Home Decisions

Decision 164/2017

Decision 164/2017: Mr Allan Nugent and Glasgow City Council

Name of Council officer and post held

Reference No: 201701216
Decision Date: 3 October 2017

Summary

The Council was asked for the name of, and the post held by, a Council officer. The Council responding by stating that the information was personal data and exempt from disclosure.

Following investigation, the Commissioner found that the Council was entitled to withhold the officer's name and post on the basis that disclosure would breach the Data Protection Act 1998.

Relevant statutory provisions

Freedom of Information (Scotland) Act 2002 (FOISA) sections 1(1) and (6) (General entitlement); 2(1)(a) and (2)(e)(ii) (Effect of exemptions); 38(1)(b), (2)(a)(i), (2)(b) and (5) (definitions of "data protection principles", "data subject" and "personal data") (Personal information)

Data Protection Act 1998 (the DPA) section 1(1) (Basic interpretative provisions) (definition of "personal data"); Schedule 1 (The data protection principles, Part I: the principles) (the first data protection principle) and Schedule 2 (Conditions relevant for purposes of the first principle: processing of any personal data) (conditions 1, 5(a) and 6)

The full text of each of the statutory provisions cited above is reproduced in Appendix 1 to this decision. The Appendix forms part of this decision.

All references in this decision to "the Commissioner" are to Margaret Keyse, who has been appointed by the Scottish Parliamentary Corporate Body to discharge the functions of the Commissioner under section 42(8) of FOISA.

  Background

1. On 30 April 2017, Mr Nugent wrote to the Council and commented that at a Licensing and Regulatory Committee meeting held on 15 June 2016, a Council officer (who was not listed as an attendee at the meeting) made several statements. He requested the name of the Council officer and the exact position he held within the Council, commenting that he required this information to establish the Council officer's knowledge of the subject he had commented upon.

2. The Council responded on 2 May 2017. It explained that it was unable to provide details of individuals below Grade 9 (which included the staff member Mr Nugent was concerned about), as it considered this information to be exempt in terms of section 38(1)(b) of FOISA. It explained why it believed disclosure would breach the first data protection principle.

3. On 3 May 2017, Mr Nugent wrote to the Council requesting a review of its decision. He submitted that the officer was at a public meeting, at the Council's direction, and his pay grade gave him the right to address Mr Nugent at the meeting. In his opinion, the person had made derogatory remarks to him, and unjustifiable statements about the Council's charging formula, at the meeting.

4. The Council notified Mr Nugent of the outcome of its review on 24 May 2017. It maintained that the information was exempt under section 38(1)(b), as the individual would have no expectation that their personal data would be disclosed in response to a FOISA request.

5. The Council further informed Mr Nugent that it did not believe that disclosing the Council officer's name and job title would allow him to establish the officer's knowledge of the subject commented upon. It confirmed that the officer had extensive knowledge of various licensing schemes, including Taxi and Private Hire Car licensing, and provided details of their role and responsibilities within the Council. It explained this expertise was built up over ten years in a variety of operational and strategic roles within the licensing function.

6. The Council also noted Mr Nugent's comments that the Council officer made derogatory remarks and unjustifiable statements at the meeting. It advised Mr Nugent of its complaints process, directing him to where on its website he could make a complaint. It explained that reference to the relevant Committee meeting would enable the Council to identify the officer in question for the purposes of any complaint, without the need to place the officer's name in the public domain under FOISA.

7. On 10 July 2017, Mr Nugent wrote to the Commissioner. He applied to the Commissioner for a decision in terms of section 47(1) of FOISA. Mr Nugent stated he was dissatisfied with the outcome of the Council's review because he believed he had the right to know the name of the Council officer in question.

Investigation

8. The application was accepted as valid. The Commissioner confirmed that Mr Nugent made a request for information to a Scottish public authority and asked the authority to review its response to that request before applying to her for a decision.

9. On 10 August 2017, the Council was notified in writing that Mr Nugent had made a valid application. The case was allocated to an investigating officer.

10. Section 49(3)(a) of FOISA requires the Commissioner to give public authorities an opportunity to provide comments on an application. The Council was invited to comment on this application and to respond to specific questions. In particular, the Council was asked to justify its reliance on any provisions of FOISA it considered relevant, with specific reference to the provisions of section 38(1)(b) of FOISA.

11. The Council responded, confirming its position that the information requested was exempt from disclosure under section 38(1)(b) of FOISA. It provided reasons for this position.

12. Mr Nugent also made a number of submissions, providing reasons why he considered the information should be disclosed.

  Commissioner's analysis and findings

13. In coming to a decision on this matter, the Commissioner considered all of the relevant submissions, or parts of submissions, made to her by both Mr Nugent and the Council. She is satisfied that no matter of relevance has been overlooked.

Section 38(1)(b) - Personal Information

14. Section 38(1)(b) of FOISA, read in conjunction with section 38(2)(a)(i) or (2)(b) (as appropriate) exempts personal data if its disclosure to a member of the public, otherwise than under FOISA, would contravene any of the data protection principles.

15. The Council submitted that the withheld information was personal data for the purposes of the DPA and that its disclosure would contravene the first data protection principle. It therefore argued that the information was exempt under section 38(1)(b) of FOISA.

16. In considering the application of this exemption, the Commissioner will first consider whether the information in question is personal data as defined in section 1(1) of the DPA. If it is, she will go on to consider whether disclosure of the information would breach the first data protection principle, as claimed.

17. It must be borne in mind that this particular exemption is an absolute exemption. This means that it is not subject to the public interest test contained in section 2(1)(b) of FOISA.

Is the information under consideration personal data?

18. "Personal data" are defined in section 1(1) of the DPA as "data which relate to a living individual who can be identified from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual."

19. The Council commented that Mr Nugent had requested the name and job title of an individual Council officer (the data subject). It submitted that in its opinion the data subject's name was data coming within the definition of "personal data" in terms of the DPA, relating to a living individual who could be identified from those data. It further submitted that the data subject's job title was unique within the department and therefore disclosing the job title would distinguish that individual from other members of the group in which they worked. As such, the Council submitted that both the name and job title were the personal data of the data subject.

20. The Commissioner has considered the submissions received from the Council and has taken cognisance of the (UK) Information Commissioner's Guidance, "Determining what is personal data"[1]. Bearing in mind that Mr Nugent's request relates to information concerning a specific individual, and the unique post held by that individual, she is satisfied that the information relates to that living individual, who can be identified from the information. The information is biographical in relation to, and focuses on, the individual Council officer. It is therefore that individual's personal data, as defined by section 1(1) of the DPA.

21. The Commissioner does not consider it would be possible to provide the post held by the individual without the individual concerned being identified.

Would disclosure breach the first data protection principle?

22. The first data protection principle states that personal data shall be processed fairly and lawfully. The processing in this case would be disclosure of the information into the public domain, in response to Mr Nugent's request. The first principle also states that personal data shall not be processed unless at least one of the conditions in Schedule 2 to the DPA is met. If the personal data are also sensitive personal data, at least one of the conditions in Schedule 3 must be met in addition: the Commissioner has considered the definition of sensitive personal data in section 2 of the DPA and is satisfied that this does not apply to the withheld information.

23. There are three separate aspects to the first data protection principle: (i) fairness, (ii) lawfulness and (iii) the conditions in the schedules. These three aspects are interlinked. For example, if there is a specific condition in Schedule 2 which permits the personal data to be disclosed, it is likely that the disclosure will also be fair and lawful.

Can any of the conditions in Schedule 2 be met?

24. Condition 1 in Schedule 2 provides that personal data may be processed if the data subject has given consent to the processing. In its submissions to the Commissioner, the Council confirmed that the data subject had been consulted at the time of the initial request, at the review stage and following Mr Nugent's application to the Commissioner. The data subject declined to give consent, so the Commissioner accepts that condition 1 cannot be met in this case.

25. In his submissions to the Commissioner, Mr Nugent provided a number of reasons why he believed the information should be disclosed. He referred to condition 5(a) in Schedule 2, which allows personal data to be processed if the process is necessary for the administration of justice. He made a number of comments regarding the veracity of the statements made by the individual concerned and their impact on his case, and submitted that he was legitimately entitled to the information in order that justice could be administered.

26. Based on the arguments provided by Mr Nugent, the Commissioner cannot agree that the data in question is required for the administration of justice. The term "administration of justice" is generally taken to refer to the effective functioning of the courts, a process for which Mr Nugent is not responsible. Even if he were engaged in judicial proceedings - and there is no suggestion that he is - he has given no indication of what such proceedings might relate to or why the administration of justice (in the context of such proceedings) should require disclosure of the withheld personal data. In all the circumstances, the Commissioner is unable to conclude that condition 5(a) could be met in this case.

27. In the circumstances, it appears to the Commissioner that condition 6 in Schedule 2 is the only one which might permit disclosure to Mr Nugent. In any event, other than Mr Nugent's reference to Condition 5(a), neither Mr Nugent nor the Council has argued that any other condition would be relevant.

28. Condition 6 allows personal data to be processed if the processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject (the individual(s) to whom the data relate).

29. There are, therefore, a number of different tests which must be satisfied before condition 6 can be met. These are:

a. Is Mr Nugent pursuing a legitimate interest or interests?

b. If yes, is the processing involved necessary for the purposes of those interests? In other words, is the processing proportionate as a means and fairly balanced as to ends, or could these interests be achieved by means which interfere less with the privacy of the data subject(s)?

c. Even if the processing is necessary for Mr Nugent's legitimate interests, is that processing nevertheless unwarranted in this case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject(s)?

30. There is no presumption in favour of the disclosure of personal data under the general obligation laid down by section 1(1) of FOISA. Accordingly, the legitimate interests of Mr Nugent must outweigh the rights and freedoms or legitimate interests of the data subjects before condition 6 will permit the personal data to be disclosed. If the two are evenly balanced, the Commissioner must find that the Council was correct to refuse to disclose the personal data to Mr Nugent.

Is the applicant pursuing a legitimate interest or interests?

31. The Council submitted that it did not consider Mr Nugent to have a legitimate interest for the purposes of condition 6. It commented that in his request, Mr Nugent had stated that he required the information in order to "establish his knowledge of the subject on what he commented on". The Council explained that in its review outcome of 24 May 2017, it had provided information in relation to the officer's experience in his role which it believed would meet Mr Nugent's legitimate interest, without the need to release the individual's personal data into the public domain.

32. Mr Nugent provided extensive submissions as to why, in his view, the withheld personal data should be disclosed. At the outset, he stated that he required the information "to establish [the officer's] knowledge of the subject … he commented on." Given the Council's refusal to provide the information, he also questioned whether the individual was in fact employed by the Council. He submitted that he had a right to know who was making public statements at meetings as part of their job.

33. From these submissions, it is apparent that Mr Nugent is unhappy with the way he was treated at the meeting in question, with what was said by the officer concerned and with the perceived impact of what was said on his treatment and the outcome of the meeting. He wishes to pursue formal avenues of complaint and may wish to pursue other avenues of redress. Clearly he is aggrieved and has a legitimate interest in pursuing his grievances, through the appropriate channels.

34. What the Commissioner must consider, however, is whether Mr Nugent is pursuing a legitimate interest in seeking the withheld personal data. She must admit that it is far from clear how obtaining this information would contribute to addressing the wider grievances he has identified. There may be a value in knowing whether the individual in question had the requisite knowledge to make the statements Mr Nugent is concerned about, but the Commissioner is inclined to agree with the Council that what Mr Nugent asked for would contribute little, if anything, to knowing that. All he asked for was the individual's name and position, which would really cast no useful light on their relevant knowledge, and the Council's original response to the request appears to go considerably beyond what was asked for in providing information on the individual's duties, knowledge and experience.

35. There might be some interest in establishing a job title to confirm that the individual concerned was indeed an employee of the Council, but it is not entirely clear why that should be in doubt. Mr Nugent asked for details of a Council employee and the Council's response acknowledged that the individual concerned was one of its employees. Mr Nugent then surmised, with no obvious justification, that the individual might not be a Council employee.

36. As indicated above, Mr Nugent has a legitimate interest in pursuing any grievances he might have as a result of the meeting which led to his request. The Commissioner accepts that Mr Nugent has a legitimate interest in being treated fairly by the Committee in question, and in being satisfied that the Council has done nothing prejudicial to his being treated fairly. In this regard, Mr Nugent may have legal remedies if he wishes to challenge the fairness of his treatment, and he can no doubt complain to the Council (and thereafter, potentially, to the Scottish Public Services Ombudsman) if he believes the officer's conduct was prejudicial or otherwise inappropriate.

37. However, the Commissioner does not accept that any legitimate interest of the kind described in the last paragraph would extend to the personal data under consideration in this case. He appears to believe that he needs to identify the individual concerned to make a complaint, but there would appear to be no reasonable foundation for this view. It should be quite possible to pursue any legitimate remedy Mr Nugent might have in relation to his concerns without him knowing the identity of that individual. Insofar as the individual would need to be identified for the purposes of pursuing such remedies, that can be done without their name and position being disclosed to the world under FOISA.

38. In all the circumstances, therefore, the Commissioner is not satisfied that Mr Nugent has demonstrated that he has a legitimate interest in the withheld personal data, for the purposes of condition 6 in Schedule 2 of the DPA.

39. Given the above conclusions, the Commissioner finds that there is no condition in Schedule 2 which would permit disclosure of the personal data under consideration. In the absence of a condition permitting disclosure, that disclosure would be unlawful. Consequently, the Commissioner finds that disclosure would breach the first data protection principle and that the information is therefore exempt from disclosure (and properly withheld) under section 38(1)(b) of FOISA.

Decision

The Commissioner finds that Glasgow City Council complied with Part 1 of the Freedom of Information (Scotland) Act 2002 in responding to the information request made by Mr Nugent.

  Appeal

Should either Mr Nugent or Glasgow City Council wish to appeal against this decision, they have the right to appeal to the Court of Session on a point of law only. Any such appeal must be made within 42 days after the date of intimation of this decision.

Margaret Keyse
Acting Scottish Information Commissioner

3 October 2017

  Appendix 1: Relevant statutory provisions

Freedom of Information (Scotland) Act 2002

1 General entitlement

(1) A person who requests information from a Scottish public authority which holds it is entitled to be given it by the authority.

(6) This section is subject to sections 2, 9, 12 and 14.

2 Effect of exemptions

(1) To information which is exempt information by virtue of any provision of Part 2, section 1 applies only to the extent that -

(a) the provision does not confer absolute exemption; and

(2) For the purposes of paragraph (a) of subsection 1, the following provisions of Part 2 (and no others) are to be regarded as conferring absolute exemption -

(e) in subsection (1) of section 38 -

(ii) paragraph (b) where the first condition referred to in that paragraph is satisfied by virtue of subsection (2)(a)(i) or (b) of that section.

38 Personal information

(1) Information is exempt information if it constitutes-

(b) personal data and either the condition mentioned in subsection (2) (the "first condition") or that mentioned in subsection (3) (the "second condition") is satisfied;

(2) The first condition is-

(a) in a case where the information falls within any of paragraphs (a) to (d) of the definition of "data" in section 1(1) of the Data Protection Act 1998 (c.29), that the disclosure of the information to a member of the public otherwise than under this Act would contravene-

(i) any of the data protection principles; or

(b) in any other case, that such disclosure would contravene any of the data protection principles if the exemptions in section 33A(1) of that Act (which relate to manual data held) were disregarded.

(5) In this section-

"the data protection principles" means the principles set out in Part I of Schedule 1 to that Act, as read subject to Part II of that Schedule and to section 27(1) of that Act;

"data subject" and "personal data" have the meanings respectively assigned to those terms by section 1(1) of that Act;

Data Protection Act 1998

1 Basic interpretative provisions

(1) In this Act, unless the context otherwise requires -

"personal data" means data which relate to a living individual who can be identified -

(a) from those data, or

(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual;

Schedule 1 - The data protection principles

Part I - The principles

1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless -

(a) at least one of the conditions in Schedule 2 is met, and

(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

Schedule 2 - Conditions relevant for purposes of the first principle: processing of any personal data

1 The data subject has given his consent to the processing.

...

5 The processing is necessary-

(a) for the administration of justice,

6. (1) The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.

[1] http://ico.org.uk/~/media/documents/library/Data_Protection/Detailed_specialist_guides/PERSONAL_DATA_FLOWCHART_V1_WITH_PREFACE001.ashx