Oops! Info watchdogs exposed in embarrassing email gaffes

Information watchdogs have been criticised over disparaging comments made in emails when the Scottish Government lost the Named Person legal case.


A senior Information Commissioner’s Officer (ICO) official admitted to a colleague in Scotland she hadn’t “the foggiest” what the historic court judgment was about.

The official, employed in the Cheshire headquarters of the ICO, went on to say that she didn’t have the “time or inclination” to read the decision of the UK Supreme Court, despite it being the biggest ruling affecting the ICO’s work since the Prince Charles letters case.


In response, her colleague David Freeland, a Senior Policy Officer at the ICO’s Edinburgh office emailed back saying: “I don’t particularly blame you”.

He also disclosed that the ICO was aware they could get complaints about information breaches following the ruling.

He wrote, “we may get complaints that non-statutory pilot schemes were either sharing personal information unlawfully by lacking sufficient conditions for processing, or disproportionately”.

In 2014 Mr Freeland controversially told a seminar on information sharing not to offer parents the chance to object to the sharing of private information on them and their children: “Consent is not the be-all and end-all”, he said, lamenting that “Consent can be difficult and it should only be sought when the individual has real choice over the matter”.

The internal emails, revealed in a recent Freedom of Information (FOI) request, also disclosed concerning comments from the head of the ICO in Scotland, Ken Macdonald, who expressed his “disappointment” after judges struck down the Named Person scheme’s intrusive information sharing provisions. The ICO is responsible for protecting the privacy of citizens and upholding the Data Protection Act – the very law the Supreme Court said was breached by the Named Person provisions.

The officials were criticised for their dismissive comments by NO2NP spokesman Simon Calvert, who said:

“The attitude on display here is breath-taking. Are these people so out of touch with the concerns of ordinary families? There’s been massive public anxiety about the Named Person data sharing, yet they say they are ‘disappointed’ when the Supreme Court sides with families and upholds the Data Protection Act.

“The ICO as an independent body has been entrusted to uphold information rights, oversee data protection and investigate complaints from members of the public. Yet here we find ICO officials behaving in a most dismissive manner about a court case which goes to the heart of their work and has profound implications for personal privacy and data protection. It may be the most important case on Data Protection that Scotland has seen, yet officials charged with Data Protection in Scotland don’t seem to think it’s important enough for ICO officials to even bother reading.

“This is the kind of conversation that goes on when officials don’t think the public are listening. It is disturbing that this kind of culture exists within the ICO. Perhaps there should be a review to address the problem.”

He added:

“The comments by Ken Macdonald suggest the ICO is only paying lip service to the idea of being an independent body. They say they are disappointed with a court ruling against the Scottish Government in an action brought with the backing of thousands of ordinary mums and dads concerned about their family privacy. If they were truly independent they would simply accept the ruling.

“The ICO got the law wrong. They failed to protect the public. They should have warned the Government, not collaborated with them. In the wake of the recent court decision to award legal costs against the Government, Mr Macdonald might wish to revisit his views.

“It should also be noted Mr Macdonald has recently had to withdraw flawed advice given to public bodies about the Named Person scheme in light of the decision by the judges.”

The dismissive email exchange between Cheshire-based Laura Middleton, ICO Team Manager, and David Freeland, ICO Senior Policy Officer in Edinburgh, took place on August 4, after they’d heard about the Supreme Court decision.

R Disclosure Requested information IRQ0641303_Page_17_Redacted2_Redacted

The ICO is the UK’s independent body set up to uphold information rights and also oversee complaints about freedom of information requests.

Ironically, the emails about the Named Person scheme were obtained by a Freedom of Information request forcing the ICO to make public all their emails on the subject.

The response also reveals there was concern within the Scottish Government before the judges banned them from implementing the Named Person scheme.

Ken Macdonald, Head of ICO Regions, who leads ICO Scotland and was involved in advising the Scottish Government on the issue, wrote an email to Maureen Falconer on 27 July 2016 – the day before the judgment – stating (page 15):

R Disclosure Requested information IRQ0641303_p15_KM_The petitioners

After learning the court verdict, Ken Macdonald wrote in an email on 28 July 2016 to the Wales ICO regional manager and the Deputy Chief Executive (page 14):

Ken Macdonald_disappointing result_FOI

Scotland’s ICO chief clearly did not understand the ruling, or even how Parliament operates. The “six weeks” was the time given by the court to allow the parties to make submissions to the court over costs and other issues. It would have been impossible to reconvene Parliament from its summer break and pass new legislation in six weeks.

Another email, from Anya Burgess, Lead Communications Officer, sent to the UK Information Commissioner, the Head of Policy Delivery at ICO and the Deputy Chief Executive on 28 July 2016 stated (page 9):

R Disclosure Requested information IRQ0641303_Page9

In another email David Freeland, Senior Policy Officer at the ICO, emailed Laura Middleton, a Team Manager on 4 August 2016 (page 17):

R Disclosure Requested information IRQ0641303_Page_17_may get complaints

Mr Calvert of NO2NP said:

“What we can see here is anything but independence. This is a one-sided attitude, determined to stand by the Government line, with little regard to the needs of the public or even the actual demands of the law.

“It would seem the ICO is in need of a reminder of its duties and obligations to the people that pay their wages. Action must be taken urgently. Otherwise, how can we be confident they will uphold and enforce the Supreme Court ruling in cases where public authorities have breached privacy law in pursuit of the Named Person scheme? How can we be sure they’ll even read it?”

Out-of-date ICO data-sharing advice assigned to the dustbin

Like out-of-date milk was the Information Commissioner’s 2013 data-sharing advice to public bodies following the Supreme Court ruling in July.


The guidance was well and truly past its sell-by date. But yet it continued to remain on the shelf.

In 2013 Ken Macdonald the Information Commissioner issued a letter to public bodies giving guidance about data-sharing practices in relation to the Children and Young People (Scotland) Act, which had just passed through the Scottish Parliament.

On the assumption that the Act would come into force new advice was issued. This became the go-to guidance for public bodies on how state officials should share confidential information.

But in July when the UK Supreme Court struck down the data-sharing provisions in Part 4 of the Act, an alarm was raised about the now legally inaccurate advice, and whether or not local authorities had been sharing data unlawfully as a result.

The Information Commissioner issued updated advice in response to the ruling, but did not withdraw the legally inaccurate 2013 letter until pressured to do so.

Those involved in the NO2NP campaign wrote to Head of ICO Regions, Ken Macdonald, raising concerns. The Information Commissioner eventually conceded and asked the Scottish Government to remove the inaccurate advice from its website.

Simon Calvert, NO2NP spokesman, commented:

“This was clearly legally inaccurate advice given the outcome of the court case. It further demonstrates how the public sector is having to rein in its policies and practices in light of the Supreme Court victory.”

He added: “The difference in content and tone could not be clearer. A key plank to the named person scheme was the scattergun approach to sharing data on families.

“Who knows how many mums and dads and children have already been subject to the implementation of the inaccurate advice previously given out?

“We ourselves have been contacted by numerous families who have uncovered intimate personal information about them being passed between agencies through making subject access requests for information which is held on them by public bodies.

“They are rightly furious and some are considering their legal remedies.”

If you think confidential information about you or your family could have been shared unlawfully, do consider making a Subject Access Request. Find out more here.

If the reply to your Subject Access Request discloses information which alarms you and you think it may help the campaign against Named Persons, contact us by emailing: stories@no2np.org

We understand any information you share with us may be extremely sensitive and will be treated confidentially. We won’t use any information without your explicit consent.

Children’s Commissioner: Named Person info-sharing “caused us most concern”

It’s not often you see a staunch supporter of the Named Person scheme putting his head above the parapet to question the details of the legislation.


So, credit to the Children and Young People’s Commissioner: although he often appears in the media to defend the scheme, he warned back in June that the information-sharing provisions contained in the Children and Young People Scotland Act had “caused us most concern”.

And that concern was certainly proved right by the Supreme Court judgment.

The Commissioner, Tam Baillie, who says his purpose is to “protect the rights of children and young people”, made the warning in a public statement in June.

Much of his statement is misguided in its understanding of the role of the Named Person as enacted by the legislation. For example a Named Person is not simply an “individual person available to parents” as he tries to claim.

The Supreme Court judgment explains that the Named Person legislation was “to establish new legal powers and duties, and new administrative arrangements, in relation to the sharing of information about children and young people, so as to create a focal point, in the form of named persons, for the pooling and sharing of such information, and the initiation of action to promote their wellbeing” (paragraph 15).

The Commissioner wrote in his statement: “The information sharing part of the Children and Young People Scotland Act (2014) caused us most concern, not least because we felt that not enough time had been afforded for considered reflection. We also felt that more time could have been given to listening to the views of children and young people.”

He recognised that information-sharing was key to the Named Person approach (the Supreme Court said it was “central”) and emphasised that it “must be done appropriately and with respect for the rights of the child”.

The Commissioner also had questions “around the threshold for sharing information”.

He said: “At the moment, the threshold amongst professionals is ‘risk of significant harm’. The Children and Young People (Scotland) Act 2014 lowers this threshold to concern for a child’s ‘wellbeing’.

“A potential risk of this is that the Named Person and other adults may therefore choose to share information about the child that violates their right to privacy and we must guard against this.”

Paragraph 97 of the Supreme Court ruling confirmed this concern, stating: “The provisions of the Act appear to point toward a more relaxed approach to disclosure than is compatible with article 8.”

The judges warned that the wellbeing threshold “involves the use of very broad criteria which could trigger the sharing of information by a wide range of public bodies… and also the initiation of intrusive inquiries into a child’s wellbeing”.

They concluded: “In our view, the criteria in sections 23(3), 26(2) and 26(4) by themselves create too low a threshold for disclosure… and for the overriding of duties of confidentiality in relation to sensitive personal information.”

What a pity the Information Commissioner’s Office (ICO) didn’t see the need to express the same warnings. Instead, ICO officials expressed glee at the prospect of “lowering that trigger down to wellbeing”.

And official ICO guidance issued in 2013 said: “In many cases, a risk to wellbeing can be a strong indication that the child or young person could be at risk of harm if the immediate matter is not addressed. As GIRFEC is about early intervention and prevention it is very likely that information may need to be shared before a situation reaches crisis.

“In the GIRFEC approach, a child’s Named Person may have concerns about the child’s wellbeing, or other individuals or agencies may have concerns that they wish to share with the Named Person. While it is important to protect the rights of individuals, it is equally important to ensure that children are protected from risk of harm.”

“If there is any doubt about the wellbeing of the child and the decision is to share, the Data Protection Act should not be viewed as a barrier to proportionate sharing.”

Perhaps someone needs to remind the ICO of its self-declared purpose: “The ICO upholds information rights in the public interest, promotes openness by public bodies & data privacy for individuals.”


Ever wondered what personal information public bodies have recorded about you or your children? How a conversation with a doctor or teacher has been summarised in a report?

You have the right to request copies of any personal information an organisation may be holding about you. This is known as a Subject Access Request.

Find out how to make a Subject Access Request


Mum of two, Kayley Hutton, was shocked to receive a 120-page dossier containing notes recorded by ‘named persons’ when she made a Subject Access Request a few years ago.
Kayley had experienced a distressing ordeal which almost resulted in her newborn son being taken away from her. She had no idea it was because officials had been mis-recording information about her, making her out to be an ‘unfit’ parent.


The recording and sharing of sensitive information has already been on the increase since the introduction of Named Person pilot schemes, and this is expected to grow as the scheme is rolled out across Scotland in August this year.

The Information Commissioner’s Office (ICO) has stated that the Children and Young People (Scotland) Act, which contains the Named Person provisions, will lower the threshold for data sharing to ‘wellbeing’, making it easier for agencies to share sensitive information about you or your children.

Practitioners will no longer have to show there is a ‘risk of significant harm’ to a child, but can pass on private information if they think there is simply a ‘wellbeing’ concern, which we all know can be highly subjective.


Follow this link to the ICO’s official guide, where you will find all the information you need and letter templates to make the process as easy as possible:

Find out how to make a Subject Access Request

TIP: Organisations have a 40-day deadline to respond to requests. It is a good idea to keep a detailed paper-trail of any correspondence if you need to chase a request or lodge a complaint.


If the reply to your Subject Access Request discloses information which alarms you and you think it may help the campaign against Named Persons, contact us by emailing: stories@no2np.org

We understand any information you share with us may be extremely sensitive and will be treated confidentially. We won’t use any information without your explicit consent.