Written evidence from the Campaign for Freedom of Information[1] (PGG20)


The Public Administration and Constitutional Affairs Committee

Propriety of governance in light of Greensill inquiry





  1. This submission addresses the role of the Freedom of Information Act (FOIA) in promoting accountability and revealing and deterring impropriety. It considers three specific issues that need to be addressed to improve the Act’s effectiveness:   (i) its limited application to information held by public sector contractors;                (ii) government plans to exclude two proposed new public authorities from FOIA, a move which suggests that more may follow; and (iii) the substantial delays in responding to FOI requests, preventing the timely release of information.


  1. The Greensill affair illustrates the value of the Freedom of Information Act. Without FOIA the extent of the company’s efforts to persuade the government to provide it with financial support, and the extraordinarily insistent lobbying by the former prime minister David Cameron may not have been uncovered, let alone documented in such detail.[2],[3]
  2. The significance of the FOI disclosures is illustrated by the government’s response to a parliamentary question on the issue. When asked how many times Cabinet Office officials had met with Lex Greensill, the company’s co-founder and CEO, a Cabinet Office minister replied:

In line with the practice of successive administrations, details of internal meetings are not normally disclosed.[4]

  1. In contrast to this terse ‘answer’, FOIA has led to the disclosure of voluminous collections of email, texts and notes of meetings between the company, its lobbyists and officials and ministers.
  2. The relative ease with which this material has been obtained, without the intervention of the Information Commissioner or tribunal, undoubtedly reflects the government’s confidence that the record reflects well on its handling of the matter. However, if FOIA is to be effective in other circumstances it must be strengthened so that the right of access is not neutered by delays and extended, in particular to properly cover the activities of contractors and consultants.
  3. Otherwise, the risk is that FOIA will throw light on contentious matters only as they recede into the past. An example is then prime minister Tony Blair’s involvement in the so-called Ecclestone Affair. Soon after Labour’s May 1997 election victory, the government announced that all tobacco sponsorship of sport would be banned. Although it was not public knowledge at the time, Bernie Ecclestone the Formula One boss had donated £1m to Labour before the election and was then discussing the possibility of a second donation. Mr Ecclestone and Mr Blair met in Downing Street in October 1997. A short time later the government announced that Formula One would not be subject to the ban. As journalists began to investigate the possibility of improper influence the government acknowledged the Ecclestone donation. However, Mr Blair denied responsibility for the decision and, amid calls for his resignation, appeared on television to insist he was a ‘pretty straight sort of guy’. Whitehall papers about the affair were ultimately disclosed under FOIA in October 2008 after a two-and-a-half year battle, by which time Mr Blair had left office. They showed that within hours of his meeting with Mr Ecclestone, he had given instructions that Formula One was to be excluded from the tobacco ban.[5]
  4. Mr Blair’s recognition of the damage caused to him by this affair and by the suspicions which the FOI disclosures confirmed, go a long way towards explaining his well-publicised regret at having introduced FOIA, as he frankly acknowledged in his memoirs.[6]
  5. The reason why FOIA is effective in relation to lobbying is the Act’s public interest test which applies to some two-thirds of FOIA exemptions and all but one of the exceptions under the parallel right of access to environmental information, the Environmental Information Regulations (EIR).[7] This requires the disclosure of exempt information where the balance of public interest favours disclosure or where the public interest for and against disclosure is equally balanced.[8] 
  6. In an early decision involving lobbying the Information Tribunal concluded:

‘In our view, there is a strong public interest in understanding how lobbyists, particularly those given privileged access, are attempting to influence government so that other supporting or counterbalancing views can be put to government to help ministers and civil servants make best policy. Also there is a strong public interest in ensuring that there is not, and it is seen that there is not, any impropriety.’ [9]

  1. This recognition of the public interest in revealing how lobbyists are operating indicates FOIA’s considerable potential in relation to the activities which the Committee is currently examining.  FOIA contains the elements of a highly effective tool to probe lobbying, but as journalist Chris Cook has observed, it needs to be strengthened and more vigorously enforced.[10]




  1. The guidance on the Seven Principles of Public Life (‘the Nolan Principles’) states that they apply not only to officials and those holding elected office but also ‘to all those in other sectors delivering public services’.[11] The principles of ‘accountability’ and ‘openness’ should therefore apply equally to public sector contractors. However, a significant shortcoming in FOIA limits its ability to contribute to that.
  2. FOIA provides a right of access, subject to exemptions, to information ‘held’ by public authorities. Private bodies, such as contractors, are not directly covered by the Act but information which they hold on behalf of the authority’ is treated as held by the authority itself.[12] A common sense interpretation would mean that when a contractor provides a service for a public authority, the information which the contractor holds about that service is held on behalf of the authority’ and is accessible via a request to the authority.
  3. Unfortunately, that is not how the provision has been interpreted by the Information Commissioner and Tribunal. Contractor-held information is only considered held on the authority’s behalf if the contract itself entitles the authority to obtain it from the contractor. That requires the contractor and authority to agree to contractual provisions leading to public access. If they don’t – and they may have little incentive tothe public has no right to information.
  4. The significance of this omission has grown with the rapid increase in outsourcing. In 2019, public procurement accounted for £292 billion, around a third of all public expenditure.[13] During the pandemic the government awarded £30.2bn of government contracts £624m of which was spent on consultants who are themselves contractors.[14]
  5. FOIA is not the only law that has failed to keep pace with changes in public service delivery. The Law Commission has identified a similar issue with the current scope of the offence of misconduct in public office due to the fact that many traditionally public functions, such as the operation of prisons, and the provision of social services, are now regularly outsourced in whole or in part to private organisations’.[15] It recommended the creation of a statutory list of ‘public office holders’ for the purpose of the offence which should include contractors who exercise functions or perform work for the government’.[16] We believe FOIA should be similarly extended to provide greater accountability in relation to contractors.
  6. The role of contractors has not been overlooked when it comes to the prevention of unauthorised disclosure. Offences under the Official Secrets Act 1989 may be committed by anyone who is or has been a Crown servant ‘or government contractor’.[17]  An appropriately adapted version of that principle (recognising that disclosure duties could not apply to individual employees) should also apply under FOIA.
  7. The following examples illustrate the consequences of FOIA’s limited reach in relation to contractor-held information:

Conduct of TV licensing officers

The BBC contracts the collection and enforcement of the television licence fee to Capita Business Services under a 15-year contract, estimated in 2013 to be worth up to £1.55 billion.[18] In February 2017, an undercover investigation revealed that Capita’s enforcement officers received bonuses if they caught 28 licence fee evaders each week and alleged that some were deliberately targeting vulnerable people to maximise their income.[19] The BBC’s Director-General instructed Capita to conduct an urgent investigation. However, the BBC refused an FOI request for the report of the investigation explaining that while Capita held the information, it did not do so ‘on behalf of’ of the BBC.[20] It is difficult to believe that the BBC could not have obtained the report had it asked for it. However, if its contract with Capita did not formally entitled it to a copy, the information would not be subject to FOIA.


Complaints at HMP Birmingham

HMP Birmingham was run by G4S from 2011 to 2018 under a contract worth £419 million.[21] The contractor’s serious failings led to the prison to being returned to government control in 2019. The Ministry of Justice (MoJ) was later asked for information about staffing levels and the number of formal prisoner complaints about accommodation, violence, personal safety and healthcare between 2016 and 2018.  It replied: ‘MoJ does not hold any information. . . regarding staffing and complaints data. This is because there is no business requirement to do so. . . . The MoJ does not mandate staffing numbers in privately managed prisons and all staffing matters, including the responsibility for ensuring the availability of sufficiently trained and experienced staff to maintain safe and decent prisons, lies with contractors.’[22]


Complaints against police healthcare practitioners

FOIA has been used to investigate the frequency of complaints against healthcare practitioners acting for the police. These provide vital medical care to detainees in police custody, victims of crimeincluding sexual offences and may also play a role in assessing injuries to police officers. However, 16/44 (36%) of police forces surveyed said that they could not provide information on complaints against these practitioners as their healthcare services were outsourced to private companies such as G4S and Serco Health.[23]

Professor Jason Payne-James, one of the authors of this study, has stated: ‘The nature and quality of health and forensic medical services for vulnerable complainants and detainees should be the same across all police services, as directly or indirectly poor quality of services can, in the extreme, lead to death or harm in custody, and miscarriages of justice. It is in the public interest for comparisons to be made between healthcare provision in these settings, so that those police services providing inadequate healthcare can be identified and challenged. If some police services can provide the data under FOI, all should’.[24]


Virgin Care’s whistleblowing policy

In 2012, NHS Surrey outsourced its community healthcare services to Virgin Care under a £500m contract. When it was asked for the whistleblowing procedures applying to Virgin Care staff it responded: ‘NHS Surrey does not hold this information. This request is for policies and procedures held by Virgin Care which are not available through the provisions of the Freedom of Information Act.’[25] This is of particular concern as, following the inquiry into poor care and avoidable patient deaths at the Midstaffordshire NHS trust which he chaired, Sir Robert Francis QC produced a report stressing that strong safeguards for whistleblowers are essential to ensuring that malpractice within the NHS identified and addressed.[26]


Complaints against G4S court security officers

Court security officers have powers under the Courts Act 2003 to search and seize possessions, as well as to forcibly remove people from court.[27] In 2014 the Ministry of Justice (MOJ) was asked how many complaints had been made about court security officers provided under contract by G4S and whether any of them had been charged with an offence.  At the time, G4S provided over 800 officers to courts across England & Wales. The MoJ responded that the information was ‘held by HMCTS’ authorised contractors and therefore not held by MoJ for FOI purposes’ and that the ‘information is not held by MoJ because there is no legal or business requirement to hold the information.[28] It added that ‘[a]ny offences committed would be a Disciplinary or Human Resources matter for the Contractor.’


The voluntary approach to contractor information

  1. The government has long argued that access to contractor-held information can be addressed by the contracting parties agreeing to include appropriate provisions in the contract itself. The Cabinet Office guidance on this issue states:

As more public services are contracted out to the private sector it is important that they are delivered in a transparent way, to ensure accountability to the user and taxpayer. There will be some circumstances when contractors hold information about contractual arrangements on behalf of a public authority which will then be subject to the Act.

It is important that contractors and public authorities are clear what this information is, and that it is made readily available to the contracting public authority when it receives requests under the Act.[29]

  1. This falls conspicuously short of expressly telling authorities that contractual provisions should be used to ensure that information needed for public accountability is brought within the reach of FOI requests.
  2. An attempt to address the issue has been made in the form a Model Services Contract (MSC) drawn up by the Cabinet Office’s Crown Commercial Service. Central government bodies are advised, but not obliged, to adopt this for contracts worth over £10 million. The MSC states that the contract itself will be published minus any exempt information together with information that the parties specify is to be published. Significantly, the contract includes a standard clause specifying that the contractor agrees to supply to the authority on request ‘any Information it holds that is... reasonably relevant to or that arises from the provision of the Services’.[30]  This form of words ensures that the wide class of information referred to would then be held on the authority’s behalf and subject to FOIA.
  3. The provision appears to have had little if any impact. In 2018, two years after this version of the MSC was introduced, research undertaken for the Information Commissioner looked for published contracts valued at over £10 million that included the MSC’s transparency provision but could not find a single one.[31] The researchers then consulted informally with relevant individuals in government, research organisations, and public law experts and found that ‘[w]ithout exception, none of these people had worked with or heard of an organisation using the MSC’.[32] The researchers also searched for contractual disclosure provisions in smaller value contracts. From a survey of 500 accessible contracts referred to on UK public procurement portals it identified 55 contracts which had been published along with their associated documents but found ‘no evidence that the parties had specified and agreed what information would be held on behalf of a public authority in the event of an information request.[33]

Overseas experience

  1. The treatment of contractors under FOIA is out of line with the approach of many countries’ FOI laws which either require contractors to respond to FOI requests themselves or make the information they hold accessible via requests to the authority. These include the laws of Australia, Bangladesh, Estonia, Germany, Ghana, Hungary, Ireland, Italy, Kenya, Malawi, New Zealand, Nigeria, Pakistan, Poland, Sierra Leone, Sri Lanka, South Africa, Spain, Trinidad & Tobago and Ukraine.
  2. Some of these FOI laws have included contractors since they were first introduced. New Zealand’s Official Information Act 1982 has always provided that:

‘Any information held by an independent contractor engaged by any public service agency or Minister of the Crown or organisation in his capacity as such contractor shall, for the purposes of this Act, be deemed to be held by the public service agency or Minister of the Crown or organisation.’[34]

  1. Other laws were amended to cover contractors in light of the expansion of outsourcing. Ireland’s FOI Act 1997 was amended in 2014 to include a provision stating that:

‘A record in the possession of a service provider shall, if and in so far as it relates to the service, be deemed for the purposes of this Act to be held by the FOI body’[35]

  1. Australia’s 1982 FOI Act was amended in 2010 to require public agencies outsourcing public services to include clauses in the contracts requiring the contractor to supply relevant documents to the agency if they had been requested under the Act.[36]
  2. Scotland has its own FOI Act and contractors responsible for some devolved matters – such as running prisons or providing secure accommodation have been designated as Scottish public authorities in their own right.[37] This means that the kind of information that the Ministry of Justice could not provide for prisons run by G4S in England (see above), is available directly from the contractors concerned in Scotland. Since they were brought under FOI in 2016, Scottish prison contractors have responded to 93% of requests within the statutory time limit, suggesting they are perfectly capable of handling FOI requests.[38] The Scottish Government has consulted on a further extension of Scotland’s FOI Act to organisations providing services on behalf of the public sector.[39]

Closing the contractor loophole: a dual approach

  1. In 2012 the Coalition Government resisted proposals to extend FOIA to contractor-held information but recognised that its light-touch approach requires a considerable degree of goodwill and cooperation on the part of public authorities and contractors alike. It added that [s]hould the results be inadequate we will consider what other steps, including the possible designation of contractors[under FOIA] might be necessary to ensure accountability’.[40]
  2. As indicated, this ‘light-touch approach’ is failing. We think FOIA itself should be amended to cover contractor-held information. A dual approach could be used:
  3. These arrangements should apply both to FOIA and to the parallel Environmental Information Regulations (EIR),[42] though we do not refer to them separately here. The opportunity to make these amendments to FOIA will arise as part of the procurement reforms promised in the government’s recent Green Paper Transforming Public Procurement[43] and due to be introduced in the current Parliamentary session. At present, the proposals contain virtually no reference to FOIA, except for the less than helpful suggestion that guidance is needed to describe what procurement information should normally not be disclosed.

Support for extending FOI to contractors

  1. There is significant support for taking legislative action:
  2. Such a measure would bring about a fundamental shift in the ability to detect and deter misconduct by public sector contractors.




  1. The government currently plans to wholly or largely exclude two proposed new public authorities from FOIA. The Advanced Research and Invention Agency (ARIA), will not be subject to FOIA at all. The proposed Health Service Safety Investigation Body will be subject to a statutory prohibition on disclosure which will not only override FOIA in relation to the work it will be set up to perform but also prohibit the disclosure of information to Parliament. We are concerned that further exclusions from FOIA may follow.

The Advanced Research and Invention Agency

  1. The bill establishing ARIA is currently before Parliament. The government says ARIA will not be brought under FOIA to spare it the ‘burden’ of dealing with requests and interfering with its role in promoting British science[57],[58] We have set out our views on the proposal to exclude ARIA from FOIA in more detail elsewhere.[59] Other bodies that have not been made subject to FOIA have largely been excluded because of the sensitivity of the information they hold (these include the security and intelligence services, the special forces, the National Crime Agency and the Royal Family) The suggestion that ARIA, with a proposed budget of £800 million over four years, should be excluded from FOIA because of the burden of having to process FOI requests is extraordinary as many of the bodies subject to FOIA have tiny budgets compared to those that ARIA will enjoy.
  2. The government has repeatedly stressed that ARIA is modelled on similar agencies elsewhere, particularly the influential US Advanced Research Projects Agency (ARPA) and its successor, the Defence Advanced Research Projects Agency (DARPA).
  3. However, ARPA was subject to the US Freedom of Information Act and DARPA is subject to it. Their need to answer FOI requests has not prevented them achieving the successes which the government wishes to replicate. Moreover, in the 11 years from 2009 to 2019 an average of only 47 requests a year referring to ARPA or DARPA were made to the US Department of Defense. Given the size of ARIA’s budget it is difficult to see how that small number of requests could constitute a burden, let alone one that could prevent it achieving its objectives.
  4. It has been suggested that ARIA might in fact be likely to receive a similar volume of requests to UK Research and Innovation, which deals with 30 requests a month. In fact, UKRI incorporates the 7 UK research councils plus Innovate UK and Research England (formerly HEFCE). Before UKRI’s creation these bodies were all separate public authorities for FOI purposes. In 2017-18, the six research councils for which we have found data received a total of 287 FOI requests between them, an average of 48 requests each. That figure is virtually identical to the 47 requests made annually about ARPA or DARPA in the US, suggesting that any ARIA is likely to face a similarly modest level of requests.
  5. As it happens, DARPA’s experience illustrates precisely the kind of risks that this inquiry is considering. DARPA’s director between July 2009 and March 2012 was Dr Regina Dugan who, with her father, had previously co-founded a military technology company called RedXDefense (‘RedX’). RedX went on to receive substantial grants from DARPA. When Dr Dugan became DARPA’s director, her father succeeded her as CEO and her uncle sat on the company’s advisory board.[60] An investigation by the US Department of Defense’s (DOD) Inspector General was triggered by a complaint that while Dr Dugan was DARPA’s director it awarded $1.75m in contracts to RedX.[61] In fact, the investigation found no impropriety in this award but it did find that other aspects of Dr Dugan’s conduct had contravened the DOD’s ethics regulations. It reported that as DARPA director she had briefed senior Department of Defense officials using extracts from a RedX sales presentation which promoted a company theory as to the most effective way of detecting improvised explosive devices and included RedX copyright material, the company’s distinctive sales slogan and the results of field trials conducted with RedX products.
  6. There was no evidence that Dr Dugan had specifically asked officials to consider RedX but she had ‘nevertheless implied the products used to prove her theory were effective and created potential business opportunities for RedX, which was in a position to deliver an off-the-shelf solution to implement the theory Dr Dugan promoted.’ This was found to contravene the DOD’s ethics regulations prohibiting direct or implied endorsement of products or services.[62] Dr Dugan resigned during the investigation, though the resignation was said to be unrelated to it. Disclosures under the US FOIA appear to have contributed some background information on earlier contracts between DARPA and RedX.[63] The disclosure of a heavily redacted version of the Inspector General’s report was itself the result of an FOIA request.[64] 
  7. Nothing in the above account suggests that the UK government is acting wisely in proposing to spare ARIA the ‘burden’ of complying with FOIA. On the contrary, it is removing a potentially important tool for accountability. ARIA will be expected to fund high risk, high reward research’ and adopt an approach to science that does not shy away from failure.’[65] The prospect of it continuing to support clearly failing projects through a reluctance to admit defeat cannot be excluded. Its board will include scientists, who may be inclined to fund projects in their own specialties or at their own institutions, a possibility that may be facilitated by ARIA’s freedom to award grants without peer review. The government also envisages that ARIA will take equity stakes in companies and co-fund projects with the private sector,[66] activities carrying their own risks of conflicts of interest.
  8. In such cases, the prospect of receiving FOI requests may be an important reminder to ARIA that its decisions should be capable of being publicly justified – a principle that applies as much to a funder of high-risk projects as to any other public body.

The Health Service Safety Investigations Body

  1. The government is proposing to establish a new authority to investigate serious patient safety risks in the NHS. The proposed Health Service Safety Investigations Body (HSSIB) will publish a report on each investigation. But it would be prohibited from making public any other information held in connection with its functions, except in limited circumstances.[67] The prohibition would remove the right of access to such information under FOIA[68] and the right of individuals to see their own personal data under data protection legislation.[69] Disclosure of protected information, other than in limited circumstances, would become an offence.[70]
  2. The prohibition is said to be necessary:

‘to create a ‘safe space’ within which participants can provide information for the purposes of an investigation in confidence and therefore feel able to speak openly and candidly with the HSSIB.[71]

  1. If the purpose was to provide a safe space for participants it might be thought that the prohibition would apply to information likely to identify such a person, whether by name, job title or context. In fact, the proposed prohibition on disclosure is not limited in this way.   It would apply to:

any information, document, equipment or other item which is held by the HSSIB in connection with its function under section 2(1)’[72]

  1. The function referred to is the investigation of incidents that may have implications for NHS patient safety.[73]
  2. The scope of this prohibition is remarkable. It would apply to any information held ‘in connection with’ the HSSIB’s function that is not already published,[74] whether or not it relates to an identifiable individual, whether or not it relates to an identifiable investigation, whether or not it is capable of deterring participants from speaking frankly to investigators or inhibiting investigators in reaching their conclusions or causing any other adverse effect at all. 

Information which would be withheld

  1. Examples of information relating to the HSSIB’s statutory function whose disclosure would there be prohibited include:
  1. The shortcomings that are liable to be concealed by the prohibition may turn out to be ‘ordinary’ failings caused by administrative oversight, inadequate staffing or errors of judgement rather than, say, improper attempts to influence the authority’s conduct.  However, the prohibition is expressed in such broad terms that were such attempts made the details would be likely to fall within it.
  2. An HSSIB employee who attempted to reveal malpractice by disclosing information subject to the prohibition would commit an offence for which no ‘reasonable excuse’ defence would be available[77] and which would not be protected by existing whistleblower legislation.[78]
  3. Disclosures could be made for certain specified purposes (for example if required by a senior coroner or if the High Court ordered disclosure in the interests of justice) but no exception would be available for disclosures to Parliament. The Secretary of State would have the power to make regulations specifying additional circumstances in which prohibited information could be released but there has been no indication that this power might be used to, for example, facilitate select committee investigations. Should concerns arise about HSSIB’s conduct, two of the normal routes to scrutiny would be closed off.
  4. We do not believe that HSSIB’s work merits this degree of confidentiality.  The concerns that the government says justify these measures are emphatically recognised in decisions of the Information Commissioner (IC) and First-tier Tribunal. These rigorously protect information that would identify or reveal information about or supplied by an identifiable patient, relative, staff member involved in or witness to an incident, or which would reveal the contents of witness statements or medical records. For a review of these decisions see the Campaign’s recent evidence to the Health and Social Care Committee. [79]
  5. The function of the prohibition, as far as we can see, is not to protect sensitive information of a kind which is actually disclosed under FOIA. It is to allow investigators to tell potential witnesses that their promise of confidentiality is so solid that anyone who breaches it could face prosecution. We question whether that is necessary of proportionate, particularly as many other bodies, including the police, social services departments, NHS hospitals and health care professionals deal with and protect equally sensitive information despite being subject to FOIA.








  1. A major problem facing FOI users is the long delays that often occur. These may arise at each stage of the FOI process:   
  1. For the purpose of this submission we have examined the time taken to deal with the last 20 FOIA or EIR cases involving central government departments dealt with by the FTT before the first pandemic lockdown in March 2020.  That excludes any delay resulting from the lockdown when public authority and ICO staff had to work from home without full access to their files and FTT hearings were suspended for several months.
  2. In this survey:
  1. We also looked at the time from the request to the authority’s completion of internal review. This period is significant as the Information Commissioner’s Office (ICO) will not normally accept a complaint unless internal review has been completed
  2. The ICO states that internal review should normally not exceed 20 working days.[82] This means the time between the request and completion of internal review should normally not exceed 60 working days (up to 20 working days for the initial response, an extension of up to another 20 working days if necessary and 20 working days for internal review). This assumes there is no delay on the requester’s part
  3. In our survey:
  1. Looking at the time from the making of the request to the receipt of the FTT decision:
  1. This survey illustrates how common and significant delays have been, even before the pandemic. The cases surveyed show that FOI time limits were breached by government departments more often than they were complied with. A department that deliberately sought to avoid releasing contentious information at a sensitive time would barely stand out against the backdrop of routine delays.
  2. Authorities may be unconcerned about breaching time limits, having observed the lack of repercussions for those who do so. A 2019 FTT decision referred to an ICO investigation which had been ‘hampered by delays on the part of the Cabinet Office which bordered on the contemptuous’[84] Such delays led the ICO to serve no less than eleven legally binding Information Notices[85] on the Cabinet Office in 2019 (more than the total served on all other public authorities).[86] These required it to supply information to the ICO which it had previously failed to do when asked. Bizarrely, the Cabinet Office, the lead government department on FOI policy, says of itself that it:

plays a vital role in ensuring compliance with the Freedom of Information Act across Government’[87]

  1. In general the only consequence for an authority which has exceeded FOI time limits is that the breach will later be recorded in the final decision notice. If the same thing occurs again it usually just leads to nothing more than those breaches being recorded in those decision notices too.
  2. If a requester complains to the ICO about an overdue response while awaiting it, the ICO will intervene, but the process can be painfully slow. Typically, the ICO asks the authority to respond to the requester within 10 working days. If deadline is ignored, as it sometimes is, the ICO will issue a decision notice requiring the authority to respond to the requester within 35 calendar days. This further delay results from a FOIA requirement that steps to comply with a decision notice cannot be required until the time allowed for the authority to appeal to the tribunal has expired.[88]
  3. An authority receiving a decision notice about a failure to reply to a request can comply by simply refusing the request, citing appropriate grounds under the Act. To challenge that refusal the requester may then have to ask for an internal review and then make a new complaint. However, if this internal review is delayed the ICO may agree to investigate the complaint without it.
  4. In fact, the ICO has a powerful tool at its disposal which it has rarely employed. An enforcement notice[89] can be used to require an authority to respond to all overdue requests by a specified deadline. Although the ICO sometimes threatens the use of such notices it has, inexplicably, used them only twice to address delays in the 16 years since FOIA’s introduction. This is remarkable given the chronic problem of authorities with large backlogs of heavily overdue requestsIn 2018 it was revealed the Home Office had taken more than a year to answer each of 192 requests over the previous three years, and more than six months in 500 cases.[90] The backlog was finally cleared up by the threat of an enforcement notice but it was not clear why the ICO – with such a powerful tool at its disposal had not used it much earlier to prevent this vast number of delayed requests.
  5. In September 2018 the ICO introduced a more robust policy envisaging the use of enforcement notices where authorities had failed to respond to ICO requests for systemic delays to be tackled. The policy was withdrawn when the pandemic struck. There has so far been no indication that it will be reintroduced.[91]  It is difficult to see how delays can be addressed unless such a policy is implemented at an appropriate time.
  6. The substantial underfunding of the ICO’s FOI work by government is likely to contribute to  the ICO’s difficulty in addressing these problems. OpenDemocracy has reported that:

The ICO’s FOI budget was cut from £5.2 million in 2010–11 to £3.7 million in 2014–15 and has remained at roughly this level. This amounts to a 41% budget cut over a decade after adjustment for inflation[92]

  1. An indication of how poorly funded the IC’s FOI work is can be seen by comparing its FOI budget to that of the Scottish Information Commissioner (SIC).[93]
  1. This suggests that the Scottish Commissioner enjoys six times the UK’s Commissioner’s budget, per case, an indication of how underfunded the latter is by comparison.[94]


Legislative proposals

  1. FOIA has been subject to two major reviews since it came fully into force in January 2005. The Justice Committee reported on its post-legislative review of FOIA in 2012.[95] The Independent Commission on Freedom of Information chaired by Lord Burns and appointed by the government to review the Act’s operation reported in 2016.[96] Both proposed amendments to FOIA to address delays. These have not been implemented.

Public interest extensions

  1. The problem with public interest extensions is that they permit an unspecified reasonable extension. The only specific time limits are found in ICO guidance and are not directly enforceable. Moreover, the idea that an authority needs a 20 working day period to consider whether an exemption applies, and then a second 20 working days to consider the public interest balance does not reflect the actual process involved.
  2. The Justice Committee recommended that:

the 20 day extension be put into statute. A further extension should only be permitted when a third party external to the organisation responding to the request has to be consulted.[97]

  1. The Independent Commission recommended there should be no extension at all to consider the public interest:

generally the time extension for public interest consideration is unnecessary and simply creates additional uncertainty and bureaucracy around the operation of the Act both for requestors and public authorities. Public authorities should be considering which exemptions apply and the public interest in release at the same time.[98]

we consider that if there is to be a time extension in should be where the information requested is complex, voluminous, or where it is necessary to consult with third parties who may be affected by the release of the information. This should not be an open-ended extension, but should be limited to an additional 20 working days.[99]

Internal review

  1. The Justice Committee reported:

It is not acceptable that public authorities are able to kick requests into the long grass by holding interminable internal reviews. Such reviews should not generally require information to be sought from third parties, and so we see no reason why there should not be a statutory time limit—20 days would seem reasonable—in which they must take place. An extension could be acceptable where there is a need to consult a third party.’[100]

  1. The Independent Commission came to a similar conclusion:

There is currently no fixed limit on the time taken for such a review and we propose a statutory time limit of 20 working days.[101]

  1. There is significant agreement between the two reports on these issues. Had their recommendations been implemented, they could have had a significant impact on the delays problem. As the then Deputy Information Commissioner Graham Smith told the Justice Committee:

‘When there are quite challenging time limits under the Act, we have found that public authorities will put their efforts into meeting those, and their performance might slip somewhat when it comes to issues that do not have the same direct repercussions because there are no statutory time limits’[102]

  1. Implementing these recommendations would be an important step towards ensuring that FOIA is able to provide effective and timely oversight of the conduct of public authorities.



May 2021

[1] The Campaign for Freedom of Information was set up in 1984 and played a key part in persuading the government of the day to introduce the Freedom of Information Act 2000 and securing improvements to it during its Parliamentary passage.  Since the Act came into force in 2005 the Campaign has monitored and sought to improve the Act’s operation, provided assistance to requesters and training for both requesters and public authorities.


[2] HM Treasury, Response to a Freedom of Information request on Greensill, 8 April 2021.

[3] Bank of England, Communications between David Cameron and senior Bank Officials about Greensill Capital and the Covid Corporate Financing Facility (CCFF), 22 April 2021.

[4] Lord True (Minister of State, Cabinet Office), Response to Written Question 13 November 2020.

[5] Sunday Telegraph, Revealed: the truth about Tony Blair's role in the Ecclestone Affair, 11.10.2008

[6] In his memoirs, Mr Blair expressly links his regret about FOI to his failure to recognise that ‘we would also have our skeletons rattling around the cupboard’. See: ‘The Blair Memoirs and FOI, Campaign for Freedom of Information, 6.10.2010

[7] Except where the context indicates otherwise, this submission uses the term ‘FOIA’ to refer to both the Freedom of Information Act and the Environmental Information Regulations

[8] Freedom of Information Act 2000, section 2(2)(b), Environmental Information Regulations 2004, regulation 12(1)(b)

[9] The Department of Business, Enterprise and Regulatory Reform and Information Commissioner and Friends of the Earth, EA/2007/0072, 29.04.08

[10]  Chris Cook, ‘The law already exists to tackle lobbying. It just needs fixing’, Tortoise, 15.4.21

[11] Committee on Standards in Public Life, The Seven Principles of Public Life, 31.05.95.

[12] FOIA section 3(2)(b)

[13] Cabinet Office, Transforming public procurement, CP353, December 2020, page 12

[14] Tussell, Latest Updates on UK Government COVID-19 Contracts and Spending, 30.04.21

[15] Law Commission, Misconduct in Public Office, HC1027, 3.12.20, §3.11

[16] Law Commission, ibid., Recommendation 5 at §4.62

[17] Official Secrets Act 1989, sections 1(3), 2(1), 3(1) and 4(1)

[18] BBC, Television Licence Fee Trust Statement for the Year Ending 31 March 2013, 16.07.13

[19] Daily Mail, BBC's TV licence bullies are exposed: How ruthless bosses order staff to catch 28 people a week for bonuses of £15,000 a year, 27.02.17

[20] BBC, Internal review of response to FOI request about Capita, 7.8.17

[21] Ministry of Justice, Response to Parliamentary Question (UIN 243532), 10.04.19

[22] Ministry of Justice, Response to FOI request about HMP Birmingham, 19.02.20

[23] Kennedy, K. M., Green, P. G., & Payne-James, J. J. (2017). Complaints against health-care professionals providing police custodial and forensic medical/health-care services and sexual offence examiner services in England, Wales and Northern Ireland. Medicine, Science and the Law, 57(1), 12–32. https://doi.org/10.1177/0025802417691391

[24] Personal communication from Professor Payne-James, approved for publication by him.

[25] NHS Surrey, Response to FOI request about Virgin Care’s whistleblowing policy, 31.03.12

[26] Sir Robert Francis QC, Freedom to speak up, 2015

[27] Courts Act 2003, Part 4

[28] Ministry of Justice, Internal Review of FOI response to request about G4S court officers, 16.09.14

[29] Cabinet Office, Freedom of Information Code of Practice, paragraphs 9.1 and 9.2, 4.7.18

[30]Crown Commercial Service, Model Services Contract clause 23.6

[31] Information Commissioner’s Office, Outsourcing Oversight? The case for reforming access to information law, page 36

[32] Outsourcing Oversight? page 146

[33] Outsourcing Oversight? page 37

[34] Section 2(5) of the Official Information Act 1982

[35] Section 11(9)) of Ireland’s Freedom of Information Act 2014. “Service provider” is defined in section 2 as “a person who, at the time the request was made, was not an FOI body but was providing a service for an FOI body under a contract for services and contract for services in this definition includes an administrative arrangement between an FOI body and another person”.

[36] Section 6C of Australia’s Freedom of Information Act 1982 (as amended)

[37] The Freedom of Information (Scotland) Act 2001 (Designation of Persons as Scottish Public Authorities) Order 2016

[38] CFOI analysis of data from the Scottish Information Commissioners Statistics Portal. Accessed 6.05.21.

[39] Scottish Government, Freedom of Information – extension of coverage: consultation analysis, 6.03.20

[40] Ministry of Justice, Government Response to the Justice Committee’s Report: Post-legislative scrutiny of the Freedom of Information Act 2000, paragraph 57, November 2012

[41] Institute for Government, Government outsourcing: what has worked and what needs reform?, page 22.

[42] These provide a separate right of access to environmental information, which operates alongside FOIA.

[43] Cabinet Office, Transforming public procurement, CP353, December 2020

[44] Outsourcing Oversight? page 3

[45] Information Commissioner’s Office, Transparency in Outsourcing: a roadmap, March 2015.

[46] Elizabeth Denham, Oral evidence: Online harms and the ethics of data to the House of Commons Digital, Culture, Media and Sport Committee, Sub-Committee on Online Harms and Disinformation, HC 646, 26.01.21

[47] Public Administration and Constitutional Affairs Committee, After Carillion: Public sector outsourcing and contracting, Seventh Report of Session 2017–19, HC 748, 9.7.18

[48] Institute for Government, Government outsourcing: what has worked and what needs reform?, page 66

[49] Committee on Standards in Public Life, The Continuing Importance of Ethical Standards for Public Service Providers, page 7, June 2014

[50] Independent Commission on Freedom of Information, Report, page 52, March 2016

[51] Justice Committee, Post-legislative scrutiny of the Freedom of Information Act 2000, page 88, 3.07.12

[52] Public Accounts Committee, Lessons from PFI and Other Projects, 44th report of session 2010-12, HC 1201, 180.7.11

[53] Public Accounts Committee, Department for Work and Pensions: the Introduction of the Work Programme, 85th report of session 2010-12, HC 1814, 15.05.12

[54] Open Government Network, Proposal to extend Freedom of Information to all public contractors, 10.03.16

[55] UK Anti-Corruption Coalition, Fighting Corruption: An Agenda for 2021, May 2021.

[56] 38 Degrees, Extend the Freedom of Information Act to companies awarded government contracts, accessed 6.05.21

[57] Department for Business, Energy & Industrial Strategy, Advanced Research and Innovation Agency, Policy Statement, 19.03.21

[58] ARIA will be a statutory corporation, an entity which is not automatically covered by any of the definitions of ‘public authority’ in Schedule 1 of FOIA. It could be added to that Schedule by the ARIA bill itself or by an order made under section 4 of FOIA.

[59] Campaign for Freedom of Information, Briefing for House of Commons 2nd Reading of the Advanced Research and Invention Agency Bill, March 2021.

[60] Program on Government Oversight, Former DoD Research Chief Violates Ethics Rule, Won’t Face Punishment, 2014, p. 2

[61] Wired, All in the Family: Darpa Chief Owed $250,000 by Darpa Contractor’, 30.3.2011

[62] US Department of Defense, Inspector General, Report of Investigation: Dr. Regina Dugan, 9 April 2013

[63] Wired, Darpa Backed Director’s Bomb Detector, Despite Failed Tests, 29.3.2012

[64] Washingon Post, Google executive who ran Pentagon agency under scrutiny in ethics case, 14.8.14

[65] Amanda Solloway MP, Minister for Science, Research & Innovation, Letter to Greg Clark MP, Chair, Science and Technology Select Committee,   2.3.21

[66] Department for Business, Energy & Industrial Strategy, Advanced Research and Innovation Agency, Policy Statement, 19.03.21

[67] The prohibition was contained in clause 13(1) of the Health Service Safety Investigations Bill which had its second reading in the House of Lords on 29 October 2019 but which fell with the election in December 2019. The DHSC’s ‘Integration and Innovation’ white paper says (paragraphs 5.140 – 5.142) the provisions of that bill relating to the proposed body, including the prohibition, will be incorporated into a new Health and Care Bill. Clause references to the proposed prohibition are to clauses in the 2019 bill.

[68] Clause 18(1)

[69] Department of Health & Social Care, The Government response to the Report of the Joint Committee on the Draft Health Service Safety Investigations Bill, December 2018

[70] Clause 20

[71] Health Service Safety Investigations Bill [Hl], Explanatory Notes, §49.

[72] Clause 13(1)

[73]  Clauses 2(1) and 2(7)(c)

[74]  Clause 13(2)

[75]  Although the criteria for deciding which incidents to investigate would be published under clause 3(1)(a) the reasons for any particular decision would involve the release of information held in connection with HSSIB’s function of investigating safety incidents.

[76] The procedure to be followed in carrying out an investigation must be published under Clause 3(2)(c)

[77] Clause 20(1). A ‘reasonable excuse’ defence would be available to people who are provided with information for purposes permitted under the bill and who make a further disclosure of that information (Clauses 20(2) and (3)). This does not apply to HSSIB employees

[78] Section 43B(3) of the Employment Rights Act 1996, provides that the protection provided to employees who make protected disclosures is not available where the making of the disclosure is itself an offence.

[79] Campaign for Freedom of Information, Submission to the Health & Social Care Committee’s inquiry on The Department’s white paper on health and social care, 24.3.2021, pages 10-13

[80] That is, the standard 20 working day response period plus a further 20 working day extension.

[81] FOIA allows authorities to extend the 20 working day period to consider the public interest test which applies to certain exemptions. In these cases an unspecified ‘reasonable’ extension is permitted under the Act. The IC’s guidance is that this should not normally exceed a further 20 working days.  The EIR allow a 20 working day extension where the requested information is both voluminous and complex but do not provide an extension to consider the public interest test. 

[82] ICO, Time limits for compliance under the Freedom of Information Act, Version 1.1 (20150720)

[83] This case involved a request to the Foreign and Commonwealth Office for information concerned a 1986 attempt to bomb an El Al flight departing from Heathrow airport. The decision notice (FS50703832) stated that this was not the only recent case involving the FCO where such delays had occurred and that if further cases arose the Information Commissioner ‘will consider taking any action open to her in order to ensure that the FCO complies not only with its statutory responsibilities under the legislation, ie the completion of public interest considerations in a timely manner, but also to ensure that internal reviews are undertaken in line with the timeframes set out in her guidance’.

[84] EA/2019/0020, Cabinet Office & Information Commissioner & Andy Worms

[85] An Information Notice is served under section 51 of FOIA and requires a public authority to provide the Information Commissioner with information which she reasonably requires to determine whether the authority has complied or is complying with the Act’s requirements or with two codes of practice issued under the Act. Failure to comply can be referred to the High Court under section 54 of FOIA and dealt with as contempt of court.

[86] Information Commissioner’s Office, FOI information notices and practice recommendations

[87] Cabinet Office, ‘Guidance, Cabinet Office and Freedom of Information’, 18 March 2021

[88] This further delay results from section 50(6) of FOIA which prevents a decision notice taking effect until the time allowed for the authority to appeal to the tribunal has expired.

[89] FOIA, section 52

[90] Martin Rosenbaum, Home Office takes years to answer information requests’, BBC News, 3.9.18

[91] Campaign for Freedom of Information, ‘Robust approach to FOI time limits stalled by pandemic’, 2.6.20

[92] OpenDemocracy, ‘Art of Darkness’, November 2020

[93] The Scottish Information Commissioner enforces the Freedom of Information (Scotland) Act. Unlike the UK Commissioner, he has no responsibility for data protection legislation.

[94] The Scottish Commissioner’s FOI budget must fund the whole of their office accommodation, while the UK Commissioner’s office costs are presumably be shared between her data protection income and her FOI income On the other hand, the IC has a vastly larger staff (720.3 full time equivalents) than the SIC (23.8 FTEs), and its accommodation costs exceed those of SIC’s by a factor of ten (£879,000 compared to £87,000 in 2019/20).

[95] House of Commons Justice Committee, Post-legislative scrutiny of the Freedom of Information Act 2000, First report of Session 2012-13, HC 96-1, July 2012 (subsequently cited as ‘Justice Committee’)

[96] Independent Commission on Freedom of Information, Report, March 2016 (subsequently cited as ‘Independent Commission’)

[97] Justice Committee, paragraph 111

[98] Independent Commission, page 17

[99] Independent Commission, page 14

[100]  Justice Committee, paragraph 103

[101] Independent Commission, page 11

[102] Justice Committee, paragraph 104.