represents a relatively simple and quick form of appeal, based on precedent.

The Commissioner and other complaints authorities

138. The Parliamentary Ombudsman has on a number of occasions brought to our attention the difficulties that already exist for those who wish to complain about public sector services. The proliferation of public sector Ombudsmen and other complaints adjudicators means that its often unclear to whom the complainant should address his or her complaint. The often complex rules governing the jurisdiction of these authorities make the problem worse. Adding another authority—the Information Commissioner—to this might further confuse the situation. Combining the functions of Information Commissioner and Data Protection Registrar at least limits an unnecessary growth in the number of authorities involved in complaints to do with information. But there need to be (as the White Paper said) clear lines communication between the Commissioner and the others who handle complaints.[253] As the Ombudsman told us, many complaints which come to him about maladministration also involve, in one way or another, a failure to pass on information to the complainant which he or she thinks himself or herself entitled to. The Ombudsman makes a strong case for the need to be able to continue to pursue a case fully: "What I want to be able to continue to do is to investigate what, after all, is the main thrust of the complaint, which is maladministration, but to bring in any information aspect. It may well be, for example, that what I shall need to do will be to consult the Information Commissioner or her Office about my interpretation of the new legislation, so that I can say that this was or was not in accordance with the legislation".[254] The point would apply equally to the operation of other Ombudsmen, in particular, the Local Government Ombudsman. We agree that it is important to get this right: as the Ombudsman says, it "would put an unreasonable burden on complainants to expect them to separate out elements of what will be to them a single complaint, and then to apply to different bodies to have them dealt with".[255] We note that a current review of public sector Ombudsmen by the Cabinet Office is looking in general at some of these issues. Meanwhile, we recommend that if there is any deficiency in the Parliamentary and Health Service Commissioners Acts which will prevent the Ombudsmen from dealing with complaints even where these involve some element of a Freedom of Information request, this should be remedied.

The Commissioner and Parliament (clause 42)

139. It was suggested to us that there should be some form of Parliamentary process for the appointment of the Information Commissioner[256] and we agree. The post of Information Commissioner, and the ability of its holder to confront obstruction in public authorities, will be vital to the success of the Act, and will profoundly influence how great a difference to the culture of government the Act will make. Parliament has a large interest in the Act's success, both because of its own interest in strengthening the general accountability of government services. Some Committees have already made progress in asserting their right to take evidence from appointees to senior public service positions. The Treasury Committee has already instituted a regime of hearings with people who are appointed to the posts of Governor or Deputy Governor of the Bank of England, or to the Bank's Monetary Policy Committee.[257] We repeat our earlier recommendation that this Committee should have the right to interview the prospective appointee about the post before he or she takes up the appointment, and to make recommendations to the House.

140. The Commissioner is required, under the Bill, to lay annually before each House a general report on the exercise of her functions under the Act. The Commissioner is also enabled to lay other reports from time to time. The power to lay reports before Parliament gives the Commissioner a means of encouraging authorities to follow her practice recommendations. Our experience with a similar system operated by the Ombudsman suggests that there would be value in a specific Parliamentary link whereby such reports could be discussed, and especially a Select Committee which could take evidence where required from recalcitrant authorities, as well as keeping the Freedom of Information regime under continuous review. We made the case in our previous report for such a Parliamentary link, and we restate it here.[258] The point was made by Mrs France herself that it would be helpful to have a Committee which could give attention to "information issues". As she pointed out, her remit, as Data Protection Registrar, goes beyond the public sector, and she was uncertain whether the role could easily be taken on by this Committee.[259] We do not share her doubt. It would indeed be unusual for a private sector organisation to answer to a Committee of the House for its failure to fulfil an obligation imposed by law. Yet that, it seems to us, should not stand in the way of such an arrangement. If it is felt that that would be improper, the Committee's oversight of her role could be limited to her functions under the Freedom of Information Act (as opposed to the Data Protection Act). We recommend that this Committee become the Parliamentary focus for the work of the Information Commissioner.

Reviews

141. It is not only the Commissioner who should be obliged to report annually on her functions under the Bill. The Government at present publishes an annual report on the operation of the Code of Practice. The governments of some of the other countries with Freedom of Information laws publish reports on the operation of their Acts. The obligation to publish a report is important. Such a report should contain information about how Departments deal with requests and on their volume and variety. It also helps to maintain the pressure for openness from the units and Ministers who are responsible for Freedom of Information. We recommend that the Home Secretary be obliged in the Bill to publish an annual report on the operation of the Act. Some overseas Freedom of Information Acts have explicitly required the government, or another body to review the operation of the Act after a specified period.[260] There have been influential and important reviews of the Australian Act and the New Zealand Act by the respective Law Commissions of these countries. It may be thought inappropriate to place such a requirement in the Bill itself. We believe, however, that it is important for there to be post-legislative, as well as pre-legislative, scrutiny; and although we would not wish to discourage any other form of consideration of the effectiveness and operation of the Bill by others, we will certainly wish to review these matters ourselves on a continuing basis.

240 Annex 6, Note 16. Back

241 Annex 6, Note 82. Back

242 Annex 6, Note 87. Back

243 ibid. Back

244 Q.795. Back

245 Q.205. Back

246 Q.233. Back

247 e.g. s.36(3) of the Canadian Access to Information Act. Back

248 HL (1997-98) 97, Q.38. Back

249 Cm. 3818, para. 5.16. Back

250 See Annex 6, Note 97. Back

252 Ev. p.109. Back