G Brida v The Information Commissioner

The public authority in this appeal is the Information Commissioner. I shall refer to the Information Commissioner as public authority as ‘the ICO’. I shall refer to the Information Commissioner as Regulator and party to these proceedings as ‘the Commissioner’.

This is an appeal against the Commissioner’s decision notice IC-219436-J1G5 of 17 March 2023 which held that the ICO were entitled to rely on section 14(1) of the Freedom of Information Act 2000 (FOIA).

The Commissioner did not require the public authority to take any steps.

By email dated 17 October 2023 Mr. Brida made an application under rule 4(3) of the Tribunal Procedure (First-tier Tribunal) (General Regulatory Chamber) Rules 2009 for his application for disclosure and directions made in his Reply and determined by the Registrar on 6 October 2023 to be considered afresh. This application was heard and determined at the start of the substantive hearing. For the reasons given orally in the hearing the applications were refused or not pursued by Mr Brida.

The appellant sets out the background to the appeal in his notice of appeal as follows:

The appeal relates to the following request made on 18 January 2023:

The ICO responded on 15 February 2023. They refused to comply with the request on the basis that it was vexatious. The ICO upheld its decision on internal review on 28 February 2023.

The appellant referred the matter to the Commissioner on 2 March 2023.

In a decision notice dated 17 March 2023 the Commissioner decided that the ICO was entitled to rely on section 14 FOIA.

The Commissioner acknowledged that the ICO considered that the motive of the requester is to cause undue disruption. He noted the frequency of the other requests and that the requests follow a similar theme. The Commissioner found that the ICO was correct to handle the request of 18 January 2023 as a new request.

The Commissioner noted that the complainant had requested a large number of different policies and documents referenced in a piece of guidance that was previously disclosed by the ICO, and that the ICO had already previously provided the complainant with enough information to provide a good understanding of its complaint handling process. He considered that this lessened the value of the request and supported the argument that the request was vexatious.

Having balanced the purpose and value of the request against the detrimental effect on the ICO, the Commissioner was satisfied that the request was not an appropriate use of FOIA procedure and concluded that the request was vexatious.

In essence, the grounds of appeal are:

The appellant raises a number of issues relating to the Commissioner’s approach to assessing vexatiousness which can be subsumed in the tribunal’s full merits review.

The Commissioner remains of the view that the ICO was correct to process the 18 January 2023 request as a new request for information, because the 5 January 2023 request was fairly broad.

The Commissioner explained in his Decision Notice why he deemed the 18 January 2023 request to be vexatious:

The Commissioner acknowledged that there was purpose and value in the request (DN 29) but explained that the volume of specific further documents required in this case (and the burden this would impose to comply) set in the context of the resources already available to the appellant explaining and describing how the ICO handles DSAR's, ICO service complaints and case reviews, lessened the value of complying with this request.

The Commissioner acknowledged in his DN that, “the ICO considers that the motive of the requester is to cause undue disruption.” (DN 25). At the heart of this FOIA request is the appellant’s dissatisfaction regarding the Commissioner’s handling of a previous complaint he had made about a third party data controller’s handling of a subject access request, specifically its use of the legal professional privilege exemption. The appellant’s section 166 appeal under the Data Protection Act 2018 regarding this was not admitted as it was out of time and the First-tier Tribunal did not consider that his grounds were compelling enough to accept the late appeal. The appellant has sought permission to appeal to the Upper Tribunal against this refusal but this is currently outstanding.

Accordingly, noting Dransfield, taking a holistic view of the background and circumstances of this request, balancing its serious purpose and value against the impact of complying due to the burden this would impose, the Commissioner submits that the 18 January 2023 request was correctly categorised as vexatious under section 14(1) FOIA.

The Commissioner submits that the way in which the investigation is conducted is outside the tribunal’s jurisdiction, and any complaints about the way in which the decision was reached will be cured by the right to a full rehearing on the merits. Criticism of the Commissioner’s internal guidance falls outside the tribunal’s jurisdiction.

The Commissioner filed a supplementary response dated 11 August 2023. The Commissioner noted that some of the documents provided by the appellant post-dated the Decision Notice and would not have been taken into account. The Commissioner nevertheless reviewed those documents and confirmed that it did not alter the upholding of section 14 in the Decision Notice.

In relation to documents provided by the appellant pre-Decision Notice, the Commissioner identified two categories of document that he had not taken into account. The first were complaints about the service provided by ICO staff. They are outside the scope of the Decision Notice and outside the tribunal’s jurisdiction. The second were copies of requests made to other public authorities. These were not taken into account save for those requests that provided context.

In relation to the appellant’s Judicial Review pre-action protocol letter dated 31 May 2023 the Commissioner submits that the appellant appears to be using two separate legal processes to try to address his concerns. This ‘scattergun’ approach dilutes the value and serious purpose of his request, and is a duplication of judicial resource.

The Commissioner recognises the origin of the appellant’s concern was a subject access request complaint made to the ICO regarding a third party organisation’s application of the Legal Professional Privilege exemption under the Data Protection Act 2018. The ICO did not progress the appellant’s complaint because he had already been provided with the exempt material by another organisation. The Commissioner submits that as the appellant had obtained the required information (albeit from a different organisation than the one he had complained to the ICO about) this effectively rendered his complaint academic. The Commissioner submits that this amplifies the lack of serious purpose and value behind the request which is the subject of this appeal.

The appellant’s reply contains an application for disclosure and further particulars and other directions. We have extracted the most relevant parts below, but have taken account of the entire reply where relevant to the issues we have to determine.

The appellant submits that his purpose in requesting the information is ‘to obtain the Commissioner’s internal operating guidance so as to hold him to account in the forum of legal proceedings concerning the way that guidance was applied to a DSAR complaint by the appellant’. Since the ICO was aware these documents were sought to be used in legal proceedings there can have been no question of vexatiousness.

The appellant contends that the ICO should have followed his own guidance and made appropriate enquiries by for example seeking out such evidence before making defamatory allegations. The Commissioner should have made his own enquiries rather than relying on the word of the ICO, and should have known in any event that the information was required for legal proceedings.

The appellant submits that:

The appellant submits that the assertion that his motive was to cause undue disruption is shown to be false by the evidence and is unsustainable.

The appellant submits that his observations in regards to the ICO’s internal guidance are not only valid considerations as to the factual matrix but also go perfectly properly to the real reason for refusing the appellant’s FOIA request potentially being something other than vexatiousness.

The appellant submits that the need for multiple legal processes as well as involving other public bodies such as the Parliamentary Ombudsman, whilst regrettable, is the (direct) result of the Commissioner’s own (vexatious) conduct for example in seeking to deny the appellant his legal rights by refusing to issue a decision notice in regards to the FOIA request of 5 January 2023. It is entirely legitimate for a litigant to protect their position and to utilise every available avenue.

The appellant submits that the Commissioner is conducting himself unreasonably and vexatiously. Failing to accept his own decision on legal privilege in the DSAR case and failing to accept the compelling evidence that there was no vexatiousness or ulterior motive on the part of the appellant are but two examples.

The appellant submits that it is not true that the appellant had already had all the information requested in the SAR (see pA122, email from the appellant dated 20 September 2022).

The Commissioner acknowledged that he was aware that within the subject access complaint the appellant raised the issue that the data controller may have held further information over and above that which was already in his possession. The ICO did not establish the extent of any further information which may have been held by the data controller over and above that which was already accessible to the appellant however in any event he was satisfied that the Legal Professional Privilege exemption under the Data Protection Act 2018 had been correctly applied. The Commissioner remains of the view that this amplifies the lack of serious purpose and value behind the FOIA request which is the subject of this appeal.

The appellant submits that the legal professional privilege exemption cannot possibly have been complied with not least because that was the ICO's own view in the outcome of the appellant's complaint under reference RFA0809181 concerning the same data controllers and (at least some of) the same personal data.

The appellant made oral submissions at the hearing which the tribunal took into account where relevant.

The issue for the tribunal to determine is whether or not the requests are vexatious within section 14 FOIA.

Guidance on applying section 14 is given in the decisions of the Upper Tribunal and the Court of Appeal in Dransfield ([2012] UKUT 440 (AAC) and [2015] EWCA Civ 454). The tribunal has adapted the following summary of the principles in Dransfield from the judgment of the Upper Tribunal in CP v Information Commissioner [2016] UKUT 427 (AAC).

The Upper Tribunal held that the purpose of section 14 must be to protect the resources of the public authority from being squandered on disproportionate use of FOIA (para 10). That formulation was approved by the Court of Appeal subject to the qualification that this was an aim which could only be realised if ‘the high standard set by vexatiousness is satisfied’ (para 72 of the CA judgment).

The test under section 14 is whether the request is vexatious not whether the requester is vexatious (para 19). The term ‘vexatious’ in section 14 should carry its ordinary, natural meaning within the particular statutory context of FOIA (para 24). As a starting point, a request which is annoying or irritating to the recipient may be vexatious but that is not a rule.

Annoying or irritating requests are not necessarily vexatious given that one of the main purposes of FOIA is to provide citizens with a qualified right of access to official documentation and thereby a means of holding public authorities to account (para 25). The Commissioner’s guidance that the key question is whether the request is likely to cause distress, disruption, or irritation without any proper or justified cause was a useful starting point as long as the emphasis was on the issue of justification (or not). An important part of the balancing exercise may involve consideration of whether or not there is an adequate or proper justification for the request (para 26).

Four broad issues or themes were identified by the Upper Tribunal as of relevance when deciding whether a request is vexatious. These were: (a) the burden (on the public authority and its staff); (b) the motive (of the requester); (c) the value or serious purpose (of the request); and (d) any harassment or distress (of and to staff). These considerations are not exhaustive and are not intended to create a formulaic check-list.

Guidance about the motive of the requester, the value or purpose of the request and harassment of or distress to staff is set out in paragraphs 34-39 of the Upper Tribunal’s decision.

As to burden, the context and history of the particular request, in terms of the previous course of dealings between the individual requester and the public authority in question, must be considered in assessing whether the request is properly to be described as vexatious. In particular, the number, breadth, pattern, and duration of previous requests may be a telling factor [para 29]. Thus, the greater the number of previous FOIA requests that the individual has made to the public authority concerned, the more likely it may be that a further request may properly be found to be vexatious. A requester who consistently submits multiple FOIA requests or associated correspondence within days of each other or who relentlessly bombards the public authority with email traffic is more likely to be found to have made a vexatious request [para 32].

Ultimately the question was whether a request was a manifestly unjustified, inappropriate, or improper use of FOIA. Answering that question required a broad, holistic approach which emphasised the attributes of manifest unreasonableness, irresponsibility and, especially where there was a previous course of dealings, the lack of proportionality that typically characterises vexatious requests (paras 43 and 45).

In the Court of Appeal in Dransfield Arden LJ gave some additional guidance in paragraph 68:

Nothing in the above paragraph is inconsistent with the Upper Tribunal’s decision which similarly emphasised (a) the need to ensure a holistic approach was taken and (b) that the value of the request was an important but not the only factor.

The lack of a reasonable foundation to a request was only the starting point to an analysis which must consider all the relevant circumstances. Public interest cannot act as a ‘trump card’. Rather, the public interest in the subject matter of a request is a consideration that itself needs to be balanced against the resource implications of the request, and any other relevant factors, in a holistic determination of whether a request is vexatious.

The tribunal’s remit is governed by s.58 FOIA. This requires the tribunal to consider whether the decision made by the Commissioner is in accordance with the law or, where the Commissioner’s decision involved exercising discretion, whether he should have exercised it differently. The tribunal may receive evidence that was not before the Commissioner and may make different findings of fact from the Commissioner.

We read and took account of an open bundle.

We make the following findings of fact based on the evidence before us on the balance of probabilities. We have placed the request in issue in this appeal in bold, to show its position in the chronology of the course of dealings between the appellant and the ICO.

In about 2018 the appellant was involved in a consumer dispute with his mobile provider, which lead to a dispute with his legal expenses insurer. In 2018 the appellant made a complaint to the ICO about the way in which ARC Legal Services had acted in response to a subject access request.

On 12 October 2020 the ICO provided an outcome (p A254). They stated:

On 26 November 2021 the appellant made a subject access request to Trowers & Hamlins LLP (‘Trowers’). This request was largely, but we accept not entirely, for information that had been provided by ARC Legal Services.

On 7 February 2022 the appellant contacted the ICO to complain that Trowers had breached its data protection obligations.

On 23 May, the appellant asked the ICO to clarify some points and to provide him with a copy of the ICO’s Accountability Checklist for controllers’ document. The ICO replied to him on 27 May 2022.

The appellant made some further points and asked additional questions of the ICO on 1 June. The appellant also referred to his complaint in 2020 and the ICO’s view on the exemption of legal privilege given in the outcome letter on 12 October 2020.

The ICO replied on 14 June. On the same day, the appellant emailed the ICO, attaching copies of previously unseen correspondence. The appellant suggested to the ICO case officer, that the ICO should use its enforcement powers, stating it is ‘a clear case of wilful non-compliance by a firm of solicitors which, as such, should know better.’

The ICO acknowledged receipt of the appellant’s concerns on 1 July and advised that the case officer would be looking into this matter further.

On 17 August 2022 the ICO provided an outcome to the complaint (p A123). They stated:

The appellant replied to this letter by email dated 20 (or 30) September 2022. In that email he made two broad points:

The ICO replied on 24 October 2022 as follows (p 1119):

In response to this the appellant wrote to the ICO on 28 November 2022 (p A118). In that letter he asked for disclosure of evidence to support the assertion that ‘The reason we felt the information ought to be provided in RFA0809181 was because privilege had already been waived to part of the material involved’ because his understanding was that the ICO’s legal department had considered that the exemption could not be relied upon because joint interest privilege applied. He asked for this request to be treated under the Data Protection Act and/or FOIA as appropriate. In this letter the appellant also asked for the letter to be treated as a case review ‘if we are unable to resolve this matter informally’.

On 30 November 2022 the case officer acknowledged the request for a case review. On 14 December 2022 the reviewing officer did not uphold the complaint and agreed with the ICO case officer’s conclusion.

The ICO treated the letter of 28 November 2022 as a subject access request and responded on 22 December 2022, providing some information and withholding some information (p E287).

On 5 January 2023 the appellant wrote to the reviewing officer in response to the outcome of 14 December and asked her to reconsider her decision. The reviewing officer replied on 6 January 2023 to say ‘we do not intend to enter into further correspondence about this matter’.

On 5 January 2023 the appellant also wrote to the ICO in response to the SAR response given on 22 December 2022. In that letter the appellant made a follow up request under FOIA (p A116):

The appellant wrote to the ICO on 9 January 2023 asking to add the following to his request of 5 January 2023:

On 13 January 2023 the appellant filed an application with the First-tier Tribunal under section 166 DPA in relation to his complaint to the Commissioner about Trowers (EA/2023/0039/GDPR). (On 13 May 2023 the First-tier Tribunal refused to exercise its discretion to extend time to admit the application and Mr. Brida has applied to the Upper Tribunal for permission to appeal this decision. That application has yet to be determined).

On 16 January 2023 the ICO responded to the request of 5 January (p E291). The ICO explained that the requested information was technically exempt from disclosure under section 21 FOIA as it was reasonably accessible to the appellant on the ICO’s website. The ICO however provided links to the relevant information.

On 17 January 2023 the appellant submitted a judicial review Letter of Claim to the ICO, complaining about the way in which the ICO had handled his subject access request complaint. In that correspondence he states:

On 18 January 2023 the appellant wrote to the ICO (p C267). In that letter the appellant states:

The ICO treated this a new request for information.

On 26 January 2023 the ICO responded to the 9 January 2023 request (p E294). The ICO provided the requested job description and person specifications and explained that it had already responded to the latter part of the request in its response of 16 January 2023 to the 5 January 2023 request.

On 10 February 2023 in response to the letter before action sent on 17 January 2023 the ICO informed the appellant that they had decided to undertake a further review of the ICO’s decision relating to the appellant’s data protection complaint about Trowers.

The ICO responded to the request of 18 January on 15 February 2023 (although the letter is dated 25 February 2023) (p C268) refusing the request on the basis that it was vexatious. The letter states:

The appellant requested an internal review of this response on 21 February 2023 and the ICO upheld its position on 28 February 2023.

On 1 March 2023 the ICO wrote further to the appellant in response to his complaint about Trowers and the letter of claim dated 17 January 2023. The letter explained that the ICO had decided to undertake a further review, and stated that it was the reviewing officer’s view that ‘we could have dealt with your complaint differently and that further work is required’. The letter asked the appellant to send in a full, unredacted copy of any relevant supporting documents and stated that the ICO would contact Trowers to see if they wished to provide any relevant information.

On 1 March 2023 the appellant requested an internal review of the request made on 4 January 2023, asserting that the email of 18 January 2023 should not have been treated as a new information request.

On 21 March 2023 the ICO provided the outcome to this internal review, stating that the email of 18 January 2023 was requesting information outside the scope of the request of 5 January 2023 and so it was right to treat it as a new request.

On 24 March 2023 the appellant submitted a service complaint to the ICO complaining about the treatment of the 18 January 2023 email as a new request and asking the ICO to reconsider its decision on vexatiousness.

On 13 April 2023 the ICO replied, in essence stating that this had been dealt with in the Decision Notice under appeal and that the route of challenge was an appeal to the tribunal. The ICO stated:

On 20 April 2023 the appellant informed the ICO that he was unwilling to withdraw the service complaint.

On 24 April 2023 the ICO informed the appellant that it had decided not to deal with the service complaint of 24 March 2023 under section 50(2)I (frivolous and vexatious complaints).

On 31 May 2023 the appellant issued a pre-action protocol letter of claim in a further Judicial Review action against the ICO. This judicial review relates to the decision by the ICO to invoke section 50(2)I FOIA to refuse to investigate the service complaint of 24 March 2023. The ICO responded on 13 June 2023.

Although the four broad issues or themes identified by the Upper Tribunal in Dransfield are not exhaustive and are not intended to create a formulaic check-list, they are a helpful tool to structure our discussion. In doing so, we have taken a holistic approach and we bear in mind that we are considering whether or not the request was vexatious in the sense of being a manifestly unjustified, inappropriate or improper use of FOIA.

Although the appeal relates only to this request, when assessing the burden on the ICO we must consider the context and history of the particular request, in terms of the previous course of dealings between the individual requester and the ICO in assessing whether the request is properly to be described as vexatious. Although this does take account of the previous actions of the individual requestor, this is in accordance with the approach of higher authorities, and therefore the approach that this tribunal should take.

That is why the examples provided by the appellant of other public authorities’ responses to similar requests are not of assistance.

In looking at the context and history, we take account of matters that had occurred by the time the ICO responded to the request, not matters that have occurred since. A significant amount of the matters set out in our chronology above occurred after the response and therefore are not part of the relevant context and history.

Aside from the three previous information requests (one under DPA and two under FOIA), the ICO and the Commissioner do not detail or rely on the previous course of dealings between the ICO and the appellant. In our view, at least some of the previous course of dealings is relevant to the overall burden on the ICO.

At the point at which the ICO responded to the request, the following had taken place which the tribunal considers to be ‘business as usual’ for the ICO:

We do not consider that the initial handling of these complaints is relevant to the overall burden on the ICO.

Thereafter we accept that there is some related burden on the ICO arising out of the appellant’s dissatisfaction with the outcome provided on 17 August 2022. Between the outcome provided on 17 August 2022 and the ICO’s response to the current request, the appellant had done the following, all arising out of that outcome:

In our view, it is legitimate to take all the above into account when assessing the burden on the ICO of the current request. All those matters relate to the appellant’s dissatisfaction with how the ICO dealt with his complaint about Trowers.

We deal first with the series of four requests for information, culminating in the current request, made between 28 November 2022 and 18 January 2023.

The subject access request of 28 November 2022 was for evidence to support the assertion that ‘(t)he reason we felt the information ought to be provided in RFA0809181 was because privilege had already been waived to part of the material involved’. It was replied to on 22 December 2022.

The FOI request of 5 January 2023 asked for the ICO’s internal case handling guidelines for DSAR’s, ICO service complaints and case reviews. The appellant stated ‘In order to minimise the work involved, I would be happy to receive the index/content to same at this stage and to advise which specific sections I require if that is more convenient.’

On 16 January 2023 the ICO replied to the request of 5 January 2023. Despite stating that the information was technically exempt under section 21, it provided links to specific sections of publicly available guidance on the ‘policies and procedures’ section of the ICO website.

The FOI request made on 9 January was an addition to that request, adding job descriptions and person specifications for ICO roles. The appellant also clarified that he wanted the ‘full content’ of the internal guidance that he had requested. The job descriptions and person specifications were provided in the response on 26 January 2023.

There is no evidence that responding to any of these three previous requests was particularly burdensome.

Having reviewed the information on the website, the appellant wrote the letter which is the subject of this appeal on 18 January 2023. We accept that the request of 18 January was properly treated as a separate request for information. It requests additional specific documents that were not requested in the earlier requests.

In the request of 18 January the appellant raises a number of queries about the information to which links had been provided.

First, the appellant notes that the version of the ICO Operations Service Guide online was last updated in 2016 and asks for the revised version. Whether or not there is a revised version, responding to this part of the request would not be burdensome.

Second, the appellant asks for copies of the following named policies/guidance referred to in those online documents:

Although there are 10 documents, most of them are hyperlinked from the ICO Operations Service Guide and the appellant identifies the specific page on which they are referred to. We presume that the ICO’s internal policies would be reasonably straightforward to locate. The ICO does not suggest in its response to the request that locating them would be difficult or would take a long time.

Third the appellant asks for any relevant documents that address this scenario:

Although the ICO treated the request as vexatious, in effect the ICO responded to this part of the request as follows:

We accept that the appellant has included assertions and questions in the letter of 18 January 2023 which are not requests for information, and this makes a request more difficult to deal with.

Overall, the evidence before us does not suggest that responding to the request of 18 January would be particularly burdensome, nor, on the evidence before us, would responding to the three previous FOI/SAR requests. It is possible that there may be more burden than is apparent to us, but we must make our decisions on the basis of the evidence before us.

We accept that the four requests all relate to the way in which the ICO handles certain complaint matters, and to that extent they are overlapping. Looked at in context, we would not class them as ‘repeated and overlapping requests’. Having regard to the terms of the requests and the responses, we accept that, taken together, the four requests for information referred to in the Decision Notice culminating with the current request place some burden on the ICO. However taking into account the number, breadth, pattern, and duration of those requests, we find that this was not a very heavy burden.

The appellant is not consistently submitting multiple FOIA requests or associated correspondence within days of each other or relentlessly bombarding the ICO with email traffic.

We accept that, at the time, there was some additional burden on the ICO from dealing with the letter from the appellant in September 2022 and with the case review and the challenge to that review. There was also some potential future burden from the related section 166 application to the First-tier Tribunal and the pre-action judicial review letter. At the relevant time this had yet to place any significant burden on the ICO.

We conclude that there was some burden on the ICO in dealing with this request, looked at in the light of the context and prior course of dealings. This would cause some disruption to the ICO.

Further, we accept that dealing with the request was causing the ICO some not unjustified irritation, taken in the light of the whole course of dealings.

Overall we find that the request, taken in context, would have caused some disruption and irritation, but that this was reasonably limited at the relevant time.

Having considered all the evidence in the bundle, we find that the appellant’s motive was to obtain information that he hoped would support his claims that the ICO had not handled his complaint about Trowers properly and his assertion that the outcome of that complaint was wrong given the outcome to his complaint about ARC Legal services.

We accept that he was hoping that the information would shed some light on how the perceived inconsistency might have arisen between the outcome of his complaint in 2020 and the outcome of his complaint in 2022. It is not for us to determine whether there was an inconsistency, but it was certainly not unreasonable for a lay person to perceive an inconsistency and to take at least some steps to try to understand how that came about.

It is not an inappropriate use of FOIA to ask for further information arising out of information disclosed in response to an initial request. The ICO’s internal case handling guidelines are contained in a large number of documents and policies. This would not be apparent to a member of the public unless they read the ICO Operations Service Guide. Having been provided with a link to that guide it is not an inappropriate use of FOIA to request those other documents.

We do not infer from the pattern of correspondence that the appellant’s aim, in early 2023, was to keep the ICO engaged in perpetual dialogue with no intention of reaching a reasonable and satisfactory conclusion.

We do not accept that the appellant had any vengeful motive in making the request in issue.

We accept that sometimes the appellant questions the competence of ICO staff and the adequacy of their training. We accept that sometimes the appellant expresses himself in ways that might be classed as impolite, for example in his email of 18 November 2022 he states ‘you have, with all due respect, adopted a nonsensical position and your final paragraph is unintelligible’. The tribunal notes that the ICO has claimed ‘irritation’ rather than asserting that there is any harassment or distress. We do not accept that, at the relevant time, the appellant had said or done anything that could reasonably be classed as harassment or could reasonably have caused distress.

We accept that the purpose and value of the request is primarily personal to the appellant. We accept that he had a legitimate purpose, but it is of limited value to anyone other than the appellant. The appellant is interested in supporting his claims that the ICO handled his complaint about Trowers badly and that the outcome of that complaint was wrong. He is interested in illuminating the internal processes which enabled the ICO, in his view, to reach inconsistent decisions.

To the extent that the documents are required for legal proceedings, they can be obtained through those proceedings, although we accept that this is a legitimate purpose.

We accept that the publicly available documents already provide a lot of information about the ICO’s processes. This reduces the value of the request.

However, the ICO Operations Service Guide makes clear that employees are also guided by other documents and policies, many of which appear to be hyperlinked (presumably when accessed internally). Appendix 2 of the document is a list of ‘related polices, procedures and resources’ and states that all staff should ‘take time to familiarise themselves’ with those additional documents. (Footnote: ¹)

We find that the other policies and procedures used by staff and requested by the appellant would be likely to assist the appellant to some extent in gaining a detailed understanding of how the ICO handles complaints. We have not seen those policies but we accept that they may not assist the appellant in relation to his specific concerns.

We do accept that there is value to the public in understanding the way in which the ICO handles complaints, and there is a general value in transparency in this area. Given that the ICO Operations Service Guide is already publicly available, the requested information is of fairly limited value to the public. However, as the published guidance refers extensively to unpublished documents/policies etc., we accept that publishing those documents would add, albeit to a fairly limited extent, to general transparency and to public understanding of the ICO’s operations.

Vexatiousness is a high hurdle consistent with the constitutional nature of the right. This is not a case where there is no reasonable foundation for thinking that the information sought would be of value to the requester or to the public or any section of the public. We note that annoying or irritating requests are not necessarily vexatious given that one of the main purposes of FOIA is to provide citizens with a qualified right of access to official documentation and thereby a means of holding public authorities to account.

We have accepted that the request, looked at in context, would have caused some disruption and irritation, but this was reasonably limited at the relevant time. The test under section 14 is not simply a balancing exercise of burden/irritation weighed against purpose and value. The tribunal takes a holistic approach and the request must reach the high hurdle of vexatiousness. Looked at as a whole, our conclusion is that this burden on the ICO was not, at the relevant time, disproportionate to the purpose or value of the requests.

We have taken a holistic and broad approach and have looked at the requests in the light of the past course of dealings between the appellant and the ICO. We have considered the burden on the ICO and the value and purpose of this request. We have looked at the appellant’s motive and any distress that is likely to be caused by the request. Looking at all these factors we find that the request was not vexatious in the sense of being a manifestly unjustified, inappropriate, or improper use of FOIA.

We conclude accordingly that the exemption in section 14 does not apply and the appeal is allowed.

In this appeal we are considering whether a request made in early 2023 was vexatious. It is clear from our findings of fact on the chronology of events that since the relevant date the appellant has continued to pursue his concerns via multiple avenues. This is placing an increasingly heavy and disproportionate burden on the ICO’s limited resources. Further we note that the terms in which the appellant describes the conduct of the ICO have become less temperate in recent correspondence and in this litigation.

If we were looking at the position today, we would have concluded that, when considered in the context of the full course of conduct, the appellant has, gradually, strayed some distance from his original purpose and that he has entered the territory of ‘vexatiousness by drift’. In our view, this course of dealing is now exhibiting the clear lack of proportionality that typically characterises vexatious requests.

We do not think that this had happened by the time of the current request, and each new request has to be determined on its merits, but we highlight to the appellant that in our view his behaviour since the request exhibits a number of the hallmarks of vexatiousness and we may well have reached a different conclusion if the request had been made today.