What is Freedom of Information?

FoISA applies to practically all public bodies in Scotland, including local authorities, the NHS, Colleges and Universities, the police, the Scottish Parliament and the Scottish Government. FoISA also applies to companies wholly owned by a public authority and, if designated, it may even apply to private companies carrying out a function for a public authority, for example under a contract. A full list of the organisations affected is set out in the Act and further bodies can be added by the Scottish Ministers. FoISA applies to Queen Margaret University because it falls within the category of higher education institutions and is therefore a public authority for the purposes of FoISA.

The University has been required to develop a publication scheme so that the public can see what sort of information it holds. Where information is not proactively made available through this scheme, QMU will have to respond to specific requests for information. FoISA allows anyone (individual or organisation), anywhere to ask for information from a Scottish public authority. It does not matter how old the information is or why it was created, if the authority holds the information then it will have to give access to it, provided that an exemption does not apply.

The Environmental Information (Scotland) Regulations came into effect on 1 January 2005. Every Scottish public authority now has a duty to make available environmental information on request. Although the intention of both pieces of legislation is to allow the public access to information, there are some differences between the two that are highlighted on the Office of the Scottish Information Commissioner's (OSIC)

The Data Protection Act 2018 sets out the data protection framework in the UK, alongside the UK GDPR, and came into effect on 25 May 2018. It was amended on 01 January 2021 by regulations under the European Union (Withdrawal) Act 2018, to reflect the UK’s status outside the EU.

The Data Protection Act 2018  aims to secure individuals' rights to privacy by protecting information that is held about them. Any authority that handles personal data must comply with the data protection principles which control how such data is processed. These principles include, amongst others, that personal data should be fairly and lawfully processed.

Further information on FoISA and the Data Protection Act is available on these webpages.

FoISA is enforced by the Scottish Information Commissioner. The Commissioner has a wide variety of powers under FoISA to ensure compliance, and QMU could be found in contempt of court if it fails to comply with a notice issued by the Commissioner.

The Commissioner is a fully independent public official, and has duties and legal powers to ensure that the public get the information from Scottish public authorities to which they are entitled. The Commissioner has a number of responsibilities which include dealing with complaints, promoting good practice to authorities, informing the public about FoISA and enforcing it.

Complaints concerning requests can only be made to the Information Commissioner once an applicant has exhausted the authority’s review procedure. If an applicant is dissatisfied with the response from the authority, they can take their complaint to the Scottish Information Commissioner. If the Commissioner decides to proceed, they will request comments from the authority before deciding if the complaint is valid. The Commissioner will notify both the applicant and the authority of their decision.

The Scottish Information Commissioner has a duty under FoISA to promote good practice amongst public authorities, and further information on their approach to enforcement can be viewed was part of their Strategic Plan and Enforcement Policy.

The Data Protection Act 2018 aims to secure individuals' rights to privacy by protecting information that is held about them. Any authority that handles personal data must comply with the data protection principles which control how such data is processed. These principles include, amongst others, that personal data should be fairly and lawfully processed.

Individuals have the right to ask for personal data held about them. This is known as a subject access request. Under Freedom of Information legislation, a request by an individual for information about themselves will be exempt under freedom of information but will continue to be handled under the provisions of the Data Protection Act.

If someone makes a request for information about another living individual, this will be handled under the Freedom of Information (Scotland) Act, but certain data protection considerations will still apply, for example the authority will not have to provide the information if the disclosure would breach the data protection principles. If the authority decides that it may wish to disclose the information, then it should usually notify the individual and take account of their wishes, although, the authority does not have to be bound by the views of the individual.