The ICO exists to empower you through information.

About this detailed guidance

This guidance explains the principle that you should generally consider a request for information under the Freedom Information Act 2000 (FOIA) or the Environmental Information Regulations 2004 (EIR) without reference to the requester’s identity or motives. Read it if you have questions not answered in the Guide to FOIA or Guide to the EIR, or if you need further guidance about how to consider a requester’s identity or motives.

In detail

Overview

 In most cases, you should consider FOI and EIR requests without reference to the requester’s identity or motives. You should focus on whether the information is suitable for disclosure into the public domain, rather than the effects of providing the information to the individual requester. Anyone can make a request for information, regardless of who they are or where they live. The requester need not explain why they want the information or justify their request.

You may, however, consider the requester’s identity and motives in some limited circumstances, namely when:

  • you have reason to believe the requester hasn’t given their real name;
  • deciding whether the cost of two or more requests can be totalled under section 12 of FOIA;
  • the requested information contains the requester’s own personal data;
  • assessing whether the information is reasonably accessible to the requester by other means;
  • assessing whether the request is a repeated request; or
  • you are considering refusing a request as vexatious or manifestly unreasonable.

If the request is ambiguous or unclear and knowing the purpose behind it would help you identify and locate the requested information, then you can ask the requester why they want the information. You should remember, however, that requesters do not have to reveal the reason behind their request if they don’t want to.

If you intend to apply a prejudice or adverse effect based exemption or exception, and you are concerned about how the requester will use the information, then you should apply the prejudice or adverse effect test in the normal way. This means you should consider whether releasing the information into the public domain would or would be likely to prejudice the interests protected by the exemption or exception. 

The key question you must ask yourself when deciding how to respond to a request is whether the information is suitable for disclosure to anyone and everyone.

Example

This principle was endorsed by the Information Tribunal in S v Information Commissioner and the General Register Office (EA2006/0030, 9 May 2007) when it stated:

‘We wish to emphasise at this point that the Freedom of Information Act is applicant and motive blind. A disclosure under FOIA, is a disclosure to the public [ie the world at large]. In dealing with a Freedom of Information request there is no provision for the public authority to look at from whom the application has come, the merits of the application or the purpose for which it is to be used.’ (Para 80) 

In most cases, no matter who the requester is, whether a journalist, researcher, MP, business or a member of the public, they should receive the same response, in terms of substantive outcome, as anyone else making an identical request. So for example, a school teacher who asks for ‘documents relating to alleged financial irregularities at your organisation’ should receive identical material to an MP who requests the exact same information. However, as with many general principles, there are exceptions to the rule. In some situations, it will be appropriate to take the identity or motive of the applicant into consideration. These are covered in more detail below.

In what circumstances can we consider the requester’s identity?

Deciding whether the request is valid (FOIA only)

Section 8(1)(b) of FOIA requires that a request for information must include the requester’s real name.

If the requester:

  • fails to provide a name;
  • can’t be identified from the name provided (for example because they have only used their first name or initials); or
  • is using an obvious pseudonym,

then their request won’t meet the requirements of section 8(1)(b) and will technically be invalid.

You can enquire about the requester’s identity if you have reason to believe they haven’t given their real name. Before doing this, however, the ICO recommends that you refer to our guidance Recognising a request made under the Freedom of Information Act (section 8).

There is no equivalent to section 8 in the EIR. This means that a request made under the EIR will be valid regardless of whether the requester provides their real name.

Aggregation of costs under section 12 (FOIA only)

Under section 12(1) of FOIA, you can refuse to comply with a request for information if the cost of compliance would exceed a set limit (the ‘appropriate limit’).

When calculating the costs, you can combine the costs of any related requests received within a period of 60 consecutive days from;

  • the same person; or
  • people who appear to be acting in concert or in pursuit of a campaign.

Therefore, in some cases the requester’s identity will be relevant in deciding whether the appropriate limit has been exceeded.

You can get more detailed information on aggregating the cost of requests in our guidance Requests where the cost of compliance with a request exceeds the appropriate limit.

Information comprising the requester’s own personal data (FOIA and EIR)

If the information caught by a freedom of information request contains the requester’s personal data, then that information will be exempt under section 40(1), and you should deal with it as a ‘subject access request’ (SAR) under the data protection legislation (UK GDPR and DPA 2018).

Regulation 5(3) of the EIR states that the right to make information available on request doesn’t apply to the requester’s own personal data. If the information caught by a request for environmental information contains the requester’s own personal data, then it should also be dealt with as a SAR under the data protection legislation.

In deciding whether these provisions apply, you will need to consider the requester’s identity. The section 40(1) exemption and regulation 5(3) are covered in more detail in our guidance Personal information (Section 40 and Regulation 13).

For more about SARs, please see our guidance on the right of access.

Information accessible by other means (FOIA and EIR)

Section 21 of FOIA provides an exemption for information that is reasonably accessible to the requester by other means.

You may need to consider the requester’s identity when deciding if section 21 applies. This is because in some cases, the question of accessibility will depend on the requester’s individual circumstances. Indeed, information that is reasonably accessible to one person won’t necessarily be accessible to another. 

You can find more details on section 21 in our guidance Information reasonably accessible to the applicant by other means.

Under regulation 6 of the EIR, the requester has the right to ask that information is made available to them in a particular form or format when they make their initial request.

However, if the information is already publicly available and easily accessible to the applicant in another form or format, you need not give them the information in the way they have specified.

As with section 21 of FOIA, the requester’s circumstances will sometimes be relevant in deciding whether the information is easily accessible to them.

The issue of accessibility to the applicant is covered in more detail in our guidance Form and format of information (regulation 6).

Repeated requests (FOIA)

Section 14(2) of FOIA says you can refuse a request that is identical, or substantially similar, to a previous request from the same individual.

You will therefore need to be clear about the requester’s identity in order to decide whether section 14(2) is engaged.

There’s more about how section 14(2) applies in our guidance Dealing with repeat requests.

In what circumstances can we consider the requester’s identity and motives?

Vexatious/manifestly unreasonable requests

You may consider the requester’s identity and motivation for making a request when deciding whether a request is vexatious (or manifestly unreasonable if the request falls under the EIR). The requester’s identity and motives may be relevant when considering the context in which the request is made, the burden it might impose, and the value of the request.

Example

The Upper Tribunal considered the relevance of the requester’s motives in the case of Information Commissioner vs Devon County Council & Dransfield [2012] UKUT 440 (AAC), (28 January 2013) when it stated:

‘…the motive of the requester may well be a relevant and indeed significant factor in assessing whether the request itself is vexatious…the proper application of section 14 cannot side-step the question of the underlying rationale or justification for the request…’ (Para 34)

For more detail on how to decide whether a request is vexatious or manifestly unreasonable, please see our guidance Dealing with vexatious requests and Regulation 12(4)(b): Manifestly unreasonable requests.

Can we enquire about the reasons behind a request if it helps us identify what information is required?

Under FOIA or the EIR, a requester need not explain why they want the information or justify their request.

However, it is acceptable for you to enquire about their motives if the request is ambiguous or unclear and knowing the reason for it would help you identify what they want. 

If this is so, you should make clear that you want the information solely for clarification and no other reason. Do not give the requester the impression that you are more or less likely to withhold the information if they do (or do not) explain the reasons for their request. You cannot insist they reveal the motive for it.

Further advice on interpreting requests is available from our guidance Interpreting and clarifying requests.

What happens when we apply exemptions/exceptions with a prejudice, adverse effect or other harm based test?

The general principle is that disclosure is to the world at large. So, when you are considering an exemption with an associated prejudice test, that test should focus on the consequences of disclosing the information to the wider public.

This means that the key question you must consider is whether there is a real and significant chance that a member of the wider public will use the information in a way that would prejudice the interests protected by the exemption.

The test is therefore not so much about the requester’s identity and motivation, but rather the purposes for which the information is likely to be used if released into the public domain. 

This same approach will also hold true if the request falls under the EIR and you intend to apply one of the ‘adverse effect’ exceptions in regulation 12(5). These exceptions are subject to an adverse-effect test similar to FOIA prejudice test.  

However, if you have reason to believe that the requester, as a member of that wider public, would use the information in a way that would prejudice the interests protected by the exemption, then you may consider this when assessing the likelihood that prejudice or adverse effect will occur.

The following Information Tribunal ruling concerning section 38 of FOIA (the exemption for information likely to endanger the physical or mental health of any individual) provides an example of a situation where the requester’s identity and motives were regarded as relevant factors.

Here, the judge concluded there was a risk that the requester, as a member of the wider public, would use the information in a way that would prejudice other people’s health and safety.

Example

In Hepple v ICO and Durham County Council (EA/2013/0168, 26 February 2014) the requester had asked for copy of an investigation report into a pupil referral unit. The Council refused, relying on several exemptions including section 38.

The Council drew the Information Tribunal’s attention to three text messages the requester had sent to one of the individuals involved in handling the report. Those texts (sent a year after the request) had led the Police to issue the requester with a formal notice under the Protection from Harassment Act. The Tribunal was satisfied that the texts evidenced a state of mind likely to have existed at the time of the request.

It stated:

‘…it is frequently said that an information request should be considered without reference to the motive of the person making the request. That certainly ensures that focus is maintained on the fact that disclosure to a single requester is, effectively, disclosure to the world. But assessing an information request on this “motive blind” basis ought not to prevent us from considering the potential risk to safety posed by the requester him/herself.

‘In this case we drew the clear impression that the texts had been transmitted with the purpose of menacing those whose addresses the Appellant had acquired. We are satisfied that they disclose an attitude of mind that justifies our concluding that disclosure would have created a risk to the safety of those mentioned in the text messages…’ (Paras 36 and 37)

Even though section 38 refers to endangering rather than prejudicing health and safety, it contains a harm based test so the same principles as covered in the prejudice test apply.

Similarly, section 40(2) of FOIA and regulation 13 of the EIR (the provisions for third party personal data) don’t contain an explicit prejudice test. But considering whether disclosure of third party personal data would breach the data protection principles may involve some consideration of harm or detriment to the data subject. The same principle will therefore apply and the test will be whether putting the third party personal data into the public domain will breach the data protection principles.

For more about how to carry out a prejudice based test, please see our guidance The Prejudice Test.

There’s more about how to apply the adverse effect exceptions in our guidance How exceptions and the public interest test work in the Environmental Information Regulations.

For more about the provisions for third-party personal data, please see our guidance Personal information (section 40 and regulation 13).