The Freedom of Information (FOI) Act
FOI exemptions: absolute and qualified
Public authorities may refuse a request for information under the Freedom of Information (FOI) Act under certain conditions. For example, if:
- it would cost too much or take too much staff time to deal with the request
- the request is vexatious
- the request repeats a previous request from the same person
In addition, the FOI Act has a number of exemptions that allow withholding information and, in some cases, refusing to confirm or deny if the information is held.
Some exemptions relate to a certain type of information, eg information on government policies. Other exemptions can apply if harm would arise, or be likely to arise, from disclosure.
Absolute exemption under the FOI Act
Public authorities can withhold information that falls under an absolute exemption without considering if there is a public interest in disclosing it. For example:
- security matters
- information prohibited from disclosure by other legislation
- if disclosure would result in a breach of confidence that would be actionable
Most exemptions are not absolute. In most cases, public authorities will have to consider public interest before deciding to release the information.
Qualified exemption under the FOI Act
If a public authority believes information falls under a qualified exemption, it must apply the public interest test.
This test requires a public authority to disclose the information unless it considers the public interest in withholding it outweighs that of disclosing it. Download Information Commissioner's Office guidance on the public interest test (PDF, 371K).
Examples of qualified exemptions include:
- commercial interests
- sensitive business information
- trade secrets
Read more about the FOI and commercially sensitive information.
Find out more about the grounds on which you can refuse a request for information.
FOI and data protection
Exemptions may apply to FOI requests that involve revealing third party personal data. Under the UK General Data Protection Regulation (UK GDPR):
- if someone's FOI request relates to another person's personal data, the public body will need to consider the fairness, lawfulness and necessity of disclosing such information
- if disclosure would not be fair or lawful or would be disproportionate, the information will be exempt
Read more about the data protection principles under the UK GDPR.