The UK Information Commissioner and the Secretary of State for Justice have entered into Memoranda of Understanding on the handling of information requests in national security cases under the UK’s Data Protection Act (DPA), Freedom of Information Act (FOIA) and Environmental Information Regulations 2002 (EIRs). The new Memoranda replace the Memorandum of Understanding entered into by the parties on 24 February 2005.
The Memoranda aim to promote “good standards of co-operation” by setting out guidelines as to how the Information Commissioner’s office (ICO) and various UK government departments will cooperate with one another in cases in which a government department refrains from disclosing information to an individual, or the ICO, on the basis of national security.
The Memorandum relating to the DPA notably allows government departments to withhold information as well as provide a “neither confirm nor deny” in response to Subject Access Requests made by the ICO in national security cases. The Memorandum also sets out cooperation measures for cases in which, pursuant to section 42 of the DPA, the ICO requests information “on behalf of any person who is, or believes himself to be, directly affected by any processing of personal data”. Finally, the Memorandum relating to the DPA covers cases where the ICO issues enforcement notices or information notices pursuant to sections 40 and 43 of the DPA.
The Memorandum relating to FOIA and EIRs addresses cooperation measures in cases where government departments withhold information or rely on a “neither confirm nor deny” response pursuant to the exemption set out in sections 23 or 24 of the FOIA, or regulation 12(5)(a) of the EIRs and the ICO has been asked by the individual concerned to investigate the processing of personal data pursuant sections 50 and 51 of the FOIA (as amended by Regulation 18 of the EIRs).
The new Memoranda mirror each other and largely build upon their 2005 predecessor in setting out the structure by which the ICO and government departments will cooperate with one another to ensure that individual rights under the DPA, FOIA, and EIRs are adequately met on one hand, and national security interests remain protected on the other. At present, no significant new obligations are imposed on either side.
To access the memoranda of understanding, click here.