Senior Data Protection Specialist Jon Baines has contributed to a report by OpenDemocracy, which looks at the state of freedom of information compliance in central government. Notably, the report identifies that there is a central "Clearing House" and a process whereby some FOI requesters' names are circulated across all Government departments. Jon suggests that "on the evidence that I have seen, I do not feel that the Clearing House complies with data protection law", and in an analysis for OpenDemocracy explains further.
The practice of sharing requesters' names is well established, and occurs frequently, but is it lawful? I would argue not…[When] it comes to the legality of sharing personal data, all government departments except the Cabinet Office fail at the first hurdle – they do not comply with the "transparency" principle of GDPR… [Also] it is very hard to see why – if the Round Robin List is essential for “providing advice, support and co-ordination in responding to freedom of information requests” – the requesters’ names can’t simply be removed from it. What benefit does having the names on the list bring? Even if it saves a little time in identifying requests, I am far from convinced that justifies – on the basis of proportionality – the interference with the data protection right.