MLAs salaries

Information Standards Freedom of Information Response

Our Ref: FoI 50-20

15 December 2020

Freedom of Information Act 2000 

I refer to your request under the above legislation:

“1. For each month from August to October 2020, please disclose the following:

(a) The number of MLAs who had some of their salary sent to the 'consolidated fund'; and the amount sent to that consolidated fund.

(b) The number of MLAs who opted to donate to charitable sources through a 'give-as-you-earn scheme'; the amount donated through this scheme.

2. From January 2020 to present, please disclose:

(a) Separately for each of the five largest political parties (DUP, SF, UUP, SDLP, Alliance), the total amount their MLAs sent to the 'consolidated fund'.

(b) For each of the five largest political parties (DUP, SF, UUP, SDLP, Alliance), the total amount their MLAs donated to charitable sources through the 'give-as-you-earn scheme'.”

 

I am writing to confirm that the Northern Ireland Assembly Commission (“the Assembly Commission”) holds the information that you have requested.

The information related to your query, point 1 above, is provided in Appendix A.

Regarding point 2, I wish to advise you that the information is exempt from disclosure under section 42(1) of the Freedom of Information Act 2000.  The reasons for this are set out in Appendix B

 

You have the right to request that the Assembly Commission formally reviews this decision and if you wish to do so, please write to me at the above address.

If after such an internal review you are still unhappy with the response, you have the right to appeal to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, who will undertake an independent review.

Yours sincerely

Information Standards and Data Protection Officer

 

APPENDIX A

As outlined in the response to FOI 45-20, Members do not have part of their salary placed in the Consolidated Fund.  Members may forward cheques or make bank transfers to the Consolidated Fund and therefore do not necessarily stipulate why they are making the payment or what it relates to.  The attached figures are based on the unidentified receipts.

Please find below a table showing the amounts received by the Assembly Commission, which have been credited to the Consolidated Fund. Please note that the number of Members represents the number of individuals who made a contribution that month. The Member may have made more than one payment, but will have only been counted once.

1 (a) Consolidated Fund

  Aug-20Sep-20Oct-20

Number of Members

23

27

23

Contribution

£2,615.33

£2,955.33

£1,955.33

 

The Assembly Commission does not hold or process details on the intended recipients of monies in respect of Give-As-You-Earn (“GAYE”) schemes. This matter is arranged exclusively between the Member and the GAYE service. Please find below a table showing the total number of Members and total of payments made.

1 (b) Give-As-You-Earn

  Aug-20Sep-20Oct-20

Number of Members

12

12

12

Contribution

£1,066.32

£1,066.32

£1,066.32

 

APPENDIX B

REASON FOR NON-DISCLOSURE

Arranging the information in the manner you have requested, monthly totals by political party, may indirectly identify individuals from that information in combination with other information.

As per Article 4 (1) of the General Data Protection Regulation (GDPR) this fulfils the threshold of the definition of personal data, and for your reference I have included a copy of Article 4 (1) in Appendix C, which is attached to this correspondence.  The reason the information is personal data is that it relates to individual Members who are living and can potentially be identified, directly or indirectly, from the information.

Under Section 40 of the Freedom of Information Act 2000 (FOIA) there is exemption from disclosure of personal data in certain circumstances and I have included a copy of Section 40 of the Act in the attached Appendix C.  Section 40 (2) provides that any information to which a request under FOI relates is exempt information if it constitutes personal data and satisfies any of the two conditions set out in Section 40 (3).  The first condition in Section 40 (3A) (a) is that the information is personal data as defined by Article 4 (1) of the GDPR and that disclosure would contravene any of the data protection principles. 

The data protection principles are set out in Article 5 of the GDPR, attached at Appendix C for your reference.  The first principle at Article 5 (1) (a) states that:

“Personal data shall be processed fairly and lawfully and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’).

Article 6 (1) (a-f) states thatsuch processing is lawful only if and to the extent that at least one of the conditions therein applies.  We have considered whether any of the conditions in Article 6 (1) can be met if the information is disclosed to you and we have enclosed a copy of the conditions in Appendix C for your reference. It is our view that none of the conditions in Article 6 of the GDPR can be met and we have therefore concluded that processing the information by disclosing it would contravene the First Data Protection Principle.

The data regarding payroll donations is personal data.  To release this information would breach the first data protection principle (‘lawfulness, fairness and transparency’) and in particular, shall not be processed unless one of the conditions of Article 6 (1) of the GDPR apply.  As none of the Article 6 conditions apply the information cannot be disclosed.

We are of the view that the requirement in the first data protection principle, to process personal data fairly, lawfully and in a transparent manner would be breached by releasing this information. 

Section 40 of the FOIA is one of eight absolute exemptions in the Act.  In assessing whether an absolute exemption applies, the only question is whether the information falls within the category.  A public interest test is not applied.  We are therefore satisfied that we have acted in accordance with the requirements of the FOIA and that the information is exempted from the requirement to disclose under the FOIA.

 

Appendix C

Freedom of Information Act 2000

Extract from Section 40:

“Personal information.

(1) Any information to which a request for information relates is exempt information if it constitutes personal data of which the applicant is the data subject.

(2) Any information to which a request for information relates is also exempt information if—

(a) it constitutes personal data which does not fall within subsection (1), and

(b) the first, second or third condition below is satisfied.

(3A) The first condition is that the disclosure of the information to a member of the public otherwise than under this Act—

(a) would contravene any of the data protection principles, or

(b) would do so if the exemptions in section 24(1) of the Data Protection Act 2018 (manual unstructured data held by public authorities) were disregarded.

(3B) The second condition is that the disclosure of the information to a member of the public otherwise than under this Act would contravene Article 21 of the GDPR (general processing: right to object to processing).]”

Freedom of Information Act 2000

Extract from Section 40:

“(7) In this section—

“the data protection principles” means the principles set out in—

(a) Article 5(1) of the GDPR, and

(b) section 34(1) of the Data Protection Act 2018;

“data subject” has the same meaning as in the Data Protection Act 2018 (see section 3 of that Act);

“the GDPR”, “personal data”, “processing” and references to a provision of Chapter 2 of Part 2 of the Data Protection Act 2018 have the same meaning as in Parts 5 to 7 of that Act (see section 3(2), (4), (10), (11) and (14) of that Act).

(8) In determining for the purposes of this section whether the lawfulness principle in Article 5(1)(a) of the GDPR would be contravened by the disclosure of information, Article 6(1) of the GDPR (lawfulness) is to be read as if the second sub-paragraph (disapplying the legitimate interests gateway in relation to public authorities) were omitted.]”

 

Extract from Article 4 of General Data Protection Regulations:

For the purposes of this Regulation:

(1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

Extract from Article 5 of General Data Protection Regulations:

“1.  Personal data shall be:

(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);

(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);

(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);

(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

2.  The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’)”

 

Extract from Article 6 of General Data Protection Regulations:

“1.  Processing shall be lawful only if and to the extent that at least one of the following applies:

(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

(c) processing is necessary for compliance with a legal obligation to which the controller is subject;

(d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;

(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Point (f) of the first subparagraph shall not apply to processing carried out by public authorities in the performance of their tasks.