Freedom of information exemptions—personal information
Produced in partnership with Paul Gibbons
Freedom of information exemptions—personal information

The following Public Law practice note produced in partnership with Paul Gibbons provides comprehensive and up to date legal information covering:

  • Freedom of information exemptions—personal information
  • Scope of the exemption
  • What is personal data?
  • Requests by the applicant for their own personal data
  • Requests for personal data relating to another individual
  • What is the correct process for considering fairness and lawfulness?
  • Considering fairness
  • Justifying disclosure and legitimate interests
  • Neither confirm nor deny
  • Employee data
  • More...

IP COMPLETION DAY: 11pm (GMT) on 31 December 2020 marks the end of the Brexit transition/implementation period entered into following the UK’s withdrawal from the EU. At this point in time (referred to in UK law as ‘IP completion day’), key transitional arrangements come to an end and significant changes begin to take effect across the UK’s legal regime. This document contains guidance on subjects impacted by these changes. Before continuing your research, see Practice Note: What does IP completion day mean for public law?

This Practice Note considers the exemption for personal information under section 40 of the Freedom of Information Act 2000 (FIA 2000).

Scope of the exemption

This is a class-based exemption. Most of its elements are absolute, but two aspects are qualified (ie subject to a public interest test). The exemption’s aim is to avoid a conflict between the data protection regime, which protects personal data, and the objectives of the FIA 2000 to increase transparency and accountability.

The General Data Protection Regulation, Regulation (EU) 2016/679 (the GDPR) introduced substantial amendments to EU and UK data protection law, replacing the Data Protection Act 1998 (DPA 1998) and Directive 95/46/EC, the Data Protection Directive from 25 May 2018. In connection with the GDPR, the Data Protection Act 2018 (DPA 2018) made consequential amendments to various legislation, including FIA 2000.

The DPA 2018 introduces four distinct data

Related documents:

Popular documents