WhatDoTheyKnow blog and tweets
Using WhatDoTheyKnow to uncover how schoolchildren’s data was used to support the Hostile Environment
Posted on by Myfanwy
Freedom of Information forms the basis of many a campaign that seeks to expose hidden facts, or stories which should be in the public eye.
We spoke to Jen Persson, Director of defenddigitalme, about that organisation’s tireless campaign to get to the truth on the collection, handling and re-use of schoolchildren’s personal data in England.
What emerged was a timeline of requests and responses — sometimes hard fought for — which when pieced together reveal secrecy, bad practice and some outright falsehoods from the authorities to whom we entrust our children’s data. Perhaps most striking of the findings was the sharing of data with the Home Office in support of their Hostile Environment policy.
As Jen describes defenddigitalme’s campaign, “It began with trying to understand how my daughter’s personal information is used by the Department for Education; it became a campaign to get the use of 23 million records made safe”.
It’s a long tale, but definitely worth the read.
December 2012: consultations and changes
The story begins here, although it would still be a couple of years before Jen became aware of the issues around children’s data, “despite — or perhaps because of — having three young children in school at the time”.
Why did no one at all seem to know where millions of children’s personal data was being sent out to, or why, or for how long?
As Jen explains, “During the Christmas holidays, the Department for Education (DfE) announced a consultation about changing data laws on how nationally stored school pupil records could be used, proposing that individual pupil-level records could be given away to third parties, including commercial companies, journalists, charities, and researchers. Campaigners raised alarm bells, pointing out that the personal data would be highly identifying, sensitive, and insecure — but the changes went through nonetheless.”
2014: discovering the power of FOI
Jen came across that change in law for herself when reading about a later, similar data issue in the press: there were plans to also make available medical records from GP practices. This prompted her first foray into FOI, “to answer some of the questions I had about the plans, which weren’t being published”.
I feel strongly that if I am going to ask for information which has a cost in time and capacity in the public sector, then it should mean the answers become available to everyone.
And that first step got her thinking:
“At around the same time I asked the DfE a simple question, albeit through a Subject Access rather than FOI request: What personal data do you hold about my own child?
“My Subject Access request was refused. The Department for Education would not tell me what data they held about my children, and as importantly, could not tell me who they had given it to.
“There was nothing at all in the public domain about this database the DfE held, beyond what the campaigners in 2012 had exposed. It wasn’t even clear how big it was. How was it governed? Who decided where data could be sent out to and why? How was it audited and what were the accountability mechanisms? And why was the DfE refusing its lawful obligations to tell me what they held about my daughter, let me correct errors, and know where it had gone? Why did no one at all seem to know where millions of children’s personal data was being sent out to, or why, or for how long?
“Prior to all this, I’d never even heard of Freedom of Information. But I knew that there was something wrong and unjust about commercial companies and journalists being able to access more personal data about our children than we could ourselves.
I worded some questions badly. I learned how to write them better. And I’m still learning.
“I needed to understand how the database operated in order to challenge it. I needed to be able to offer an evidenced and alternative view of what could be better, and why. FOI was the only way to start to obtain information that was in the public interest.
“I believed it should be published in the public domain. WhatDoTheyKnow is brilliant at that. I feel strongly that if I am going to ask for information which has a cost in time and capacity in the public sector, then it should mean the answers become available to everyone.”
“I tried to ask for information I knew existed or should exist, that would support the reasons for the changes we needed in data handling. I worded some questions badly. I learned how to write them better. And I’m still learning.”
2015: sharing children’s personal data with newspapers
That was just the beginning: at the time of writing, Jen has made over 80 FOI requests in public via WhatDoTheyKnow.com .
Through FOI, defenddigitalme has discovered who has had access to the data about millions of individuals, and under what precepts, finding such astonishing rationales as: “The Daily Telegraph requested pupil-level data and so suppression was not applicable.” The publication “wished to factor in the different types of pupil” attending different schools.
Jen explains: “This covered information on pupil characteristics related to prior attainment: gender, ethnic group, language group, free school meal eligibility (often used as a proxy for poverty indicators) and SEN (Special Educational Needs and disability) status, which were deemed by the Department to be appropriate as these are seen as important factors in levels of pupil attainment.”
But with such granular detail, anonymity would be lost and the DfE were relying only on “cast iron assurances” that the Telegraph would not use the data to identify individuals.
2016: sharing children’s nationality data with the Home Office
In a Written Question put by Caroline Lucas in Parliament in July 2016, the Minister for Education was asked whether the Home Office would access this newly collected nationality data. He stated: “the data will be collected solely for the Department’s internal use […]. There are currently no plans to share the data with other government departments unless we are legally required to do so.”
But on the contrary: defenddigitalme’s subsequent requests would disclose that there was already a data sharing agreement to hand over data on nationality to the Home Office, for the purposes of immigration enforcement and to support the Hostile Environment policy.
Jen says: “As part of our ongoing questions about the types of users of the school census data, we’d asked whether the Home Office or police were recipients of pupil data, because it wasn’t recorded in the public registry of data recipients.
The Home Office had requested data about dependents of parents or guardians suspected of being in the country without leave to remain.
“In August 2016, a FOI response did confirm that the Home Office was indeed accessing national pupil data; but to get to the full extent of the issue, we had to ask follow up questions. They had said that “since April 2012, the Home Office has submitted 20 requests for information to the National Pupil Database. Of these 18 were granted and 2 were refused as the NPD did not contain the information requested.”
“But the reply did not indicate how many people each request was for. And sure enough, when we asked for the detail, we found the requests were for hundreds of people at a time. Only later again, did we get told that each request could be for a maximum agreed 1,500 individuals, a policy set out in an agreement between the Departments which had started in 2015, in secret.
“In the October afternoon of the very same day as the school census was collecting nationality data for the first time, this response confirmed that the Home Office had access to previously collected school census pupil data including name, home and school address: “The nature of all requests from the Police and the Home Office is to search for specific individuals in the National Pupil Database and to return the latest address and/or school information held where a match is found in the NPD.”
The Home Office had requested data about dependents of parents or guardians suspected of being in the country without leave to remain.
“In December 2016, after much intervention by MPs, including leaked letters, and FOI requests by both us and — we later learned — by journalists at Schools Week, the government published the data sharing agreement that they had in place and that was being used”.
Other campaigners joined the efforts as facts started to come into the public domain. A coalition of charities and child rights advocates formed under the umbrella organisation of Against Borders for Children, and Liberty would go on to support them in preparing a judicial review. ABC organised a successful public boycott, and parents and teachers supplied samples of forms that schools were using, some asking for only non-white British pupils to provide information.
Overall, nationality was not returned for more than a quarter of pupils.
2017: behind the policy making
Through further requests defenddigitalme learned that the highly controversial decision to collect nationality and country of birth from children in schools — which came into effect from the autumn of 2016 — had been made in 2015. Furthermore, it had been signed off by a little known board which, crucially, had been kept in the dark.
“I’d been told by attendees of the Star Chamber Scrutiny Board meeting that they had not been informed that the Home Office was already getting access to pupil data when they were asked to sign off the new nationality data collection, and they were not told that this new data would be passed on for Home Office purposes, either. That matters in my opinion, because law-making relies on accountability to ensure that decisions are just. It can’t be built on lies”, says Jen.
The process of getting hold of the minutes from that significant meeting took a year.
Jen says, “We went all the way through the appeals process, from the first Internal Review, then a complaint to the Information Commissioner. The ICO had issued a Decision Notice that meant the DfE should provide the information, but when they still refused the next step was the Information Rights First Tier Tribunal.
“Two weeks before the court hearing due, the DfE eventually withdrew its appeal and provided some of the information in November 2017. Volunteers helped us with preparation of the paperwork, including folk from the Campaign for Freedom for Information. It was important that the ICO’s decision was respected.”
2018: raised awareness
In April last year, the Department confirmed that Nationality and Country of Birth must no longer be collected for school census purposes.
However, Jen says, “Children’s data, collected for the purposes of education, are still being shared monthly for the purposes of the Hostile Environment. There’s a verbal promise that the nationality data won’t be passed over, but since the government’s recent introduction of the Immigration Bill 2018 and immigration exemption in the Data Protection Act, I have little trust in the department’s ability in the face of Home Office pressure, to be able to keep those promises.
“Disappointingly”, says Jen, “the government has decided instead of respecting human rights to data protection and privacy on this, to create new laws to work around them.
The direction of travel for change to manage data for good, is the right one.
“It’s wrong to misuse data collected for one purpose and on one legal basis entrusted for children’s education, for something punitive. We need children in education, it’s in their best interests and those of our wider society. Everyone needs to be able to trust the system.
“That’s why we support Against Borders for Children’s call to delete the nationality data.
“A positive overall outcome, however”, she continues, “is that in May 2018, the Department for Education put the sharing of all pupil level data on hold while they moved towards a new Secure Access model, based on the so-called ‘5-Safes’. The intention is distribute access to data with third parties, not distribute the data itself. The Department resumed data sharing in September but with new policies on data governance, working hard to make pupil data safer and meet ‘user needs’. The direction of travel for change to manage data for good, is the right one.”
2019: Defenddigitalme continues to campaign
Defenddigitalme has come a long way, but they won’t stop campaigning yet.
People working with FOI is really important, even and perhaps especially when it doesn’t make the press, but provides better facts, knowledge, and understanding.
Jen says, “Raw data is still distributed to third parties, and Subject Access, where I started, is still a real challenge.
“The Department is handing out sensitive data, but can’t easily let you see all of it, or make corrections, or tell you which bodies for sure it was given to. Still, that shouldn’t put people off asking about their own or their child’s record, or opting out of the use of their individual record for over 14s and adult learners, and demand respect for their rights, and better policy and practice. The biggest change needed is that people should be told where their data goes, who uses it for how long, and why.
“Access to how government functions and the freedom of the press to be able to reveal and report on that is vital to keep the checks and balances on systems we cannot see. We rely on a strong civil service to work in the best interests of the country and all its people and uphold human rights and the rule of law, regardless of the colour of government or their own beliefs. People working with FOI is really important, even and perhaps especially when it doesn’t make the press, but provides better facts, knowledge, and understanding.
“FOI can bring about greater transparency and accountability of policy and decision making. It’s then up to all of us to decide how to use that information, and act on it if the public are being misled, if decisions are unjust, or policy and practice that are hidden will be harmful to the public, not only those deciding what the public interest is.
“WhatDoTheyKnow is a really useful tool in that. Long may it flourish.”
Posted on by Myfanwy
Many authorities keep a disclosure log, where they publish answers to previous Freedom Of Information requests. If requests are repeatedly made for the same type of information, it makes sense for the authority to publish the data regularly so that everyone can access it — because of course, the majority of FOI requests made in this country are sent directly rather than via WhatDoTheyKnow, and won’t otherwise be published online in any other form.
But a disclosure log is only useful if people know it’s there. Our FOI For Councils service, which came out of work with Hackney council increases the likelihood that the information in the disclosure log is actually seen, and by those who need it most: it automatically checks whether the request resembles any information which is already available online, then points the requester to it. If the match is correct, the user doesn’t have to progress any further with their request, and can access the information immediately. This saves everyone time — requesters and staff alike.
There’s another handy aspect to FOI for Councils, too: it can also provide staff with data on what type of requests are made the most often. As we explained in that introductory blog post:
FOI for Councils analyses the number of times each suggestion is shown, clicked, and even whether the suggestion has prevented any additional FOI requests being made.
This analysis allows Information Officers to understand which information is being asked for, that existing resources aren’t providing.
A sensible use of this is to analyse the most frequent requests and publish the data they’re asking for proactively.
Authorities don’t necessarily need FOI for Councils to do this, though: a regular analysis of internal records, or even public requests on WhatDoTheyKnow (despite only making up a proportion of requests made by any means — people may also make requests by direct email, letter, phone or even a tweet in some cases — they still provide a good sample set) would allow any authority to manually generate a broad picture.
Disclosure logs can get out of date quickly: a glance at the BBC’s, for example, seems to indicate an initial enthusiasm in 2014 which quickly dried up, perhaps because a keen employee moved on, or resources were channeled elsewhere. Yet many of the topics of information — annual transport costs for example — will quickly date and may be of interest again in subsequent years.
It makes sense for authorities to plan a publication cycle for such data, because it’s common for requests to relate to ongoing or changing information such as annual statistics or contract renewals.
It seems to be quite a widespread issue that an authority starts a disclosure log with the best of intentions, but then lets it go into disuse; additionally, the WhatDoTheyKnow team note that very few disclosure logs are comprehensive; it’s much more common for authorities to pick and choose what to release, which may not be in line with which data is most useful to the public.
Publishing frequently requested information in a proactive fashion may well cost authorities less than having to retrieve the information each time it’s asked for — and to provide the information to a sole request-maker (assuming it’s not through WhatDoTheyKnow, where the response is published online) is less efficient than simply putting it out publicly where everyone who needs it can find it. This removes some of the burden on FOI officers.
Early indicators from our work with Hackney Council show that pointing users towards material already published has prevented around 4% of the requests started by users. This should grow over time, as the council analyses popular requests and starts to add the information to their publication schedule, and more and more users will then experience this invitation to find the material elsewhere.
A legal requirement
There is one type of information which authorities are required to proactively publish, thanks to Section 19 subsection 2a of the Freedom of Information Act — datasets:
A publication scheme must, in particular, include a requirement for the public authority concerned—
(a) to publish—
(i) any dataset held by the authority in relation to which a person makes a request for information to the authority, and
(ii) any up-dated version held by the authority of such a dataset, unless the authority is satisfied that it is not appropriate for the dataset to be published
The WhatDoTheyKnow team have called for this requirement to apply to all material requested under Freedom of Information, not just datasets: it seems desirable that if a certain piece of information is frequently requested, there is a requirement to publish, unless it’s not reasonable or practical to do so (which, as the team points out, may point to a problem with the way the material is being managed internally, for example adherence to paper records that would benefit from a switch to digital).
We’re in favour
We’ve often advocated for proactive publication, including in our response to a consultation on the FOI Code of Practice last year, and we’ve even said that we’d rather people didn’t have to make FOI requests at all because all information was being published by default.
Others have made the case that there is so much data being published in the world today that it’s hard to make sense of it or to find what’s useful — but proactive publication based on proven demand like this is a good approach to ensuring that authorities are releasing what is genuinely needed.
Image: Roman Kraft
Posted on by Myfanwy
Here at mySociety, we talk a lot about how citizens can use Freedom of Information to hold public authorities to account. But it’s interesting to note that those same authorities, or members of them, sometimes also turn to FOI to solicit information from one another.
At first, this might seem strange: it’s a common assumption that authorities, not to mention high level people within them, have the power to summon any information they require in order to go about their duties.
But on closer inspection it becomes clear that there are several reasons why the public sector might turn to FOI rather than the more standard channels.
Surveying multiple authorities
Suppose you’d like to gather information from many different sources — say every hospital in the country — in order to compile a nationwide set of statistics.
A large task like this can be more orderly if managed via a set of Freedom of Information requests. Additionally, the obligation for authorities to respond may mean that your request goes into official channels — with built in timescales — helping to ensure that you get results.
As a nice illustration of this kind of usage, the Royal College of Surgeons surveyed NHS trusts to see if they are still using outdated fax machine equipment, generating a story which made the headlines back in July.
Members of Parliament may also use FOI to survey a large number of public authorities and gather statistics to support campaigns or an issue they’re working on.
We don’t know if members of the Scottish Parliament have more of an appetite for this than the UK one, but a quick search showed several using FOI to good effect. Lothian MSP Kezia Dugdale surveyed residential units to see stats on vulnerable children going missing; Murdo Fraser accessed delay repayments figures from Scotrail; Mark Griffin discovered that council tax exemptions weren’t being utilised; and Monica Lennon uncovered the lack of sanitary product strategies across Scotland’s health boards.
That said, there are several UK MPs past and present who have made use of WhatDoTheyKnow, including the office of Diane Abbott and Dr Phillip Lee. There may well be others who prefer to use a pseudonym.
Then, those working in bodies such as universities and hospitals very commonly use FOI to support their academic or medical research.
We can’t neglect to mention that in all such cases, WhatDoTheyKnow Pro would be a great help to the process of sending out and organising multiple requests.
Putting information into the public domain
FOI’s not just useful for large scale requests, though. Those from public sector bodies may be using the Act to bring information into the open because they feel it should be known — and of course, making the request through WhatDoTheyKnow will do this by default, since all requests and responses are published online.
Researchers from Cardiff University used FOI as one tool when investigating how data is used by various public services to help in decision-making. They point out that, while fiddly and labour-intensive, FOI fills a gap in public knowledge:
The use of FOIs to investigate the integration of changing data systems is problematic and resource intensive for all parties. However, in the absence of a public list, the Freedom of Information Act provides an opportunity for systematic inquiry.
Getting hold of information which has been hard to pin down
Sometimes FOI is a last resort when other avenues have been exhausted. On TheyWorkForYou we see a councillor writing to her own council to find out their preparedness for a no-deal Brexit, with the remark “I have tried to get this via the members case work system but I am not confident I will get an adequate response”.
Such frustration definitely motivates Members of Parliament into submitting FOI requests, too. There are other channels through which they can ask questions of course, for example by submitting Written Questions — a process by which both the question and answer are placed in the public domain, thanks to Hansard.
But should those channels fail, FOI is another option.
In 2010 the BBC wrote about how costs for redecoration of Parliament’s Head Office were only uncovered thanks to FOI, after a Written Answer was turned down on grounds of the information being too commercially sensitive.
The parliamentary staff and civil servants who deal with Written Answers are likely to be different from those who deal with FOI requests. Their criteria for release of information may also differ, as they are guided by different protocols.
Representatives at every level can use FOI as a channel for information which might have proven elusive via other means. We see on WhatDoTheyKnow that Parish Councils quite often send requests to higher tier authorities to get hold of information that will help them in their work, as is happening here for example.
Keeping an eye open
When it comes to authorities and representatives requesting information from other authorities, we can see the benefits. One of our team, Gareth, makes an analogy with the Open Source community, where because code is open to all, developers (sharing their expertise in their area of specialisation) can be quick to spot and repair any bugs: “It’s a really good thing for security. Many eyeballs make it easier to identify problems and suggest improvements”.
Similarly, FOI acts as a kind of safety net, another layer of assurance that our authorities are working as they should be.
If you’ve seen any other good examples of public sector to public sector FOI (for want of a better term), please do let us know.
Posted on by Mark Cridge
In our previous post, we identified WhatDoTheyKnow’s current need for sources of funding.
But WhatDoTheyKnow also needs more volunteers to join the team. Since the site’s launch, it’s always depended on a highly-motivated, active group of administrators who work to keep it running.
At mySociety, we’re very grateful for the work the volunteers do; for their part, they tell us that they find the work rewarding and interesting — but we’re always aware that we can’t, and shouldn’t, demand too much from them. The more volunteers we can recruit, of course, the less the workload will be for everyone.
We’ve identified three general areas in which volunteer help would be very welcome, and if you think you’d fit in to any of these, we’d love to hear from you.
- interested in FOI and transparency
- happy to work remotely but as part of a team, communicating mainly via email
- able to dedicate a minimum of a few hours per week to helping run the site
Each of our volunteer administrators give their time freely and are the only reason we can run the service day to day at all.
Being a volunteer is both rewarding but also challenging, as each juggles their day jobs and home lives. So the more volunteers we have, the more we can spread the workload between them.
If you have a specific interest in FOI or transparency, or indeed you’d just like to help support a well used civic tech service then we’d love to hear from you. There is always a diverse range of jobs and tasks needing to be done, even if you can only help a couple of hours a week. We all work from home and communicate via email and other online tools.
If you can help us a volunteer the first thing to do is to write to the team introducing yourself and letting us know about your relevant skills, experience and interests.
- a law student or professional who can offer expertise in the day-to-day running of the site; or
- a legal firm or chambers who could offer legal advice on an ad hoc, pro bono basis
Volunteers with legal backgrounds We take our legal and moral responsibilities in running WhatDoTheyKnow very seriously and we always welcome volunteers with experience of legal matters. Some of the legal aspects of running the site are handled routinely on a day to day basis by the admin team.
They may, for example, remove correspondence which could give rise to claims of defamation, or where personal data is disclosed by an authority mistakenly and they consider continued publication to be unwarranted.
The legal challenges thrown up by operating our service are varied and interesting. Joining us could be an opportunity for someone to get some hands on experience of modern media law, or for a more experienced individual, to provide some occasional advice and guidance on more challenging matters.
We often find ourselves balancing claims that material published on our site could aid criminals or terrorists, or could cause harm in other ways, and we do our best to weigh, and balance, such claims against the public interest in making the material available.
As material published on our website may have been used to support news articles, academic research, questions from elected representatives, and actions by campaign groups or individuals it’s important we don’t remove correspondence lightly and that we’re in a position to stand up, where necessary, to powerful people and institutions.
Legal firms that can offer advice As from time to time there are cases which are more complicated, we would like to build a relationship with a legal firm or chambers that can advise us on an ad hoc basis on defamation, privacy (misuse of private information) and data protection.
The ability to advise on copyright law and harassment law would also be an advantage. And we also on very rare occasions may need help as to how to respond to the threat of litigation.
Could you offer help in this area? Please do get in touch to discuss getting involved.
- a committed, organised, empathetic person who could volunteer a few hours (working from home) a week
In our previous post we mentioned that we’d ideally secure funding for an administrator who could handle our user support mail and deal with routine but potentially complex and time-sensitive tasks such as GDPR-based requests.
While we seek funding for this role, would you be willing to fill it on a voluntary basis? Please get in touch.
Lots to help with
So in summary, what we need to keep WhatDoTheyKnow running is money, volunteer help, and legal support. If you can help with any of these, or have some ideas of leads we might be able to follow, please do get in touch. It also helps to share this post with your networks!
Image: CC0 Public Domain
Posted on by Mark Cridge
If you appreciate our Freedom of Information site WhatDoTheyKnow, then you’d probably like to know that it’ll be around for the foreseeable future.
That will only be a certainty if we can secure new volunteers across a broad range of areas; or new sources of funding for the site — or ideally, both! WhatDoTheyKnow is a free service, run on a charitable basis by a currently very thinly-stretched team of volunteers.
We’ve identified four areas in which we need help:
- Legal support
- Admin support
- Additional volunteers
In this post we’ll be looking at the first of those; and in our next post we’ll talk more about various volunteer roles and ways of helping the site to operate. If you think you might be able to assist in any of these categories, please do read on.
WhatDoTheyKnow.com is a Freedom of Information service used by millions of people each year, from journalists and campaigners to ordinary people trying to navigate bureaucracy.
We recently celebrated the 500,000th request made via WhatDoTheyKnow, and also the site’s tenth anniversary. Each month, it’s visited by over half a million people and over 2,500 requests are made via the site. It’s a success story — an example of civic tech that runs at scale, has lasted, and has had an impact to match.
One of the ways that mySociety has always tried to make change in the world is by building things on the web that show how the world could be better. In the case of WhatDoTheyKnow, we asked ‘What would it be like if everyone felt able to ask questions of those with power, and get answers?’.
Our position as a small digital charity allows us to be bold in the things we build, to act as critical friends to institutions of power, and to design for the citizen. In practical terms, it also allows us to ask forgiveness, not permission — without that freedom, many of our sites and ideas would never have seen the light of day. That we have had success with WhatDoTheyKnow is wonderful, but leads us to ask a new question: how can we, again as a small digital charity, ensure its future?
It’s always been a necessary engineering principle for us as software developers, trying to build sites that have impact, to require as little ongoing intervention as possible. However, technology isn’t and shouldn’t be everything — a site that runs on the scale of WhatDoTheyKnow can’t run without different kinds of support. In running WhatDoTheyKnow, we’ve learned that digital institutions, like other institutions, are shaped by people. The people who originally designed them, for certain, but also those who pick up the torch, who continue to make the day-to-day decisions that keep the institution relevant, humane, responsive and responsible. It’s this support that distinguishes brilliant technical ideas that flame out from those that grow and become so embedded in our culture that they start to fundamentally change the way the world works.
A vital part of that support for WhatDoTheyKnow comes from a handful of volunteers who run the service day to day. These volunteers handle everything from simple user support to advising on complex points of law and policy.
Now the success of the site means that they need help on the front line. We’re always on the lookout for new volunteers — but there are also other things we need to ensure that WhatDoTheyKnow is around for the next ten years and another half a million requests.
We need funding for admin
It’s becoming increasingly urgent that we recruit a part-time assistant, responding to our users’ queries via email. This person would help our amazing team of volunteers support people in all walks of life as they go through the process of requesting information from public authorities.
They’d help to deal with the diverse day to day user enquiries, make sure we meet important deadlines in handling time-sensitive issues like GDPR-based requests, and share feedback to improve our user and volunteer experience over time. The cost of a paid part-time support role would be at least £15k per year.
We don’t currently have any funding for this increasingly essential role, nor indeed any direct funding for WhatDoTheyKnow itself.
We need funding for development
Although WhatDoTheyKnow hasn’t changed fundamentally over the years, there are always ways in which we could improve it — a recent example is our work to start developing features for journalists and other professional users.
The site does also require a certain amount of ongoing development work in order to keep it running at the scale it does. That includes making sure it gets the latest security updates, and dealing with new problems that arise as it grows, such as the fact that the more popular it becomes, the more rewarding a target it becomes for spammers.
Work to maintain Alaveteli, the code that runs WhatDoTheyKnow, also supports the community of Freedom of Information campaigners, journalists and citizens around the world that use Alaveteli-based services to exercise their right to know in 26 countries.
We don’t currently have any financial support for developers to support and maintain WhatDoTheyKnow and it’s important we find at least project funding of £30,000 to £40,000 a year, if not general unrestricted financial support from new funders.
Funding to date
We should acknowledge the funding which has allowed us to run thus far, and for which we are of course very grateful. A grant from the Joseph Rowntree Trust originally got WhatDoTheyKnow off the ground; Google’s Digital News Initiative supported the development of Alaveteli Professional, and unrestricted support from a number of funders ensured that mySociety has been able to continue paying their developers to work on the project. It’s perhaps worth noting that this support has, to date, always sustained development rather than administration.
We do have a revenue stream through WhatDoTheyKnow Pro, our FOI service for professionals such as journalists, but as yet this is very modest. As the service develops, we hope that this may one day become part of the framework that helps sustain WhatDoTheyKnow, but we’re some way from that at this point in time.
Can you help identify a fund or donor who might be willing to cover the costs we’ve identified above for the next year or two? Please get in touch.
Or perhaps we can be more imaginative. One model we’ve seen used to good effect by other sites run on our FOI platform Alaveteli has inspired us to conceive of a similar (but not identical) set-up for WhatDoTheyKnow. This would involve sponsorship from one or more reputable media organisations who could make use of WhatDoTheyKnow for their own journalistic investigations, while also gaining the benefit of recognition across the site.
Of course, that’s just one idea — there must be many other possible models for supporting the site and we’d love to hear any ideas you have in the comments below.
Now you might like to read our second post, in which we’ll be talking about ways you might be able to help with time, rather than money.
Image: CC0 Public Domain
Posted on by Myfanwy
Our WhatDoTheyKnow.com service makes it really easy to request information from public bodies: all you need to do is describe the information you are seeking, send your request, and the authority provides it to you.
At least, that’s what happens when everything goes smoothly.
The default case
When you request information, the authority generally has two duties under the FOI Act:
- They must confirm or deny whether the information is held
- If they do hold it, they must disclose it.
But, there are circumstances – called exemptions – where the authority can withhold the information, or where they might not even state whether or not they have it at all.
Understanding which exemptions have been applied will also help you to understand what to do next.
The authority have confirmed they hold the information, but refused to release it
Why have they refused?
If your request is refused, the authority must say which exemption/s allow them to do so — have a good read of their response, and find out which one/s have been applied.
You’re looking for a section number that refers to the part of the Act that explains why they can refuse. You can check on FOIwiki’s handy table for the full list of exemptions.
Generally, when citing an exemption, the authority will also include the relevant text from the FOI Act, but if not, you can check it for yourself in the actual wording of the Act.
They did not cite an exemption
Authorities must say which exemption applies to your request — so, double-check that they haven’t done so (look in any attachments as well as in their main email), and once you are certain that they haven’t, write back and ask them to confirm which exemption they are using. Here’s an example of that in action.
If you want to, you can quote the part of the FOI Act which says that they must do this: Section 17 (1)b:
A public authority which, in relation to any request for information, is to any extent relying on […] a claim that information is exempt information must […] give the applicant a notice which—
- states that fact,
- specifies the exemption in question, and
- states (if that would not otherwise be apparent) why the exemption applies.
They did cite an exemption
Once you know which exemption has been used, you are in a good position to examine whether it has been correctly applied .
FOIwiki’s table lists all the exemptions that an authority can use, and includes some technical details about how they can be applied.
Some exemptions have very little room for appeal and the decision to apply them is obvious: for example, the Ministry of Defence won’t release plans for an upcoming battle in a time of war, making a request for this type of information pretty futile.
Others rely much more on the judgement of the authority who’s dealing with your request. Under Section 38, for example, a request can be turned down because it might ‘endanger the physical or mental health of any individual’– but in many cases, assessing how someone’s mental health might be affected by the release of information must require a certain amount of prediction.
Some exemptions allow an authority to use additional tools for assessing whether or not to release information:
- A public interest test
- A prejudice test
They said they’d applied a Public Interest Test
Some exemptions, known as ‘qualified exemptions’, require the authority to apply a Public Interest Test. This may give you more opportunity to ask for a review.
You can check the details of your exemption, and whether it’s qualified, in FOIwiki’s table.
In short, a public interest test sees the authority trying to weigh up the benefit to the general public of the information being released against the safeguards that the exemption is trying to provide, and decide which has more weight. The ICO provide good information about Public Interest Tests, with several examples of how they have been applied in the past.
If you think you can demonstrate that the Public Interest Test has come down on the wrong side of this weighing up exercise, you may want to ask for an internal review — see the end of this article for next steps.
They said they’d applied a Prejudice Test
Some exemptions, called ‘prejudice based’ exemptions, require a prejudice test. Again, this might also give you more opportunity to ask for a review.
You can check the details of your exemption, and whether it’s prejudice-based, on FOIwiki’s table.
Generally speaking, it’s applied to exemptions which seek to protect certain interests — for example, Section 29 of the Act allows exemption where release might do harm to the economy.
The prejudice test is a way for the person dealing with the request to check that the perceived threat is ‘real, actual or of substance’, and that there’s a reasonable risk that the release would cause the harm that the exemption is trying to protect against. There is a good explanation in the ICO guidelines.
As with Public Interest Tests, if you can demonstrate that the Prejudice Test has come up with a decision that is arguably misapplied, you may want to ask for an internal review — see the foot of this article for next steps.
They didn’t apply a Public Interest test
This probably means that the exemption is “absolute”, which makes it hard to challenge.
First, check on FOIwiki’s table that the Section the authority is using is an absolute exemption.
If it is:
- You might like to consider how cut-and-dried it is that the information falls within the class that the exemption protects. If it is clearly covered by the exemption (for example you have asked for information that is self-evidently provided to the authority by Special Forces) then there isn’t much point in going any further. But suppose you have been told that, under Section 21, the information is accessible via other means. Section 21 is an Absolute exemption but may be open to a challenge if, for example, there are circumstances which prevent you from accessing the information.
If it’s not:
- Ask the authority what public interest test they applied (or more details of how they applied it).
The authority won’t confirm or deny whether they hold the information
Why won’t they confirm or deny?
If confirming or denying whether the information is held would actually reveal exempted information in itself, then the authority may refuse to do so.
You can read more about this in the ICO’s guidance.
Can I do anything if they ‘neither confirm nor deny’?
Yes — you can challenge this stance if you have reason to believe that confirming or denying that they hold the information would not reveal exempted information in itself. However, it can be a time-consuming and potentially difficult route to take, and even if you are successful in getting the authority to confirm that they have the information, you may then find that an exemption is then applied, taking you practically back to square one.
If you still want the information you’ve requested, there are some general tactics you can use when faced with an exemption:
- Reduce the scope of your request: Check the exemption cited and, if possible, modify your request to circumvent it.
- Ask for an internal review: if you think the exemption, public interest test or prejudice test has been wrongly applied, you can ask for another member of staff to assess your request and whether you should have received a full, or partial, response.
- Appeal to the ICO: If you’ve had an internal review and still think the decision was wrong, you may make an appeal to the Information Commissioner’s Office.
Read more about all of these routes on our guidance page.
And here are some other useful links from the Information Commissioner’s Office:
- Guidance to authorities on when requests may be refused
- Guidance for writing a refusal notice
- Guidance on the public interest test
Finally, for now
The ideal is, of course, to submit a request which does not trigger an exemption, as clearly this saves everyone’s time. You can see our advice on writing responsible and effective requests here.
That said, full or partial refusals are not an uncommon occurrence — it’s totally routine for FOI responses to have some material removed (usually personal information such as names and roles of junior officials, or material identifying members of the public), or to turn the request down completely.
There are just over 25 exemptions listed in the Act (the exact number depends on how you count subsections and variants), removing the obligation for bodies to provide information in categories as diverse as any and all communications with members of the Royal Family, to commercial interests and trade secrets — and all sorts of things in between.
We’ll be examining the various exemptions available to authorities and suggesting ways in which you can avoid them. Keep an eye on our blog — and we’ll also link to posts from this post as we publish them.
Image: Scott Warman
Posted on by Myfanwy
The mySociety team have found it increasingly hard to concentrate on work this afternoon, as the numerical counter on WhatDoTheyKnow’s homepage crept ever closer to the 500,000 mark… and at 4:56pm today, the milestone request was sent off. It was to Mid Devon District Council asking for the costs of implementing and maintaining flood defences.
WhatDoTheyKnow has long been mySociety’s most successful site, if you count success by the number of users. Every month, between 500,000 and 600,000 people pay a visit. Some of them submit a request, contributing to the total of ~2,700 made monthly; others come to access the information released by authorities and published in WhatDoTheyKnow’s ever-growing archive of public knowledge.
The site’s success can be ascribed to its simple formula of making it very easy to send an FOI request, which is published online along with the response it receives. The idea of putting the whole FOI process in public was resisted in some quarters during the site’s infancy — indeed, even the concept of responding by email rather than by post was fought against.
But the site, launched soon after the FOI Act came into force in the UK, has gone on to become an accepted part of the country’s landscape, and we’d like to think we’ve played a part in shaping attitudes — and how the Act is implemented.
The requirement for authorities to respond via email has now been enshrined in Ministry of Justice guidance. WhatDoTheyKnow itself is explicitly mentioned as a valid vehicle for FOI requests in the ICO’s documentation, and in 2017 an independent commission even recommended that publishing responses should be ‘the norm’.
The site clearly meets a need. And that need isn’t specific to the UK, as proven by the fact that the open source software on which WhatDoTheyKnow runs, Alaveteli, has also been picked up and is being used to run more than 25 other Freedom of Information sites around the world.
Finally, never let us miss the chance to praise the volunteer team who keep WhatDoTheyKnow running, helping users with their requests, setting site policies and dealing with issues such as accidental data releases from authorities. Without these knowledgeable and dedicated people, we simply wouldn’t be able to provide this service.
And now – onwards to the next 500K!
Image: Bernard Hermant (Unsplash)
Posted on by Gemma
Today is International Right To Know Day.
Right to Know Day was started back in 2002 by international civil society advocates, and has since been officially adopted by UNESCO with the more formal title of ‘International Day for the Universal Access to Information’.
To mark this day I wanted to highlight some of the reasons why having the Right to Know/access to official information is so important, and give examples to illustrate these reasons.
So, here goes:
The Right To Know helps fight corruption and exposes wrongdoings
Being able to access information held by public authorities allows citizens to uncover potential mismanagement of public funds, and abuses of public policies and laws.
Some relevant examples of this include when police use banned restraint techniques in prisons and immigration centres, when government departments miss their own targets and when campaigning groups break electoral law by spending too much money on their campaigns.
The Right To Know helps citizens hold their public authorities and governments to account
Since the introduction of the FOI Act, we all have the opportunity to question the status quo and point out when things just aren’t right.
Like when one dedicated citizen used her Right to Know to make sure schools, local education authorities and the Department for Education were taking the issue of asbestos in schools and the health and safety of teachers and pupils seriously.
Or one of our WhatDoTheyKnow volunteers using his Right to Know to uncover that many councils are not doing the necessary administration work in order to be able to fine taxi drivers who refuse to accept disabled passengers, and therefore implement anti-discrimination law. Holding authorities to account so they do implement this is really important, otherwise discrimination against wheelchair users may continue to get worse.
The Right To Know helps citizens get useful information that matters to them
Sometimes the information you need isn’t freely or easily available, so using your Right to Know to get that information into the public arena is a great idea.
People have used their Right to Know to get information on when museums are free to visit, where you can post your letters and where you can find a toilet, to name a few examples. All useful information for them personally, but also for the rest of society as well!
The Right To Know helps citizens find out what’s going on in their local communities
It’s important to know what’s going on in your local area so you can get involved, raise objections, think of solutions…or just for curiosity’s sake.
These examples show how people have used their Right to Know to discover plans for local community sports stadiums and facilities, the number of homeless people in the area, and plans for housing developments.
The Right To Know helps citizens get things changed for the better
There are several instances of requests leading to tangible change that make improvements to people’s lives.
For example using the Right to Know led to the exposure of vital information which helped lead to wages going up in one of the UK’s biggest care home operators, and Transport for London changing their attitude to cyclists’ rights.
The Right To Know helps taxpayers find out how their money is spent
Do you ever wonder how your hard earned taxes are being spent? Using your Right to Know uncovers all sorts of interesting, and sometimes controversial, expenditure.
For example the NHS spent £29 million on chaplains in 2009/10, in 2008/09 Birmingham City Council spent £53,000 on bottled water for its staff and Greater Manchester Police spent £379,015 on informants in 2009/10.
Having this information open for all to see sometimes leads to changes in how public authorities spend their budgets.
For example Birmingham City Council went on to change their water policy so they now connect water coolers directly to mains water to save money and resources. This may not have happened if it wasn’t for an active citizen using their Right to Know to reveal this information, and therefore prompt a positive change.
There are plenty more reasons why having the Right to Know is important, but these are the highlights for me. Fundamentally, the Right to Information empowers citizens to be active members of society so they can work towards creating a more fair and just world.
So celebrate your Right to Know, on this day and every day, as it’s an incredibly useful right to have.
Remember, using our WhatDoTheyKnow website makes the process of asking public authorities for information really easy and you can browse what other people have already asked for and the responses they received, so why not check it out.
Posted on by richardtaylor
Coroners have a key role: they investigate deaths and make recommendations for making society safer, addressing issues which have led to potentially avoidable deaths.
Despite this, coroners, and coroners’ offices, are surprisingly not generally subject to the Freedom of Information Act.
At WhatDoTheyKnow.com we list many public bodies which don’t actually fall under Freedom of Information law as part of our advocacy for greater transparency.
While, over time, we’ve listed a number of coroners following requests from our users, volunteers Kieran and Richard have recently significantly improved our coverage and we now believe we comprehensively cover all coroners in the United Kingdom (in Scotland the Procurator Fiscal performs a role analogous to that of a coroner). You can view the full list on WhatDoTheyKnow.com.
What do coroners do?
According to the Government, coroners investigate deaths that have been reported to them, if it appears that:
- the death was violent or unnatural
- the cause of death is unknown, or
- the person died in prison, police custody, or another type of state detention
Coroners investigate to find out who has died; how, when, and where. They also, rather excitingly, have duties relating to treasure and inquests are held to determine if material found should be defined as such, as well as establishing who found it, where and when.
Coroners around the country have different systems and the degree to which they proactively publish their findings varies. So, as with requests to any public body, you should check their website — if they have one — to see if the information you are seeking has been published before making a request. Often a coroner’s website might be a page, or pages, within a local council site.
Coroners’ Reports to Prevent Future Deaths, and responses to them, are sometimes published by the Chief Coroner on the Judiciary website. Statistical information on the work of coroners is published by the Ministry of Justice.
What information might be requested from a coroner?
Information about upcoming inquests and hearings.
- Even where a coroner publishes an online listing, you might want to seek more information so that cases of interest can be identified (asking for the “brief circumstances” of a death, for example).
- You might want to ask for information about upcoming inquests relating to those who died in state custody, or those relating to deaths in, or following, collisions on roads — or any other category.
- Or you could request the policies relating to publicising upcoming hearings, to determine if any online listing is comprehensive for example, or to find out if there are mechanisms in place to inform certain people about upcoming hearings. The content of recent notifications of upcoming hearings could be requested.
- The formal “Record of Inquest” relating to a particular case
- Reports to Prevent Future Deaths and responses to those reports Though note that, where a response is from a public body which is subject to Freedom of Information law, making a request to that body might be the best approach.
- Documents relating to particular investigations Regulation 27 of The Coroners (Investigations) Regulations 2013 states: “The coroner may provide any document or copy of any document to any person who in the opinion of the coroner is a proper person to have possession of it”.
- Information relating to reports of treasure received and the coroners’ findings in those cases.
- Information about decisions made by a coroner These can include decisions to exhume a body, discontinue an investigation, or to hold all, or part, of an inquest in private.
- Correspondence to/from the Chief Coroner and Deputy Chief Coroners.
- Information about the administration of the coroners’ service You might want to ask for information relating to a coroners’ pay, expenses, costs, fees charged, and for information on their performance. Some requests of this nature might be better directed to the relevant local council.
Pracicalities of requesting
While increased transparency surrounding the circumstances of deaths can lead to safety improvements throughout society — for example in our industrial workplaces, hospitals and roads — the families of the deceased do of course deserve sensitivity and respect. We’d suggest that all those requesting, or acting on, information from coroners which relates to people’s deaths should be considerate of that.
Coroners will not be used to receiving requests for information made in public via our service. If you are one of the first people to do so, there may be some initial difficulties. Please let us know how you get on: we would be interested in hearing about your experiences.
Posted on by Martin
WhatDoTheyKnow Pro is our Freedom of Information service for journalists, and campaigners, and we’ve recently rolled out some major changes to the request sidebar to make reading, navigating, and classifying Pro requests a lot easier.
Since the very first Alpha version of WhatDoTheyKnow Pro we’ve been receiving feedback from our users, which we have been feeding directly into our future development plans. The sidebar changes are the first round of changes that have come as result of direct Pro user feedback, and there will be more to follow.
In WhatDoTheyKnow a member of the public can send a Freedom of Information request to an authority, which they receive in the form of an email. The request, as well as any replies or follow up from the requester, or the authority, are published on WhatDoTheyKnow. If the request is made by a Pro user, they have the added option of making a request private for a limited time.
In the request process we observed the following:
- A new response from an authority goes to the bottom of the thread (the bottom of the page)
- The user interface for updating the status of a request is located at the top of the page (a request’s’ status is a way of keeping track of where it is in the request process – for example ‘awaiting response’, ‘needs clarification’, or ‘refused’)
- A longstanding or complicated request will often consist of many, many messages. So scrolling to the bottom of the page to read the most recent response, then back to the top to update its status involves a lot of interaction that we can remove.
We can’t say for sure that a user will always be at the bottom of the request thread when updating the status of a request, but we can safely assume they are sometimes.
For these changes we set ourselves the following goals:
- Speed up the process of updating the status of requests
- Improve the experience of navigating requests with a long history.
In previous research we established that a typical workflow for dealing with request responses is:
Get reply → Read reply → Take action (typically reply, or update the status of the request)
It’s a short, three step process, but a busy user catching up with a backlog may do this hundreds of times a day, so if we can optimise this workflow we can save a lot of time and frustration.
So what have we done?
For desktop users we’ve made the sidebar controls (where the ‘update status’ button is) “sticky”, so it will follow you as you scroll up and down the page, meaning you can update the request status from any position on the page. This really helps as requests get longer, as you no longer need to scroll back to the top to classify the latest response.
We’ve added new message navigation buttons. This is to enable you to move through a request thread message-by-message by clicking the up and down arrow buttons, or using the arrow keys on your keyboard. We’ve also added a counter so that it’s easier to see where you are in the list, and to go back and forth to specific messages.
We’ve also taken this opportunity to make some key information about the privacy of your request visible at all times (this was previously hidden behind a click), and to tweak the design of the sidebar – making it easier to read and removing some visual noise.
More to do
We’re looking at a way to add similar functionality to mobiles and other small screen devices. As screen space is limited it will require a separate design process.
We’re aware that the problems we’re trying to solve aren’t unique to our Pro customers, so if the features work, and are well received, we’ll be making a similar feature available to all WhatDoTheyKnow users in the future.
Keeping in mind that as our public users have different needs to our Pro users there are some design challenges to overcome beforehand. For example – the public request page has more features to help less-frequent users, because we’re keen to ensure that everyone can participate in the FOI process, not just experts. Conversely, Pro users are by their very nature more likely to require less guidance. We’re going to need to do more research on this shortly.
Got some feedback?
Whether you’re a WhatDoTheyKnow Pro customer or not, we’d love feedback on this feature — or any other. Drop us an email to email@example.com.