ICO - FS50895772

From GDPRhub
ICO - FS50895772
Authority: ICO (UK)
Jurisdiction: United Kingdom
Relevant Law: Article 5(1)(a) GDPR
Article 6(1)(f) GDPR
37(2) of FOIA
13(5)(a) of the EIR
Type: Complaint
Outcome: Rejected
Decided: 16.06.2020
Fine: None
Parties: The Cabinet Office
National Case Number/Name: FS50895772
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): English
Original Source: ICO (in EN)
Initial Contributor: Mariam Tabatadze

The ICO rules that The Queen’s interests and rights override the public- legitimate interests in confirming or denying whether the Cabinet Office has information about the exchanged correspondance between The Queen and the PM.

English Summary


The complainant requested information from the Cabinet Office about whether The Queen and the Prime Minister, Boris Jonson had discussed the topics of Brexit or the prorogation of Parliament at their weekly meetings, or had exchanged correspondence on these subjects under The Freedom of Information Act (FOIA) and The Environmental Information Regulations (EIR). The Cabinet Office refused to confirm or deny whether it held any information on the basis of section 37(2) by virtue of section 37(1)(a) (communications with the Sovereign),arguing that confirmation or denial would reveal The Queen's personal data.

The complainant challenged the Cabinet Office’s decision before the ICO.


The Commissioner had to determine whether the Cabinet Office is entitled, on the basis of the exemption defined by the FOIA and the EIR, to refuse to confirm or deny whether it holds the requested information.

The commissioner considered if the Cabinet Office could rely on section 37(2) of the FOIA and on regulation 13 of the EIR to refuse to confirm whether it holds any information falling within the scope of the request.


The ICO held that the Cabinet Office can rely on the section 37 (2) FOIA to deny whether it holds information in the scope of the request; the former defines that information is exempt if it relates to 'communications with the Sovereign' and according to the section 37 (2), the duty to deny does not arise in relations to information which is exempt information defined by subsection 1.

The EIR provides that the duty to confirm or deny whether information is held does not arise if it would contravene any of the principles relating to the processing of personal data set out in Article 5 of the GDPR. The Cabinet Office could rely on that section of the regulation if two conditions are met: if the confirmation or denial of having information would constitute the disclosure of a third party’s personal data; and providing this confirmation or denial would contravene one of the data protection principles.

The ICO ruled that confirmation or denial whether it held any information, would reveal The Queen’s personal data. The ICO then has examined if providing The Queen personal data would contravene the data protection principles. Based on the article 5(1)(a) and 6 (1) (f) of the GDPR, three part test were considered by the ICO: (i) Legitimate interest test, (ii) Necessity test, (iii) Balancing test. Although, the legitimate interest tests and necessity tests are met, the Commissioner has concluded that The Queen’s interests and rights override the legitimate interests in confirming or denying whether information is held. The ICO has taken into account the consequences of disclosure and a the very significant expectation of The Queen that her communications with the government are confidential.


Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the English original. Please refer to the English original for more details.