EIR 12(3): Difference between revisions

From FOIwiki
Jump to navigationJump to search
No edit summary
 
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
'''EIR 12(3) - personal data'''
'''EIR 12(3) - personal data'''


summary tbc
== Introduction ==
 
{{Quote box
|quote = '''Can personal data be obtained under the EIRs?'''
 
Access to personal data is governed by different rules depending on whether an individual is seeking access to information about him/herself or another person (a third party). If an individual is seeking information about him/herself, the request falls within the scope of the Data Protection Act and should not be dealt with under the EIRs. Under such circumstances the request is treated as a subject access request under section 7 of the Data Protection Act. Where an individual is seeking environmental information which contains details about a third party, such information may be disclosable under the EIRs.
Are there provisions in the EIRs which may prevent third party personal data being disclosed?
 
Regulation 13 does exempt personal information which is not about the applicant if regulations 13(2) (a) or (b) or 13(3) of the EIRs apply. Therefore, disclosure of personal data to a 3rd party must not occur if:
:* it would breach any of the data protection principles
:* it would cause substantial, unwarranted damage and distress and thus breach the data subject’s rights under section 10 of the DPA
:* the information is exempt from disclosure to the data subject due to an exemption being applicable under part IV of the Data Protection Act.
 
'''What types of personal data may be disclosable under the EIRs?'''
 
There is no hard and fast rule on what can be disclosed as each case should be considered on its own merits. However, information about some public servants in their capacity as public servants (e.g., responsibilities, grade, certain work contact details etc) could be disclosable, especially for those in public-facing roles. Information supplied to a public authority in some circumstances (e.g. in response to a consultation exercise, or expressing views as a matter of public debate), including from members of the public, which might include personal data, may also be disclosable.  However, if the member of the public has stated that he/she does not wish his/her response to be made publicly available this would be taken into consideration.
 
'''What types of personal data may not be disclosable under the EIRs?'''
 
It is unlikely that sensitive personal data (e.g. information such as that pertaining to health, ethnic status, sexual behaviour) would be disclosable to a third party. Personal data, such as a home address, telephone number, marital status or information about an individual’s personal life is also unlikely to be disclosable.
 
'''Would the presence of personal data prevent disclosure of the remaining information falling within the scope of a request?'''
 
It might be possible to disclose the remaining information where it is possible to separate the personal data from the other information requested, or to provide a summary that excludes any exempt personal data (and where no other exemptions apply that might exempt the remaining information from disclosure).
 
(c) [[FOIwiki:Copyrights|Crown Copyright]]
 
| width  = 80%
| align  = center
| halign  = left | source = [http://www.defra.gov.uk/corporate/policy/opengov/eir/guidance/personal-data.htm (Source: Defra guidance)].
}}


== What the law says ==
== What the law says ==
Line 24: Line 54:


* http://www.defra.gov.uk/corporate/policy/opengov/eir/guidance/full-guidance/pdf/guidance-7.pdf
* http://www.defra.gov.uk/corporate/policy/opengov/eir/guidance/full-guidance/pdf/guidance-7.pdf
* http://www.ico.gov.uk/upload/documents/library/freedom_of_information/detailed_specialist_guides/awareness_guidance%20_1_%20personal_information_v2.pdf
== ICO Lines To Take ==
*'''Regulation 12(3)''':{{LTTInfoBox|exemption=EIR 12(3)}}
*'''Regulation 13''':{{LTTInfoBox|exemption=EIR 13}}


== ICO Decision Notices ==  
== ICO Decision Notices ==  


{{DNExemptionInfoBox|exemption=EIR 12(3)}}
{{DNExemptionInfoBox|exemption=EIR 12(3)}}




{{EIR2004}}
{{EIR2004}}

Latest revision as of 17:01, 20 September 2010

EIR 12(3) - personal data

Introduction

Can personal data be obtained under the EIRs?

Access to personal data is governed by different rules depending on whether an individual is seeking access to information about him/herself or another person (a third party). If an individual is seeking information about him/herself, the request falls within the scope of the Data Protection Act and should not be dealt with under the EIRs. Under such circumstances the request is treated as a subject access request under section 7 of the Data Protection Act. Where an individual is seeking environmental information which contains details about a third party, such information may be disclosable under the EIRs. Are there provisions in the EIRs which may prevent third party personal data being disclosed?

Regulation 13 does exempt personal information which is not about the applicant if regulations 13(2) (a) or (b) or 13(3) of the EIRs apply. Therefore, disclosure of personal data to a 3rd party must not occur if:

  • it would breach any of the data protection principles
  • it would cause substantial, unwarranted damage and distress and thus breach the data subject’s rights under section 10 of the DPA
  • the information is exempt from disclosure to the data subject due to an exemption being applicable under part IV of the Data Protection Act.

What types of personal data may be disclosable under the EIRs?

There is no hard and fast rule on what can be disclosed as each case should be considered on its own merits. However, information about some public servants in their capacity as public servants (e.g., responsibilities, grade, certain work contact details etc) could be disclosable, especially for those in public-facing roles. Information supplied to a public authority in some circumstances (e.g. in response to a consultation exercise, or expressing views as a matter of public debate), including from members of the public, which might include personal data, may also be disclosable. However, if the member of the public has stated that he/she does not wish his/her response to be made publicly available this would be taken into consideration.

What types of personal data may not be disclosable under the EIRs?

It is unlikely that sensitive personal data (e.g. information such as that pertaining to health, ethnic status, sexual behaviour) would be disclosable to a third party. Personal data, such as a home address, telephone number, marital status or information about an individual’s personal life is also unlikely to be disclosable.

Would the presence of personal data prevent disclosure of the remaining information falling within the scope of a request?

It might be possible to disclose the remaining information where it is possible to separate the personal data from the other information requested, or to provide a summary that excludes any exempt personal data (and where no other exemptions apply that might exempt the remaining information from disclosure).

(c) Crown Copyright

(Source: Defra guidance).

What the law says

Regulation 12.

(3) To the extent that the information requested includes personal data of which the applicant is not the data subject, the personal data shall not be disclosed otherwise than in accordance with regulation 13.

Regulation 13.

(1) To the extent that the information requested includes personal data of which the applicant is not the data subject and as respects which either the first or second condition below is satisfied, a public authority shall not disclose the personal data.
(2) The first condition is -
(a) in a case where the information falls within any of paragraphs (a) to (d) of the definition of "data" in section 1(1) of the Data Protection Act 1998, that the disclosure of the information to a member of the public otherwise than under these Regulations would contravene -
(i) any of the data protection principles; or
(ii) section 10 of that Act (right to prevent processing likely to cause damage or distress) and in all the circumstances of the case, the public interest in not disclosing the information outweighs the public interest in disclosing it; and
(b) in any other case, that the disclosure of the information to a member of the public otherwise than under these Regulations would contravene any of the data protection principles if the exemptions in section 33A(1) of the Data Protection Act 1998 (which relate to manual data held by public authorities) were disregarded.
(3) The second condition is that by virtue of any provision of Part IV of the Data Protection Act 1998 the information is exempt from section 7(1) of that Act and, in all the circumstances of the case, the public interest in not disclosing the information outweighs the public interest in disclosing it.
(4) In determining whether anything done before 24th October 2007 would contravene any of the data protection principles, the exemptions in Part III of Schedule 8 to the Data Protection Act 1998 shall be disregarded.
(5) For the purposes of this regulation a public authority may respond to a request by neither confirming nor denying whether such information exists and is held by the public authority, whether or not it holds such information, to the extent that -
(a) the giving to a member of the public of the confirmation or denial would contravene any of the data protection principles or section 10 of the Data Protection Act 1998 or would do so if the exemptions in section 33A(1) of that Act were disregarded; or
(b) by virtue of any provision of Part IV of the Data Protection Act 1998, the information is exempt from section 7(1)(a) of that Act.

Official guidance

ICO Lines To Take

  • Regulation 12(3):
Relevant Lines to Take

None

  • Regulation 13:
Relevant Lines to Take
  • LTT185 - Condition 5 Schedule 3 Data Protection Act 1998 (condition for processing sensitive personal data) - 19/11/2010
  • LTT152 - Naming officials representing public authorities and third party organisations, such as lobbyists - 14/09/2010
  • LTT167 - Consent - 17/02/2010
  • LTT168 - DPA "special purposes" & disclosures under FOI / EIR - 17/02/2010
  • LTT59 - Fair Processing Notices - 21/01/2010
  • LTT57 - Schedule 2 Condition 6 of the DPA - 19/01/2010
  • LTT162 - Anonymising Post codes - 18/01/2010
  • LTT56 - Second data protection principle - 16/12/2008
  • LTT71 - Addresses of properties - 24/09/2007


ICO Decision Notices

Complaints upheld / partly upheld (P) Complaints not upheld
  • FER0256967 - Mid Suffolk District Council - 18/01/2010
  • FS50176219 - Surrey Heath Borough Council - 23/12/2009
  • FER0137609 - Veterinary Medicines Directorate - 10/12/2009
  • FS50198525 - Tandridge District Council - 03/12/2009
  • FER0184525(P) - Department of Energy & Climate Change - 03/11/2009
  • FS50195062 - Department for Transport - 05/10/2009
  • FER0178071 - Brighton and Hove City Council - 24/09/2009
  • FER0187769 - Brighton and Hove City Council - 24/09/2009
  • FS50207670 - West Sussex County Council - 20/08/2009
  • FER0184376 - University of Salford - 08/12/2008
  • FER0112249 - Department for Environment Food and Rural Affairs - 12/11/2008
  • FER0145824 - London Borough of Camden - 30/06/2008
  • FER0152885 - Environment Agency - 10/06/2008
  • FS50085782 - Welsh Assembly Government - 29/01/2008
  • FER0086785 - Tunbridge Wells Borough Council - 10/10/2007
  • FER0070849 - Mid Devon District Council - 19/07/2006
  • FER0220492 - London Borough of Sutton - 26/04/2010
  • FS50124332 - Department for Transport - 30/03/2010
  • FS50188307 - Mid Sussex District Council - 25/03/2010
  • FER0256967 - Mid Suffolk District Council - 18/01/2010
  • FER0192430 - London Borough of Camden - 21/12/2009
  • FS50080236 - Department of Health - 21/12/2009
  • FER0183947 - Department for Environment Food and Rural Affairs - 17/12/2009
  • FER0185236 - Department for Environment Food and Rural Affairs - 17/12/2009
  • FER0183946 - Cabinet Office - 17/12/2009
  • FER0185237 - Cabinet Office - 17/12/2009
  • FS50080240 - Department for Environment Food and Rural Affairs - 15/12/2009
  • FS50114757 - Cabinet Office - 15/12/2009
  • FER0221965 - Chiltern District Council - 14/12/2009
  • FER0186717 - Department for Communities and Local Government - 18/11/2009
  • FS50257908 - St Edmundsbury Borough Council - 26/10/2009
  • FER0181772 - Winchester City Council - 24/09/2009
  • FS50207672 - Norfolk County Council - 14/09/2009
  • FS50187166 - Blidworth Parish Council - 27/07/2009
  • FS50199873 - Cardiff Council - 30/04/2009
  • FS50122058 - Department for Culture, Media and Sport - 09/07/2008
  • FER0118853 - Sutton and East Surrey Water plc - 19/03/2008
  • FER0104939 - Lake District National Park Authority - 05/02/2008
  • FER0087774 - Department for Business, Enterprise and Regulatory Reform - 28/01/2008
  • FS50122983 - Department for Culture, Media and Sport - 19/11/2007
  • FER0082261 - Department of the Environment (NI) - 21/05/2007
  • FER0091004 - Nottingham City Council - 27/03/2007
  • FER0085943 - Salisbury District Council - 15/11/2006
  • FER0091149 - Environment Agency - 21/08/2006
  • FER0106205 - Worcestershire County Council - 21/08/2006

Includes DNs up to: 26 April 2010



Environmental Information Regulations 2004
Exceptions
12(3) 12(4)(a) 12(4)(b) 12(4)(c) 12(4)(d) 12(4)(e) 12(5)(a) 12(5)(b) 12(5)(c) 12(5)(d) 12(5)(e) 12(5)(f) 12(5)(g)