Internal ICO correspondence reveals that the Information Commissioner was asked by the Ministry of Justice to justify Graham Smith’s (the Deputy Information Commissioner) pay rise. The ICO’s response was that Mr Smith had additional responsibilities, in particular it was claimed that:

“Graham Smith is increasingly consulted by the Cabinet Office and others on specific FOI cases”

Mr Smith is the Deputy Commissioner and Director of Freedom of Information for the ICO and “has lead responsibility for promoting and enforcing Freedom of Information.” In simple terms, he is the top boss of FOI regulation. If Mr Smith is giving advice to the public authorities on specific FOI cases which later come before the ICO as the regulator then it isn’t difficult to see that a potential conflict of interest could arise. Of course if Mr Smith kept detailed records of the cases he had advised upon and the advice he had given then conceivably it would be possible to put in place adequate safeguards to ensure he was not involved in signing off the relevant Decision Notices. In view of his wider responsibilities for FOI enforcement the situation would remain problematic.

No records were kept
We now know that Graham Smith keeps no records at all of the advice he gives:

ICO: “We have conducted searches of the ICO’s records and no information is held.

Graham Smith: “My meetings and discussions with the Cabinet Office occur only on an “as and when” basis. We do not have regular scheduled meetings. We never have a formal written agenda or minutes. When we do meet or talk on the phone the discussions are not always about specific cases. When they are, it could be one or any number of cases. Those cases may or may not be with the ICO. They might be Tribunal appeals or requests which have not and may never reach the ICO.” [Insert your own sarcasm here]

As no records at all are kept we can conclude that there are no adequate safeguards in place to manage the conflict of interest that arises from Graham Smith’s acting as both adviser and regulator to the Cabinet Office on specific FOI cases. Mr Smith should not be giving secret advice on live cases whilst working for the regulator.

Principles of public life
As a public official Graham Smith is subject to the 7 principles of public life. In particular, he is required to “… declare and resolve any interests and relationships” and to act “in an open and transparent manner.” He has done neither with respect to his advice. He is also subject to the following requirement:

“Holders of public office are accountable to the public for their decisions and actions and must submit themselves to the scrutiny necessary to ensure this.”

By not keeping any records whatsoever of his actions in advising the Cabinet Office Graham Smith has made it impossible for the public to scrutinise his actions or to hold him accountable for his advice.

Duty of Candour

The ICO is a party in all FOI Tribunal cases and Mr Smith has acknowledged that the cases on which he he gives advice “might be Tribunal appeals”. The Hearing Bundles – Good Practice Guide 2014 for FOI/EIR cases (not available online!) states that:

“The ICO is of course aware of their duty to put before the Tribunal all relevant evidence regardless of whether it is favourable to their own case or not – CIS/0473/2007 paras 36-37, a decision of Judge Jacobs, when a Social Security Commissioner”

If Graham Smith is discussing Tribunal appeals with the Cabinet Office and the Cabinet Office happen to reveal facts unfavourable to the Cabinet Office’s case then Christopher Graham would appear to have a duty to ensure the Tribunal is made aware of those facts. Keeping no records when discussing active Tribunal cases whatsoever does not sit at all well with the ICO’s duty of candour.

Independence from Government

The ICO used to have a “.gov.uk” domain name but moved to a “.org.uk” domain to ensure it is perceived by the public as being independent of government. The ICO indeed works in mysterious ways. On the one hand the ICO is spending our money to create a public veneer of independence online whilst at the same time spending more of our money on Mr Smith’s pay rise for giving secret advice to the Cabinet Office.

The Freedom of Information Act 2000 gives requesters a general right of access to official information subject to (lots of) specific exceptions. The Act also gives requesters a right to apply for a decision from the Information Commissioner (see Section 50). The word used in Section 50 is “apply” rather than complain or report a concern. The words used in Acts of Parliament matter. The word “apply” means that it is perfectly fine for a requester to ask the ICO to review a decision even if the requester is 90% certain that the public authority has acted within the law. A requester does not need to have a cause for complaint or a concern.

Section 50 requires the requester to provide very little information to the Information Commissioner. The requester has to apply for a decision as to “whether, in any specified respect, a request […] has been dealt with in accordance with the requirements of Part I.” Clearly, it would make sense to give the ICO your name and some means of contacting you and if you don’t you could be deemed to have abandoned the application. It will also be helpful to provide the ICO with access to a copy of your request and any subsequent correspondence. I would suggest, firstly that there is no need to complete any kind of form and secondly that the ICO’s ‘Report a Concern’ form is particularly inappropriate.

The form is not particularly easy to find – when I go on the ICO’s website I find I have to complete a short survey just to get to it.

What don’t I like about the ICO’s form?

The title of the form makes no reference to applying for a decision or even making a complaint. Nowhere in the whole form does it refer to seeking a decision. For that reason the Information Commissioner’s obligations under Section 50(2)-(3) are not triggered and the ICO can safely ignore your ‘concerns’.

A lot of the information the ICO asks for simply isn’t needed. Sections 1, 4, 5 and 6 contain text fields but would actually be better addressed by forwarding all correspondence, or where applicable, simply sending the ICO a link to the request page on WhatDoTheyKnow.

Section 2 asks for your relationship with the organisation – the whole of Section 2 will always or almost always be irrelevant for FOI requests.

Section 3 will be relevant but again uses the “your concern” wording rather than applying for a decision.

Section 7 asks for your contact details and contains about 15 fields – in most cases a name and email address would suffice.

Section 8 – where do I start? The ICO asks for a four point declaration from the requester that the requester is under no obligation to provide when seeking a decision under Section 50. When it says “I have included all the necessary supporting evidence” – what does that even mean in the context of reporting a concern? In fairness, the declaration does not read like it is meant to be a formal legal declaration but in my mind that makes it even less suitable for making Section 50 applications. Version 1.0 of the ICO’s form did not contain a declaration.

Section 9 is instructions on submitting the form which appears to be steering people towards submission by email and suggests requesters use “Concern about accessing information” in the subject line.

Can the ICO really ignore a ‘concern’?

Some readers may think that the ICO couldn’t ignore a valid concern or that the choice of words in the ICO’s form is accidental but note the ICO’s Service Standards “It is up to us to decide whether or not we should take further action.” – this wording is clearly inconsistent with Section 50(2) of the Act. Even on the ICO’s own analysis reporting a concern does not engage the Commissioner’s obligations under Section 50.

It wasn’t always like this – back in 2006, the ICO explicitly acknowledged the Commissioner’s obligation to rule on complaints. “Your complaint will be allocated to a caseworker and if we cannot resolve your complaint informally, the Information Commissioner will issue a Decision Notice.”

The Scottish Information Commissioner gets it

The Scottish Information Commissioner’s form is called an application form and there is a clear link between application and decision – see for example paragraphs 2 and 16 of A guide for applicants.

Suggested alternative

I would suggest sending an email to the ICO. The wording will depend on what you want the ICO to make a decision on but the wording below could be adapted in most cases where the requester would like the ICO to rule on whether more information should have been released.


Dear Information Commissioner,

I am writing to apply for a decision under Section 50 of the Freedom of Information Act 2000 with respect to a request I made under the Act. I seek a decision as to whether or not the [name of public authority] complied with Section 1(1) of the Act when it withheld information I had requested. In particular, I would like the Commissioner to rule on whether the [list out the exemptions the public authority cited] can apply to all of the information withheld.

My request and all related correspondence are attached.

[Or: My request and all related correspondence can be accessed here: WhatDoTheyKnow URL]

Please acknowledge receipt.

many thanks,

[your full name]