NEWS “without comment”

Interesting FOI Restriction challenged!

 Court to rule on UK freedom of information bids from overseas

Cases have been blocked despite guidance saying anyone can make a request

Owen Bowcott Legal affairs correspondent


Tue 6 Oct 2020

The rights of those living abroad to submit freedom of information requests are to be tested in court after more than a dozen cases – including one relating to Julian Assange’s extradition – were blocked.

A combined hearing involving the Home Office, Metropolitan police, the Information Commissioner’s Office (ICO) and 13 separate cases is to be held at an information tribunal in London.

At issue is whether applicants overseas are entitled to a response when submitting freedom of information requests to UK government departments and agencies.

It is not clear who triggered the “stay” imposed on the 13 requests. The ICO has declined to comment. No date has been set for the case.

The Cabinet Office, which has responsibility for FOI policy, says it complies with ICO guidance, which states: “Anyone can make a freedom of information request – they do not have to be UK citizens, or resident in the UK.”

The tribunal, however, has told parties in the suspended cases that it has “decided to deal with the territorial scope” of the Freedom of Information Act 2000.

All of the stayed FOI requests are from applicants not resident in Britain. The hearing will also examine whether there is a requirement that those who make FOI requests have a connection to the UK.

“The main principle behind freedom of information legislation,” the ICO has said, “is that people have a right to know about the activities of public authorities, unless there is a good reason for them not to.”

Maurice Frankel, the director of the Campaign for Freedom of Information, said:

“The government has always acknowledged that the FOI Act was not restricted to British citizens or people living in the UK.

“Government guidance issued just before the act came into force in 2005 said requests could be made by ‘any person, anywhere in the world’ and that has been the position of the information commissioner, tribunal and upper tribunal.

Attempting to reverse it now might delay or block current appeals, for example on the Assange case, but will otherwise be pointless.”

A government spokesperson said: “We are aware of these cases and will continue to comply with ICO guidance and the outcome of the tribunal.”


General Data Protection Regulations

GDPR: H&M fined record £32m for intrusive ‘people analytics’

By Rob Moss on

06 Oct 2020 – Sorbis/Shutterstock

H&M Group has been fined €35.3m (£32.1m) by an information commissioner in Germany for intrusive data collection and analysis of the activities of hundreds of employees.

It is the largest fine issued for an employment-related privacy breach since the General Data Protection Regulation (GDPR) came into force across the EU in 2018.

Since 2014, team leaders at a service centre in Nuremberg would conduct back-to-work style interviews or informal chats following sickness absence and holidays, even when the employee was off for a short period. The information recorded ranged from details about illnesses and diagnoses, to what they had done on holiday, specific family problems and their religious beliefs.

This case documents a serious disregard for employee data protection at the H&M site in Nuremberg. The fine imposed is appropriate and will deter companies from violating their employees’ privacy” – Hamburg information commissioner

Not only did managers build up a “broad knowledge” of their staff’s private lives, the information was updated regularly and stored digitally where it could be accessed by as many as 50 other managers throughout the company.

The data was then used alongside “meticulous” analysis of individuals’ performance at work to create “profiles” of employees that would help direct employment decisions.

Prof Johannes Caspar, the Hamburg commissioner for data protection and freedom of information, said: “This case documents a serious disregard for employee data protection at the H&M site in Nuremberg.

The fine imposed is appropriate and will deter companies from violating their employees’ privacy.”

The commissioner added that the combination of researching private lives, and the ongoing recording of what activity individuals were engaged in, led to a “particularly intensive interference with the rights” of those affected.

Under GDPR, firms can be fine of €20m (£18.2 million) or 4% of annual global turnover – whichever is greater – for infringements.