Did I miss media reports of this case ? The High Court ruled last month that the Information Commissioner was right to pursue a case against the Home Office in relation to a certificate signed by David Blunkett, when he was Home Secretary, blocking disclosure of personal data, in response to a freedom of information request, on national security grounds. The Home Office had asked the High Court for a judicial review of a decision by the Information Tribunal in July 2005 to quash the certificate.
FoI junkies should read the decision in full, the crux of which is contained in paragraphs 36 to 44. Someone made a data subject request to the Home Office and, not satisfied with the response, then complained to the Information Commissioner. The Commissioner's office then engaged in a protracted exchange of letters with the Home Office, extracts of which are provided in the decision. When it became clear to officials that their fencing wasn't disuading the Assistant Commissioner, they got David Blunkett to sign a gagging order. Next step the Information Tribunal where the government argued, as I understand it, that the Information Commissioner had no right to appeal Mr Blunkett's "section 28" gagging order. The Tribunal disagreed and quashed the section 28 certificate.
The government then basically made the same argument to the High Court i.e. that the Information Commissioner had no right to question the Home Secretary's decision to issue a section 28 notice on national security grounds:
"Exemption from disclosure either is or is not required for the purpose of safeguarding national security. Accordingly, if it is exempt from disclosure the Commissioner has no powers which he can exercise under Part V, and accordingly has no function to perform in relation to those powers which could entitled him to second guess a Ministerial Certificate."
Mr Justice McKay, like the Tribunal, rejected this notion, concluding that section 51 of the Data Protection Act:
"entitles, if not requires, the Commissioner, if he considers it appropriate, to "check" (to use the language of the Directive) whether an exemption under section 28 has been properly claimed. If it has not, it is a necessary corollary that the data controller has not "observed" the requirements of the Act. He has failed to give the data subject access to material which is not exempt by reason of section 28. As the Tribunal has said, the consequence is that the Commissioner is entitled to seek to satisfy himself that the material is indeed exempt under section 28. The claimant can then decide whether the material can be disclosed to the Commissioner without that disclosure damaging national security."
It's an interesting and potentially worrying result for a government currently engaged in efforts to undermine the transparency facilitated by the Freesom of Information Act. I have no idea whether there were real national security issues at stake in this case or not and that is a question to be determined by further proceedings. But in principle it has to be correct that the Commissioner has the right to check the exercise of arbitrary power, does it not?