ArticlePDF Available

The Right to Information and Privacy: Balancing Rights and Managing Conflicts

Authors:
  • ARTICLE 19

Abstract and Figures

The right to privacy and the right to information are both essential human rights in the modern information society. For the most part, these two rights complement each other in holding governments accountable to individuals. But there is a potential conflict between these rights when there is a demand for access to personal information held by government bodies. Where the two rights overlap, states need to develop mechanisms for identifying core issues to limit conflicts and for balancing the rights.This paper examines legislative and structural means to better define and balance the rights to privacy and information.
Content may be subject to copyright.
Access to Information
Program The Right to Information
and Privacy: Balancing Rights
and Managing Conflicts
David Banisar
Canadian International
Development Agency
Agence canadienne
developpment international
The World Bank
World Bank
Institute
GOVERNANCE WORKING PAPER SERIES
WORKING PAPER
The Right to Information
and Privacy: Balancing
Rights and Managing
Conflicts
David Banisar*
*David Banisar is senior legal counsel for Article 19, the Global Campaign for Free Expression, in London, UK. He is
also a nonresident fellow at the Center for Internet and Society at Stanford Law School, Stanford, CA. Previously, he
was the director of the Freedom of Information Project of Privacy International in London; a research fellow at the
Kennedy School of Government at Harvard University, Cambridge, MA; and a cofounder and policy director of the
Electronic Privacy Information Center in Washington, DC. He has served as an adviser and consultant to numerous or-
ganizations, including the Council of Europe, the Organisation for Economic Co-operation and Development, and the
United Nations Development Programme.
© 2011 The International Bank for Reconstruction and Development / The World Bank
1818 H Street NW
Washington DC 20433
Telephone: 202-473-1000
Internet: www.worldbank.org
E-mail: feedback@worldbank.org
All rights reserved
The findings, interpretations, and conclusions expressed in this volume do not necessarily re-
flect the views of the Canadian International Development Agency (CIDA), the government
of Canada, executive directors of the World Bank, or the governments those directors repre-
sent. The World Bank does not guarantee the accuracy of the data included in this work.
This report has been commissioned by the Access to Information (ATI) Program at the World
Bank Institute (WBI) and supported financially by the CIDA-WBI Governance Program.
The WBI Access to Information Program seeks to connect key ATI stakeholders to
jointly identify, prioritize, and implement actions for effective ATI adoption and implemen-
tation. The program aims to improve in-country capacity for the formulation, implementa-
tion, use, and enforcement of ATI legislation through regional knowledge exchange and net-
working, and by fostering the capacity of multistakeholder coalitions to undertake effective
ATI reforms.
iii
Contents
Acknowledgments.......................................................................................v
Acronyms and Abbreviations......................................................................vii
Executive Summary ....................................................................................1
1. Introduction ..........................................................................................3
2. Rights Defined.......................................................................................5
2.1 The Right to Information...................................................................................5
2.2 The Right to Privacy ..........................................................................................6
3. Complements and Conflicts in RTI and Privacy Laws ...............................9
3.1 Complementary Roles of RTI and Privacy .........................................................9
3.2 Conflicts between RTI and Privacy Interests .....................................................12
3.3 Balancing the Rights of Access and Privacy .......................................................16
4. Legislation ...........................................................................................17
4.1 Model 1—A Single RTI and Privacy Law .........................................................17
4.2 Model 2—Separate RTI and Privacy Laws: Managing Conflicts.........................18
5. Oversight.............................................................................................23
5.1 Two Bodies—Separate RTI and Privacy Commissions.......................................23
5.2 One Body—A Single RTI and Privacy Commission .........................................24
6. Case Studies.........................................................................................27
6.1 Ireland...............................................................................................................27
6.2 Mexico .............................................................................................................28
6.3 Slovenia.............................................................................................................29
6.4 United Kingdom...............................................................................................30
7. Conclusion ..........................................................................................33
Endnotes ..................................................................................................35
References ................................................................................................39
Boxes
3.1 Using Publicly Available Personal Information to Fight Fraud ............................14
4.1 Elements to Determine Fairness ........................................................................20
Figure
3.1 Complement and Conflict of Privacy and the Right to Information....................9
Contents
iv
I would like to thank Heather Brooke, Bojan
Bugaric, Elizabeth Dolan, Maurice Frankel,
Juan Pablo Guerrero Amparán, Katherine
Gunderson, Gus Hosein, Jose Luis Marzal,
Natasa Pirc Musar, Maeve McDonagh, Lina
Ornelas Nuñez, Graham Smith, and Nigel
Waters for providing information and advice;
and peer reviewers Alvaro Herrero, Maria
Marván Laborde, and Andrea Ruiz for their
comments. I would also like to thank my
colleagues at Article 19; and the World Bank
Institute’s Marcos Mendiburu, Aranzazu
Guillan-Montero, and Luis Esquivel for their
assistance.
v
Acknowledgments
vii
Acronyms
and Abbreviations
ACHPR African Commission on Human and People’s Rights
ACLU American Civil Liberties Union
APEC Asia-Pacific Economic Cooperation
ATIP access to information and privacy
CCPR United Nations Covenant on Civil and Political Rights
CSA Canadian Standards Association International
DCMS Department for Culture, Media, and Sport
DPA Data Protection Act
EC European Commission
ECHR European Convention for the Protection of Human Rights and
Fundamental Freedoms
ECOWAS Economic Community of West African States
EFF Electronic Frontier Foundation
EHRR European Human Rights Report
EO European Ombudsman
EPIC Electronic Privacy Information Center
ETS European Treaty Series
EU European Union
EUECJ Court of Justice for the European Communities
EWHC High Court of England and Wales
FOI freedom of information
FOIA Freedom of Information Act
IACHR Inter-American Commission on Human Rights
ICO Information Commissioner’s Office
IFAI Instituto Federal de Acceso a la Información y Protección de Datos
MP member of parliament
NJSBA New Jersey State Bar Association
NZLC New Zealand Law Commission
OAS Organization of American States
ODNI Office of the Director of National Intelligence
OECD Organisation for Economic Co-operation and Development
OSCE Organization for Security and Co-operation in Europe
PI Privacy International
RCMP Royal Canadian Mounted Police
RTI right to information
UDHR Universal Declaration of Human Rights
UKHL United Kingdom House of Lords
UN United Nations
UNHRC United Nations Human Rights Council
USC United States Code
USDA United States Department of Agriculture
Acronyms and Abbreviations
viii
The right to privacy and the right to infor-
mation are both essential human rights in the
modern information society. For the most
part, these two rights complement each oth-
er in holding governments accountable to
individuals. But there is a potential conflict
between these rights when there is a demand
for access to personal information held by
government bodies. Where the two rights
overlap, states need to develop mechanisms
for identifying core issues to limit conflicts
and for balancing the rights. This paper ex-
amines legislative and structural means to
better define and balance the rights to priva-
cy and information.
Executive Summary
1
Introduction
1
3
In the words of Michel Gentot (n.d.) during
his term as president of the French National
Data Processing and Liberties Commission,
freedom of information and data protection
are “two forms of protection against the
Leviathan state that have the aim of restoring
the balance between the citizen and the state”
(p. 1).
On first inspection, it would appear that
the right of access to information and the
right to protection of personal privacy are ir-
reconcilable.1Right to information (RTI)
laws provide a fundamental right for any per-
son to access information held by govern-
ment bodies. At the same time, right to pri-
vacy laws grant individuals a fundamental
right to control the collection of, access to,
and use of personal information about them
that is held by governments and private bod-
ies. However, the reality is more complex.
Privacy and RTI are often described as “two
sides of the same coin”—mainly acting as
complementary rights that promote individ-
uals’ rights to protect themselves and to pro-
mote government accountability.
The relationship between privacy and
RTI laws is currently the subject of consid-
erable debate around the globe as countries
are increasingly adopting these types of leg-
islation.To date, more than 50 countries have
adopted both laws.
Privacy is increasingly being challenged
by new technologies and practices. The tech-
nologies facilitate the growing collection and
sharing of personal information. Sensitive
personal data (including biometrics and
DNA makeup) are now collected and used
routinely. Public records are being disclosed
over the Internet. In response to this set of
circumstances, more than 60 countries have
adopted comprehensive laws that give indi-
viduals some control over the collection and
use of these data by public and private bod-
ies. Several major international conventions
have long been in place in Europe, and new
ones are emerging in Africa and Asia.
At the same time, the public’s right to in-
formation is becoming widely accepted. RTI
laws are now common around the world,
with legislation adopted in almost 90 coun-
tries. Access to information is being facilitated
through new information and communica-
tions technologies, and Web sites containing
searchable government records are becoming
even more widely available. International
bodies are developing conventions, and rele-
vant decisions are being issued by interna-
tional courts.
4The Right to Information and Privacy: Balancing Rights and Managing Conflicts
Availability, legislation, and judicial deci-
sions have led to many debates about rules
governing access to personal information
that is held by public bodies. As equal human
rights, neither privacy nor access takes prece-
dence over the other. Thus it is necessary to
consider how to adopt and implement the
two rights and the laws that govern them in
a manner that respects both rights. There is
no easy way to do this, and both rights must
be considered in a manner that is equal and
balanced.
This paper will examine the two rights
and the conflicts that arise, and will describe
institutional models to ensure the exercise of
both rights. It will present short case studies
from four countries (Ireland, Mexico, Slove-
nia, and the United Kingdom) that have
adopted different models for addressing the
conflicts, describing how those models work.
5
2
Rights Defined
2.1 The Right to
Information
The right of access to information held by
government bodies (RTI) provides that indi-
viduals have a basic human right to demand
information held by government bodies. It
derives from the right of freedom of expres-
sion to “seek and receive information,”2and
is recognized worldwide as a human right.3
Under this right, any person may make a re-
quest to a public body; the body is legally re-
quired to respond and provide the informa-
tion, unless there is a legally compelling
reason to refuse the request.
The RTI is “a requisite for the very exer-
cise of democracy” (OAS 2003).4Democra-
cy is based on the consent of the citizens, and
that consent turns on the government in-
forming citizens about its activities and rec-
ognizing their right to participate. The col-
lection of information by governments is
done on behalf of its citizens, and the public
is only truly able to participate in the demo-
cratic process when it has information about
the activities and policies of the government.5
The RTI is also an important tool for
countering abuses, mismanagement, and cor-
ruption and for enforcing essential economic
and social rights. Civic activists in Rajasthan,
India, have used it to ensure that the poor get
the food they are entitled to receive from
corrupt food distributors (Calland and Tilley
2002), and an angry mother in Thailand used
it in her efforts to learn why her daughter
was not allowed into a top-quality school
(Coronel 2001). It also is commonly used by
environment-focused nongovernmental or-
ganizations to reveal pollution dangers in
communities.
The right is typically recognized at the
national level through constitutional provi-
sions and national laws. Some of this legisla-
tion has existed for more than 200 years. Sec-
tion 6 of the Swedish Freedom of the Press
Act (adopted in 1766) set the principle that
government records were open to the public
by default and granted citizens the right to
demand documents from government bod-
ies. The 1789 French Declaration of the
Rights of Man called for information about
the budget to be made freely available: “All
the citizens have a right to decide, either per-
sonally or by their representatives, as to the
necessity of the public contribution; to grant
this freely; to know to what uses it is put.”
Most nations have adopted laws in the past
20 years.
Today, nearly 90 countries around the
world have adopted a national law or regula-
tion that sets out specific rights and duties for
6The Right to Information and Privacy: Balancing Rights and Managing Conflicts
facilitating access to information (see Banisar
[2006]).6The following elements are typical-
ly found in national RTI laws:
A right of an individual, organization, or
legal entity to demand information from
public bodies, without having to show a
legal interest in that information.
A duty of the relevant body to respond
and provide the information. This includes
mechanisms for handling requests and
time limits for responding to requests.
Exemptions to allow the withholding of
certain categories of information. These
exemptions include the protection of na-
tional security and international relations,
personal privacy, commercial confiden-
tiality, law enforcement and public order,
information received in confidence, and
internal discussions. Exemptions typically
require that some harm to the interest
must be shown before the material can be
withheld.
Internal appeals mechanisms for request -
ors to challenge the withholding of infor-
mation.
Mechanisms for external review of the
withholding of information.This includes
setting up an external body or referring
cases to an existing ombudsman or to the
court system.
Requirement for government bodies to
affirmatively publish some types of infor-
mation about their structures, rules, and
activities.This is often done using infor-
mation and communications technologies.
2.2 The Right to Privacy
Privacy is a broad concept relating to the
protection of individual autonomy and the
relationship between an individual and soci-
ety (including governments, companies, and
other individuals). Privacy is considered es-
sential in protecting an individual’s ability to
develop ideas and personal relationships. Al-
though it is often summarized as “the right
to be left alone,” it encompasses a wide range
of rights—including protection from intru-
sions into family and home life, control of
sexual and reproductive rights, and commu-
nications secrecy.7It is commonly recog-
nized as a core right that underpins human
dignity and such other values as freedom of
association and freedom of speech.8
The definitions of privacy and what is sen-
sitive personal information vary among coun-
tries and individuals on the basis of past expe-
riences and cultural understandings. Some
cultures focus on community rights over in-
dividual rights; others, such as countries in
Europe, are sensitive to privacy rights because
of abuses going back to World War II. In mat-
ters relating to modern information and com-
munications technologies, there is more agree-
ment about the importance of privacy and the
control of information (this will be covered in
more detail later in this report).9
The legal right to privacy is recognized in
nearly every national constitution and in most
international human rights treaties, including
the Universal Declaration of Human Rights,10
the International Covenant on Civil and Po-
litical Rights,11 the European Convention on
Human Rights,12 the American Declaration
of the Rights and Duties of Man,13 and the
American Convention on Human Rights.14
International bodies, including the European
Court of Human Rights and the United Na-
tions (UN) Human Rights Committee, also
have ruled on the right to privacy.15
In the information age, the right to priva-
cy has evolved to address issues relating to
the collection, use, and dissemination of per-
sonal data in information systems. New tech-
Rights Defined 7
nologies have driven the collection of per-
sonal information by governments and pri-
vate bodies into databases of unprecedented
breadth and depth. Governments and private
organizations that collect information related
to government services and obligations (in-
cluding tax, medical, employment, criminal,
and citizenship records) and identification
technologies (including identity card sys-
tems, fingerprints, and DNA mapping) have
quickly evolved and expanded. New com-
munications technologies create and collect
substantial records about individuals in the
process of providing communications. Serv-
ices run by governments and private opera-
tors collect information about individuals,
including emails, records of persons commu-
nicated with, lists of Web sites visited, and
mobile locations. And, of course, people
share information through social networking
sites. All of these have led to concerns about
abuses, including misuse of information for
unlawful purposes and identity theft.
Since the 1960s, principles governing the
collection and handling of this information
(known as “fair information practices”) have
been developed and adopted by national gov -
ernments and international bodies (OECD
[1980]; also see U.S. Department of Health,
Education and Welfare [1973]; and CSA
[1996]). The principles generally are these:
Collection limitation principle—There
should be limits to the collection of per-
sonal data; and all such data should be ob-
tained by lawful and fair means and, where
appropriate, with the knowledge or con-
sent of the data subject.
Data quality principle—Personal data
should be relevant to the purposes for
which they are to be used; and, to the ex-
tent necessary for those purposes, should be
accurate, complete, and kept up-to-date.
Purpose specification principleThe
purposes for which personal data are col-
lected should be specified no later than at
the time of data collection; and the subse-
quent use should be limited to fulfilling
those purposes, or fulfilling such other
purposes as are compatible with the stated
purposes and specified on each occasion
where a change of purpose occurs.
Use limitation principle—Personal data
should not be disclosed, made available, or
otherwise used for purposes other than
those specified above, except under the
following conditions: with the consent of
the data subject, or by the authority of law.
Security safeguards principle—Rea -
son able security safeguards should be used
to protect personal data against such risks
as loss or unauthorized access, destruction,
use, modification, or disclosure.
Openness principle—There should be
a general policy of openness about devel-
opments, practices, and policies relating to
personal data. Means of establishing the
existence and nature of personal data and
the main purposes of their use should be
readily available, as should the identity
and usual residence of the data controller.
Individual participation principle—
An individual should have the right
a. to obtain from a data controller (or
otherwise) a confirmation that the data
controller either does or does not have
data relating to the individual;
b. to obtain such data within a reason-
able time
° at a charge (if any) that is not ex-
cessive,
° in a reasonable manner, and
° in a form that is readily intelligible
to the receiving individual;
c. to be given reasons if a request made
under subparagraphs (a) and (b) is de-
nied, and to be able to challenge such
denial; and
d. to challenge relevant data and, if the
challenge is successful, have the data rec-
tified, completed, amended, or erased.
Accountability principle—A data con-
troller should be accountable for comply-
ing with measures that give effect to the
principles stated above.
These principles have been incorporated
into important international treaties on data
protection by the Council of Europe (1981)
and the European Union (EC 1995); they
have also been adopted by the UN General
Assembly (1990) and the Commonwealth
Secretariat (2002). Similar principles are un-
der consideration by the Asia-Pacific Eco-
nomic Cooperation (APEC) forum16 and
the Economic Community of West African
States (ECOWAS 2008).17
Of those international instruments, the
European Union (EU) Data Protection Di-
rective is now the most influential, having
been adopted by the 27 EU member-states
(plus three European Economic Area coun-
tries) and by numerous other countries in
Africa, Europe, and Latin America that trade
with the EU.The directive takes a broad ap-
proach to personal information. Personal data
are defined as “any information relating to an
identified or identifiable natural person (‘data
subject’); an identifiable person is one who
can be identified, directly or indirectly, in par-
ticular by reference to an identification num-
ber or to one or more factors specific to his
physical, physiological, mental, economic, cul-
tural or social identity” (Directive 95/46/EC,
sec. 2[a]).18Under a decision from the Euro-
pean Court of Human Rights, these data in-
clude information collected under public em -
ployment.19
National constitutions also have been
evolving to specifically recognize the control
of personal data as a right. Many recent con-
stitutions include specific rights to protect
the collection and use of personal data in in-
formation systems.20Many countries in Latin
America include a right of habeas data to
control and access personal data. The May
2010 Constitution of Kenya states, “Every
person has the right to privacy, which in-
cludes the right not to have . . . information
relating to their family or private affairs un-
necessarily required or revealed” (sec. 31).
What is more directly related to the subject
of this report is the fact that the governments
of more than 60 countries around the world
have adopted comprehensive data protection
acts based on the fair information practices that
apply to personal data held by the public and
private sectors (see EPIC/PI [2007]).21 A
num ber of other countries—including the
United States,22 Georgia,23 and Thailand24
have adopted legislation that protects only per-
sonal data held by government bodies. Malay -
sia recently adopted a law that protects person-
al data held by companies, but has not adopted
legislation protecting personal information
held by governments.25 In a significant number
of countries where no data protection law has
been adopted, there may be more general pro-
visions in the criminal and civil codes that re-
strict the use of personal information (see
EPIC/PI [2007]).
The Right to Information and Privacy: Balancing Rights and Managing Conflicts
8
Right to information (RTI) and privacy laws
can both complement and conflict with each
other, depending on the situation. As figure
3.1 shows, the two rights play different roles
in most cases, and only in a small number of
cases do they overlap and lead to potential
conflict.
3.1 Complementary
Roles of RTI and
Privacy
RTI and privacy often play complementary
roles. Both are focused on ensuring the ac-
countability of powerful institutions to indi-
viduals in the information age.The Council
of Europe stated in a 1986 recommendation
that the roles are “not mutually distinct but
form part of the overall information policy
in society” (Council of Europe 1986). The
U.K. data protection registrar noted, “Data
protection and freedom of information can
be seen as complementary rights, with the
potential to be mutually supportive in prac-
tice.”26 László Majtényi (2002), the first par-
liamentary commissioner for data protection
and freedom of information in Hungary, says
that the common purpose of the two rights
is “to continue maintaining the non-trans-
parency of citizens in a world that has under-
gone the information revolution while ren-
dering transparent the state.”
In many countries, the two rights are in-
tertwined constitutionally. Under the con-
cept of habeas data—a constitutional right
that permits individuals to demand access to
their own information and to control its
use—countries in Latin America have adopt-
ed both types of laws.27 Santiago Canton (the
first Organization of American States special
rapporteur for freedom of expression and the
executive secretary of the Inter-American
Commission on Human Rights) said, “The
action of habeas data, or the right to obtain
personal information contained in public or
private databases, has been very important in
Figure 3.1: Complement and Conflict of
Privacy and the Right to Information
Source: Author’s illustration.
Protecting
personal
data
Potential
conflict
Access to
government
information
Complements and
Conflicts in RTI and
Privacy Laws
3
9
10 The Right to Information and Privacy: Balancing Rights and Managing Conflicts
many countries in exacting accountability
for human rights abuses and helping coun-
tries scarred by human rights abuses recon-
cile and move forward, which can only be
accomplished by exposing the truth and
punishing the guilty.”28
In many cases, the two rights overlap in a
complementary manner. Both rights provide
an individual access to his or her own per-
sonal information from government bodies,
and privacy laws allow for access to personal
information held by private entities. They
also mutually enhance each other: privacy
laws are used to obtain policy information in
the absence of an RTI law, and RTI laws are
used to enhance privacy by revealing abuses.
Obtaining Personal Information
Held by Government Bodies
The most obvious commonality between the
two types of laws is the right of individuals to
obtain information about themselves that is
held by government bodies. This access is an
important safeguard to ensure that individuals
are being treated fairly by government bodies
and that the information kept is accurate.
When a country has both laws, the gen-
eral approach is to apply the data protection
act to individuals’ requests for personal infor-
mation; requests for information that con-
tains personal data about other parties are
handled under the right to information act.
In some jurisdictions, such as Bulgaria and
Ireland, applications by people for their own
personal information can be made under
both acts.29 In these cases, it is possible that
slightly different outcomes may result be-
cause of the differences in exemptions and
oversight bodies. Often, data protection laws
give greater rights for access to personal in-
formation because there is a stronger right of
access. In Ireland, the official policy guidance
notes, “one’s own personal information will
very often be released under FOI [freedom
of information], while under the Data Pro-
tection Act there is a presumption in favour
of access to one’s own personal data” (Gov-
ernment of Ireland 2006). In cases where
there is a request for information about the
individual and other persons, both acts will
be considered.
In some countries, the RTI act is the pri-
mary legislation used by individuals to access
their own personal information held by gov-
ernment departments. In Australia, all requests
under the Privacy Act are filtered through the
Freedom of Information Act (FOIA), result-
ing in more than 80 percent of all FOIA re-
quests being from people seeking their own
information (Law Reform Commission 2010).
In Ireland, where both laws allow for individ-
uals’ access, even with the presumption above,
the FOIA is still the act most people use: ap-
proximately 70 percent of all requests are
made by individuals for their own informa-
tion.30
In countries such as India and South
Africa, where there is no general privacy law
giving individuals a right of access to their
own records, the RTI laws are the only means
to access personal records. In India, RTI laws
are regularly used by advocates for the poor
to obtain records on distribution of food sub-
sidies to show that individuals’ names have
been forged and records have been falsified.31
Some RTI acts also provide for privacy
protections where there is no general privacy
law. In South Africa, section 88 of the Promo-
tion of Access to Information Act provides
that, in the absence of other legislation (cur-
rently under consideration), public and pri-
vate bodies must make reasonable efforts to
establish internal measures to correct personal
information held by the relevant bodies.32
Complements and Conflicts in RTI and Privacy Laws 11
Applying Privacy Laws to Obtain
Information from the Private Sector
Typically, RTI laws do not apply to the pri-
vate sector, except where the body is con-
ducting government functions (such as where
a contractor is operating a hospital). Only a
few countries, including South Africa, have
adopted RTI laws that extend the right of ac-
cess to nongovernment bodies for their non-
government functions.33
Data protection laws provide an impor-
tant complement to RTI provisions by ex-
tending individuals’ right of access to private
bodies. As noted above, more than 60 coun-
tries have adopted comprehensive data pro-
tection laws that apply to private organiza-
tions as well as to government bodies. These
laws give individuals the right to obtain per-
sonal information from private bodies. The
use of the laws may reveal abuses by corpo-
rations or other private organizations, such as
malfeasance by banks, information and com-
munication technology companies, and pre-
vious employers.34
Using Privacy Laws to Obtain
Policy Information
In the absence of an RTI law, privacy and
data protection acts can be used to reveal im-
portant policy information. As mentioned at
the beginning of this section, habeas data has
been used to demand accountability and in-
formation. In a similar manner, Article 8 of
the European Convention on Human Rights
has been used often to obtain personal infor-
mation, and the article has granted the disclo-
sure of nonpersonal information in some cas-
es. In 1998, using Article 8 as a basis, the
European Court of Human Rights ruled that
in cases where a lack of information could
endanger their health, individuals may de-
mand information from government bodies:
The Court reiterates that severe environ-
mental pollution may affect individuals’
well-being and prevent them from enjoying
their homes in such a way as to affect their
private and family life adversely. . . . In the
instant case the applicants waited, right up
until the production of fertilisers ceased in
1994, for essential information that would
have enabled them to assess the risks they
and their families might run if they contin-
ued to live at Manfredonia, a town partic-
ularly exposed to danger in the event of an
accident at the factory.35
Data protection laws can also be used to
obtain government information that sheds
light on policy. Prior to the United King-
dom’s adoption of its FOIA, the Data Pro-
tection Act was used by individuals to obtain
information from government bodies (see
Hencke [2001]; Hencke and Evans [2002,
2003]; BBC News [2001]). Even following
the implementation of the FOIA, reporters
have used the Data Protection Act to discov-
er that officials have been spying on their
phone records to discover their sources of in-
formation (Daily Mail 2006).
Using RTI to Promote Privacy
In many countries, RTI laws are a primary
tool used by privacy advocates to identify
abuses and to campaign effectively against
them. In the United States, groups such as the
American Civil Liberties Union, the Electron-
ic Privacy Information Center, and the Elec-
tronic Frontier Foundation routinely use the
U.S. FOIA and state laws to demand govern-
ment records on new and existing government
programs (communications surveillance, body
scanners, and spying on groups) and use the
records to campaign against those programs
and proposals.36 In the United Kingdom, the
12 The Right to Information and Privacy: Balancing Rights and Managing Conflicts
Taxpayers’ Alliance37and Genewatch oversee
the government, using the FOIA; and State-
watch uses the European Union’s (EU) access
regulations to oversee the EU bodies.
3.2 Conflicts between
RTI and Privacy
Interests
Inevitably, as figure 3.1 shows, there are over-
laps in RTI and privacy interests that can
lead to conflicts. Governments collect large
amounts of personal information, and some-
times there is a demand to access that infor-
mation for various reasons. The requestors
include journalists investigating stories, civil
society groups fighting for accountability, in-
dividuals demanding to know why a deci-
sion was made in a certain way, companies
seeking information for marketing purposes,
and historians and academics researching re-
cent and not-so-recent events.
Every national RTI law has an exemption
for personal privacy. As discussed in the fol-
lowing section, these laws vary greatly. As
noted earlier, many countries have adopted
separate privacy and data protection laws that
may interact with the RTI law in determin-
ing the release of information.
Given the often complex relationship be-
tween privacy and RTI laws, the conflict fre-
quently arises from misunderstandings about
what is intended to be protected. Officials
must deal with numerous issues: Should offi-
cials’ names and other details be considered
private? Is information in public registers
available for any use? Are court and criminal
records public? Clarity in law, policy, and
practice to limit these problems is essential.
These issues have taken on greater im-
portance as information increasingly is being
disclosed in database format and over Inter-
net sites. Questions about the relevance of
data protection laws for the reuse of personal
information (even if it is publicly available)
are important. Under EU data protection
law, the mere public access to information
does not mean it can be used for any purpose
(Working Party 1999).
In many countries, the privacy exemption
is one of the exemptions used most often. In
the United States, the exemptions for personal
privacy (b6) and law enforcement rec ords con-
cerning individuals (b7c) have consistently
been the two most-used exemptions.These
data include the names of recipients of home
loans, citizenship records, and criminal records.
In Canada, the privacy exemption was used in
31 percent of all denials—far more than the
next-most-used exemption (see U.S. Depart-
ment of Justice [2010]; Government of Canada
[2002]; and U.K. Ministry of Justice [2009]).
The following sections will review some
of the common types of information that are
requested and the conflicts that arise.
Information about Public Officials
Many of the records held by public bodies
contain information that identifies officials
who were involved in the subject at some
point. This includes the names of officials
who wrote memorandums, attended meet-
ings, and approved decisions. Other records
contain contact information, official expen-
ditures, or e-mail and phone logs. It is useful
to categorize this information as relating to
their official capacities.
Government bodies also hold more di-
rectly personal information about officials,
including their biographical data, photo-
graphs, salary records, employment records,
home addresses, records of financial assets,
and medical histories.
There is no global consensus about which
information is nonpersonal and which is per-
Complements and Conflicts in RTI and Privacy Laws 13
sonal. As discussed above, the right of privacy
is complex and defined by each culture.There
are some points that can be summarized:
Official capacities—Overall, the ma-
jority of countries take the position that
most information relating to official ca-
pacities is not considered personal infor-
mation for the purposes of withholding.
It may be considered personal because it
relates to a particular identifiable individ-
ual, but generally is not related to his or
her personal or family life and is less likely
to be sensitive. In most cases, documents
cannot be withheld just because an offi-
cial’s name is listed as the author or recip-
ient of a document. In 2007, the Euro-
pean Ombudsman found that it was
mal administration for the European Par-
liament to refuse to disclose the expenses
of members of parliament, including their
travel and subsistence allowances (EO
2007). The Irish and U.K. information
commissions have also ordered the release
of parliament members’ expense infor-
mation, whereas all U.S. congressional ex-
penditures are published biannually.
Employment information—Although
there is variation across cases, information
more closely related to an official’s per-
formance in his or her job (including ex-
act salary38 and details of employee per-
formance reviews) is withheld in many
jurisdictions and is available in others.39
Personal life—Information relating sole-
ly to a public employee’s personal life
rather than to his or her public actions is
less likely to be released. Medical records
of nonelected officials are generally con-
sidered sensitive and are not released in
any system.40 For officials, criminal records
not related to their positions are often
withheld (for example, see Scottish Infor-
mation Commissioner [2009]). There is a
general recognition that personal infor-
mation about senior officials should be
more available than that of junior officials.
So although the salaries of junior officials
may not be made available or only by
scale rather than by exact numbers, the
salaries of more-senior officials may be af-
firmatively published. Similarly, require-
ments for asset disclosure forms are im-
posed in more than 100 countries for
senior and elected officials, and some may
be publicly available.41 Biographical data
of decision makers and those who are be-
ing considered for very-senior positions
are more commonly released than those
for more-junior positions.
Elected officials—There is also signifi-
cant agreement that information about
elected or high-rank public officials is less
restricted, even when it relates to their
personal lives. In 2004, the European
Court of Human Rights said, “the public
has a right to be informed . . . that is, cer-
tain circumstances can even extend to as-
pects of the private life of public figures,
particularly where politicians are con-
cerned.”42 In Hungary, the Constitutional
Court ruled in 1994 that there are “nar-
rower limits to the constitutional protec-
tion of privacy for government officials
and politicians appearing in public [. . .
than to that of] the ordinary citizen.”43 In
India, the Supreme Court ruled that the
criminal records of persons running for
parliament should be released.44 In some
cases, the medical records of the highest-
ranking officials (such as the president)
may be publicly released.45
Information Held by Governments
about Private Individuals
Governments also hold a significant amount
of information about private individuals. This
is why data protection or privacy laws were
first conceived and continue to be adopted.
The materials include great amounts of bu-
reaucratic records with information that most
people consider sensitive—such as rec ords re-
lating to citizen’s interactions with govern-
ment bodies for taxation and to their health
care. In the majority of jurisdictions, most of
these records are considered private.46
Court Records
There is no consensus on access to court
records. In Europe, court records naming in-
dividuals are considered very sensitive (see
Leith and McDonagh [2009]);in the United
States, it has been a matter of long-standing
principle that the information is public.47 In
Hungary, the data protection and freedom of
information commissioner negotiated an
agree ment between the police and media
that access would be provided to criminal
cases, but only the individuals’ initials would
be used until charges were filed (Govern-
ment of Hungary 1998b).
There has been increasing sensitivity over
access in many countries as more records have
become available via computer networks, and
there is greater concern about financial infor-
mation being used for fraudulent purposes
(see NJSBA [2002] and Cannon [2004]). In
response to these concerns, many courts now
redact certain types of information, such as fi-
nancial data and identification numbers, prior
to making material publicly available electron-
ically (see Administrative Office of the U.S.
Courts [2008]). In Europe, many countries re-
quire that identities be removed from cases be
before they are made public.
Social Program Records
There are also differences of opinion over the
release of information relating to social sup-
port programs. In most developed countries,
there is sensitivity about individuals receiving
social support, so personal information held
by government bodies is not generally made
public.48
In some developing countries, however,
many of these records are publicly released
and play a crucial role in fighting corruption.
In India, all people are guaranteed the right
to a certain annual minimum of food and
employment. A key element of ensuring that
these guarantees are protected is making the
muster rolls and other information publicly
available so that social audits may be accom-
plished.49 This information is increasingly be-
ing made available on the Internet.50 In
Mex ico, registers of scholarship recipients
and other social beneficiaries are made avail-
able online.51This information can be crucial
for identifying fraud in these programs. Box
3.1 points out two examples of fraud discov-
ered through a review of public information.
Public Registers
An increasing controversy relates to access to
information in public registers, such as birth,
Box 3.1: Using Publicly Available
Personal Information to Fight Fraud
In India, a review of the data by a single in-
dividual using information gathered under
the National Rural Employment Guarantee
Scheme found that millions of rupees were
being siphoned off because fake identity
cards in the names of children and public
employees were created and used. Previous
social audits had not revealed the fraud.
In Mexico, an analysis of the agricultural
subsidies register by the transparency advo-
cacy group FUNDAR found that the families
of the minister of agriculture and wanted
drug barons were receiving public money.
14 The Right to Information and Privacy: Balancing Rights and Managing Conflicts
Complements and Conflicts in RTI and Privacy Laws 15
marriage, and death registers; electoral regis-
ters; land records; lists of license holders; and
other similar records. In many countries,
there has been a long history of public access
to these records. However, concern over their
use for commercial purposes, for stalking, and
for other reasons not related to their original
purposes has grown as the registers have been
digitized and made available over the Internet
(see NZLC [2008]). Countries vary widely in
their approaches to making public registers
available and to permitting third parties to
reuse the information for other reasons.52
Some countries’ laws limit disclosure of
information for certain reasons, such as com-
mercial purposes. The New Zealand public
register privacy principles state, “Personal in-
formation obtained from a public register
shall not be re-sorted, or combined with
personal information obtained from any oth-
er public register, for the purpose of making
available for valuable consideration personal
information assembled in a form in which
that personal information could not be ob-
tained directly from the register.”53 In 1999,
the U.S. Supreme Court upheld a law that
restricted access to a computerized list of re-
cently arrested individuals for use in com-
mercial marketing.54 The U.K. government
makes available a limited version of the elec-
toral roll (from which people may opt to
have their names removed) that can be used
for commercial purposes, and it prohibits use
of the full roll for such purposes.
Following a review of legislation related
to public registers and public access, the New
Zealand Law Commission recently recom-
mended that any legislation that creates a
public register keep the following principles
in mind:
free flow of information,
• transparency,
privacy interests (including the protection
of personal information),
accountability for fair handling of person-
al information, and
public safety and security (NZLC 2008).
Professional Records
Government bodies also maintain records re-
lating to people who have more of a business
relationship with government, including
those who donate money and meet with of-
ficials in their capacity as employees of a
company or organization. In this regard, there
is an increasing demand that lobbyists be reg-
istered and that such information be made
public.55
In general, these individuals are consid-
ered to have less of a private interest guaran-
tee because the information is related to their
professional activities rather than to their
personal opinions or lives. U.K. and U.S. tri-
bunals have found that in the absence of
compelling reasons to the contrary, the iden-
tities of corporate lobbyists should be re-
vealed.56 However, the European Court of
Justice ruled recently that businesspeople
who met with officials could have their
names withheld.57
Public Subsidies for Business
Purposes
Governments also often provide subsidies to
individuals as a business matter, in areas such
as agriculture. There has been considerable
debate over agricultural subsidies in Euro-
pean countries in the past few years, with the
result that most of the information is now
publicly available.58 There is a growing agree-
ment that these records are not particularly
sensitive because they relate to a business ac-
tivity (although they may reveal the amount
of income that a small farmer may receive in
a single year). However, the European Court
16 The Right to Information and Privacy: Balancing Rights and Managing Conflicts
of Justice recently ruled that information in
this area concerning individuals must be re-
stricted.59
Misuse of the Privacy Exemption
Not all arguments for privacy made by offi-
cials are legitimate. A conflict sometimes aris-
es when government officials attempt to
shield their decision making from scrutiny by
misrepresenting their demand for secrecy as
a privacy interest. Documents and informa-
tion are withheld, claiming privacy of offi-
cials or of third parties. In Argentina, the gov-
ernment claimed that information about
official spending on advertising was personal
information (see Knight Center [2010]).
Former U.K. Cabinet Secretary Sir Richard
Wilson, the highest-ranking U.K. civil ser-
vant, best articulated this belief, testifying, “I
believe that a certain amount of privacy is es-
sential to good government.”60
The misuse of privacy exemptions often
leads to needless conflict between the media
and privacy campaigners as the media comes
to believe that any privacy law is an attempt
to hide government activities. As noted by
Australian freedom of information expert
Nigel Waters (2002), “There is a continued
problem of privacy exemptions in FOI law
being misused and getting privacy a bad
name. This makes a major contribution to
the widespread jaundiced media view of pri-
vacy law, even though it is not actually priva-
cy law that is to blame.”
3.3 Balancing the Rights
of Access and Privacy
It should again be emphasized that the RTI
and privacy are not always conflicting rights.
They are both laws designed, in part, to ensure
the accountability of the state. The important
issue is how the legislation and the imple-
menting and oversight bodies balance the two
rights. As discussed above, both the RTI and
privacy are internationally recognized human
rights with long histories and important func-
tions. Under human rights law, typically no
right is accorded a greater weight than anoth-
er.61 The rights must be decided on a case-by-
case basis with a view toward the relative im-
portance of various interests.
* * *
The next chapter will discuss legislative and
structural means to minimize conflicts be-
tween the two rights.
17
4
Legislation
In the past 10 years, there has been a marked
convergence of policy and legislation in both
right to information (RTI) and data protec-
tion laws. Most data protection laws follow
the structure of the Council of Europe Con-
vention for the Protection of Individuals
with Regard to Automatic Processing of Per-
sonal Data and the European Union (EU)
Data Protection Directive. There is more di-
vergence around RTI laws, but they general-
ly follow the principles set out in preceding
chapters of this report. The convergence in
both areas results from the influence of inter-
national treaties and agreements and the ef-
forts of a more global civil society connected
through modern communication technolo-
gy—a society that is constantly sharing ideas
and good practices.
There has also been convergence in de-
veloping policies on the relationship be-
tween RTI and privacy laws and how best to
make them interact. Although no consensus
on good practice has yet emerged, a number
of common areas are now clear. This chapter
will review the most common policy choices
made by governments and highlight their
strengths and weaknesses.
4.1 Model 1—A Single
RTI and Privacy Law
For those jurisdictions that have not adopted
either law but plan to do so, one possibility is
to adopt both laws in a single act. This allows
for common definitions and internal consis-
tency and for limiting conflict and establish-
ing a balance from the start. Here are several
examples:
In Canada, Bill C-43, adopted in 1982,
contained both the Access to Information
Act and the Privacy Act. The two sections
then became separate laws with separate
commissions to enforce them, but with
common definitions and relationships.
The Canadian Supreme Court has de-
scribed the two laws as a “seamless code
with complementary provisions that can
and should be interpreted harmonious-
ly.”62 Many Canadian provincial laws also
address both rights in a single law.
In Hungary, the 1992 Act on the Protec-
tion of Personal Data and Public Access
to Data of Public Interest is both a gener-
18 The Right to Information and Privacy: Balancing Rights and Managing Conflicts
al RTI law and a data protection law that
protects personal information held by
public and private bodies.63 It created a
single oversight body with jurisdiction
over both. The parliamentary commis-
sioner for data protection and freedom of
information oversees them.
In Mexico, the Federal Law on Trans-
parency and Access to Public Information
lists both access to information and the
protection of privacy for records held by
federal government bodies as its primary
goals. It is overseen by the Federal Institute
for Access to Information (more com mon -
ly known by its Spanish acronym IFAI).
More recently, legislation to extend its re-
mit to include personal data held by the
private sector has been adopted.
In Thailand, the Official Information Act
both gives citizens rights to access infor-
mation held by government bodies and
controls how government bodies may use
personal data. Both are overseen by the
Official Information Council. Legislation
to protect records held by the private sec-
tor is currently being debated.
There are some disadvantages to adopting
a single act to address both rights. For one,
having both functions together may cause
legislative confusion over the intent of the
laws and may lead to opposition by some
parties who would otherwise support one
act or another. A more practical issue is the
complexity of the legislation, which may
lead to legislators being unwilling to review
it because they lack the time.64 An act that
covers both areas comprehensively will need
to be as detailed as two single acts because
there is little overlap in the two (except for
the definitions and the oversight body).
4.2 Model 2—Separate
RTI and Privacy Laws:
Managing Conflicts
In many jurisdictions, either an RTI or a data
protection law has been adopted and is in
force, or a decision has been made to intro-
duce the laws as separate pieces of legislation.
Therefore, the new law or laws must be
adopted in a way that ensures the greatest
harmony between the operations of the two
laws. If the goal of harmony is ignored at the
outset, the laws will conflict and further leg-
islative efforts will be required later.
Here are some important considerations
when adopting new legislation:
Definition of personal information—
Ideally, a common definition will be used
for both acts. If not, then the definitions
from both laws will be considered each
time that access to personal information
is sought.
Primacy of legislation—Because both
access to information and privacy are
equally fundamental rights, neither law
may arbitrarily trump the other. How will
the legislation address this issue?
Privacy exemption in RTI law—All
national RTI laws provide for the with-
holding of personal information. There is
wide variance in the scope of these ex-
emptions, ranging from a presumption
that all information is private and should
be withheld to a presumption of open-
ness with limited exceptions for sensitive
information.
Subject access requests—As noted ear-
lier in this report, some jurisdictions allow
for individuals to request their own per-
Legislation 19
sonal information under either act. A bet-
ter choice would be to select one act that
gives greater access and to focus those re-
quests through that law. In most European
countries, this is the Data Protection Act.
Oversight and appeals—What type of
body will rule on the balancing of the
rights? It should be a specialized body that
can develop clear standards on the subject.
Personal Information Defined
Data protection laws typically take an expan-
sive view of what is personal information.
EU Directive 95/46/EC, section 2(a), defines
personal information broadly as any infor-
mation that identifies an individual. Such
breadth can lead to a conflict with the RTI
because the core principle of data protection
is that information collected for one purpose
should not be used for other purposes with-
out the consent of the individual—and this
is often viewed as covering everything that
mentions a person.
Countries have addressed this in different
ways. The Canadian access to information
and privacy acts use a single definition in the
Privacy Act that sets out in detail the bound-
aries of personal information and public in-
formation. In contrast, the Irish Freedom of
Information Act (FOIA) and the Data Pro-
tection Act use different definitions, but re-
quire that the FOIA definition be used when
considering the exemption.
Some countries define in more detail the
types of information to be protected. Doing
so enables the legislature to define some of
the boundaries rather than leave them to the
oversight bodies or courts to determine.
Many laws specifically exclude informa-
tion relating to public functions from cover-
age under the privacy exemption. As noted
before, Canada’s Privacy Act includes de-
tailed descriptions of both personal informa-
tion and what is excluded from the defini-
tion in relation to public activities. In South
Africa, the Promotion of Access to Informa-
tion Act65requires that disclosure of informa-
tion be declined if it “would involve the un-
reasonable disclosure of personal information
about a third party, including a deceased in-
dividual.” However, the information can be
disclosed if it is about an individual who is or
was an official of a public entity and if it re-
lates to the position or functions of the indi-
vidual, including, but not limited to
the fact that the individual is or was an
official of that public body;
the title, work address, work phone num-
ber, and other similar particulars of the
individual;
the classification, salary scale, or remuner-
ation and responsibilities of the position
held or services performed by the indi-
vidual; and
the name of the individual on a record
prepared by the individual in the course
of employment (section 34).
Curiously, a few laws passed more recent-
ly—including the Indian Right to Informa-
tion Act and the Indonesian Act on Public
Information Disclosure66—do not provide
for a definition of private information; they
rely instead on common language definitions
for interpretation.
Fairness and Data Protection
In many countries, the privacy exemption
requires that all personally identifiable infor-
mation must be withheld. Frequently, the
RTI law specifically defers to the law on data
protection for the definition of personal in-
formation to be protected and the rules gov-
erning its release. This approach is found in
many European countries, including Croatia,
20 The Right to Information and Privacy: Balancing Rights and Managing Conflicts
Kosovo, Romania, Slovakia, and the United
Kingdom.
Under this approach, it is then necessary
to use the data protection law to determine
if information can be released. An initial in-
quiry will determine if consent has been ob-
tained and can be used to justify the release
of the information. A best practice is to in-
form individuals at the time of collection
that the information may be made public
under RTI legislation.67 If consent from the
person is not forthcoming, the data protec-
tion principles must be reviewed to deter-
mine if release can be justified.
Among the pertinent principles, fairness
is the most important one to consider. Fair-
ness typically depends on the circumstances
under which the information was collected
and the expectation at that time that the in-
formation would be used in certain ways. If
the processing (in this case, the public release)
of the information can be found to be fair, it
can proceed and the information can be dis-
closed. Box 4.1 sets out guidelines used by
the U.K. government to determine fairness.
Public Interest Test
Increasingly, many RTI laws provide for a
balancing test to be used when determining
whether personal information should be re-
leased. Under this test, even if the informa-
tion is determined to be personal and its re-
lease would cause harm, it may be disclosed
if it is found that the public interest in release
is more important than the privacy interest.
This allows for independent arbiters such as
commissions, courts, or ombudsmen to weigh
the different values and determine, case by
case, when information should be released.
This test is used to evaluate privacy interests
in a number of countries, including Ireland,
New Zealand, Slovenia, and the United
States.
In the United States, the primary privacy
exemption protects “personnel and medical
files and similar files the disclosure of which
would constitute a clearly unwarranted inva-
sion of personal privacy.”68 The courts have
found that there is an implicit public interest
test “balancing the individual’s right to pri-
vacy against the basic purpose of the FOIA
to open up agency action to the light of
public scrutiny.”69
The Slovenian information commissioner
has identified some areas where public inter-
est would be strong:
where the disclosure will assist public un-
derstanding of an issue of current national
debate,
Box 4.1: Elements to Determine
Fairness
Source: U.K. Ministry of Justice 2008.
The U.K. Ministry of Justice recommends
that the following factors be used in deter-
mining if disclosure under the U.K. FOIA
would be considered fair:
How the information was obtained.
The data subject’s likely expectations
regarding the disclosure of the informa-
tion. For example, would the party ex-
pect that his or her information might
be disclosed to others? Or had the per-
son been led to believe that his or her
information would be kept secret?
The effect that disclosure would have
on the data subject. For example,
would the disclosure cause unneces-
sary or unjustified distress or damage
to the data subject?
Whether the party expressly refused
con sent to disclosure of the information.
The content of the information.
The public interest in disclosure of the
information.
Legislation 21
where the issue has generated public or
parliamentary debate,
where proper debate cannot take place
without wide availability of all relevant
information,
where an issue affects a wide range of in-
dividuals or companies,
where the issue affects public safety or
public health,
where the release of information would
promote accountability and transparency
in decision making, and
where the issue concerns the making or
spending of public money (Pirc Musar
2006).
In a leading case in Ireland, the Irish in-
formation commissioner set out public inter-
est arguments to consider when balancing
requests for information:
The public interest in the public having
access to information.
The public interest in the accountability
of elected representatives.
The public interest in a free and informed
debate on the level of remuneration/ex-
penses paid to elected representatives.
The public interest in accountability for
use of public funds.
The public interest in an individual’s
right to privacy in respect of information
relating to his/her financial affairs.
The possibility of damage to the image
of Parliament as an institution in the
event of reduced public confidence in the
integrity of members of the Houses of
the Oireachtas.
The public interest in the entitlement of
members of the Houses of the Oireachtas
(Irish national parliament) to discharge
their Constitutional responsibilities with-
out being put in a position where they
are or may be subjected to unjust attack
for claiming financial entitlements which
are theirs as a matter of law and the
amounts of which are not, in the normal
course, relevant to the member’s perform-
ance as a public representative.
The possibility of prejudice to, or distortion
of, the democratic process by equation, in
the eyes of members of the public, of the
level of payment of expenses to members
with individual performance of members,
with possible adverse consequences for the
careers of individual members.
The possibility that disclosure of records
which are, or may not be, comparable,
and which are likely to be used for com-
parison purposes, may mislead the public
and result in comment based on partially
or wholly unreliable conclusions which
may be damaging to the interests of in-
dividual members.
The possibility that such comparisons may
result in certain members being forced to
release further personal information relat-
ing to their financial affairs in order to deal
with inaccurate public speculation as to
their income and to repair perceived dam-
age to their interests.70
Thus, it is clear from the different models
described above that both the RTI and the
data protection laws must clearly define how
personal information is going to be consid-
ered. Under the most effective legislation,
this is set out lucidly and provides for specific
boundaries on types of personal information
to be protected and a balancing test that ex-
amines both harms and the public interest
(Pirc Musar 2010).
23
5
Oversight
All national right to information (RTI) laws
have some form of external appeals mecha-
nism. In approximately two thirds of coun-
tries (roughly 60), an independent oversight
body such as a commission or ombudsman
has been empowered to receive appeals and
make determinations or recommendations
on the release of information.71 These bodies
can play an important role in balancing pub-
lic interest with the release of personal data.
A very strong trend exists for countries to
create information commissioner offices that
can decide appeals and provide oversight and
guidance. There is a roughly even split in ju-
risdictions that have created a commission
between those that have separate bodies to
handle the RTI and data protection and
those that have a single body to handle both.
Each model has its pros and cons.
5.1 Two Bodies—
Separate RTI and
Privacy Commissions
Many countries have created separate bodies
for enforcing the RTI and the protection of
privacy. The bodies may have a single func-
tion or have other duties assigned to them.
A few countries have created an independ-
ent RTI commission as a single-function body.
These countries include Belgium, Canada,
France, and Portugal. More commonly, an al-
ready existing ombudsman’s office also en-
forces the RTI law. This is the situation in
New Zealand, Peru, and the Scandinavian
countries. A few jurisdictions (such as Ireland)
have adopted an RTI commission that also
serves as the ombudsman, but with additional
powers.
In nearly all countries, the data protection
or privacy commission is an independent
body. This is partly because of requirements
under European Union law that data protec-
tion commissions be independent.72
There are benefits to having two bodies.
A separate commission for each of the two
rights can create clear champions for such
rights, unencumbered by the need to balance
potentially competing interests. As stated by
Canadian Information Commissioner John
Grace:
The values of openness and privacy each
has a clearly identifiable and unambiguous
advocate. While both commissioners are re-
quired by law to reasonably balance access
rights and privacy rights, each has a clear
24 The Right to Information and Privacy: Balancing Rights and Managing Conflicts
mandate to be a lightening [sic] rod for, and
champion of, one of the two values.73
This could be particularly important when
one is a new right that is not yet established
in the public mind and the other has long
been accepted and championed by a body.
A primary concern of having two bodies
is that there will be conflict between the
two—and that could become messy, expen-
sive, and embarrassing. In Canada, there have
been public fights between the two commis-
sions for both policy and political reasons
(see Government of Canada [2001]).There is
also concern that public bodies and the pub-
lic will receive conflicting advice from the
two commissioners when they disagree. As
noted by the Canadian Access to Informa-
tion Review Task Force in 2002:
An institution is required to notify the Pri-
vacy Commissioner before making such a
disclosure, where this can reasonably be
done. A situation can arise where the Infor-
mation Commissioner advises the institu-
tion to disclose personal information in the
public interest, but the Privacy Commis-
sioner advises the institution to protect the
information on the grounds that the public
interest in the case does not clearly out-
weigh the invasion of privacy that could re-
sult from disclosure. This puts the institu-
tion in the difficult position of having
con flicting recommendations from the two
Commissioners (Government of Canada
2002, p. 59).74
If there are two commissioners, there will
need to be a mechanism to resolve conflicts.
Previously, the Slovenian system used an ad-
ministrative dispute institute. The Slovenian
information commissioner found that the
system was inefficient:
Two bodies which operate in an area so
closely interlinked would inevitably come
into conflicting situations [with] the insti-
tute of an administrative dispute as a tool
for settling such conflicts. Such a manner of
settling mutual conflicts though, would, due
to the long time periods of dispute resolu-
tions, mean a lessened legal certainty (Pirc
Musar 2006).
Finally, not related to the scope of this re-
port but quite relevant to many countries,
there is an economic concern relating to the
cost of two commissions. It may be difficult
to justify two commissions in small jurisdic-
tions when economic situations are difficult
or as governments are cutting back to create
a new body.
When there are two agencies, there should
be formal agreements to cooperate to mini-
mize conflicts. In New Zealand, the privacy
commissioner and the ombudsman have a for-
mal consultation process that requires the om-
budsman to consider the views of the privacy
commissioner before determining whether to
release personal information (Slane 2002). In
Ireland, the Data Protection Act requires the
two bodies to cooperate.
5.2 One Body—A Single
RTI and Privacy
Commission
Countries increasingly have been creating
single commissions to handle both access to
information and privacy protection. Coun-
tries and jurisdictions that have adopted this
model include Estonia, Hungary, Malta, Mex-
ico, Serbia, Thailand, and the United King-
dom at the national level; and many Canadi-
an provinces, German länder, Mexican states,
and Swiss cantons at the subnational level.
Oversight 25
In most cases, an existing commission is
given additional authority with the adoption
of new legislation. In the United Kingdom,
the Data Protection Commission evolved
into the Information Commission. A similar
process also occurred in Germany, Malta, and
Switzerland. In Slovenia, the two bodies were
merged into a single new commission headed
by the previous information commissioner.
The most significant benefit of having a
single body is the shared expertise and re-
duction of conflict. As noted earlier, there is
a strong interrelation between the two rights.
Although they have some areas of conflict,
there also are strong areas of commonality.
Having a single body can reduce the pos-
sibility of institutional conflict. In practice,
many requests for information under RTI
legislation will relate to personal informa-
tion; having this dual expertise will allow for
better balancing. Elizabeth France (1999), the
U.K. data protection registrar, commented
during the legislative process in June 1999:
The possibility of institutional conflict
which would exist were there to be separate
Commissioners for freedom of information
and data protection matters is avoided.
Working within one institution should al-
low more focused and effective consideration
than working across institutional bound-
aries. Any tension will be contained within
the institution. Making the actual decision
about where the balance should lie between
data protection and freedom of information
in a particular case will not be less difficult
because there is one commissioner. However,
with experience and understanding of both
issues in-house, the decision process itself
should be eased.
It is also easier for the public to have a
single point of contact with public bodies to
better exercise their rights. The Slovenian
commissioner has found that having one en-
tity resulted in greater awareness of both
rights:
The merged body also insures for its greater
visibility as well as unification of the entire
legal practice of the field. It will also increase
the awareness of all other government bod-
ies while carrying out the stated legislative
provisions to the benefit of all applicants
(Pirc Musar 2006).
The creation of a single body with both
powers also reduces the likelihood that pub-
lic bodies can misuse data protection, know-
ing that their decisions are subject to review
by an oversight body that is an expert in
both areas of legislation. As László Majtényi,
the first Hungarian information commis-
sioner, stated in his first report, “[i]t goes
without saying that nobody can lawfully ob-
struct the freedom of information and the
press in the name of data protection” (Gov-
ernment of Hungary 1998a, p. 73).
There is also an important economic ar-
gument to having only a single body. None
of the administrative costs—such as human
resources, technical infrastructure, and ad-
ministrative support—are duplicated. When
the Canadian information and privacy com-
missioners, who shared common corporate
services, split apart in 2002, the costs for both
bodies increased by an estimated Can$1 mil-
lion each.
The strongest drawback to adopting a
single-commission model is the danger that
one interest may be stronger or perceived as
more powerful and that the bodies do not
equally protect or balance both interests
(Tang 2002). Any conflicts are likely to be
decided internally rather than publicly, where
they would receive a public viewing and de-
26 The Right to Information and Privacy: Balancing Rights and Managing Conflicts
bate. The Canadian privacy commissioner
worried that it would “diminish” or “dilute”
the profile of privacy at a time when there
were profound privacy challenges.75
An imbalance could be especially prob-
lematic where one law has a greater consti-
tutional protection or has been in force for a
significantly longer period of time. In the
United Kingdom, this concern led to the
creation of two distinctly separate workforces
for the different rights inside the information
commission (which had previously been en-
forcing only data protection rights). Only af-
ter five years are the two workforces being
merged.
There is also a concern that a single body
may not be provided with adequate resources
to take on additional duties—duties that are
significantly different in some ways. In Aus-
tralia, the Tasmania ombudsman (who is also
the information commissioner and the in-
tegrity commissioner, and who holds several
other posts) recently expressed concern that
new functions added to his mandate have re-
sulted in additional work without enough re-
sources being provided (ABC News 2009).
There is no clear answer for every juris-
diction on the issue of whether it is better to
have one commission or two. Countries may
wish to create a new institution to ensure
that the profile of one of the rights is clearly
promoted and not diluted by other func-
tions. In other cases, an existing body (such
as an ombudsman) may be appropriate. And,
of course, economic or political concerns
may dictate one model over the other.
* * *
In the next chapter, both oversight models
will appear in the case studies presented
there—including one jurisdiction that has
switched from one model to the other. The
discussion will examine some of the benefits
and limitations of the different models.
27
6
Case Studies
6.1 Ireland
Ireland’s Data Protection Act was adopted in
1988 and amended in 2005 to implement
the European Union (EU) data protection
directive. The act created the Office of the
Data Protection Commission as an oversight
and enforcement body. Ireland’s Freedom of
Information Act (FOIA), adopted in 1997,
created an Office of Information Commis-
sion to enforce the act. The government ap-
pointed the ombudsman to act jointly as the
information commissioner.The second com-
missioner was also jointly appointed as om-
budsman. Under the Data Protection Act,
“the Commissioner and the Information
Commissioner shall, in the performance of
their functions, co-operate with and provide
assistance to each other” (sec. 1[5][b]).
The definition of privacy in the two acts
is not identical. Section 2 of the FOIA de-
fines personal information as data about an
“identifiable person” that is normally “known
only to the individual or members of the
family, or friends, of the individual,” or is
confidential. It provides 12 paragraphs of ex-
amples of what is personal information, in-
cluding “educational, medical, psychiatric or
psychological history,” financial affairs, reli-
gion, and tax and identification numbers.
These definitions are followed by three para-
graphs of information expressly excluded
from the definition of personal information,
including the activities of an officeholder of
a public body and those providing public
services under contract, and opinions of the
individual regarding the public body (includ-
ing its staff).
Separately, the Data Protection Act defines
personal information as “data relating to a liv-
ing individual who is or can be identified ei-
ther from the data or from the data in con-
junction with other information that is in, or
is likely to come into, the possession of the data
controller” (sec. 1[1]). However, to ensure that
there is no conflict between that act and the
FOIA, section 1(5)(a) of the Data Protection
Act provides a specific exemption for release of
personal information under the FOIA. This is
considered by a leading commentator (Mc-
Donagh 2006) to be a “trumping” of the pri-
vacy right, but subject to constitutional protec-
tions and international obligations.
Individuals may request personal informa-
tion about themselves from government bod-
ies under either the Data Protection Act or
the FOIA. Most requests to public bodies are
made under the latter, except requests to bod-
ies that are not covered by the FOIA—such as
the Guardi (police) and the private sector.
28 The Right to Information and Privacy: Balancing Rights and Managing Conflicts
Under section 28 of the FOIA, personal
information must be withheld unless (1) it is
about the requestor, (2) the person gives
consent, (3) the information is of a class that
is publicly available or the person has been
notified that it is part of that type of class, or
(3) its release is necessary to avoid a serious
and imminent danger to the life or health of
an individual (see Government of Ireland
[2006]).
The exemption is subject to a public in-
terest test that allows for the release of the in-
formation if “the public interest that the re-
quest should be granted outweighs the
pub lic interest that the right to privacy of the
individual to whom the information relates
should be upheld” or if it benefits the indi-
vidual.The information commissioner ruled
in 1999 that the expenses of members of
parliament (MPs) should be released as a
matter of public interest. In that case, the
commissioner examined the questions about
financial privacy and public spending:
As a general proposition I would accept that,
when an individual discloses details of his/
her financial affairs including details of fi-
nancial transactions with third parties to a
public body, there is an understanding that
the information is given in confidence. How-
ever, does such an understanding normally
exist in relation to the payment of public
money to individuals, be they members of
the Oireachtas [Parliament] or employees of
a public body? It is pertinent to recall at this
point that the information at issue in this
case concerns amounts paid to individuals to
defray expenses incurred by them in dis-
charging their functions as public representa-
tives. The payments do not arise out of some
private activities or private aspect of their
lives. On this point they can be distinguished
from, say, a payment made to a claimant un-
der the Social Welfare Acts, where there is an
expenditure of public money but the pay-
ment derives from some private aspect of the
claimant’s life such as family circumstances
or inadequacy of means (Government of Ire-
land 1999).
Since that time, the commissioner has ex-
amined numerous other cases related to pri-
vacy and access. The breakdown of cases in-
dicates that this question is the one most
examined by the office. Other information
that has been ordered released under the
public interest test includes payments of agri-
cultural subsidies and the names of and pay-
ments to experts, outside lawyers, and senior
academics.76 In a recent settled case, the
commissioner negotiated a settlement for the
release of detailed expenditure records in
database form from the Department of Arts,
Sport and Tourism to allow for easy compar-
isons (Sheridan 2010). However, a complaint
about the decision has been filed with the
Data Protection Commission.77
6.2 Mexico
Mexico adopted the Federal Law on Trans-
parency and Access to Public Information in
2002.78 The law states that its objective is to
both promote transparency and protect per-
sonal information held by public bodies. It
does not apply to personal data held by pri-
vate bodies. In 2010, the Federal Law on
Protection of Personal Data Held by Individ-
uals was adopted.79 The more recent law ap-
plies to personal data held by private compa-
nies and individuals. Personal information is
defined as “any information concerning an
identified or identifiable natural person.” A
new initiative is being considered by Con-
gress to revise and extend the data protection
Case Studies 29
provisions of the right to information (RTI)
law to improve the protection of information
held by federal bodies.
As part of a federal system, each of the 32
states has adopted its own access to informa-
tion law, and many are considering data pro-
tection laws. In the Federal District (Mexico
City), both RTI and data protection laws
have been adopted, and a single commission
handles both issues.80
The 2002 RTI law created a Federal In-
stitute for Access to Information (IFAI) to
monitor federal government bodies’ compli-
ance with both access to information and
protection of personal data legislation. The
IFAI was changed into the Federal Institute
for Access to Public Information and Data
Protection with the adoption of the 2010
act, and will now have the authority to en-
force the protection of personal information
held by the private sector.
Personal information is defined in article
II(2) of the law as “[a]ll information con-
cerning an individual, identified or identifi-
able, including their ethnic or racial origin,
or related to their physical, moral or emo-
tional characteristics, their personal and fam-
ily life, residence, telephone number, patri-
mony, ideology, political opinions, religious
or philosophical beliefs or convictions, phys-
ical or mental health, sexual preferences, or
any other similar preferences that could have
an impact on their intimacy.” Article 18 pro-
tects personal data as confidential and thus
exempt from release. Personal data related to
public spending or present in public reg-
istries is not considered confidential.
According to chapter IV of the 2010 law,
federal public bodies are required to provide
individuals access to their own information
and details on the procedures for correcting
that information to ensure that all handling
is “adequate, appropriate and moderated in
connection with the purposes for which
they were obtained”; to ensure it is accurate,
updated, and corrected it if it is incorrect;
and to ensure that it is kept secure.
The IFAI rules on all appealed cases con-
cerning access to government-held informa-
tion. Many of these cases relate to the per-
sonal information of third parties, both
officials and members of the public; and they
have required the IFAI to balance the two
rights. In balancing these rights, the institute
balances public accountability against pro-
tecting personal data (Irazábal and Núñez
2009). In the cases, some of the factors have
included the public interest in knowing
about criminal prosecutions, the importance
of the public being aware of the elements of
a scientific investigation, and the value of
public accountability when public funds are
spent. In cases where privacy has been up-
held, the IFAI has analyzed whether the re-
lease of information would give the public
insight into the performance of the data sub-
jects or their suitability for their jobs. Follow-
ing such analysis, it decided that release
would not provide such insight, and so de-
nied release of the information. In a different
case (one that sought the telephone numbers
of wildlife units), another decision was
reached and the numbers were released. The
IFAI has also denied release of information
from the Mexican Population Register—
even though the information was not con-
sidered confidential—because it was available
elsewhere.
6.3 Slovenia
The Personal Data Protection Act was adopt-
ed in 1999 and replaced in 2005 with a new
act based on EU Directive 95/46/EC. The
law created an Inspectorate for Protection of
30 The Right to Information and Privacy: Balancing Rights and Managing Conflicts
Personal Data within the Ministry of Justice
as its oversight and enforcement body. The
Access to Public Information Act was adopt-
ed in 2003. The law created a commissioner
for access to public information to enforce its
provisions.
The two commissions were merged into
a single information commissioner by the
Information Commissioner Act in 2005.
There were concerns that the inspectorate
for data protection was not as strong and in-
dependent as required under EU rules. Prior
to the merger of the offices, disputes were
handled through the initiation of an admin-
istrative dispute; however, no cases were filed.
Following the merger, the National Supervi-
sor for Data Protection was established under
the authority of the information commis-
sioner, and staff was substantially increased.
Slovenia’s Access to Information Act al-
lows for the withholding of information
when “the disclosure. . . would constitute an
infringement of the protection of personal
data in accordance with the Act governing
the protection of personal data.” Personal
data are defined in the Data Protection Act as
“any data relating to an individual, irrespec-
tive of the form in which it is expressed.An
individual is defined as “an identified or
identifiable natural person to whom personal
data relates; an identifiable natural person is
one who can be identified, directly or indi-
rectly, in particular by reference to an identi-
fication number or to one or more factors
specific to his physical, physiological, mental,
economic, cultural or social identity, where
the method of identification does not incur
large costs or disproportionate effort or re-
quire a large amount of time.” However, the
commissioner has said that, based on a Con-
stitutional Court ruling, a name is not suffi-
cient to constitute personal data in the ab-
sence of other identifying data.81
Under the Access to Information Act, ac-
cess cannot be withheld if it is “related to the
use of public funds or information related to
the execution of public functions or employ-
ment relationship of the civil servant.” It also
contains a public interest test that provides
that “the access to the requested information
is sustained, if public interest for disclosure
prevails over public interest or interest of
other persons not to disclose the requested
information.”
Under the decisions of the commissioner,
the public interest in the release of informa-
tion is the issue that has been examined nu-
merous times.82The commissioner has or-
dered the release of information relating to
the misconduct of officials because it is in the
public interest83 and the release of the name
of a job applicant who was already a public
servant,84 and has denied release of video
surveillance records from the state prosecu-
tor’s office.85
6.4 United Kingdom
The United Kingdom first adopted the Data
Protection Act in 1984, in response to the
Council of Europe’s Convention for the
Protection of Individuals with Regard to
Automatic Processing of Personal Data.86
The act created a data protection registrar to
enforce it. In 1998, the act was replaced to
implement EU Data Protection Directive
95/46/EC, which changed the data protec-
tion registrar into the data protection com-
mission and granted it stronger powers. In
2000, the FOIA was adopted. The act trans-
formed the data protection commission into
the information commission, with authority
to enforce both acts.
When the FOIA proposal was first con-
sidered, the government position was that
Case Studies 31
there would be a separate information com-
mission. In the end, the government revised
its position, stating,
Dual enforcement regimes raise serious co-
ordination problems, are confusing to appli-
cants, wasteful of resources and require com-
plicated procedures to ensure that issues of
privacy and access to information have both
been properly assessed in the many cases in
which they overlap. This is why it has been
decided that for the UK FOI Act the role
of Information Commissioner should be
merged with that of Data Protection Com-
missioner (U.K. Home Office 1999).
In addition, the Freedom of Information
(Scotland) Act 2002 created a separate Scot-
tish information commission that has au-
thority only over access to information. The
Scottish information commissioner considers
the U.K. data protection exemptions when
deciding on the release of information.87
The FOIA adopts the definition of per-
sonal data found in the U.K. Data Protection
Act: “data which relate to a living individual
who can be identified—(a) from those data,
or (b) from those data and other information
which is in the possession of, or is likely to
come into the possession of, the data con-
troller, and includes any expression of opinion
about the individual and any indication of the
intentions of the data controller or any other
person in respect of the individual.” Eight
data protection principles set the rules for the
processing of personal information. They re-
quire that the processing is fair and lawful,
that the data are collected and used only for
specific and lawful purposes, that the data are
adequate and relevant for the purpose for
which they are collected, that they are accu-
rate and up to date, that they are kept no
longer than necessary, that they are processed
in accordance with the rights of the individ-
ual, that they are kept secure, and that they are
not transferred to third countries.
Under the FOIA, when an individual re-
quests personal information about himself or
herself, he or she is directed to the subject
access provisions of the Data Protection Act.
Although this typically is a good solution,
given the stronger requirements under EU
law and the European Convention for the
Protection of Human Rights and Funda-
mental Freedoms on access to personal
records, there is a substantial weakness in the
United Kingdom. Under the U.K. Data Pro-
tection Act, individuals who are denied ac-
cess cannot appeal to the information com-
missioner. Rather, they must apply in court.
They have fewer rights to demand access
than are available under the FOIA.
When it comes to accessing records that
contain personal information about other
people, there is a complex relationship. A
simplified explanation is that requests for in-
formation about third parties are generally
exempt if they violate the data protection
principles of the Data Protection Act. Under
the FOIA, there is an absolute exemption for
personal information.Thus, any decisions on
the release of personal data must analyze the
information using the data protection prin-
ciples rather than the FOIA. However, this is
not to say that information containing per-
sonal data is never released. The key issue is
whether the release of the information would
be unfair under the principles.This includes
a consideration of how the information was
collected in the first place, the effect on the
person from whom the information was col-
lected, whether consent to release the infor-
mation was obtained, and the public interest
in releasing the information.88
According to the U.K. Ministry of Justice
(2010), the privacy exemption is the most
32 The Right to Information and Privacy: Balancing Rights and Managing Conflicts
common one cited by public bodies. Many
cases before the information commission, the
information tribunal, and the courts have fo-
cused on this subject; and they have required
balancing by those bodies. A significant case
occurred in 2008, one related to MPs. Journal-
ists had asked for detailed records of the ex-
penditures of MPs—expenditures that not
only related to their official office and travel
expenses but also to subsidies they received for
housing. Following a protracted series of deci-
sions by the information commissioner, infor-
mation tribunal, High Court, and Court of
Appeals,89 much of the information was re-
leased, based on its public interest. Some of this
information was withheld on privacy grounds,
but later leaked. It revealed some corrupt and
unethical practices by MPs. In another case in
2008, the House of Lords ruled on the release
of anonymous health statistics.90 Separately, the
information tribunal has ruled several times re-
cently91on the identity of senior officials, es-
tablishing that they do not have a reasonable
expectation of anonymity in any document
(even sensitive ones); at the same time, junior
officials may have this expectation, depending
on the public nature of their jobs and when
they meet with lobbyists. The tribunal also or-
dered the release of anonymous statistics on
abortion.92
33
7
Conclusion
Access to information and protection of pri-
vacy are both rights intended to help the in-
dividual in making government accountable.
Most of the time, the two rights complement
each other. However, there are conflicts—for
example, privacy laws often are improperly
invoked by governments. And there are cases
where the conflicts are legitimate.
There is no simple solution to balancing
the two rights, but most issues can be miti-
gated through the enactment of clear defini-
tions in legislation, guidelines, techniques,
and oversight systems.
Of key importance is that governments
take care when writing the laws to ensure
that the access to information and data pro-
tection laws have compatible definitions of
personal information. They should adopt ap-
propriate public interest tests that allow for
careful balancing of the two rights. Finally,
they should create appropriate institutional
structures that can balance these rights and
ensure that data protection and right to in-
formation officials work together, even if
they represent different bodies.
Endnotes
35
1For the purposes of this working paper, the terms “right
to information laws,” “access to information laws,” and
“freedom of information laws” refer to the same type of
laws that provide for a legal right of access to information
held by public bodies.
2See the Universal Declaration of Human Rights (UDHR),
art. 19.
3For a detailed overview of international standards on RTI,
see Mendel (2008) and Banisar (2006).
4In 2006, the Inter-American Court of Human Rights
ruled that “the State’s actions should be governed by the
principles of disclosure and transparency in public adminis-
tration that enable all persons subject to its jurisdiction to
exercise the democratic control of those actions, and so that
they can question, investigate and consider whether public
functions are being performed adequately. Access to State-
held information of public interest can permit participation
in public administration through the social control that can
be exercised through such access” (Marcel Claude Reyes et
al. v. Chile, judgment of September 19, 2006).
5See, for example, ACHPR (2002); and the Joint Declara-
tion of the UN Special Rapporteur on Freedom of Opin-
ion and Expression, the OSCE Representative on Freedom
of the Media, and the OAS Special Rapporteur on Freedom
of Expression, November 26, 1999.
6A global map of countries with access to information leg-
islation is available at http://www.pr ivacyinternational.o
rg/foi/foi-laws.jpg.
7Writing on December 17, 1992, in Niemietz v. Germany
(16 EHRR 97), the European Court of Human Rights
noted, “The Court does not consider it possible or neces-
sary to attempt an exhaustive definition of the notion of
‘private life.’” For a detailed overview of the different rights,
see EPIC/PI (2007).
8For example, see the following documents: UN Human
Rights Committee (1988); UN Human Rights Council
(2009); and Bensaid v. United Kingdom 44599/98 [2001]
ECHR 82.
9For example, see the November 3, 2009, Madrid Privacy
Declaration: Global Privacy Standards for a Global World, at
http://thepublicvoice.org/madrid-declaration/.
10 UDHR, art. 12.
11 Ibid., art. 17.
12 Ibid., art. 8.
13 Ibid., art. 5, 9, and 10.
14 Ibid., art. 11.
15For example, see Netherlands—CCPR/C/82/D/903/1999
[2004] UNHRC 60 (November 15, 2004), http://www1.u
mn.edu/humanrts/undocs/html/903-1999.html.
16 APEC Privacy Framework, 2005, http://www.apec.
org/About-Us/About-APEC/Fact-Sheets/Collection/AP
EC-Privacy-Framework.aspx.
17 Also see Organisation of Eastern Caribbean States (2004).
18 See also Article 29 Data Protection Working Party, Opin-
ion 4/2007 on the concept of personal data, June 20, 2007,
at http://www.gov.gg/ccm/cms-service/download/asset/?
asset_id=12058063.
19 Copland v. United Kingdom (App. No. 62617/00) 2007.
20 For example, see the constitutions of Albania (1998, sec.
35). Cape Verde (1999, sec. 42), the Former Yugoslav Re-
public of Macedonia (1992, sec.18), Mozambique (1990,
sec. 71), and Thailand (2007, sec. 35).
21 For a map of data protection laws around the world, see
http://www.privacyinternational.org/survey/dpmap.jpg.
22 See the Privacy Act of 1974, 5 USC 552(a). There is also
a patchwork of sectoral legislation applying to heath, finan-
cial, and credit records; some telecommunications records;
educational records; and other areas at both the national and
state levels. For a comprehensive overview, see Solove and
Schwartz (2008).
23 General Administrative Code, sec. 27.
24 Official Information Act, B.E. 2540 (1997).
The Right to Information and Privacy: Balancing Rights and Managing Conflicts
36
25 Malaysian Personal Data Protection Act, 2010.
26 Freedom of Information: Consultation on Draft Legisla-
tion Cm 4355, May 1999, Response of the Data Protection
Registrar.
27 See Guadamuz (2001); and the Rule on the Writ of
Habeas Data, issued by the Philippines Supreme Court (A.
M. No. 08-1-16-SC, January 22, 2008, http://www.lawph
il.net/judjuris/juri2008/jan2008/am_08-1-16_sc_2008.html).
28 Canton’s remarks of October 30, 2002, are available at
http://www.wpfc.org/index.php?q=node/221.
29 See Decision of the Supreme Administrative Court of
Bulgaria No. 7146, July 30, 2004. An informative discussion
of this decision can be found at http://www.aip-bg.org/libr
ary/dela/yonchev.htm.
30 According to the Ninth FOI Report of the Irish Minister
of Finance, 67 percent of all requests in 2008, 72 percent in
2007, and 70 percent in 2006 were for the applicants’ per-
sonal information.
31 For example, see Times of India (2010).
32 The text of the act is available at http://www.sun.ac.za/
university/Legal/dokumentasie/access%20to%20informati
on.pdf.
33 Only Antigua and Barbuda and South Africa have adopt-
ed laws that apply to private bodies “in the protection of
any right.”
34 See, for example, Sunday Times (2008).
35 Guerra and Others v. Italy, 116/1996/735/932, February
19, 1998.
36 See EPIC v. DHS (Suspension of Body Scanner Program),
http://epic.org/privacy/body_scanners/epic_v_dhs_suspen
sion_of_body.html; EFF (2010); and public FOIA docu-
ments on spying in Washington, released by the American
Civil Liberties Union, http://www.aclu-wa.org/public-doc
uments.
37 Taxpayers’ Alliance is available at http://www.taxpayersal
liance.com/.
38 For salary disclosure in the United States, see Sunshine
Review (2010). For salary disclosure in the United King-
dom, see ICO (2009) and BBC News (2010).
39 However, also see Chang v. Navy, Civil Action No. 00-
0783 (D. D.C.).
40 Under European law, medical records are considered the
most sensitive records to be protected from release. For ex-
ample, see Z v. Finland (1997) 25 EHRR 371, http://www.
unhcr.org/refworld/publisher,ECHR,,FIN,3ae6b71d0,0.html.
41 For examples, see Djankov et al. (2009); World Bank
(2006); People’s Union for Civil Liberties (PUCL) v. Union
of. India (2003) 4 SCC 399; CPIO Supreme Court of Delhi
v. Subhash Chandra Agarwal, Delhi High Court, W.P. (C)
288/2009; Reid (2010); and CNN/IBN (2010).
42 Von Hannover v. Germany (Application No. 59320/00),
June 24, 2004.
43 Decision 60/1994 (XII, 24) AB.
44 Union of India v. Association for Democratic Reforms
(2002) 2 LRI 305.
45 The European Court of Human Rights ruled in 2004 that
there was a public interest in a doctor revealing information
that French President François Mitterand was seriously ill
while in office and had hid that from the public. The court
ruled that a temporary injunction was appropriate, but that
a permanent one violated Article 10 of the European Con-
vention on Human Rights (Éditions Plon v. France [Appli-
cation No. 58148/00], May 18, 2004). A recent case from
India ruled that medical information could be released if
there was a sufficient public interest: “personal information
including tax returns, medical records etc. cannot be dis-
closed in view of Section 8(1)(j) of the Act. If, however, the
applicant can show sufficient public interest in disclosure,
the bar (preventing disclosure) is lifted and after duly noti-
fying the third party (i.e. the individual concerned with the
information or whose records are sought) and after consid-
ering his views, the authority can disclose it” (Secretary
General, Supreme Court of India v. Subhash Chandra Agar-
wal, High Court of Delhi, January 12, 2010).
46 In some jurisdictions, tax records are publicly available.
For example, see Tietosuojavaltuutettu v. Satakunnan Mark -
kinapörssi Oy, Satamedia Oy (2008), EUECJ C-73/07, De-
cember 16; and Government of India (2009). Also see Ban-
galore Mirror (2010); Luna Pla and Ríos Granados (2010);
and Law et al. News (2010).
47 Nixon v. Warner Communications, Inc., 435 U.S. 589
(1978); Richmond Newspapers Inc. v. Virginia, 448 U.S. 555
(1980). For a review of Australian law, see Australian Law
Reform Commission (2008).
48 For example, the U.S. Court of Appeals for the District of
Columbia noted, “The [U.S. FOIA] exemption. . . is phrased
broadly to protect individuals from a wide range of embarrass-
ing disclosures. As the materials here contain information re-
garding marital status, legitimacy of children, identity of fathers
of children, medical condition, welfare payments, alcoholic
consumption, family fights, reputation, and so on” (Rural
Housing Alliance v. USDA, 498 F.2d 73 [D.C. Cir. 1974]).
49 See “Social Audits—Tracking Expenditures with Com-
munities:The Mazdoor Kisan Shakti Sangathan (MKSS) in
India,” available at http://unpan1.un.org/intradoc/groups/
public/documents/un/unpan024549.pdf.
50 For example, see the Web site for the Department of Ru-
ral Development of India’s Ministry of Rural Development,
http://www.nrega.nic.in/netnrega/home.aspx.
51 For example, see Consejo Nacional de Ciencia y Tec-
nología, Convocatorias becas en el país 2009, http://www.
conacyt.gob.mx/Convocatorias/Paginas/Convocatoria_Be
cas_Pais2009.aspx.
52 In Mexico, information that is already in the public do-
main is not considered confidential and cannot be withheld
from request. In 2008, the European Court of Justice ruled
37
Endnotes
that a news service using tax information from a public reg-
ister was exempt from the EU Data Protection Directive.
See Tietosuojavaltuutettu v. Satakunnan Markkinapörssi Oy,
Satamedia Oy (2008), EUECJ C-73/07, December 16.
53 The principles are available at http://legislation.knowl
edge-basket.co.nz/gpacts/reprint/text/2006/se/026se59.html.
Also see Stewart (2002).
54Los Angeles Police Department v. United Reporting
Publishing Corp., 528 U.S. 32 (1999).
55 See the European Transparency Initiative Web site, http://
ec.europa.eu/transparency/index_en.htm.
56 “The few cases considering a private party attempting to
influence government policy typically find in favor of disclo-
sure, lacking countervailing concerns not present” (EFF v.
ODNI, 09-17235, February 9, 2010). “Individuals are acting
in a public or representative capacity, and would have an ex-
pectation that their details might be released to third parties”
(Creekside Forum v. Information Commissioner and De-
partment for Culture, Media, and Sport [2009] UKIT EA-
2008-0065 [May 28]).
57 Commission v. Bavarian Lager, Case C-28/08, June 29,
2010.
58 For example, see http://ec.europa.eu/agriculture/fund
ing/index_en.htm and http://farmsubsidy.org/.
59EUECJ cases C-92/09 and C-93/09, November 9, 2010.
60 Testimony of Sir Richard Wilson before the Select Com-
mittee on Public Administration, U.K. House of Commons,
July 11, 2002.
61 See Volker und Markus Schecke (EUECJ C-92/09, No-
vember 9, 2010, at 85): “No automatic priority can be con-
ferred on the objective of transparency over the right to
protection of personal data .. . even if important economic
interests are at stake.”
62 Canada (Information Commissioner) v. Canada (Com-
missioner of RCMP), 2003 SCC 8, October 29, 2003.
63 Act No. LXIII of 1992, available at http://abiweb.obh.
hu/dpc/index.php?menu=gyoker/relevant/national/1992_
LXIII.
64 In Tanzania, a draft bill introduced by the government in
2006 to address access to information, privacy, and media
rights was more than 85 pages in length—a fact that led to
its not being considered.
65 Text of the act is available at http://www.sun.ac.za/unive
rsity/Legal/dokumentasie/access%20to%20information.pdf.
66 Indonesian Act on Public Information Disclosure No. 14
of 2008.
67 For public officials, this would be a general notice setting
out that information collected in the course of their official
activities is not considered personal information that will be
withheld. For private individuals, this area is more complex
because data protection rights—especially relating to sensi-
tive personal information—cannot simply be waived in
many cases.
68 5 USC 552 (b)(6).
69 Department of Air Force v. Rose, 425 U.S. 352 (1976).
70 Case 99168—Mr. Richard Oakley, The Sunday Tribune
newspaper and the Office of the Houses of the Oireachtas,
July 27, 1999, http://www.oic.gov.ie/ga/CinntianChoim
isineara/CinntiibhfoirmFhada/Name,1629,ga.htm.
71 For more information on the roles and activities of over-
sight and appeals bodies, see Neuman (2009).
72Under Article 28(1) of European Union Directive 95/46/
EC, data protection commissions “shall act with complete in -
dependence in exercising the functions entrusted to them.”
The European Court of Justice recently ruled, “[t]he guar-
antee of the independence of national supervisory author-
ities is intended to ensure the effectiveness and reliability of
the supervision of compliance with the provisions on pro-
tection of individuals with regard to the processing of per-
sonal data and must be interpreted in the light of that aim.
It was established not to grant a special status to those au-
thorities themselves as well as their agents, but in order to
strengthen the protection of individuals and bodies affected
by their decisions. It follows that, when carrying out their
duties, the supervisory authorities must act objectively and
impartially. For that purpose, they must remain free from any
external influence, including the direct or indirect influence
of the State or the Länder, and not of the influence only of
the supervised bodies” (Case C-518/07, OJ May 1, 2010).
73 Access to Information Commissioner, Annual Report of
1991–92, p. 16, http://www.oic-ci.gc.ca/eng/rp-pr-ar-ra-
archive.aspx.
74 However, the task force did state that the current situation
was acceptable and did not recommend a merger of the two
bodies.
75 Remarks of the information commissioner of Canada to the
Canadian Access and Privacy Association, October 28, 2003.
76 Communication with Maeve McDonagh, April 2010.
77 Communication with Elizabeth Dolan, Irish Information
Commission, October 2010.
78 Diario Oficial de la Federación, June 11, 2002, http://ww
w.ifai.org.mx/transparencia/LFTAIPG.pdf.
79 Diario Oficial de la Federación, January 12, 2011, http://d
of.gob.mx/nota_detalle_popup.php?codigo=5175251.
80 For more information about the commission, visit http://
www.infodf.org.mx/web/.
81 Decision No. 090-59/2009/, July 9, 2009.
82 See the list of pertinent cases at http://www.ip-rs.si/in
dex.php?id=384.
83 Decision No. 021-124/2008/12, December 19, 2008.
84 Decision No. 021-80/2005/6, November 2, 2005.
85 Decision No. 090-94/2009, October 7, 2009. According
to the ruling, records had “no direct connection with the
performance of the public function of the body.”
86 Treaty No. 108, 1981, http://conventions.coe.int/Trea
ty/en/Treaties/Html/108.htm.
87 For example, see Scottish Information Commissioner
(2010) concerning the decision that release of childhood
The Right to Information and Privacy: Balancing Rights and Managing Conflicts
38
leukemia statistics for a local area would violate the data
protection law.
88 For a detailed analysis, see U.K. Ministry of Justice (2008).
89 Corporate Officer of the House of Commons v. Informa-
tion Commissioner and others [2008] EWHC 1084 (Admin).
90 Common Services Agency v. Scottish Information Com-
missioner [2008] UKHL 47.
91Alasdair Roberts v. Information Commissioner and De-
partment for Business, Innovation and Skills (EA/2009/
0035); Robin Makin v. Information Commissioner and
Ministry of Justice (EA/2008/0048); Creekside Forum v.
Information Commissioner and Department for Culture,
Media, and Sport (EA/2008/0065).
92 Department of Health v. IC (Additional Party: the Pro
Life Alliance) (EA/2008/0074).
39
References
ABC News. 2009. “Ombudsman Calls for
More Resources.November 2. http://w
ww.abc.net.au/news/stories/2009/11/0
2/2730603.htm.
ACHPR (African Commission on Human
and Peoples’ Rights). 2002. “Declaration
of Principles on Freedom of Expression
in Africa.” Banjul, The Gambia. http://
www.achpr.org/english/declarations/de
claration_freedom_exp_en.html.
Administrative Office of the U.S. Courts.
2008. “Judicial Conference Policy on
Privacy and Public Access to Electronic
Case Files.” March. http://www.uscour
ts.gov/RulesAndPolicies/JudiciaryPriva
cyPolicy/March2008RevisedPolicy.aspx.
Australian Law Reform Commission. 2008.
For Your Information: Australian Privacy Law
and Practice. Report 108, 3 vols. Sydney,
NSW. http://www.austlii.edu.au/au/oth
er/alrc/publications/reports/108/.
Bangalore Mirror. 2010. “Taxmen Deluged
with “Ex” Files.” September 23.
Banisar, David. 2006. Freedom of Information
Around the World 2006: A Global Survey of
Access to Government Information Laws. Lon-
don, UK: Privacy International. http://w
ww.privacyinternational.org/foi/foisurvey
2006.pdf.
BBC News. 2001. “DTI Denies Smear Cam-
paign Claims.” January 8. http://news.bb
c.co.uk/2/hi/uk_news/politics/110614
2.stm.
———. 2010. “Thousands of Whitehall Sal -
aries Published.” October 15. http://w
ww.bbc.co.uk/news/uk-politics-11551
683.
Calland, Richard, and Alison Tilley, eds. 2002.
The Right to Know, the Right to Live: Access
to Information & Socio-economic Justice. Cape
Town, South Africa: Open Democracy
Advice Centre.
Cannon, Andrew. 2004. “Policies to Control
Electronic Access to Court Databases.”
University of Technology, Sydney, Law Re-
view 6: 37–46. http://www.austlii.edu.a
u/au/journals/UTSLRev/2004/3.html.
CNN/IBN. 2010. “PM to Disclose Assets of
Cabinet Ministers.” November 14. http:
//ibnlive.in.com/news/pm-to-disclose-
assets-of-cabinet-ministers/134964-37-
64.html?from=tn.
Commonwealth Secretariat. 2002. “Model
Data Protection Act.” London, UK. http:
//www.thecommonwealth.org/shared_a
sp_files/uploadedfiles/{82BDA409-2C8
8-4AB5-9E32-797FE623DFB8}_prote
ction%20of%20privacy.pdf.
Coronel, Sheila, ed. 2001. The Right to Know:
Access to Information in Southeast Asia. Que -
zon City: Philippine Center for Inves-
tigative Journalism.
The Right to Information and Privacy: Balancing Rights and Managing Conflicts
40
Council of Europe. 1981.Convention for
the Protection of Individuals with Re-
gard to Automatic Processing of Personal
Data.” European Treaty Series 108. Stras-
bourg, France. http://conventions.coe.i
nt/treaty/en/treaties/html/108.htm.
———. 1986. “Recommendation 1037: On
Data Protection and Freedom of Infor-
mation.” In Texts Adopted at the 2nd Part
of the 38th Ordinary Session of the Parlia-
mentary Assembly, September 1986. Stras-
bourg, France.
CSA (Canadian Standards Association Inter-
national). 1996. “Model Code for the
Protection of Personal Information.”
Toronto, Ontario.
Daily Mail. 2006.Anger as Police Obtain
Journalist’s Mobile Records to Discover
Source.” December 1. http://www.daily
mail.co.uk/news/article-419986/Anger-
police-obtain-journalists-mobile-record
s-discover-source.html.
Djankov, Simeon, Rafael La Porta, Florencio
Lopez-de-Silanes, and Andrei Shleifer.
2009. “Disclosure by Politicians.” Work-
ing Paper 2009-60. Tuck School of Busi-
ness at Dartmouth, Hanover, NH. http:
//papers.ssrn.com/sol3/papers.cfm?abs
tract_id=1334126.
EC (European Commission). 1995. “Direc-
tive 95/46/EC on the Protection of In-
dividuals with Regard to the Processing
of Personal Data and on the Free Move-
ment of Such Data.” Official Journal of the
European Union L281: 31–50. http://e
c.europa.eu/justice/policies/privacy/law
/index_en.htm.
ECOWAS (Economic Community of West
African States). 2008. “Telecommunica-
tions Ministers Adopt Texts in Cyber
Crime, Personal Data Protection.” Press
release 100/2008.
EFF (Electronic Frontier Foundation), 2010.
“EFF Posts Documents Detailing Law
En forcement Collection of Data from
Social Media Sites.” Blog post, March 16.
http://www.eff.org/deeplinks/2010/03/
eff-posts-documents-detailing-law-enfo
rcement.
EO (European Ombudsman). 2007. “Draft
Recommendation to the European Par-
liament in Complaint 3643/2005/(GK)
WP.” September 24. Strasbourg, France.
http://www.ombudsman.europa.eu/rec
ommen/en/053643.htm.
EPIC/PI (Electronic Privacy Information
Center/Privacy International). 2007. Pri-
vacy and Human Rights 2006: An Interna-
tional Survey of Privacy Laws and Develop-
ments. Washington, DC. http://www.pri
vacyinternational.org/survey/dpmap.jpg.
France, Elizabeth. 1999. Third Report of
1998–99, Freedom of Information Draft
Bill, vol. II: HC 570-II of 1998–99,
memorandum 2. London, UK.
Gentot, Michel. n.d. “Access for Information
and Protection of Personal Data.” Com-
mission Nationale de l’Informatique et
des Libertés. http://www.pcpd.org.hk/e
nglish/infocentre/files/gentot-paper.doc.
Government of Canada. 2002. Access to Infor-
mation: Making It Work for Canadians. Re-
port of the Access to Information Review Task
Force.Ottawa, Ontario. http://www.atirtf-
geai.gc.ca/accessReport-e.pdf.
———. 2009. “Info Source Bulletin Num-
ber 32B; Statistical Reporting. Statistical
Tables 2008–2009, Access to Informa-
tion.” Ottawa, Ontario. http://www.in
fosource.gc.ca/bulletin/2009/b/bulletin
32b/bulletin32b02-eng.asp#k.
Government of Canada, Office of the Priva-
cy Commissioner. 2001. “Privacy Com-
missioner George Radwanski Writes to
Information Commissioner John Reid
Regarding Prime Minister’s Agendas
Case.” News release, May 10. http://ww
w.privcom.gc.ca/media/nr-c/02_05_b_
010510_e.asp.
Government of Hungary, Parliamentary Com-
missioner for Data Protection and Free-
dom of Information. 1998a. “Annual Re-
port 1998.” Budapest. http://abiweb.ob
h.hu/dpc/index.php?menu=reports/19
98.
———. 1998b. “The First Three Years of the
Parliamentary Commissioner for Data
Protection and Freedom of Informa-
tion.” Annual reports 1991-96-97. Bu-
dapest. http://abiweb.obh.hu/dpc/inde
x.php?menu=reports/1995.
Government of India, Central Information
Commission. 2009. “Decision No. CIC/
LS/A/2009/000647/SG/5887.” Decem -
ber 14. http://rti.india.gov.in/cic_decis
ions/SG-14122009-32.pdf.
Government of Ireland, Department of Fi-
nance. 2006. “Data Protection and Free-
dom of Information in the Public Sec-
tor.” Central Policy Unit, Notice No. 23.
Dublin. http://www.dataprotection.ie/
docs/%22Important_new_data_protect
ion_guidance_for_all_public_/411.htm.
Government of Ireland, Information Com
mis-
sioner. 1999. “Case 99168—Mr. Richard
Oakley, The Sunday Tribune
newspaper
and the Office of the Houses of the Oi -
reachtas.” July 27. Dublin. http://www.o
ic.gov.ie/en/DecisionsoftheCommission
er/LongFormDecisions/Name,1629,en.
htm.
Guadamuz, Andreas. 2001. “Habeas Data: An
Update on the Latin America Data Pro-
tection Constitutional Right.” Paper
prepared for the 16th British and Irish
Law, Education and Technology Associa-
tion Annual Conference, University of
Edinburgh, Scotland, April 9–16. http://
www.bileta.ac.uk/Document%20Librar
y/1/Habeas%20Data%20-%20An%20U
pdate%20on%20the%20Latin%20Amer
ica%20Data%20Protection%20Constitu
tional%20Right.pdf.
Hencke, David. 2001. “MP Challenges Se-
crecy Culture.” The Guardian, June 27.
http://www.guardian.co.uk/politics/20
01/jun/27/freedomofinformation.uk.
Hencke, David, and Rob Evans. 2002.
“Ashcroft Memos May Spur Data Law
Repeal.The Guardian, February 5. http://
www.guardian.co.uk/politics/2002/feb/0
5/uk.freedomofinformation.
———. 2003. “Ashcroft Wins Apology over
Political Vendetta.” The Guardian, June 6.
http://www.guardian.co.uk/politics/20
03/jun/06/uk.conservatives.
ICO (U.K. Information Commissioner’s Of-
fice). 2009. “When Should Salaries Be
Disclosed?” Version 1, February 23.
http://www.ico.gov.uk/for_organisatio
ns/freedom_of_information/informatio
n_request/~/media/documents/library/
Freedom_of_Information/Practical_app
lication/SALARY_DISCLOSURE.ashx.
Irazábal, Alonso Lujambio, and Lina Ornelas
Núñez. 2009. “Personal Data Protection
by the Government: The Action of the
Federal Institute for Access to Public In-
formation.” Mexico City, Mexico: Insti-
tuto Federal de Acceso a la Información y
Protección de Datos.
Knight Center for Journalism in the Ameri-
cas. 2010. “How Much Does Argentina’s
President Spend on Ads? An NGO Fights
to Find Out.” Journalism in the Americas
news blog, March 26. http://knightcent
er.utexas.edu/archive/blog/?q=en/node/
6772.
41
References
Law et al. News. 2010. “Information on Re-
ligion Cannot Be Obtained under RTI.”
November 29. http://www.lawetalnew
s.com/NewsDetail.asp?newsid=2903.
Law Reform Commission, New South Wales.
2010. “Access to Personal Information.”
Report 126. Sydney, Australia. http://ww
w.lawlink.nsw.gov.au/lawlink/lrc/ll_lrc.n
sf/pages/LRC_r126toc.
Leith, Philip, and Maeve McDonagh. 2009.
“New Technology and Researchers’ Ac-
cess to Court and Tribunal Information:
The Need for European Analysis” Script-
ed 6 (1/April).
Luna Pla, Issa, and Gabriela Ríos Granados.
2010. Transparencia, Acceso a la Información
Tributaria y el Secreto Fiscal. Desafíos en
México. Mexico City: Universidad Na-
cional Autónoma de México. http://ww
w.bibliojuridica.org/libros/libro.htm?l=2
861.
Majtényi , László. 2002. “Freedom of Infor-
mation, The Hungarian Model.” http://w
ww.lda.brandenburg.de/sixcms/media.ph
p/2232/maitenyi.pdf.
McDonagh, Maeve. 2006. Freedom of Informa-
tion Law in Ireland. 2nd ed. Dublin:
Round Hall Sweet & Maxwell.
Mendel, Toby. 2008. Freedom of Information: A
Comparative Legal Survey. 2nd ed. Paris,
France: United Nations Educational, Sci-
entific, and Cultural Organization.
Neuman, Laura. 2009. “Enforcement Mod-
els: Content and Context.” Access to In-
formation Working Paper Series. Wash-
ington, DC: World Bank. http://siteres
ources.worldbank.org/EXTGOVACC/R
esources/LNEumanATI.pdf.
NJSBA (New Jersey State Bar Association).
2002. “Privacy and Electronic Access to
Court Records in New Jersey.” Decem-
ber 11. http://www.graysonbarber.com/
pdf/Public%20Access%20to%20Court%
20Records%2012-11-02.pdf.
NZLC (New Zealand Law Commission).
2008. Public Registers: Review of the Law of
Privacy, Stage 2. Report 101, January.
Wellington, New Zealand. http://www.l
awcom.govt.nz/sites/default/files/publi
cations/2008/02/Publication_129_391_
Public_registers_web_72.pdf.
OAS (Organization of American States). 2003.
“Access to Public Information: Strength-
ening Democracy.” AG/RES. 1932 (XXX-
III-O/03) June 10. Washington, DC.
http://www.oas.org/juridico/english/ga
03/agres_1932.htm.
OECD (Organisation for Economic Co-
operation and Development). 1980.
“OECD Guidelines on the Protection of
Privacy and Transborder Flows of Per-
sonal Data.” Paris, France. http://www.o
ecd.org/document/18/0,3343,en_2649_
34255_1815186_1_1_1_1,00.html.
Organization of Eastern Caribbean States.
2004. “Privacy Bill.” Proposed draft. http:
//unpan1.un.org/intradoc/groups/pub
lic/documents/TASF/UNPAN024634.
pdf.
Pirc Musar, Natasa. 2006. “New Principles of
the Amended Act on Access to Public In -
formation in Slovenia: Commissioner or
Ombudsman.” Ljubljana, Slovenia. http://
www.ip-rs.si/fileadmin/user_upload/P
df/konference/Novosti_ZDIJZ_Manch
ester_ang.pdf.
———. 2010. “How to Strike the Right
Balance between Freedom of Informa-
tion and Personal Data Protection: Using
a Public Interest Test.” PhD diss., Leiden
University, The Netherlands.
Reid, Tyrone. 2010. “Crusade Against Secre-
cy—Public Barred from Viewing Finan-
cial Disclosures of Elected Officials.” Ja-
The Right to Information and Privacy: Balancing Rights and Managing Conflicts
42
maica Gleaner. November 14. http://jama
ica-gleaner.com/gleaner/20101114/lea
d/lead1.html.
Scottish Information Commissioner. 2009.
“Decision Notice: Decision 115/2007,
Mr. Joseph Millbank and Dundee City
Council.” St. Andrews. http://www.its
publicknowledge.info/UploadedFiles/De
cision115-2007.pdf.
———. 2010. “Decision Notice: Decision
21/2005, Mr. Michael Collie and the
Common Services Agency for the Scot-
tish Health Service.” St. Andrews. http:
//www.itspublicknowledge.info/Uploa
dedFiles/Decision021-2005.pdf.
Sheridan. Gavin. 2010. “Department of Arts,
Sport and Tourism Expenses Database.”
The Story, March 12. http://thestory.i
e/2010/03/12/departments-expenses-d
atabase/.
Slane, Bruce. 2002. “Freedom of Information
and Privacy: Competing Interests with
Complementary Aims.” Paper prepared
for the International Symposium on Free -
dom of Information and Privacy, Auck-
land, New Zealand, March 28.
Solove, Daniel J., and Paul Schwartz. 2008.
Information Privacy Law. 3rd ed. New
York: Aspen Publishers.
Stewart, Blair. 2002. “Public Register Provi-
sions—Addressing Privacy Issues.” Paper
prepared for the International Symposium
on Freedom of Information and Privacy,
Auckland, New Zealand, March 28.
Sunday Times. 2008. “Couple Stung by
£100,000 ‘Secret’ Loan.” December 7.
http://www.timesonline.co.uk/tol/news
/uk/article5299156.ece.
Sunshine Review. 2010. “Public Employee
Salary.” http://sunshinereview.org/inde
x.php/Public_employee_salary.
Tang, Raymond. 2002. Data Protection,
Freedom of Expression and Freedom of
Information: Conflicting Principles or
Complementary Rights?” Paper present-
ed at the 24th International Conference
of Data Protection and Privacy Commis-
sioners, Cardiff, Wales, September 9–11.
http://www.pcpd.org.hk/english/infoc
entre/speech_200210911.html.
The Times of India. 2010. “RTI Helps Poor
Diamond Polishers Get Back Cancelled
BPL Cards.” August 24. http://timesof
india.indiatimes.com/city/rajkot/RTI-
helps-poor-diamond-polishers-get-back
-cancelled-BPL-cards/articleshow/6428
102.cms.
U.K. Home Office. 1999. “Freedom of In-
formation: Preparation of Draft Legisla-
tion: Background Material.” May. Lon-
don. http://www.publications.parliame
nt.uk/pa/cm199899/cmselect/cmpuba
dm/570/57007.htm.
U.K. Ministry of Justice. 2008. “Freedom of
Information Guidance: Exemptions Guid -
ance, Section 40-Personal Information.”
May 14. London. http://www.justice.gov.
uk/about/docs/foi-exemption-s40.pdf.
———. 2009. “Freedom of Information Act
2000. Fourth Annual Report on the Op-
eration of the FOI Act in Central Gov-
ernment 2008.” June. London. http://w
ww.justice.gov.uk/freedom-of-informati
on-annual-report-2008.pdf.
———. 2010. “Freedom of Information Act
2000. 2009 Annual Statistics on Imple-
mentation in Central Government.”
April 29. London. http://www.justice.go
v.uk/foi-statistics-report-2009.pdf.
UN (United Nations). 1948.Universal Dec-
laration of Human Rights.” New York.
http://www.un.org/en/documents/udh
r/index.shtml.
UN General Assembly. 1990.Guidelines for
the Regulation of Computerized Person-
al Data Files” A/RES/45/95, December
43
References
The Right to Information and Privacy: Balancing Rights and Managing Conflicts
44
14. New York. http://www.un.org/doc
uments/ga/res/45/a45r095.htm.
UN Human Rights Committee. 1988. Cov -
enant on Civil and Political Rights Gen-
eral Comment 16 (Article 17: The Right
to Respect of Privacy, Family, Home and
Correspondence, and Protection of Ho-
nour and Reputation), April 8. http://
www.bayefsky.com/general/ccpr_genco
mm_16.php.
UN Human Rights Council. 2009. Report
of the Special Rapporteur on the Pro-
motion and Protection of Human Rights
and Fundamental Freedoms While Coun-
teringTerrorism. A/HRC/13/37. Decem -
ber 28. http://www2.ohchr.org/eng
lish/bodies/hrcouncil/docs/13session/A
-HRC-13-37.pdf.
U.S. Department of Health, Education, and
Welfare. 1973. “Records, Computers and
the Rights of Citizens: Report of the Sec-
retary’s Advisory Committee on Auto-
mated Personal Data Systems July, 1973.”
Washington, DC. http://aspe.hhs.gov/
DATACNCL/1973privacy/tocpreface
members.htm.
U.S. Department of Justice, Office of Infor-
mation Policy. 2010. “Summary of Annu-
al FOIA Reports for Fiscal Year 2009.”
Washington, DC. http://www.justice.go
v/oip/foiapost/2010foiapost18.htm.
Waters, Nigel. 2002. “Privacy Exemptions in
FOI Laws—An Unnecessary Barrier to
Accountability” Paper prepared for the
International Symposium on Freedom of
Information and Privacy, Auckland, New
Zealand, March 28.
Working Party on the Protection of Individ-
uals with Regard to the Processing of
Personal Data. 1999. “Opinion No. 3/99
on Public Sector Information and the
Protection of Personal Data.” May 3.
Brussels, Belgium. http://ec.europa.eu/
justice/policies/privacy/docs/wpdocs/1
999/wp20en.pdf.
World Bank. 2006. “Income & Asset Disclo-
sure Requirements for Heads of State
and Governments, World Bank Client
Countries.” Washington, DC. http://site
resources.worldbank.org/INTLAWJUST
INST/Resources/IncomeAssetDisclosur
einWBClientsasofJune62006.pdf.
About the World Bank Institute’s Governance Practice
Governance is one of seven priority themes in the World Bank Institute’s recently launched renewal strate-
gy—a strategy that responds to client demand for peer-to-peer learning by grounding WBI’s work in the dis-
tillation and dissemination of practitioner experiences. The Institute is committed to building knowledge and
capacity on the “how to” of governance reforms, with emphasis on supporting and sustaining multistake-
holder engagement in bringing about such reforms.
WBI’s Governance Practice works with partners, including networks of country and regional institutions, to
develop and replicate customized learning programs. Its programmatic approach aims at building multistake-
holder coalitions and in creating collaborative platforms and peer networks for knowledge exchange.
For further information:
WBI
The World Bank
1818 H Street, NW
Washington, DC 20433
Fax: 202-522-1492
Visit us on the web at: http://wbi.worldbank.org/wbi/topics/governance
Photo Credit: (Front Cover) iphotostock.com.
... As a result, studies in South Africa have not been looking at the contradicting value of the two rights in legislation, as well as how the conflicting values can be balanced and reconciled. However, there have been studies conducted elsewhere such as those by Whitman et al. (2001), a working paper by Banisar (2011) for the World Bank, as well as a presentation by Beamish (2017), to mention just a few, about 'protecting and balancing access and privacy rights'. Furthermore, in 2018, the student chapter of the Association of Canadian Archivists at the University of British Columbia presented its tenth annual international seminar and symposium on the issue of balancing access and privacy. ...
... There is a greater need for access to information for several reasons by individuals and civil society, including those with personal information. Requesters of information such as journalists, individuals and civil society would like to know why public bodies took certain decisions, while on the contrary, historians and academics seek information for research purposes (Banisar 2011). ...
... Even though access under the FOI is defined as a legal right, there are provisions where government organisations can, or must, withhold records or information (Kozak 2015), for example, frivolous or vexatious requests and published information; however, in instances like these, the entity should 'direct the requester to the published source'. The IAPP legislation is supposed to make provision 'for strict time limits for the processing and finalisation of requests' (Banisar 2011). Where a request is refused, such refusal should be accompanied by comprehensive written reasons. ...
Book
Full-text available
This ten chapter book focuses on the relationship between information knowledge and technology with regard to the Fourth Industrial Revolution. We need to transform, be more creative and innovative to develop and sustain existing and emerging capabilities in the ‘new normal’, which has been accidentally accelerated by COVID-19 requirements. Technologies for digital transformation create the opportunity for Africa to bypass traditional phases of industrial development as the continent has done successfully in the past. Challenges addressed in the book are artificial intelligence, inequality, social, justice, ethics, access and success, LISE, policy, infrastructure and cybersecurity.The book is written by eminent professors in Africa who have contributed substantially to research in at least one of the following areas: library and information science, records management, computer science, information systems, information and knowledge management, information ethics, data science, e-learning and digital scholarship.
... Privacy research in HCI and related fields has a long tradition of conceptualizing privacy through theories and concepts involving contexts [76], norms [67], boundaries [80], or values [70], spanning from very broad and abstract definitions in philosophy [74], sociology [35], and anthropology [64] to narrower, pragmatic definitions such as in legal studies [82]. Large scale communication technologies (e.g., Facebook 1 , Twitter 2 ), surveillance technologies [108], public digital services [43], and data-driven decision making approaches [83] have spurred discussion in contesting modernist values of autonomy [49], freedom [112], rights [17], and boundaries between public and private spheres [76] -all of which contribute to a more nuanced understanding of privacy. The increasing importance of information technology in everyday life further complicates the perceptions of privacy and the research community has focused to reconceptualize privacy and formulate design policies accordingly. ...
... The right to access information is recognised at the national level through constitutional provisions and national laws and international instruments. It is stressed that the right of access to information held by government bodies provides that individuals have a basic human right to demand information held by government bodies (Banisar, 2011). The supreme law of Zimbabwe that is the Constitution of 2013 upholds this right on Section 62 (1) that stresses on access to information. ...
Book
Development is multi-dimensional aspect of human life that can be applied spatially and temporarily by different stakeholders and players. It is shaped through policy, stakeholder participation and by caring for the ecological resources that are found in various locales of the globe. Development includes a deliberate progression that is defined by both ‘hard’ and ‘soft’ resources. Over the years, different paradigms have emerged and have head a bearing on development. Environmentalism is a paradigm that concerns itself with a quest towards preserving ecological resources as and when development has been put to realisation. Modernisation has been that concern that has pushed for better infrastructure and services for the users, including infrastructure development and upgrading. For those places difficult to access, there have been thrusts around building communication channels. Electrification has been a huge drive by governments towards mitigating against challenges, especially in rural areas where deforestation has been a major challenge. On the soft side, of matters of development, concerns have been on increasing the voice of the marginalised group as well as promoting the rights of everyone, hence rights-based development. On the same token, creating and enhancing institutions for better governance, have been emerging issues. The current book volume brings into the fore various contributions and debates around the subject of development and transformation. Covered in the book are issues of the state and animal diseases, rural poverty, public interest and street vending, livelihood strategies by street children, youth and employment dynamics and gender and street trading. Other areas are smart cities, solid waste management, landscape design, innovation, libraries, business and development promotion and economic development. The book is an attempt to proffer a multidisciplinary curve to the development debate in Zimbabwe. Evident in the discourses are the different tones and shades of policy pronouncements and interventions that the state and its institutions in the country have tried, from time to time, to put in place. The policy space has always been one of contestation, with the generality of the populations seeking to fit or outmanoeuvre government action.
... In Rajistan , India , this policy is used to make sure proper distribution of food among people. (Celland & Tillay 2001 AS CITEDIN Banisar , 2011) . It is used in non Government agencies as well.The study implies Democratic and Social Responsibility theory by Michael Laurence (2017) & Siebert,Peterson and Schramm (1949). ...
Article
Full-text available
The study aims to check the awareness level of people towards Right to Information Act 2013 and also examines the role of key stakeholders in RTI Act Awareness Campaign. The study further investigates the barriers to effective awareness campaign of RTI Act 2013. A mix method research design has been adopted (Survey and intensive interview) to collect data. The study implies Democratic and Social Responsibility theory by Michael Laurence & Siebert, Peterson and Schramm. Purposive sampling method was used for conducting survey. Intensive interviews were taken from bureaucrats, politicians and the leaders of civil society from Pakistan. Findings showed few significant perspectives. Punjab Government enacted Right to Information as a bargain for aid from international community which reflects government's disinterest and lack of concern for RTI's effective implementation and awareness of general public.
Book
Full-text available
This open access book presents a discussion on human rights-based attributes for each article pertinent to the substantive rights of children, as defined in the United Nations Convention on the Rights of the Child (UNCRC). It provides the reader with a unique and clear overview of the scope and core content of the articles, together with an analysis of the latest jurisprudence of the UN Committee on the Rights of the Child. For each article of the UNCRC, the authors explore the nature and scope of corresponding State obligations, and identify the main features that need to be taken into consideration when assessing a State’s progressive implementation of the UNCRC. This analysis considers which aspects of a given right are most important to track, in order to monitor States' implementation of any given right, and whether there is any resultant change in the lives of children. This approach transforms the narrative of legal international standards concerning a given right into a set of characteristics that ensure no aspect of said right is overlooked. The book develops a clear and comprehensive understanding of the UNCRC that can be used as an introduction to the rights and principles it contains, and to identify directions for future policy and strategy development in compliance with the UNCRC. As such, it offers an invaluable reference guide for researchers and students in the field of childhood and children’s rights studies, as well as a wide range of professionals and organisations concerned with the subject.
Chapter
This chapter provides a brief overview of article 16 of the UN Convention on the rights of the child and of its legislative history as outlined in the Travaux Préparatoires. It outlines the principle threats to children’s privacy today and summarizes the substantive content of Article 16, particularly in relation to the General Principles of child rights in Articles 2, 3, 6, and 12, as well as the nexus between the right to privacy and several other rights of children under the Convention as well as other international human rights instruments. It then puts forward four main attributes of the child’s right to privacy as aspects of the right which State Parties should monitor as a means of measuring the effective implementation of Article 16. The essential attributes of Article 16 and the child’s right to privacy are State protection against: (1) interference with privacy; (2) interference with family, home or correspondence; (3) unlawful attacks upon honour and reputation; and (4) protection of the law against unlawful interference or attacks.
Article
This paper explores the impact of specific social and cultural contexts on understanding and initiating innovation in investigative journalism training and practice in the Arab world. Historically, Arab journalism practice and training has taken on a Western model of operation as it is regarded as an ideal model of journalism practice in the region, however, this is slowly changing to suit an Arab media ecology. Today, in a digital journalism environment, there is still no efficient culturally appropriate model for Arab journalists to work in. Through an observation analysis of training sessions and interviews with Arab investigative reporters in 2013 and 2019, this paper will address the challenges facing the development of an Arab culture of investigative journalism, whilst also discussing the innovative methods Arab journalists are experimenting with in light of these challenges.
Article
Full-text available
Whilst a plethora of research exists on the smart cities and project performance evaluations, only few studies have focused on the smart city policy evaluation from the perspective of its acceptance by practitioners. This paper aims to generate insights by evaluating the smart city policy through a developing country case study—i.e., Malaysia. This study employed a questionnaire survey method for data collection and analyzed the data by using Fuzzy Delphi analysis. A group of 40 practitioners was gathered in a focus group discussion through purposive sampling. The main objectives of this survey were to identify the understanding and acceptance levels of the seven smart city domains and respective strategies that are outlined in the Malaysian Smart City Framework. The results disclosed that the practitioners possessed divergent levels of understanding and acceptance in terms of smart city domains. The study participant practitioners accepted all understanding and acceptance objectives of smart economy, living, people, and governance domains (expert agreement 75–92% and threshold d value 0.123–0.188), but rejected all objectives for both smart environment and digital infrastructure domains (expert agreement 55–74% and threshold d value 0.150–0.212). Along with this, acceptance of smart mobility was also rejected (expert agreement 56% and threshold d value 0.245). The findings reveal that considering all opinions expressing dissensus is essential when building more inclusive smart city strategies. This study contributes to the smart city discourse as being one of the first in capturing professional practitioners’ understanding and acceptance on a national level smart city policy by applying the Delphi method in the smart city context. Most importantly, the study informs urban policymakers on how to capture the voices and perspectives of the general public on national and local smart city strategy and initiatives.
Article
Full-text available
Being two distinct fundamental rights, the coexisting state of the right to be forgotten and freedom of expression has already been confirmed by the competent authorities through balancing in situations when they collide. The paper focuses the balancing apprehensions concerning spent criminal conviction data while considering Google Spain ruling and the General Data Protection Regulation (GDPR) primarily for analysis. From the Google Spain ruling till the development of the GDPR, the balancing apprehension has already seen another generation resolving conflicting issues derived both from statutes and case laws. Though lawful authorities stepped into easing the tension between different elements of the two rights, it has been seen that the outcome of balancing intellection depends on the application of diverse norms and principles. The contemporary principles in balancing the rights of spent criminal conviction datum have been identified in this paper which needs to be enhanced carefully in the future towards a more privacy-friendly atmosphere to envisage the need of data-driven Europe and to upheld the right to be forgotten of spent criminal convicts.