Managing AI-driven freedom of information requests

Local authorities and enforcement companies are seeing a significant increase in the number of FOI (freedom of information) requests and complaints where AI is being used to draft and generate the requests.
How is AI being used?
AI makes it easier for a person to make a complaint or FOI request, as it will help them get the format correct, specify the information they are after and note the relevant legislation. AI also helps the individual, organisation and journalist put these requests together on an unprecedented scale.
The same is true for complaints, with debtors using templates to submit complaints. The complaint puts the case on hold while it is investigated – this is almost always used as a payment delaying tactic, one which uses significant team resource to investigate before it can be dismissed so the recovery process can recommence.
It is worth noting, however, that AI is not infallible and can make erroneous claims and legislative references based on inaccurate information already in the public domain.
Do local authorities have to respond to an AI-generated FOI request?
The impact of this ever-growing volume, and sometimes complexity, of requests is putting local authorities under significant pressure to respond to them, taking team members away from other tasks.
And respond to them they must. The ICO (Information Commissioners Office) has stated that a technology-generated FOI request is valid as long as it meets the statutory requirements.
The ICO also says that mass or AI‑assisted requests can raise issues under the vexatious request provisions (section 14 FOIA) where they form part of a disruptive campaign, but stresses that coordinated campaigns are not automatically vexatious.
Whilst AI might be useful in refining a response, it should not be relied on to create one! So no, we cannot currently fight AI with AI!
What are the risks to consider when responding to an FOI request?
The main risk is inadvertently releasing confidential and/or sensitive information when responding.
Other risks include the possibility of the information given in the response being misinterpreted by the recipient, plus the additional time required if the request was not made clearly enough, so the person will not get the information they were looking for which results in prolonged exchanges of correspondence.
Strategies to manage AI-driven FOI requests
It is good practice to clarify the request further. You cannot question what the person wants unless you’re trying to define the request further. By clarifying further, you can avoid the risk of providing something different to what they were looking for.
Be smart and think what’s behind the request, how will the data be used and interpreted. Whilst there may not be a direct negative impact on the local authority or their suppliers, it could be misunderstood and have a negative impact indirectly. Think about steps to mitigate that risk.
Local authorities brief their freedom of information and government teams to send sections of the request to different departments, rather than sending the whole thing. The individual section responses may be fine in themselves, but when you put all the parts together, it can make it commercially sensitive. Consider briefing the teams on the wider request, so they can flag potential issues.
Check the finished response before it goes out, to make sure no confidential or sensitive information is being released inadvertently. Consider whether a number of different requests by the same person could, when the data is combined, paint a more detailed picture than you had intended to provide. It is best to err on the side of caution.
Remember that, under S43(2) of the Freedom of Information Act 2000 (FOIA), information is exempt if its disclosure “would, or would be likely to, prejudice the commercial interests of any person (including the public authority holding it)”. However, you still have to carry out a public interest test before withholding the information.
here is a separate “confidential information” exemption in FOIA section 41, which covers information obtained from another person where disclosure would be an actionable breach of confidence.

