Don’t use the ICO’s ‘Report a Concern’ Form

The Freedom of Information Act 2000 gives requesters a general right of access to official information subject to (lots of) specific exceptions. The Act also gives requesters a right to apply for a decision from the Information Commissioner (see Section 50). The word used in Section 50 is “apply” rather than complain or report a concern. The words used in Acts of Parliament matter. The word “apply” means that it is perfectly fine for a requester to ask the ICO to review a decision even if the requester is 90% certain that the public authority has acted within the law. A requester does not need to have a cause for complaint or a concern.

Section 50 requires the requester to provide very little information to the Information Commissioner. The requester has to apply for a decision as to “whether, in any specified respect, a request […] has been dealt with in accordance with the requirements of Part I.” Clearly, it would make sense to give the ICO your name and some means of contacting you and if you don’t you could be deemed to have abandoned the application. It will also be helpful to provide the ICO with access to a copy of your request and any subsequent correspondence. I would suggest, firstly that there is no need to complete any kind of form and secondly that the ICO’s ‘Report a Concern’ form is particularly inappropriate.

The form is not particularly easy to find – when I go on the ICO’s website I find I have to complete a short survey just to get to it.

What don’t I like about the ICO’s form?

The title of the form makes no reference to applying for a decision or even making a complaint. Nowhere in the whole form does it refer to seeking a decision. For that reason the Information Commissioner’s obligations under Section 50(2)-(3) are not triggered and the ICO can safely ignore your ‘concerns’.

A lot of the information the ICO asks for simply isn’t needed. Sections 1, 4, 5 and 6 contain text fields but would actually be better addressed by forwarding all correspondence, or where applicable, simply sending the ICO a link to the request page on WhatDoTheyKnow.

Section 2 asks for your relationship with the organisation – the whole of Section 2 will always or almost always be irrelevant for FOI requests.

Section 3 will be relevant but again uses the “your concern” wording rather than applying for a decision.

Section 7 asks for your contact details and contains about 15 fields – in most cases a name and email address would suffice.

Section 8 – where do I start? The ICO asks for a four point declaration from the requester that the requester is under no obligation to provide when seeking a decision under Section 50. When it says “I have included all the necessary supporting evidence” – what does that even mean in the context of reporting a concern? In fairness, the declaration does not read like it is meant to be a formal legal declaration but in my mind that makes it even less suitable for making Section 50 applications. Version 1.0 of the ICO’s form did not contain a declaration.

Section 9 is instructions on submitting the form which appears to be steering people towards submission by email and suggests requesters use “Concern about accessing information” in the subject line.

Can the ICO really ignore a ‘concern’?

Some readers may think that the ICO couldn’t ignore a valid concern or that the choice of words in the ICO’s form is accidental but note the ICO’s Service Standards “It is up to us to decide whether or not we should take further action.” – this wording is clearly inconsistent with Section 50(2) of the Act. Even on the ICO’s own analysis reporting a concern does not engage the Commissioner’s obligations under Section 50.

It wasn’t always like this – back in 2006, the ICO explicitly acknowledged the Commissioner’s obligation to rule on complaints. “Your complaint will be allocated to a caseworker and if we cannot resolve your complaint informally, the Information Commissioner will issue a Decision Notice.”

The Scottish Information Commissioner gets it

The Scottish Information Commissioner’s form is called an application form and there is a clear link between application and decision – see for example paragraphs 2 and 16 of A guide for applicants.

Suggested alternative

I would suggest sending an email to the ICO. The wording will depend on what you want the ICO to make a decision on but the wording below could be adapted in most cases where the requester would like the ICO to rule on whether more information should have been released.

Dear Information Commissioner,

I am writing to apply for a decision under Section 50 of the Freedom of Information Act 2000 with respect to a request I made under the Act. I seek a decision as to whether or not the [name of public authority] complied with Section 1(1) of the Act when it withheld information I had requested. In particular, I would like the Commissioner to rule on whether the [list out the exemptions the public authority cited] can apply to all of the information withheld.

My request and all related correspondence are attached.

[Or: My request and all related correspondence can be accessed here: WhatDoTheyKnow URL]

Please acknowledge receipt.

many thanks,

[your full name]

Category: Uncategorized