Key Facts
- •Christopher McKeon requested staff hiring and leaving data from the Independent Parliamentary Standards Authority (IPSA) for all MPs in the current Parliament.
- •IPSA provided anonymized data but refused to release unredacted information citing FOIA exemptions under sections 40(2) and 40(3A)(a) relating to third-party personal data.
- •The Information Commissioner (IC) upheld IPSA's decision.
- •McKeon appealed to the First-Tier Tribunal (General Regulatory Chamber).
- •The Tribunal considered the risk of re-identification of individual staff members despite anonymization.
- •The Tribunal considered the 'motivated intruder' concept and the potential for indirect identification through cross-referencing publicly available information.
Legal Principles
Freedom of Information Act 2000 (FOIA) Section 1(1): General right of access to information from public authorities.
FOIA
FOIA Section 40: Exemption for personal information.
FOIA
Data Protection Act 2018 and UK GDPR: Data protection principles, including fairness and transparency in disclosure of personal data.
GDPR and DPA 2018
'Motivated Intruder' test for assessing the likelihood of indirect identification of data subjects.
Information Commissioner v Magherafelt District Council [2012] UKUT 263; Miller v Information Commissioner [2018] UKUT 229
Balancing legitimate public interest in disclosure against the data protection rights of individuals.
Various case law
FOIA Section 38(1): Exemption for information that would endanger the health or safety of an individual.
FOIA
Outcomes
Appeal dismissed.
The Tribunal found that the risk of re-identification of individual staff members was sufficiently high to outweigh the public interest in disclosure. The 'motivated intruder' test was considered, and the Tribunal concluded that disclosure would be unfair, disproportionate, and potentially harmful to the data subjects.