home| T: 029 2038 5542| contact us| print page
Continuing confusion regarding the interface between the Data Protection Act and the Freedom of Information Act.

Continuing confusion regarding the interface between the Data Protection Act and the Freedom of Information Act.

25 Oct 2010

A decision by Birmingham City Council to decline to disclose the names of individuals who attended a dinner at the Council's expense held in the the Council House banqueting suite to mark Pope Benedict’s Beatification of Cardinal Newman, highlights continuing confusion regarding the interface between the Data Protection Act and the Freedom of Information Act.  

The Council appears to have concluded that the guest list was exempt from release under FOIA because disclosure would breach the Data Protection Act. Under section 40(2) FOIA information is exempt from disclosure if its disclosure would breach any of the data protection principles. Ordinarily, public authorities are entitled to conclude that section 40(2) FOIA applies where disclosure of the personal data that has been requested would involve an unwarranted interference with the rights freedoms and legitimate expectations of the individuals concerned.  

Despite the public dimension in this case (arising from the fact that the event took place public eye, in civic premises, at public expense and attended by public figures including Pope Benedict, Princess Michael of Kent, the Roman Catholic Archbishop of Birmingham and the Lord Mayor of Birmingham), the Council appears to have concluded that the disclosure of the names of those attending the dinner would amount to an interference with the legitimate privacy expectations of the guests and that the guest list was therefore exempt. It is however far from clear whether disclosure would had breached the data protection act and whether section 40(2) has been properly applied in this case. Firstly it is certainly arguable that, many, if not all of the guests would have considered the semi-public nature of the occasion to be such that ordinary expectations of privacy would be sufficiently diminished to allow release of the guest list. Indeed given the nature of the occasion many guests may have expected their attendance at the event to be publicised.  

Secondly the Council may have overlooked the decision of the Information Tribunal in the 2008 case of Harcup v ICO and Yorkshire Forward which suggests that guest lists may not be personal data at all and may not therefore be capable of exemption under section 40(2) FOIA. The Harcup case concerned a request for the names of individuals who attended a corporate hospitality event promoted by regional development body, Yorkshire Forward. The Information Tribunal, drawing on the decision of the Court of Appeal in the case of Durant v FSA (2003), concluded that a list of names, without further information about the individuals concerned, for example their job titles or employers' names, did not amount to "personal data" for the purpose of section 1 DPA. As Yorkshire Forward's guest lists were not personal data, their disclosure under FOIA would not breach any of the data protection principles and the lists could therefore not be exempt from disclosure under section 40(2) FOIA.

You can read the full news story.