UPDATE JUNE 30: Government’s FOI ’round robin list’ doesn’t comply with data protection rules

If you’ve ever made a Freedom of Information request to government there’s a decent chance that it and your name has been passed around every government department and hundreds of staff, before it’s been answered. 

Details released by the Ministry of Justice show that those make Freedom of Information requests to government bodies may have their information passed to others.

The Department has confirmed the existence of a request sharing scheme where a ’round robin list’ is sent to other officials and occasionally centrally provided advice for answering the requests is given.

On face value this would go against the FOI Act’s principles of being applicant blind as the details of those asking for information will be known – their details may even be shared before they have made a similar request to another department.

It could also raise data protection concerns as the personal details of those making requests may not be being processed in a way that would be reasonably expected.

The process works by a government department deciding that an FOI request may have been sent to more than one department it can then then forward it on to other civil servants for them to see. Requests sent to more than one public authority at once are often called ’round robins’. 

64 government departments and agencies and includes everything from the Cabinet Office to staff working at the Foods Standards Agency, High Speed 2, and the Civil Aviation Authority are on the list that share requests. The full list is at the bottom of this post.

During the two months from March to April the Ministry of Justice said that 95 FOI requests were passed between government bodies.

Included in the those requests passed around were questions on civil servants meeting with lobbyists, whistle blowing, the diaries of officials, and information on use of RIPA powers.

Requests for information about Prince Charles’ letters to ministers, legal spend in government, psychometric tests, social media policies, and emails in ministers’ inboxes which contained the word ’embarrassing’, were also shared between the bodies.

Court decisions have outlined that the FOI Act can in most circumstances be considered as applicant and motive blind. Last year one council was criticised by the information regulator for publishing the names of requesters online.

Despite the principle the names of requesters on the round robin list may be shared with the other departments.

The MoJ, which is responsible for FOI, said it takes its data protection obligations seriously but does not see a problem with passing the details of those asking for information between different government departments.

“Information on a privacy impact assessment around the sharing of FOI requests is not held,” the Ministry of Justice said.

“The Ministry of Justice takes its obligations under the Data Protection Act very seriously, but we do not believe it necessary to carry out such an assessment in this instance owing to the very limited information circulated within government departments and agencies.”

The Ministry of Justice also provided an extract sent by one of its officials to the Medicines and Healthcare Products Regulatory Agency explaining why it passed the details of those making requests to others.

“The purpose of the round robin list is to help departments to get a feel for who else, if any, has received the same request,” the unnamed official said to the Agency.

“In some cases, it might be useful to talk to other departments to check on interpretation of the request, and perhaps also to co-ordinate the response somewhat.

“In some cases the lead departments for the relevant policies might want to put out some advice directly to the departments that have received the request, rather than to everyone on the circulation of the RR list.

“It would therefore be useful if you could continue to let us know when you have received a request which you think might be a round robin, and also when you have received one that is already on the list.”

UPDATE: AFTER AN INTERNAL REVIEW OF THE ORIGINAL FOI REQUEST THE MINISTRY OF JUSTICE FOUND IT HADN’T GIVEN THE FULL LIST OF BODIES… INCLUDING THE PM’S OFFICE. 

From the Internal Review:

As part of this review, I have checked the information that was searched and have found that the list was indeed incomplete. I have identified the following eight bodies who receive the round robin that were not on the list originally provided to you:

 Charity Commission

 Gambling Commission

 Government Legal Service (note: this is not a body as such. It is an umbrella group comprising around two thousand qualified lawyers working as civil servants in around thirty UK Government departments).

 Health Research Authority

 HM Courts & Tribunals Service

 Law Commission

 Prime Minister’s Office

 Privy Council Office

 Supreme Court

In terms of any other inaccuracies on the list provided to you, I found that the list is not circulated to any National Health Service (NHS) body. Ms Peterson erroneously listed ‘National Health Service’ instead of the Health Research Authority (HRA). As you may be aware, the HRA is not part of the NHS, but an arm’s length body of the Department of Health.

UPDATE 2: Here’s how one of my requests was passed around the round robin list (the email used to share the requests is actually roundrobins@justice.gsi.gov.uk). It appears the request was forwarded between departments and then added to the list. 

roundrobin1roundrobin2

The list of FOI requests that have been shared and the departments that have received them. 

FOI Round Robin List sharing details

I am a journalist and author. I am a staff writer at the UK edition of WIRED magazine and in 2015 my book, Freedom of Information: A Practical Guide for UK Journalists, was published. I created FOI Directory in 2012.

1 COMMENT

  1. As I have commented elsewhere there is nothing wrong with a round robin procedure. However none of the reasons given by the MoJ and others justify including the applicant’s name routinely. Suggestions that it may cause no harm are entirely spurious. Data Protection only requires harm or prejudice to be considered AFTER processing is deemed necessary. If it is not necessary harm is irrelevant – the processing itself is sufficient to establish breach. Possibly unfair as unexpected and certainly in breach of Principle 4 (“adequate, relevant and not excessive” note no mention of prejudice or harm).

Comments are closed.