The Scottish Information Commissioner - It's Public Knowledge
Share this Page
Tweet this page:
Text Size Icon

- Text Size Up | Down

Decision 140/2016: Mr Pat Toms and Glasgow City Council

Name of Council employee

Reference No: 201600614
Decision Date: 28 June 2016

Summary

On 4 February 2016, Mr Toms asked Glasgow City Council (the Council) for the name and department of the Council employee who had provided information that was used in the Council's response to a previous information request from Mr Toms.

The Council did not provide this information. Following a review, the Council disclosed the name of the department in which the employee worked, but withheld the name of the employee. Mr Toms remained dissatisfied and applied to the Commissioner for a decision.

The Commissioner investigated and found that the Council had properly responded to Mr Toms' request for information in accordance with Part 1 of FOISA. The Council was entitled to withhold the name of the employee under section 38(1)(b) of FOISA (personal data).

Relevant statutory provisions

Freedom of Information (Scotland) Act 2002 (FOISA) sections 1(1) and (6) (General entitlement); 2(1)(a) and (2)(e)(ii) (Effect of exemptions); 38(1)(b), (2)(a)(i), (2)(b) and (5) (definition of "the data protection principles", "data subject" and "personal data") (Personal information)

Data Protection Act 1998 (the DPA) sections 1(1) (Basic interpretative provisions) (definition of "personal data"); Schedule 1 (The data protection principles, Part 1 - the principles) (the first data protection principle); Schedule 2 (Conditions relevant for purposes of the first principle: processing of any personal data) (conditions 1 and 6)

The full text of each of the statutory provisions cited above is reproduced in Appendix 1 to this decision. The Appendix forms part of this decision.

Background

1. On 4 February 2016, Mr Toms made a request for information to the Council. He referred to the response he had received to a previous request, describing one paragraph as "a particularly slanted presentation of the facts". In the third part of his request, he asked for:

"…a copy or link to the document, email or communication from which this paragraph was taken. And the name of the person and department who provided the information."

Mr Toms asked for other information that is not the subject of this decision notice.

2. The Council responded on 3 March 2016. In its response to the third part of Mr Toms' request, the Council gave notice that it did not hold the information and advised that, if the information had been recorded, it would have been exempt from disclosure under section 36(1) of FOISA (Confidentiality). The Council did not provide the name of its employee or the name of the department in which they worked. (It is not clear to the Commissioner whether this part of request 3 was considered in the Council's response.) By way of advice and assistance, it advised that the paragraph to which Mr Toms referred in his request followed from unrecorded discussion between professional officers.

3. On 6 March 2016, Mr Toms wrote to the Council requesting a review of its decision on the basis that he wished to know the identity of those employees responsible for the information provided to him, which he regarded as giving a misleading description of a Council policy.

4. The Council notified Mr Toms of the outcome of its review on 31 March 2016. The Council modified part of its original decision. It explained that the information in the response to which Mr Toms had referred in his request was provided to a solicitor (Corporate Services) from a Legal Manager (Corporate Services) in an email dated 2 February 2016. The Council disclosed text from that email. In terms of advice and assistance, the Council explained that the information supplied in that email followed a discussion involving the Legal Manager and an officer from City Property (Glasgow) LLP. The Council withheld the name of the Legal Manager under section 38(1)(b) of FOISA, taking the view that to disclose the identity of its employee would breach the Data Protection principles in schedule 1 to the DPA.

5. On 5 April 2016, Mr Toms applied to the Commissioner for a decision in terms of section 47(1) of FOISA. He was dissatisfied with the outcome of the Council's review because he believed the withheld name should be disclosed.

Investigation

6. The application was accepted as valid. The Commissioner confirmed that Mr Toms made a request for information to a Scottish public authority and asked the authority to review its response to that request before applying to her for a decision.

7. On 5 May 2016, the Council was notified in writing that Mr Toms had made a valid application. The case was allocated to an investigating officer. The Council was asked to send the Commissioner the information withheld from Mr Toms (the name of the Legal Manager). The Council provided the information.

8. Section 49(3)(a) of FOISA requires the Commissioner to give public authorities an opportunity to provide comments on an application. The Council was invited to comment on this application and answer specific questions including justifying its reliance on any provisions of FOISA it considered applicable to the information requested.

Commissioner's analysis and findings

9. In coming to a decision on this matter, the Commissioner considered all the withheld information and the relevant submissions, or parts of submissions, made to her by both Mr Toms and the Council. She is satisfied that no matter of relevance has been overlooked.

Section 38(1)(b) of FOISA - Personal data

10. The Council withheld the name of the Legal Manager under the exemption in section 38(1)(b) of FOISA.

11. Section 38(1)(b) of FOISA, read in conjunction with section 38(2)(a)(i) (or, as appropriate, (2)(b)) exempts information from disclosure if it is "personal data", as defined in section 1(1) of the DPA, and its disclosure would contravene one or more of the data protection principles set out in Schedule 1 to the DPA.

12. In order to rely on this exemption, the Council must show, firstly, that any such information would be personal data for the purposes of the DPA and, secondly, that disclosure of that data would contravene one or more of the data protection principles to be found in Schedule 1.

13. This particular exemption is an absolute exemption, which means it is not subject to the public interest test contained in section 2(1)(b) of FOISA.

Is the information personal data?

14. "Personal data" are defined in section 1(1) of the DPA as data which relate to a living individual who can be identified a) from those data, or b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller (the full definition is set out in Appendix 1).

15. The Council said that the name of the individual comes within the definition of "personal data" in terms of the DPA as it relates to a living individual and the individual can be identified by the data.

16. The Commissioner is satisfied that the withheld information is personal data. Given that the individual's job title and Council department have been disclosed, the withheld name would allow identification of the individual. The withheld information clearly relates to the individual in question.

Would disclosure contravene the first data protection principle?

17. The Council submitted that disclosure would breach the first data protection principle. The Council was of the opinion that such processing (i.e. releasing the information into the public domain under FOISA) would not meet any of the conditions noted in Schedule 2 of the DPA and, accordingly, would not be lawful processing.

18. The first data protection principle states that personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless at least one of the conditions in Schedule 2 to the DPA is met and, in the case of sensitive personal data, at least one of the conditions in Schedule 3 to the DPA is also met. The Commissioner is satisfied that the withheld information does not fall into any of the categories of sensitive personal data in section 2 of the DPA.

19. When considering the conditions in Schedule 2, the Commissioner has noted Lord Hope's comment in the case of Common Services Agency v Scottish Information Commissioner [2008] UKHL 47[1] that the conditions require careful treatment in the context of a request for information under FOISA, given that they were not designed to facilitate the release of information, but rather to protect personal data from being processed in a way that might prejudice the rights, freedoms or legitimate interests of the data subject.

20. There are three separate aspects to the first data protection principle: (i) fairness, (ii) lawfulness and (iii) the conditions in the schedules. These three aspects are interlinked. For example, if there is a specific condition in Schedule 2 which permits disclosure, it is likely that disclosure will also be fair and lawful.

21. The Commissioner will now consider whether there are any conditions in Schedule 2 which would permit the requested information to be disclosed. If any of these conditions can be met, she must then consider whether such disclosure would be fair and lawful.

Can any of the conditions in Schedule 2 be met?

22. Condition 1 applies when the data subject (i.e. the individual to whom the data relate) has consented to the release of the information. The Council explained that the data subject had refused consent for their personal data to be disclosed.

23. The Commissioner accepts that consent has not been given by the data subject in this case, and therefore condition 1 in Schedule 2 cannot be met.

24. The Commissioner's view is that condition 6 in Schedule 2 is the only one which might permit disclosure to Mr Toms' request. Condition 6 allows personal data to be processed if the processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject (the individual to whom the data relate).

25. There are a number of different tests which must be satisfied before condition 6 can be met. These are:

(i) Does Mr Toms have a legitimate interest or interests in obtaining the personal data?

(ii) If yes, is the disclosure necessary to achieve those legitimate interests? In other words, is the processing proportionate as a means and fairly balanced as to ends, or could these interests be achieved by means which interfere less with the privacy of the data subject?

(iii) Even if the processing is necessary for Mr Toms' legitimate interests, would the disclosure nevertheless cause unwarranted prejudice to the rights and freedoms or legitimate interests of the data subject?

26. There is no presumption in favour of disclosure of personal data under the general obligation laid down by section 1(1) of FOISA. Accordingly, the legitimate interests of Mr Toms must outweigh the rights and freedoms or legitimate interests of the data subject before condition 6 will permit disclosure. If the two are evenly balanced, the Commissioner must find that the Council was correct to refuse to disclose the information to Mr Toms.

Does Mr Toms have a legitimate interest or interests in obtaining the personal data?

27. Mr Toms submitted that he wished to know the employee's name in order to understand the working of the Council; he was concerned about the sale of a piece of land used as a park for forty years and now the subject of a planning application for building flats and a car park. He explained in detail his concerns about the planning process. The Commissioner will only summarise them here.

28. Mr Toms explained that the response he had received in respect of a previous information request had related to the planning process (about which he had concerns) and he wanted to identify the source of what he regarded as inaccurate and misleading information that reflected on the planning process. The information he regarded as misleading was in the Council's response to his previous request, and he thought the information gave a misleading view on the planning application. He therefore sought the identity of the person who had been responsible for the text which he considered misleading in the previous FOI response from the Council.

29. In contrast, the Council argued that Mr Toms has no legitimate interest in the information. The Council explained that Mr Toms had indicated in his request for review that he sought the information to "inform me [Mr Toms] of the way that the Council works". In its review response, the Council had explained that the legal manager had had a discussion with an officer from City Property (Glasgow) LLP which formed the basis of the information provided to the solicitor who drafted the initial response. Given that the legal manager's role in this instance was to assist with the collation of relevant information (rather than providing legal advice), the Council did not consider that releasing the legal manager's name would provide any further assistance to Mr Toms in his understanding of how the Council worked. The Council took the view that Mr Toms could achieve his aim of understanding how the Council worked by disclosure of information about the departments in which the relevant officials worked.

30. Mr Toms has been told that the employee was a Legal Manager. This indicates the status of the person and their professional relationship with the Council. Mr Toms has been told the department which employs the Legal Manager. He has also been given background information by the Council about the text. This gives Mr Toms an indication of "the working" of the Council.

31. The Commissioner cannot see how disclosing the name of the Legal Manager would add to an understanding of the Council's processes, or help Mr Toms should he wish to complain of the Council's action in respect of a planning application. Similarly, if Mr Toms has concerns that he wishes to raise with the Council about the accuracy of the text in the reply he received, he can raise these without requiring the name of the Legal Manager to be made public (which is the effect of disclosure under FOISA).

32. The Commissioner agrees with the Council that disclosure of the name of the Legal Manager would not help Mr Toms to understand the Council's processes. He has not given any other reason for requiring this information. In all the circumstances of this case, the Commissioner does not accept that Mr Toms (or the wider public) has a legitimate interest in the identity of the person who provided the information referred to in Mr Toms' request.

33. As the Commissioner has decide that Mr Toms has not established a legitimate interest in the withheld information she has not gone on to consider whether processing (i.e. disclosure) is necessary for the purposes of these interests or whether disclosure would be unwarranted by reason of prejudice to the legitimate interests of the data subject.

Outcome

34. The Commissioner finds that there is no condition in Schedule 2 which would permit disclosure of the information. In the absence of a condition permitting disclosure, that disclosure would be unlawful. Consequently the Commissioner finds that disclosure of the information would breach the first data protection principle and that the information is therefore exempt from disclosure (and properly withheld) by the Council under section 38(1)(b) of FOISA.

Decision

The Commissioner finds that Glasgow City Council complied with Part 1 of the Freedom of Information (Scotland) Act 2002 in responding to the information request made by Mr Toms.

Appeal

Should either Mr Toms or the Council wish to appeal against this decision, they have the right to appeal to the Court of Session on a point of law only. Any such appeal must be made within 42 days after the date of intimation of this decision.

Margaret Keyse
Head of Enforcement

28 June 2016

Appendix 1: Relevant statutory provisions

Freedom of Information (Scotland) Act 2002

1 General entitlement

(1) A person who requests information from a Scottish public authority which holds it is entitled to be given it by the authority.

(6) This section is subject to sections 2, 9, 12 and 14.

2 Effect of exemptions

(1) To information which is exempt information by virtue of any provision of Part 2, section 1 applies only to the extent that -

(a) the provision does not confer absolute exemption; and

(2) For the purposes of paragraph (a) of subsection 1, the following provisions of Part 2 (and no others) are to be regarded as conferring absolute exemption -

(e) in subsection (1) of section 38 -

(ii) paragraph (b) where the first condition referred to in that paragraph is satisfied by virtue of subsection (2)(a)(i) or (b) of that section.

38 Personal information

(1) Information is exempt information if it constitutes-

(b) personal data and either the condition mentioned in subsection (2) (the "first condition") or that mentioned in subsection (3) (the "second condition") is …

(2) The first condition is-

(a) in a case where the information falls within any of paragraphs (a) to (d) of the definition of "data" in section 1(1) of the Data Protection Act 1998 (c.29), that the disclosure of the information to a member of the public otherwise than under this Act would contravene-

(i) any of the data protection principles; or

(b) in any other case, that such disclosure would contravene any of the data protection principles if the exemptions in section 33A(1) of that Act (which relate to manual data held) were disregarded.

(5) In this section-

"the data protection principles" means the principles set out in Part I of Schedule 1 to that Act, as read subject to Part II of that Schedule and to section 27(1) of that Act;

"data subject" and "personal data" have the meanings respectively assigned to those terms by section 1(1) of that Act;

 
  Data Protection Act 1998

1 Basic interpretative provisions

(1) In this Act, unless the context otherwise requires -

"personal data" means data which relate to a living individual who can be identified -

(a) from those data, or

(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual;

Schedule 1 - The data protection principles

Part I - The principles

1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless -

(a) at least one of the conditions in Schedule 2 is met, and

Schedule 2 - Conditions relevant for purposes of the first principle: processing of any personal data

1. The data subject has given his consent to the processing.

...

6. (1) The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.


[1] http://www.bailii.org/uk/cases/UKHL/2008/47.html

PDF IconLink to PDF file of decision 140/2016 (199 kb)

Back to Top