FOIA Section 40 Exemption

From FOIwiki
Jump to navigationJump to search

Section 40: Personal Information

Section 40 concerns personal data within the meaning of the Data Protection Act 1998. Section 40 applies to two distinct types of requests for information:

  1. if a request asks for the personal data of the applicant himself, the information is exempt; and
  2. if a request asks for the personal data of someone else then that information will be exempt if its disclosure would contravene any of the data protection principles in the Data Protection Act 1998 (or certain other provisions of the Data Protection Act 1998).

Key points:

  • If information is exempt under section 40 because it is the personal data of the applicant then its disclosure must be considered under the subject access provisions in the Data Protection Act 1998; the Act may require the disclosure of information which would otherwise have been exempt under the FOI Act.
  • For most government departments that receive requests for personal data of someone other than the applicant, the application of section 40 will in most circumstances turn on whether disclosure of the information to a member of the public would be 'unfair'.
  • Officials must be alive to the need to consult experts where the application of section 40 is difficult or unclear: getting a decision wrong may result in breach of the Data Protection Act 1998.
  • The majority of section 40 is not subject to a public interest balance.

What the law says

40 Personal information

(1) Any information to which a request for information relates is exempt information if it constitutes personal data of which the applicant is the data subject.
(2) Any information to which a request for information relates is also exempt information if—
(a) it constitutes personal data which do not fall within subsection (1), and
(b) either the first or the second condition below is satisfied.
(3) The first condition is—
(a) in a case where the information falls within any of paragraphs (a) to (d) of the definition of “data” in section 1(1) of the [1998 c. 29.] Data Protection Act 1998, that the disclosure of the information to a member of the public otherwise than under this Act would contravene—
(i) any of the data protection principles, or
(ii) section 10 of that Act (right to prevent processing likely to cause damage or distress), and
(b) in any other case, that the disclosure of the information to a member of the public otherwise than under this Act would contravene any of the data protection principles if the exemptions in section 33A(1) of the [1998 c. 29.] Data Protection Act 1998 (which relate to manual data held by public authorities) were disregarded.
(4) The second condition is that by virtue of any provision of Part IV of the [1998 c. 29.] Data Protection Act 1998 the information is exempt from section 7(1)(c) of that Act (data subject’s right of access to personal data).
(5) The duty to confirm or deny—
(a) does not arise in relation to information which is (or if it were held by the public authority would be) exempt information by virtue of subsection (1), and
(b) does not arise in relation to other information if or to the extent that either—
(i) the giving to a member of the public of the confirmation or denial that would have to be given to comply with section 1(1)(a) would (apart from this Act) contravene any of the data protection principles or section 10 of the [1998 c. 29.] Data Protection Act 1998 or would do so if the exemptions in section 33A(1) of that Act were disregarded, or
(ii) by virtue of any provision of Part IV of the [1998 c. 29.] Data Protection Act 1998 the information is exempt from section 7(1)(a) of that Act (data subject’s right to be informed whether personal data being processed).
(6) In determining for the purposes of this section whether anything done before 24th October 2007 would contravene any of the data protection principles, the exemptions in Part III of Schedule 8 to the [1998 c. 29.] Data Protection Act 1998 shall be disregarded.
(7) In this section—
  • “the data protection principles” means the principles set out in Part I of Schedule 1 to the [1998 c. 29.] Data Protection Act 1998, as read subject to Part II of that Schedule and section 27(1) of that Act;
  • “data subject” has the same meaning as in section 1(1) of that Act;
  • “personal data” has the same meaning as in section 1(1) of that Act.


ICO public guidance

The ICO has the following guidance available:

ICO Lines To Take

Relevant Lines to Take
  • LTT144 - Anonymised Personal Data - 11/11/2010
  • LTT152 - Naming officials representing public authorities and third party organisations, such as lobbyists - 14/09/2010
  • LTT176 - When does the public interest test apply to the exclusion from the duty to confirm or deny whether personal data is held - 30/04/2010
  • LTT165 - Section 40 Process Chart - 26/03/2010
  • LTT167 - Consent - 17/02/2010
  • LTT168 - DPA "special purposes" & disclosures under FOI / EIR - 17/02/2010
  • LTT166 - Lawfulness - 21/01/2010
  • LTT59 - Fair Processing Notices - 21/01/2010
  • LTT164 - Fairness - Casework Examples for LTT163 - 19/01/2010
  • LTT57 - Schedule 2 Condition 6 of the DPA - 19/01/2010
  • LTT163 - Fairness - 19/01/2010
  • LTT162 - Anonymising Post codes - 18/01/2010
  • LTT150 - "Meta-requests" (requests about requests) - 29/07/2009
  • LTT86 - Personal Data disclosed in open court - 01/05/2009
  • LTT124 - Multiple data subjects - 16/01/2009
  • LTT56 - Second data protection principle - 16/12/2008
  • LTT107 - No prejudice / adverse effect test for class based exemptions / exceptions - 20/06/2008
  • LTT71 - Addresses of properties - 24/09/2007
  • LTT28 - Legal aid costs - 12/11/2006

Decision Notices

Complaints upheld / partly upheld (P) Complaints not upheld
  • FS50229617 - Borough of Poole Council - 19/04/2010
  • FS50140361 - Cabinet Office - 31/03/2010
  • FS50136631(P) - British Nuclear Fuels Limited - 30/03/2010
  • FS50129139(P) - Department for Business, Innovation and Skills - 25/03/2010
  • FS50146907 - The Treasury Solicitor's Department (TSOL) - 23/03/2010
  • FS50143102 - HM Treasury - 22/03/2010
  • FS50197502 - Cabinet Office - 16/03/2010
  • FS50150313(P) - Medicines and Healthcare Products Regulatory Agency - 11/03/2010
  • FS50164940 - Department for Children, Schools and Families - 04/03/2010
  • FS50144707 - Department for Children, Schools and Families - 01/03/2010
  • FS50231561 - Commissioner of the Metropolitan Police Service - 15/02/2010
  • FS50204620 - Sport England - 15/02/2010
  • FS50227348 - Ministry of Justice - 08/02/2010
  • FS50219757 - Essex Constabulary - 01/02/2010
  • FS50197952 - Cabinet Office - 28/01/2010
  • FS50223685 - Home Office - 19/01/2010
  • FS50161581 - Greater Manchester Police - 17/12/2009
  • FS50259598(P) - Bolton Council - 17/12/2009
  • FS50170394 - UK Borders Agency - 26/11/2009
  • FS50182444 - Independent Police Complaints Commission - 26/11/2009
  • FS50145474(P) - Ministry of Justice - 26/11/2009
  • FS50167506(P) - Office for Standards in Education - 25/11/2009
  • FS50207235 - House of Commons - 24/11/2009
  • FS50186040(P) - Metropolitan Police Service - 23/11/2009
  • FS50129430 - Financial Services Authority - 18/11/2009
  • FS50234376 - Charity Commission - 10/11/2009
  • FS50248664(P) - NHS Information Centre - 09/11/2009
  • FS50178553 - Wakefield Metropolitan District Council - 14/10/2009
  • FS50189978 - Bramshott and Liphook Parish Council - 07/10/2009
  • FS50183238 - Surrey Police - 25/08/2009
  • FS50191587 - Devon and Cornwall Constabulary - 25/08/2009
  • FS50108668(P) - Learning and Skills Council - 11/08/2009
  • FS50222631 - Ealing London Borough Council - 03/08/2009
  • FS50222633 - Coventry City Council - 03/08/2009
  • FS50236990 - Holy Trinity Church of England Primary Scool - 03/08/2009
  • FS50113479(P) - Wakefield Metropolitan District Council - 27/07/2009
  • FS50173361 - University of Oxford - 21/07/2009
  • FS50091230(P) - Department of Health - 25/06/2009
  • FS50125350 - National Police Improvement Agency - 16/06/2009
  • FS50199197 - House of Commons - 10/06/2009
  • FS50193437 - Financial Services Authority - 19/05/2009
  • FS50203810(P) - Magherafelt District Council - 19/05/2009
  • FS50222632 - Salford City Council - 18/05/2009
  • FS50165274 - Buckinghamshire County Council - 18/05/2009
  • FS50160381(P) - Buckinghamshire County Council - 18/05/2009
  • FS50154349 - Metropolitan Police Service - 20/04/2009
  • FS50121803(P) - Ministry of Justice - 14/04/2009
  • FS50139215(P) - Commissioner of the Metropolitan Police Service - 31/03/2009
  • FS50182413 - Department for Culture, Media and Sport - 23/03/2009
  • FS50088727(P) - Office for Standards in Education - 19/02/2009... further results
  • FS50275054 - Hampshire Probation Board - 26/04/2010
  • FS50249189 - Derbyshire County Council - 19/04/2010
  • FS50274047 - Insolvency Service - 19/04/2010
  • FS50218809 - Electoral Commission - 31/03/2010
  • FS50186242 - Thames Valley Police - 31/03/2010
  • FS50255373 - Attorney General’s Office - 29/03/2010
  • FS50279800 - Ministry of Justice - 29/03/2010
  • FS50211876 - Portsmouth City Council - 25/03/2010
  • FS50189595 - Department for Employment and Learning - 25/03/2010
  • FS50278279 - General Medical Council - 25/03/2010
  • FS50205418 - Electoral Commission - 24/03/2010
  • FS50216431 - Portsmouth City Council - 24/03/2010
  • FS50281100 - Chief Constable of Kent Police - 15/03/2010
  • FS50248774 - General Medical Council - 25/02/2010
  • FS50242131 - North Yorkshire Fire & Rescue Service - 18/02/2010
  • FS50262410 - Hartlepool Borough Council - 17/02/2010
  • FS50248766 - General Medical Council - 15/02/2010
  • FS50245527 - University of Plymouth - 15/02/2010
  • FS50198232 - National Audit Office - 11/02/2010
  • FS50280638 - Ministry of Justice - 08/02/2010
  • FS50211438 - Lincolnshire County Council - 03/02/2010
  • FS50268377 - Department for Environment Food and Rural Affairs - 01/02/2010
  • FS50123289 - Ministry of Defence - 28/01/2010
  • FS50213781 - Leicestershire County Council - 22/12/2009
  • FS50213780 - Coventry City Council - 21/12/2009
  • FS50227557 - Nottinghamshire County Teaching Primary Care Trust - 17/12/2009
  • FS50259954 - Olympic Delivery Authority - 16/12/2009
  • FS50202116 - HM Treasury - 14/12/2009
  • FS50269400 - CityWest Homes - 14/12/2009
  • FS50206018 - North Wales Police - 14/12/2009
  • FS50257450 - Lincolnshire County Council - 14/12/2009
  • FS50259158 - Royal Orthopaedic Hospital NHS Foundation Trust - 03/12/2009
  • FS50249263 - London Fire and Emergency Planning Authority - 03/12/2009
  • FS50246397 - UK Sports Council - 03/12/2009
  • FS50194701 - House of Lords Appointments Commission - 24/11/2009
  • FS50208340 - Health and Safety Executive - 23/11/2009
  • FS50150198 - Lancaster City Council - 17/11/2009
  • FS50202562 - Liverpool Womens NHS Foundation Trust - 17/11/2009
  • FS50089555 - Ministry of Defence - 17/11/2009
  • FS50169417 - Hart District Council - 17/11/2009
  • FS50184494 - Foreign and Commonwealth Office - 16/11/2009
  • FS50139983 - Office for Standards in Education - 10/11/2009
  • FS50196759 - Department of Health - 10/11/2009
  • FS50186249 - Department for Environment Food and Rural Affairs - 10/11/2009
  • FS50230718 - Bedfordshire Police - 27/10/2009
  • FS50148118 - Bedfordshire Police - 27/10/2009
  • FS50237840 - Chief Constable of West Mercia Police - 27/10/2009
  • FS50255918 - South Kesteven District Council - 26/10/2009
  • FS50131984 - Export Credits Guarantee Department - 20/10/2009
  • FS50127453 - The Treasury Solicitor's Department (TSOL) - 19/10/2009... further results

Includes DNs up to: 26 April 2010


Information Tribunal Decision

Information tribunal decision EA/2009/0083 related to a FOI request to Cambridgeshire Police in which the requestor sought a copy of a report which contained her, and others' personal information. One key finding was that the whole report ought not be considered personal information; but elements within it which were not personal information ought be released.

http://www.informationtribunal.gov.uk/DBFiles/Decision/i398/Bryce%20v%20IC%20&%20Cambs%20Constabulary%20%28EA-2009-0083%29%20Decision%2008-06-10%20%28w%29.pdf


Freedom of Information Act 2000
Exemptions
12 21 22 22A 23 24 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44


Equivalent exemptions in other jurisdictions