EIR 12(3): Difference between revisions
Alex skene (talk | contribs) |
Alex skene (talk | contribs) No edit summary |
||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
'''EIR 12(3) - personal data''' | '''EIR 12(3) - personal data''' | ||
== Introduction == | |||
{{Quote box | {{Quote box | ||
Line 53: | Line 55: | ||
* http://www.defra.gov.uk/corporate/policy/opengov/eir/guidance/full-guidance/pdf/guidance-7.pdf | * http://www.defra.gov.uk/corporate/policy/opengov/eir/guidance/full-guidance/pdf/guidance-7.pdf | ||
* http://www.ico.gov.uk/upload/documents/library/freedom_of_information/detailed_specialist_guides/awareness_guidance%20_1_%20personal_information_v2.pdf | * http://www.ico.gov.uk/upload/documents/library/freedom_of_information/detailed_specialist_guides/awareness_guidance%20_1_%20personal_information_v2.pdf | ||
== ICO Lines To Take == | |||
*'''Regulation 12(3)''':{{LTTInfoBox|exemption=EIR 12(3)}} | |||
*'''Regulation 13''':{{LTTInfoBox|exemption=EIR 13}} | |||
== ICO Decision Notices == | == ICO Decision Notices == |
Latest revision as of 17:01, 20 September 2010
EIR 12(3) - personal data
Introduction
Can personal data be obtained under the EIRs?
Access to personal data is governed by different rules depending on whether an individual is seeking access to information about him/herself or another person (a third party). If an individual is seeking information about him/herself, the request falls within the scope of the Data Protection Act and should not be dealt with under the EIRs. Under such circumstances the request is treated as a subject access request under section 7 of the Data Protection Act. Where an individual is seeking environmental information which contains details about a third party, such information may be disclosable under the EIRs. Are there provisions in the EIRs which may prevent third party personal data being disclosed? Regulation 13 does exempt personal information which is not about the applicant if regulations 13(2) (a) or (b) or 13(3) of the EIRs apply. Therefore, disclosure of personal data to a 3rd party must not occur if:
What types of personal data may be disclosable under the EIRs? There is no hard and fast rule on what can be disclosed as each case should be considered on its own merits. However, information about some public servants in their capacity as public servants (e.g., responsibilities, grade, certain work contact details etc) could be disclosable, especially for those in public-facing roles. Information supplied to a public authority in some circumstances (e.g. in response to a consultation exercise, or expressing views as a matter of public debate), including from members of the public, which might include personal data, may also be disclosable. However, if the member of the public has stated that he/she does not wish his/her response to be made publicly available this would be taken into consideration. What types of personal data may not be disclosable under the EIRs? It is unlikely that sensitive personal data (e.g. information such as that pertaining to health, ethnic status, sexual behaviour) would be disclosable to a third party. Personal data, such as a home address, telephone number, marital status or information about an individual’s personal life is also unlikely to be disclosable. Would the presence of personal data prevent disclosure of the remaining information falling within the scope of a request? It might be possible to disclose the remaining information where it is possible to separate the personal data from the other information requested, or to provide a summary that excludes any exempt personal data (and where no other exemptions apply that might exempt the remaining information from disclosure). (c) Crown Copyright | |
(Source: Defra guidance). |
What the law says
Regulation 12.
- (3) To the extent that the information requested includes personal data of which the applicant is not the data subject, the personal data shall not be disclosed otherwise than in accordance with regulation 13.
Regulation 13.
- (1) To the extent that the information requested includes personal data of which the applicant is not the data subject and as respects which either the first or second condition below is satisfied, a public authority shall not disclose the personal data.
- (2) The first condition is -
- (a) in a case where the information falls within any of paragraphs (a) to (d) of the definition of "data" in section 1(1) of the Data Protection Act 1998, that the disclosure of the information to a member of the public otherwise than under these Regulations would contravene -
- (i) any of the data protection principles; or
- (ii) section 10 of that Act (right to prevent processing likely to cause damage or distress) and in all the circumstances of the case, the public interest in not disclosing the information outweighs the public interest in disclosing it; and
- (b) in any other case, that the disclosure of the information to a member of the public otherwise than under these Regulations would contravene any of the data protection principles if the exemptions in section 33A(1) of the Data Protection Act 1998 (which relate to manual data held by public authorities) were disregarded.
- (a) in a case where the information falls within any of paragraphs (a) to (d) of the definition of "data" in section 1(1) of the Data Protection Act 1998, that the disclosure of the information to a member of the public otherwise than under these Regulations would contravene -
- (3) The second condition is that by virtue of any provision of Part IV of the Data Protection Act 1998 the information is exempt from section 7(1) of that Act and, in all the circumstances of the case, the public interest in not disclosing the information outweighs the public interest in disclosing it.
- (4) In determining whether anything done before 24th October 2007 would contravene any of the data protection principles, the exemptions in Part III of Schedule 8 to the Data Protection Act 1998 shall be disregarded.
- (5) For the purposes of this regulation a public authority may respond to a request by neither confirming nor denying whether such information exists and is held by the public authority, whether or not it holds such information, to the extent that -
- (a) the giving to a member of the public of the confirmation or denial would contravene any of the data protection principles or section 10 of the Data Protection Act 1998 or would do so if the exemptions in section 33A(1) of that Act were disregarded; or
- (b) by virtue of any provision of Part IV of the Data Protection Act 1998, the information is exempt from section 7(1)(a) of that Act.
Official guidance
- http://www.defra.gov.uk/corporate/policy/opengov/eir/guidance/full-guidance/pdf/guidance-7.pdf
- http://www.ico.gov.uk/upload/documents/library/freedom_of_information/detailed_specialist_guides/awareness_guidance%20_1_%20personal_information_v2.pdf
ICO Lines To Take
- Regulation 12(3):
Relevant Lines to Take |
None |
- Regulation 13:
Relevant Lines to Take |
|
ICO Decision Notices
Complaints upheld / partly upheld (P) | Complaints not upheld |
|
|
Includes DNs up to: 26 April 2010
Exceptions |
12(3) 12(4)(a) 12(4)(b) 12(4)(c) 12(4)(d) 12(4)(e) 12(5)(a) 12(5)(b) 12(5)(c) 12(5)(d) 12(5)(e) 12(5)(f) 12(5)(g) |