The evolution of the Freedom of Information Act (FOIA) will reach a key milestone on 1st September, as the new open data rights come into force.
Changes to the law not only give new rights to request data in a form that means it can be re-used, but also give users the right to re-use that data, even commercially.
It is a welcome upgrade for FOIA. The strong foundation we have in the current legislation is being enhanced by additional rights. Put simply, the more usable the data, the greater the potential to enhance accountability, transparency and economic growth.
The ICO is keen to play its part in the process. We’ve published new guidanceon the changes, as well as an at-a-glance list of what public authorities can do to get ready for the changes. We’ve also highlighted a couple of possible pitfalls in providing the information.
The changes are all about datasets, something defined in the new legislation.Section 102 of the Protection of Freedoms Act 2012 has amended sections 11 and 19 of the Freedom of Information Act, giving new rights to receive datasets in a form capable of re-use (e.g. CSV). For the first time, the Act now gives users the right to re-use datasets, under the terms of a specified licence – in most cases likely to be the Open Government Licence (OGL). The amendments also require public authorities to publish any requested datasets as part of their publication scheme, if appropriate.
It is important to note that the changes do not give new rights of access – they are concerned with format and the ability to re-use datasets, once the public authority has decided that no exemptions or other provisions (e.g. costs, vexatious) in the legislation apply.
The new Freedom of Information (Release of Datasets for Re-use) (Fees) Regulations 2013 have also been published today. These new regulations set out how a public authority can charge for making a certain datasets available for re-use – the costs they can recover and a reasonable return on investment.
How is the ICO helping?
The ICO has published new guidance that explains the provisions in more detail and gives examples. It’s in addition to the guidance contained in the newsection 45 code of practice on datasets published by the Ministry of Justice (MoJ) last month. We’ve consulted and worked with a group of practitioners on our guidance, and we’ve worked with the Cabinet Office and MoJ to provide input into the section 45 Code.
The ICO will also update the model publication scheme to reflect these changes and the accompanying guidance on how to operate a scheme.
What should public authorities be doing to prepare?
It was hard to envisage open data and its potential when the internet was in its infancy, when work started on developing FOIA back in 1997, but three years into the current initiative open data is still going strong and is clearly here to stay. Some great examples are emerging of open data in action, and the Open Data Institute is doing some great work to demonstrate the benefits of open data.
Public authorities need to embrace that spirit. In the same way that the Act contains the underlying principle of an “assumption in favour of disclosure”, it’s important to now adopt an approach of “open data by default”.
Here are the key first steps:
- Start to think about the definition of dataset: what information or categories of information do you have that fits the definition?
- Promote the key principles of open data in your organisation: use an open format and open licences by default and only deviate from this when you have good reasons to do so.
- Charging for re-use is not encouraged but can be justified in some situations: do you have existing powers that allow you to charge? If you charge for re-use under the new regulations, can you justify the cost recovery and return on investment?
- Make sure you know who owns the intellectual property rights (IPR) in your datasets?
- Familiarise yourself with the licencing framework and the new version 2.0 of the OGL. FOI officers may need to learn a little more about copyright.
- In some organisations open data is not part of the remit of the FOI officer. It’s crucial to make sure these two functions have an understanding that they need to work together.
- Consider what datasets you can make available for re-use proactively in your publication scheme.
Looking longer term, we’d advise public authorities to think about open data requirements when you are procuring new IT systems. At the ICO we’ve often talked about privacy by design – we also want public authorities to think abouttransparency by design.
If you already feel you are doing well with open data your public authority may want to apply for a certificate from the Open Data Institute. This isn’t a guarantee of legal compliance but a great way to demonstrate your commitment to open data standards (the certificate is currently in beta form).
The risk of revealing too much
As I’ve noted above, these changes to FOIA don’t affect the way exemptions are applied but they may encourage new requests for datasets that contain personal data. Last year we published our code of practice – anonymisation: managing data protection risk. This contains guidance on how to make decisions about anonymising personal data.
It is also worth reminding everyone of the risks of disclosing data in pivot tables again. See my last blog.
The ICO has some learning to do as well – we may end up considering complaints about the re-use of information for the first time. We’ve been working closely with our colleagues from the Office for Public Sector Information at the National Archives, who regulate the Re-use of Public Sector Information Regulations. They will continue to regulate re-use of all non-dataset information. We’ve updated our MoU and have put in place a new co-operation agreement. This enables us to share information and knowledge with each other, to ensure there is as much consistency as possible in our regulatory approaches.
We know too that the ICO can do more to open up its own data. As well as complying with these new obligations we’ll be thinking proactively about how we can improve the range and quality of open data we provide on our website. We’re starting a project to upgrade the ICO website and open data capability will be one of the objectives. If you have ideas about how we should open up our data, including ideas about the type of open data the ICO should be publishing and how we should do it, let us know.
|Steve Wood‘s department develops the outputs that explain the ICO’s policy position on the proper application of information rights law and good practice, through lines to take, guidance, internal training, advice and specific projects.|