Decision 064/2017: Mr Allan Nugent and Glasgow City Council

List of taxi operators provided by Unite the Union

Reference No: 201700400
Decision Date: 4 May 2017


The Council was asked for a copy of the list of taxi operators which Unite the Union had submitted to the Council. The Council withheld the information, stating that the list comprised sensitive personal data. The Commissioner found that the Council had properly withheld this information.

 Relevant statutory provisions

Freedom of Information (Scotland) Act 2002 (FOISA) sections 1(1), (4) and (6) (General entitlement); 2(1)(a) and (2)(e)(ii) (Effect of exemptions); 38(1)(b), (2)(a)(i) and (b) and (5) (definition of "the data protection principles", "data subject" and "personal data") (Personal information)

Data Protection Act 1998 (the DPA) sections 1(1) (Basic interpretative provisions) (definition of personal data) and 2(d) (Sensitive personal data); Schedules 1 (The data protection principles) (the first data protection principle); 3 (Conditions relevant for the purposes of the first principle: processing of sensitive personal data) (conditions 1 and 5)

All references in this decision to "the Commissioner" are to Margaret Keyse, who has been appointed by the Scottish Parliamentary Corporate Body to discharge the functions of the Commissioner under section 42(8) of FOISA.

The full text of each of the statutory provisions cited above is reproduced in Appendix 1 to this decision. The Appendix forms part of this decision.


1. Mr Nugent has been in ongoing correspondence with Glasgow City Council (the Council) about changes to the taxi tariff: changes which were accepted by Unite the Union (Unite) on behalf of the taxi operators it represented. On 21 December 2016, Mr Nugent made the following information request:

"a copy of the list Unite have submitted regarding the evidence confirming they meet the required 10% of the trade (plate numbers will do if there is a problem divulging personal names)".

2. The Council responded to his request on 17 January 2017. It stated that the information requested by Mr Nugent was sensitive personal data and exempt by virtue of section 38(1)(b) of FOISA. The list of names supplied by Unite was sensitive personal data in terms of section 2(d) of the DPA, and the Council considered that the information was exempt from disclosure under section 38(1)(b) of FOISA (Personal information). The Council said that it would not be possible to disclose plate numbers alone without breaching the DPA as the relevant licence holders could be identified by cross-referencing the number plate with information in the public register of taxi licences.

3. On 27 January 2017, Mr Nugent wrote to the Council requesting a review of its decision. He regarded the withheld list as a voters' roll of the operators that Unite represented. He believed that all other taxi operators were entitled to know who voted and accepted the taxi tariff review on their behalf.

4. The Council notified Mr Nugent of the outcome of its review on 23 February 2017. The Council explained why it did not accept that the list of union members was the same as the electoral roll. It upheld its initial decision to withhold the requested information under section 38(1)(b) of FOISA.

5. On 28 February 2017, Mr Nugent applied to the Commissioner for a decision in terms of section 47(1) of FOISA. Mr Nugent stated he was dissatisfied with the outcome of the Council's review because he did not believe that the exemption applied.


6. The application was accepted as valid. The Commissioner confirmed that Mr Nugent made a request for information to a Scottish public authority and asked the authority to review its response to that request before applying to her for a decision.

7. On 16 March 2017, the Council was notified in writing that Mr Nugent had made a valid application. The Council was asked to send the Commissioner the information withheld from Mr Nugent. The Council provided the information and the case was allocated to an investigating officer.

8. Section 49(3)(a) of FOISA requires the Commissioner to give public authorities an opportunity to provide comments on an application. The Council was invited to comment on this application and answer specific questions including justifying its reliance on any provisions of FOISA it considered applicable to the information requested.

 Commissioner's analysis and findings

9. In coming to a decision on this matter, the Commissioner considered all the withheld information and the relevant submissions, or parts of submissions, made to her by both Mr Nugent and the Council. She is satisfied that no matter of relevance has been overlooked.

10. By way of background, the Licensing Section of the Council is responsible for licensing various activities under the Civic Government (Scotland) Act 1982 ("the 1982 Act"), including the provision of taxi services within its area. Part of this regulatory remit requires the Council to set the "Taxi Tariff" for its area - this is essentially the fare structure that governs how much taxi drivers can charge passengers for journeys within the city boundary. Under the 1982 Act, the Council has a legal duty to review this tariff at an interval of no more than 18 months.

11. As part of the review of the tariff, the 1982 Act specifies that Council is required to "consult with persons or organisations appearing to it to be, or to be representative of, the operators of taxis operating within its area" (section 17(4A)). Where the Council completes a review of the taxi tariff it may or may not determine whether to adjust the current taxi tariff. Any licensed taxi operator can appeal the Council's decision to the Scottish Traffic Commissioner. This results in a formal appeal procedure, the rules of which are set out in the Licensing and Regulation of Taxis (Appeals in Respect of Taxi Fares) (Scotland) Order 1985.

12. Mr Nugent has expressed his concerns to the Council about the taxi tariff, representation under the 1982 Act and other similar matters.

Section 38(1)(b) - Personal information

13. Section 38(1)(b) of FOISA exempts information from disclosure if it is "personal data" as defined in section 1(1) of the DPA, and disclosure would contravene one or more of the data protection principles set out in Schedule 1 to the DPA.

14. The Council applied the exemption in section 38(1)(b), read in conjunction with section 38(2)(a)(i) of FOISA, to the withheld information. To rely on this exemption, the Council must show that the information being withheld is personal data for the purposes of the DPA, and that disclosure of the information into the public domain (which is the effect of disclosure under FOISA) would contravene one or more of the data protection principles.

Is the withheld information personal data?

15. Personal data is defined in section 1(1) of the DPA as data which relate to a living individual who can be identified a) from those data, or b) from those data and other information which is in the possession of, or likely to come into the possession of, the data controller (the full definition is set out in Appendix 1).

16. The Council explained that the withheld information is a list of names of members of a trade union, Unite. The Commissioner accepts that this information falls within the definition of "personal data" in terms of the DPA as it relates to living individuals and these individuals can be identified from the data.

17. Mr Nugent asked for a list of names, but also said he would accept plate numbers alone if there was a difficulty in divulging names. The Commissioner asked the Council how a living individual would be identified from the taxi plate number.

18. The Council explained that Paragraph 14 of Schedule 1 to the 1982 Act requires the Council, as licensing authority, to maintain a register which includes a note of the kind and terms of each licence it grants. Paragraph 14 also provides that this register must be made available for public inspection and any member of the public may make a copy of the register or an extract from the register. The Council explained that its register includes the name of each taxi operator licensed in the City and their taxi plate number. The plate numbers are also fixed to each taxi. In the Council's opinion, it would be straightforward for Mr Nugent, or another member of the public, to identify the name of a taxi operator from their plate number. Therefore, disclosing the plate numbers would reveal which operators are trade union members.

19. The Commissioner accepts the Council's view and is satisfied that the withheld information is all personal data: it is clearly possible to identify living individuals from the data, and the information relates to them as individuals.

Is the withheld information sensitive personal data?

20. The Council submitted that the withheld information was sensitive personal data in terms of section 2(d) of the DPA (i.e. information as to whether a person is a member of a trade union). The Council added that Mr Nugent himself had previously acknowledged this (see paragraph 16 of Decision 122/2015: Mr Allan Nugent and Glasgow City Council[1]).

21. The Commissioner is satisfied that the information is sensitive personal data. Unite is a trade union within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992[2]. The withheld information identifies that living individuals are members of Unite. The information therefore constitutes sensitive personal data under section 2(d) of the DPA (see Appendix 1).

Would disclosure contravene the first data protection principle?

22. The Council argued that disclosing the personal data would contravene the first data protection principle. This states that personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless at least one of the conditions in Schedule 2 to the DPA is met and, in the case of sensitive personal data, at least one of the conditions in Schedule 3 to the DPA is also met. "Processing" here means disclosing the personal data into the public domain in response to Mr Nugent's information request.

23. In this context, the Commissioner notes Lord Hope's comment in the case of Common Services Agency v Scottish Information Commissioner [2008] UKHL 472[3] that the conditions require careful treatment in the context of a request for information under FOISA, given that they were not designed to facilitate the release of information, but rather to protect personal data from being processed in a way that might prejudice the rights, freedoms or legitimate interests of the data subject.

First data protection principle: sensitive personal data

24. Given the additional restrictions surrounding the disclosure of sensitive personal data, it is sensible to consider whether there are any conditions in Schedule 3 which would permit those data to be disclosed before considering the Schedule 2 conditions. The Commissioner has therefore considered the conditions in Schedule 3 to the DPA as well as the additional conditions for processing sensitive personal data contained in legislation such as the Data Protection (Processing of Sensitive Personal Data) Order 2000.

25. The Council referred to Schedule 3 of the DPA and the Commissioner's Briefing[4] on section 38, which states that for the purposes of section 38(1)(b) of FOISA, it is likely that only conditions 1 and 5 of Schedule 3 will be relevant.

26. Condition 1 of Schedule 3 allows sensitive personal data to be processed where the data subject has given explicit consent to the release of the information. The Council argued that, to meet this condition the data subjects would need to have specifically consented to their sensitive personal data being released to the world at large. They had not done so.

27. The Council also referred to condition 5 of Schedule 3, which allows sensitive personal data to be processed where the personal data has been made public as the result of steps taken deliberately by the data subject. The Council confirmed that the information in this case is not publicly available and condition 5 does not apply.

28. As the Council does not have the data subjects' consent to disclose their personal data, the Commissioner is satisfied that condition 1 cannot be met in this case. The information at issue has not been made public as a result of steps deliberately taken by the data subjects, and so condition 5 cannot be met in this case.

29. In his application, Mr Nugent listed the reasons why he considered that the information should be disclosed. Many of Mr Nugent's arguments relate to the process followed, and actions taken by, the Council and Unite in respect of the taxi tariff and the 1982 Act. Mr Nugent also complained about the way the Council had processed the personal data of those who objected to the taxi tariff.

30. The Commissioner's remit is to decide whether the Council responded to Mr Nugent's request in accordance with Part 1 of FOISA. In this instance, she must decide whether the Council was correct to withhold sensitive personal data. She cannot consider the other points of dissatisfaction which Mr Nugent raised.

31. There is nothing within Mr Nugent's comments that suggests or evidences that disclosure of the sensitive personal data withheld in this case is permitted by a condition in Schedule 3 of the DPA or in other relevant legislation.

32. Having concluded that no there is no lawful basis for disclosing the sensitive personal data, the Commissioner finds that its disclosure would breach the first principle of the DPA. The sensitive personal data in the decision is therefore exempt from disclosure under section 38(1)(b) of FOISA. The Commissioner finds that the Council was correct to withhold this information.


The Commissioner finds that Glasgow City Council complied with Part 1 of the Freedom of Information (Scotland) Act 2002 in responding to the information request made by Mr Nugent.


Should either Mr Nugent or Glasgow City Council wish to appeal against this decision, they have the right to appeal to the Court of Session on a point of law only. Any such appeal must be made within 42 days after the date of intimation of this decision.

Margaret Keyse
Acting Scottish Information Commissioner
4 May 2017

  Appendix 1: Relevant statutory provisions

Freedom of Information (Scotland) Act 2002

1 General entitlement

(1) A person who requests information from a Scottish public authority which holds it is entitled to be given it by the authority.

(4) The information to be given by the authority is that held by it at the time the request is received, except that, subject to subsection (5), any amendment or deletion which would have been made, regardless of the receipt of the request, between that time and the time it gives the information may be made before the information is given.

(6) This section is subject to sections 2, 9, 12 and 14.

2 Effect of exemptions

(1) To information which is exempt information by virtue of any provision of Part 2, section 1 applies only to the extent that -

(a) the provision does not confer absolute exemption; and

(2) For the purposes of paragraph (a) of subsection 1, the following provisions of Part 2 (and no others) are to be regarded as conferring absolute exemption -

(e) in subsection (1) of section 38 -

(ii) paragraph (b) where the first condition referred to in that paragraph is satisfied by virtue of subsection (2)(a)(i) or (b) of that section.

38 Personal information

(1) Information is exempt information if it constitutes-

(b) personal data and either the condition mentioned in subsection (2) (the "first condition") or that mentioned in subsection (3) (the "second condition") is satisfied;

(2) The first condition is-

(a) in a case where the information falls within any of paragraphs (a) to (d) of the definition of "data" in section 1(1) of the Data Protection Act 1998 (c.29), that the disclosure of the information to a member of the public otherwise than under this Act would contravene-

(i) any of the data protection principles; or

(b) in any other case, that such disclosure would contravene any of the data protection principles if the exemptions in section 33A(1) of that Act (which relate to manual data held) were disregarded.

(5) In this section-

"the data protection principles" means the principles set out in Part I of Schedule 1 to that Act, as read subject to Part II of that Schedule and to section 27(1) of that Act;

"data subject" and "personal data" have the meanings respectively assigned to those terms by section 1(1) of that Act;

Data Protection Act 1998

1 Basic interpretative provisions

(1) In this Act, unless the context otherwise requires -

"personal data" means data which relate to a living individual who can be identified -

(a) from those data, or

(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual;

2 Sensitive personal data

In this Act "sensitive personal data" means personal data consisting of information as to-

(d) whether [the data subject] is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992),

Schedule 1 - The data protection principles

Part I - The principles

1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless -

(a) at least one of the conditions in Schedule 2 is met, and

(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

Schedule 3 - Conditions relevant for the purposes of the first principle: processing of sensitive personal data

1. The data subject has given his explicit consent to the processing of the personal data.


5. The information contained in the personal data has been made public as a result of steps deliberately taken by the data subject.





Link to PDF of Decision 064/2017 (104 KB)

Back to Top