Oxfordshire Director of Legal

The public interest test under EIR and FOI: weighting the arguments

A recent decision of the Upper Tribunal, under the Freedom of Information Act 2000 (FOI), provides a useful reminder of what a public authority needs to do when applying the public interest test, writes Ibrahim Hasan. Read more
Slide background
Slide background
Slide background
Slide background


May 22, 2020

Data watchdog relaxes regulatory function to prioritise guidance on complying with law during coronavirus public health emergency

The Information Commissioner’s Office (ICO) will stand down audit work, issue fewer fines and generally use fewer formal powers against organisations that are struggling to meet data protection standards as a result of the COVID-19 pandemic.
May 18, 2020

School breached data protection and human rights, unlawfully misused personal information of Down's Syndrome pupil and mother: High Court

A primary school breached the Data Protection Act 1988 and Human Rights Act 1998 and unlawfully misused the personal information of a child with Down’s Syndrome and her mother, the High Court has ruled.
Apr 20, 2020

Judge orders fresh hearing in dispute over disclosure of advice to council on tactics in negotiations with supermarket giant

An Upper Tribunal judge has set aside a decision by a First-tier Tribunal (FTT) that upheld – after a freedom of information request – the withholding of an agent’s advice to a local authority on the tactics it should apply in negotiations with Tesco over a proposed development.
Apr 16, 2020

Information watchdog sets out its regulatory approach during COVID-19

The Information Commissioner's Office has issued a statement setting out its regulatory approach during the coronavirus pandemic, saying it will focus on those areas likely to cause the greatest public harm.
Apr 03, 2020

Tribunal stays information rights cases for 28 days

The First-Tier Tribunal General Regulatory Chamber (Information Rights) has – with immediate effect – stayed for a period of 28 days all proceedings under section 48 of the Data Protection Act 1998, section 162 of the Data Protection Act 2018 and section 57 of the Freedom of Information Act 2000.
Apr 02, 2020

Supreme Court rules on vicarious liability for data breach

The Supreme Court has ruled unanimously that supermarket chain Morrisons was not liable for the actions of employee who published staff salary data.
Mar 23, 2020

LGA issues briefing on Coronavirus Bill, calls for temporary relaxation of FOI and GDPR requirements

The Local Government Association has called for additional powers to be given to local government as it published a briefing on the measures contained in the Coronavirus Bill.
Mar 17, 2020

Town clerk fined for blocking records with intent to prevent disclosure after FOI request

A town clerk has been fined £400 and ordered to pay costs of £1,493 after being prosecuted by the Information Commissioner’s Office for intentionally blocking records with the intent to prevent disclosure.
Mar 17, 2020

Government to consider allowing virtual committee meetings on temporary basis: Jenrick

The government is to consider bringing forward legislation to legislation to allow council committee meetings to be held virtually for a temporary period during the coronavirus outbreak, the Local Government Secretary has said.
Mar 11, 2020

Information watchdog warns of dangers of school photos and wrongful disclosure of personal data

The Information Commissioner’s Office has issued two reprimands, or legal warnings, to schools for wrongly disclosing the personal data of children.


April 09, 2020

Data breaches and vicarious liability: employers breathe a sigh of relief

In an important judgment, the Supreme Court has ruled that an employer was not vicariously liable for the actions of an employee who stole and then posted payroll details of his colleagues online. Ibrahim Hasan examines the ruling.
April 03, 2020

Coronavirus and Police use of drones

Ibrahim Hasan looks at the significant issues arising out of the police's use of drones during the coronavirus outbreak.
March 26, 2020

Data protection and coronavirus

The Information Commissioner's Office has issued guidance for data controllers on their data protection compliance obligations during the coronavirus outbreak. Euros Jones, Alexander Gorst and Natasha Jordan look at the key points.
January 24, 2020

Legal privilege and the EIRs

A local authority was recently ordered to disclose legally privileged material under the Environmental Information Regulations 2004. Natasha Stay considers the ruling.
November 29, 2019

Facing the future

Rowan Clapp looks at the key points from the Information Commissioner’s opinion on live facial recognition technology, law enforcement and privacy.
November 15, 2019

When is an FOI request not an FOI request?

Susan Wolf sets what organisations should bear in mind when considering whether something is 'business as usual' or an FOI request.
November 08, 2019

Google v CNIL and the Right to be Forgotten

A recent ruling from the Court of Justice of the European Union makes it clear that the ‘Right to be Forgotten’ in the context of Google searches has its limits, writes Ibrahim Hasan.
November 01, 2019

GDPR, class actions and the right to compensation

The Court of Appeal recently overturned a High Court ruling and found that a claimant could serve an out of jurisdiction application against Google as part of a class action. Ibrahim Hasan examines the judgment.


Feb 06, 2020

More than two-thirds of council websites do not adhere to GDPR on consent, investigation finds

A BBC investigation into 400 council websites across the UK has found that more than two-thirds did not appear to ask for the correct form of consent under GDPR.
Jan 30, 2020

University pays out more than £142,000 to affected students after data breach

The University of East Anglia has paid out £142,512 to students after their personal details were mistakenly sent to hundreds by email.
Jan 07, 2020

Council officer ordered to pay £900+ after accessing social care records without authorisation

A former Reablement Officer at Walsall Metropolitan Borough Council has been prosecuted by the Information Commissioner’s Officer for accessing social care records without authorisation.
Dec 18, 2019

Councillor from neighbouring authority fails in bid to obtain legal advice on planning application after Tribunal upholds privilege

The First-tier Tribunal (General Regulatory Chamber) has rejected an appeal lodged against the Information Commissioner by a member of Leeds City Council concerning a planning application for a field adjacent to his ward but in Harrogate Borough Council’s area.
Dec 09, 2019

Former council worker sentenced for unlawfully obtaining personal data

A former social services support officer at Dorset County Council has been prosecuted for accessing social care records without authorisation.
Dec 04, 2019

ICO consults on new draft guidance on Subject Access Requests under GDPR

The Information Commissioner has launched a consultation on new draft guidance for organisations on how to handle Subject Access Requests (SARs) under the GDPR.
Dec 04, 2019

ICO regulatory enforcement lawyer moves to St John’s Buildings

A regulatory enforcement lawyer at the Information Commissioner’s Office, Aaminah Khan, has joined St John’s Buildings.
Dec 02, 2019

Information Commissioner consults on draft guidance for explaining use of AI in decision-making about individuals

The Information Commissioner’s Office has launched a consultation on new draft guidance for organisations using, or thinking about using, artificial intelligence (AI) to support or make decisions about individuals.
Nov 28, 2019

Met Police agrees to delete information after referral of primary school age child under Prevent programme

The Metropolitan Police has agreed to delete information relating to a referral of a primary school age child under the government’s Prevent programme, and other referring authorities have also agreed to correct and delete the relevant records.
Nov 15, 2019

Information watchdog updates guidance for data controllers on protecting ‘special category data’

The ICO has issued updated guidance on special category data, to which data controllers must give extra protection under the GDPR.
Nov 13, 2019

Information watchdog consults on being granted investigation and other powers under POCA

The Information Commissioner has launched a consultation on her office being granted access to investigation and other associated powers under the Proceeds of Crime Act 2002 (POCA).
Nov 01, 2019

Tribunal orders council to disclose instructions sent to QC over motion for ‘call-in’ of planning applications

The First-tier Tribunal has ordered Ryedale District Council to disclose the briefing question it sent to a Queen’s Counsel seeking advice on a motion in which councillors sought for competing retail planning applications to be ‘called in’.
Oct 31, 2019

Information Commissioner issues first ‘Opinion’ under Data Protection Act

The Information Commissioner, Elizabeth Denham, has issued her first Commissioner’s Opinion under the Data Protection Act 2018, setting out her advice and recommendations on the police’s use of ‘live facial recognition’ (LFR).
Oct 31, 2019

Upper Tribunal orders fresh hearing in dispute over refusal by council to disclose advice of independent person

A local resident who complained about the conduct of a councillor at Stratford-on-Avon District Council over a planning matter has secured a fresh hearing over the council’s refusal to disclose advice given by an independent person.
Oct 29, 2019

Victim of serious crime receives compensation for data breach by public inquiry

A victim of serious crime whose personal information was shared by a public inquiry with third parties in a serious personal data breach has been paid compensation greater than the amounts awarded by courts thus far, it has been reported.
Sep 16, 2019

Councils withholding or heavily redacting information requested under Local Audit and Accountability Act 2014: report

Local authorities are refusing to let the public access key information on how their money is being spent, the Bureau of Investigative Journalism has claimed.
Sep 10, 2019

NHS trust launches investigation into serious data breach at gender identity clinic

The Tavistock and Portman NHS Foundation Trust has said it is investigating a data security incident reportedly involving the Charing Cross Gender Identity Clinic.
Sep 05, 2019

Divisional Court dismisses legal challenge over police use of automated facial recognition

A Divisional Court has dismissed a challenge to police use of Automated Facial Recognition (AFR) in what is thought to be the first time any court in the world has considered the technology.
Aug 27, 2019

Information watchdog identifies three key GDPR compliance challenges for town and parish councils

The Information Commissioner’s Office has set out what it considers to be the three GDPR compliance challenges for town and parish councils.
Aug 16, 2019

ICO to investigate legality of landlord’s use of facial recognition technology

The use of facial recognition technology at an office, leisure and retail development in King's Cross is to be investigated for compliance with data protection rules, the Information Commissioner has said.
Jul 16, 2019

Information Commissioner consults on updated code of practice for data sharing

The Information Commissioner’s Office has launched a consultation on an updated code of practice for data sharing.
Jun 05, 2019

Information Commissioner says £325 charge for accessing environmental information “unreasonable”

A charge of £325 imposed by Folkestone and Hythe District Council for accessing environmental information was unreasonable, the Information Commissioner’s Office has said in a decision notice.
May 22, 2019

High Court hears legal challenge to police use of automated facial recognition

The High Court, sitting in Cardiff, is this week hearing the first challenge to the use of automated facial recognition by UK police.
May 01, 2019

Surveillance Camera Commissioner warns against blanket use of CCTV recording in taxis and PHVs

Blanket use of CCTV recording in taxis and private hire vehicles would be disproportionate and should be imposed only where a strong justification exists, the Surveillance Camera Commissioner has said.
Apr 30, 2019

Nearly half a million FOI requests made to councils each year: research

Around 467,000 Freedom of Information (FOI) requests are now made to local councils every year — almost double a previous estimate by UCL’s Constitution Unit in 2010, research by mySociety has found.


September 13, 2019

Digital duties

Monitoring Officers must ensure good governance over data and social media, writes David Kitson.
September 13, 2019

Brexit and data protection

Damien Welfare sets out what you need to know when it comes to Brexit and data protection.
September 06, 2019

Automated facial recognition, privacy and data protection law

The Divisional Court has found that police use of automated facial recognition was a justified privacy intrusion. Robin Hopkins sets out the key findings in a landmark case.
July 05, 2019

GDPR: one year on

What have we learned from the 12 months that the General Data Protection Regulation has been in force? Ibrahim Hasan reports.
June 28, 2019

GDPR and enforcement notices

Ibrahim Hasan examines the lessons to be learned from the first two GDPR enforcement notices.
Data inspection iStock 000008204804XSmall 146x219
June 07, 2019

Data protection and wider complaints or disputes

Andrew Gallie looks at how issues may arise in practice when data protection is used as part of a wider complaint, and suggests some pointers on how to respond.
Police photo iStockphoto standard 146x219
May 31, 2019

Sharing data and law enforcement

The High Court has issued an important ruling on sharing data for law enforcement purposes. Alessandra Gettins, Hugh Giles and Andrew Latham look at the lessons for police forces and their partner agencies.
Environment 146x219
April 05, 2019

Housing associations and the EIR

Peter Coe and Eeshma Qazi examine whether or not housing associations should comply with the environmental information regulations.
Internet New 47833064 s 146x219
March 28, 2019

Social work spies? (Yes, you over there I’m talking to you…)

Lucy Reed examines the lawfulness of social workers using Facebook and employing other techniques to gather evidence in child protection cases.
Predictive Analytics 77163075 s
March 01, 2019

Predictive analysis – an introduction and considerations

Paul Feild examines the legal and other issues raised by the use by local authorities of predictive analysis, 'Big Data' and machine learning.
Data protection iStock 000011177922XSmall 146X219
January 11, 2019

Making GDPR British

New regulations set out the UK’s post Brexit data protection landscape. Ibrahim Hasan sets out the key points.
Data inspection iStock 000008204804XSmall 146x219
November 23, 2018

Revised s.45 Code of Practice under FOI

Ibrahim Hasan highlights the key points from the new version of the s.45 FOIA Code of Practice.
Drone 36244709 s 146x219
November 09, 2018

New RIPA Codes of Practice

Ibrahim Hasan looks at the key changes in the new RIPA Codes of Practice for Surveillance and Covert Human Intelligence Sources (CHIS).
Data protection iStock 000011177922XSmall 146X219
October 26, 2018

Vicarious liability for data breaches

The Court of Appeal has dismissed supermarket group Morrisons’ appeal over being found vicariously liable for a data breach caused by a rogue employee. Robin Hopkins analyses the ruling.
Data inspection iStock 000008204804XSmall 146x219
September 28, 2018

Information law roundup

Sarah Thorley rounds up recent developments that those dealing with information law in the public sector should be aware of.
Data protection iStock 000011177922XSmall 146X219
July 27, 2018

Mixed data in the Court of Appeal

The Court of Appeal has considered the correct approach to dealing with mixed personal data. Rupert Paines analyses its ruling.
Data inspection iStock 000008204804XSmall 146x219
July 27, 2018

GDPR and civil claims

Kate Bear analyses some of the areas of concern for local authorities when it comes to GDPR and the handling of civil claims.
Camera 146x219
June 15, 2018

Serving surveillance evidence

When should surveillance evidence be served? Catherine Burt looks at the lessons from a recent appeal involving a city council.
Contract 2 iStock 000003466551XSmall 146x219
June 08, 2018

GDPR and procurement

The introduction of the GDPR has significant implications for procurement practice, writes Jenny Beresford-Jones.
Data inspection iStock 000008204804XSmall 146x219
May 25, 2018

GDPR: updating privacy notices

Are you caught in a last minute rush to update your privacy notice to comply with the forthcoming General Data Protection Regulation (GDPR)? Ibrahim Hasan considers what is involved.