WxT Language switcher

Decision pursuant to 6.1, 2024 OIC 64

Date of decision: August 2024

Summary

An institution submitted an application seeking the Information Commissioner’s approval to decline to act on an access request under subsection 6.1(1) of the Access to Information Act. In the institution’s opinion, the request is vexatious, an abuse of the right to make a request and made in bad faith.

The Commissioner finds that the institution established that the access request is vexatious. Moreover, the circumstances warrant that she provides her approval to the institution to decline to act on the access request.

The application is granted.

Application

Under subsection 6.1(1) of the Access to Information Act, the head of a government institution may seek the Information Commissioner’s written approval to decline to act on an access request if, in the head of the institution’s opinion, the request is one or more of the following:

  • vexatious
  • made in bad faith
  • an abuse of the right to make a request for access to records.

Institutions may not decline to act on access requests for the sole reason that the requested information was already proactively published under Part 2 of the Act (subsection 6.1(1.1)).

The institution bears the burden of establishing that the access request meets one or more of the requirements under subsection 6.1(1).

If the institution establishes that one or more of the requirements of subsection 6.1(1) apply, the Commissioner must exercise her discretionary power to either grant or refuse the application.

In exercising her discretion, the Commissioner will consider all relevant factors and circumstances, including:

  • The quasi-constitutional nature of the right of access;
  • The public interest in the records sought;
  • Whether the institution met its obligations under subsection 4(2.1) to make every reasonable effort to assist a requester in connection with their request.

Access request at issue

On April 29, 2024, an institution sought the Commissioner’s approval to decline to act on an access request it had received on April 3, 2024. The access request is the following :

“All records regarding the Alternative to Detention ("ATD") measures of [another institution] (and all other Canadian or allied agencies) regarding myself. [An institution] confirmed the existence of immigration holding with the Immigration File Number [...]. [An institution] referred that file to [another institution] which has immigration-holdings and alternative to detention ATD measures […] . Given the [institution] had investigative measures regarding myself, [it] should be aware of all relevant records to the alternative to detention measures of myself. Include all physical interventions that took place in these alternatives to detention measures and their alleged justification and their legal basis (e.g quasi-judicial or judicial warrants). The information is needed to support a judicial investigation. Include all the record reference-tracking number of all and any records destroyed or classified by the any party ( e.g the office of prime minister - governor in council). Do not send me my own documents ( e.g my passport) or submissions or emails. Do not send me irrelevant documents or records to my request. If [the institution] chooses to use exemption articles of the privacy act, I request [it] to release redacted records.”

According to the institution, the access request is vexatious, an abuse of the right to make a request and made in bad faith.

Is the request vexatious?

The term “vexatious” is not defined in the Act. In the context of an access request, the term is generally taken to mean a request filed primarily to embarrass, to harass, or to cause annoyance or trouble. However, determining whether a request is vexatious is a fact-dependent exercise that must be undertaken case by case. For this reason, it is best not to strictly define this term (Canada v Olumide, 2017 FCA 42).

Even seemingly legitimate access requests can be vexatious if they are primarily brought, knowingly or unknowingly, for improper purposes, such as inflicting damage or wreaking retribution upon a government institution. A request may also be vexatious if it is made or pursued in a vexatious manner.

While section 6.1 specifies that it is the access request, as opposed to the requester, that must be vexatious, the circumstances surrounding a request and the behaviour of a requester may be relevant if they demonstrate an improper purpose underlying the request. In such circumstances, a request will be vexatious if there is a clear link between the request itself and the vexatious behaviour.

The institution has made three main arguments to support its contention that the request is vexatious: it is repetitive, its primary purpose is to assert the requester’s right of access and it is diminishing the right of access of other requesters.

Repetition

The institution says that the requester has submitted over the past two years 16 repetitive and overlapping access requests all related to the same or similar subject matter: the requests are all related to information the institution has on them.

The institution argues that the access request at issue is part of an ongoing pattern of behaviour involving the requester’s repeated requests for substantially the same information. The institution adds that there is no reason to expect that the requester will stop making access requests and that their requests would facilitate access to new records, or records that the requester does not already have.

The institution also argues that the requester will receive the exact same response each time they request access to similar subject matter. The institution explained that most of the responses to their requests were per subsection 10(2) of the Access to Information Act, which authorizes institutions not to confirm whether documents exist. The institution further explained that, as a matter of policy, it consistently refuses to neither confirm nor deny the existence of any records related to investigations and the courts have consistently supported its decision to neither confirm nor deny the existence of information in its exempt bank (Dzevad Cemerlic v. Canada (Solicitor General), 2003 FCT 133, Westerhaug v. Canada (CSIS), 2009 FC 321 and Braunschweig v. Canada (Public Safety), 2014 FC 218). While these decisions concern the Privacy Act, the institution is of the view that, by extension, the Access to Information Act should similarly protect this information.

Primary purpose

Another argument made by the institution is that the primary purpose of the access request is not to seek information, but to assert the requester’s right of access. This is evidenced, according to the institution, by the fact that the requester stated multiple times that they need “all the information that [the institution] has about [them] to file a case to a Federal Court”.

Other’s right of access

The institution also argues that the request at issue diminishes the right of access of other requesters and affects its ability to perform other duties and responsibilities. It explains that its access to information and privacy office is quite small considering the amount the requests it receives on a yearly basis, and when a redundant request (such as the one at issue) is received, a file is opened, processed, approved, submitted and closed. The analyst assigned to this access request could be working on another requester’s legitimate access request.

Discussion

The Commissioner will start by examining the institution’s contention that the request at issue is repetitive. In previous decisions, she found that an access request is vexatious or an abuse of the right to access records when it is repetitive, that is, when no new records are being sought (2020 OIC 17, 2021 OIC 30). In the present case, the institution has not clearly demonstrated that no new records are being sought. The only representation provided on the matter is that the “requests are all related to information the [institution] has on [the requester]” and that “there is no reason to expect that… [their] requests would facilitate access to new records, or records that the requester does not already have”. This is far from being a sufficiently compelling argument.

The access request at issue (A-2024-00007) is for all records concerning Alternative to Detention measures regarding the requester. The Commissioner notes that similar records have been requested in other access requests. For example, A-2022-01176, A-2023-00269 and A-2023-00593 are seeking records related to measures that took place against the requester. That said, it is not clear to the Commissioner that the requested records in A-2022-00007 are encompassed by the three other access requests. Thus, she is not convinced that the three other access requests comprise records about Alternative to Detention measures that concerns the requester. Moreover, the access request at issue was made on April 3, 2024, and does not specify a time frame. Thus, it concerns all records that were created up until April 3, 2024. The three other access requests were made on February 27, 2023, July 10, 2023, and November 28, 2023, respectively. Thus, even if the subject matter of the access request at issue was encompassed by the other three access requests, the access request at issue would also aim at all the new records that were created between November 28, 2023, and April 3, 2024, if they exist.

The access request at issue (A-2024-00007) also appears to be partially encompassed by A-2022-00021, which is seeking all the records the institution has about the requester. That said, A-2022-00021 was made on April 11, 2022, that is, two years before A-2024-00007. Thus, the access request at issue could capture all new records that were created, if they exist, between April 11, 2022, and April 3, 2024.

Based on the above, I find that the institution did not demonstrate that the access request at issue would not capture new records, and thus that it is repetitive.

In the Commissioner’s decision 2022 OIC 35 involving similar access requests made by the same requester, she found that the period covered by the access request for which her authorization was sought was almost entirely captured by one or more of the previous requests made by the requester, with the exception of the time period between the last completed request and the one at issue in that application. The Commissioner concluded that the request was an abuse of the right of access, despite the fact that it could potentially capture new records. The following three elements, taken together, allowed her to conclude that the request constituted an abuse of the right to make an access request:

  • Most of the access request concerned records the requester had provided to the institution
  • The rest of the requested records had already been provided to the requester, with the exception of the information that could have been created between the last completed access request and the one for which the Commissioner’s authorization was sought
  • The requester rejected the institution’s proposition to modify the timeframe of the access request to specifically capture the time period between the last completed access request and the one for which the Commissioner’s authorization was sought

The present case differs from the one discussed above in that the institution did not propose to the requester to modify the period covered by the access request to specifically capture the time period between the last completed similar access request and the one at issue. The requester was not provided with this opportunity. For that reason, the Commissioner does not find that the present case is sufficiently similar to the previous case she examined to conclude that it constitutes an abuse of the right of access or that it is vexatious.

However, the present application differs from the previous ones she has examined in that the institution claims that the requester will receive the exact same response each time they request access to records involving information about similar subject matter.

A comparable argument was made in a case before the Office of the Information and Privacy Commissioner for British Columbia (2010 BCIPC 47) in which the public body was seeking an authorization to disregard portion of an access request. In that case, the same type of information was requested. The requester repeatedly requested records subject to solicitor-client or litigation privilege, which were consistently exempted from disclosure. The access request at issue in the British Columbia case, like the one that is the subject of the present application, covered a different timeframe than the previous requests, and was specifically seeking new records.

The Office of the Information and Privacy Commissioner for British Columbia noted the following: “There has been no change of circumstances…, and there is no other reason to expect that the results of the current request (or any more that he might make in the near future) would be any different.  The respondent is aware of this but persists anyway in requesting the records to no good purpose.” (Para 35)

It appears that the following three conditions were met in the British Columbia case and were necessary to conclude that the request was vexatious:

  • The same type of information had been requested before
  • This type of information is clearly exempted
  • There is no reason to expect that the result of the current request would be different

The Commissioner finds that these three conditions are met in the case before her as well.

The institution suggests that the requester has repeatedly requested records from its exempt bank 045 (the institution’s investigational records) and that it had consistently refused to either confirm or deny the existence of any records related to investigations. As such, the requester will receive the exact same response each time they request access to similar subject matter.

The institution has indicated that the records for the following five privacy requests, if they existed, would be located in bank 045. The institution responded to the requester for each request that it was neither confirming nor denying the existence of the requested information:

  • P-2022-00034: all the information the institution has about the requester.
  • P-2022-01170: all the authorization that was granted by the Canadian government to foreign parties in all and any form of interventions with the requester in Canada.
  • P-2022-01440: all records that involve information about the requester that can result in all and any measures or conditions that can be described or classified by the institution as being in relevance to “Canada’s efforts on detecting, preventing or suppressing crimes or hostile activities.”
  • P-2023-00827: all the measures and interventions that took place against the requester (including cyber and energy measures).
  • P-2023-02446: all the actual measures that took place against the requestor by all the Canadian and foreign entities (e.g using measures (energy, physical, cyber ..etc) that can be used when alleging a person is a risk in Canada.

Given that these privacy requests are identical, in all significant respects, to the following five access requests, it is reasonable to infer that the responsive records for these access requests, if they existed, would also be located in bank 045: A-2022-00021, A-2022-01106, A-2022-01176, A-2023-00269, and A-2023-00593. Moreover, in access request A-2023-00305, the requester clearly indicates that they are looking for records in bank 045. Based on the representations provided by the institution, it is reasonable to conclude that there are at least six access requests that sought records for information in bank 045. That said, there may be more than six access requests that are seeking information in bank 045, but the institution has not provided sufficient information to conclude that this is the case.

Second, the Commissioner accepts that any request for information in bank 045 would yield the same response from the institution, that is, to neither confirm nor deny the existence of information in that bank. As mentioned in Dzevad Cemerlic MD v. Canada (Solicitor General) (2003 FCT 133, para 42), “bank 045 has been designated as an exempt bank by the Governor in Council, see Exempt Personal Bank Order, No. 14 (CSIS), SOR/92-688.” Moreover, the court also found that “[the institution] acted reasonably in adopting a uniform policy of neither confirming nor denying the existence of information in bank 045” (para 45). The court reached the same conclusion in Westerhaug v. Canadian Security Intelligence Service (2009 FC 321, para 19) and Braunschweig v. Canada (Public Safety) (2014 FC 218).

Thirdly, I also accept that there is no reason to expect that the result of any access request for records in bank 045 would be different given the institution’s uniform policy.

The access request at issue is seeking records about an institution’s Alternative to Detention measures regarding the requester. In the text of the access request, the requester mentions that “[g]iven that [the institution] had investigative measures regarding myself, [it] should be aware of all relevant records to the alternative to detention measures of myself.” Thus, it appears that the requester is seeking all investigative records that may have given rise to alternative to detention measures, and thus that they are explicitly seeking records that would be located in bank 045 (the institution’s investigational records). Therefore, it is reasonable to conclude that the requester would receive the exact same response they received when they requested access to records related to the institution’s investigations and/or measures against themself. This would be the seventh attempt of the requester to seek records that, if they existed, would be located in bank 045.

The Commissioner notes that the requester seems to be aware that they are requesting yet again the institution’s investigational records that would be located in an exempt bank. In an email dated October 24, 2023 (about six months before the access request at issue was made), the requester stated the following: “Please advise on the formal procedure to remove my file from the exemption bank that the governor in council has set and resulted in your response.” Thus, it appears that the requester was aware that bank 045 has been designated as an exempt bank by the Governor in Council. The requester also repeatedly mentioned in its communication with the institution that they want their information to be removed from its exempt bank. These are two other examples that were provided to me:

  • “I requested [the institution] to release all information about myself to start a judicial proceeding to remove my file from exempt bank” (August 3, 2023)
  • “[the institution] mentioned that governor in council has placed my file of [the institution] under exempt bank. I asked [the institution] how to remove my file from exemption bank.” (October 25, 2023)

Thus, it appears that, in previous access requests, the requester has been explicitly seeking access to records contained in the institution’s bank 045, knowing that it is an exempt bank and that they would receive the same response as they were given before.

In their response to the institution’s application, the requester suggested that they filed many access requests for the same type of information because they were not satisfied with the institution’s responses to neither confirm nor deny whether the records existed. The requester said: “The issue that [the institution] handled many requests passively and close to an arbitrary way that resulted in filing more requests.” The Commissioner must note that this is not an appropriate reason to file further access requests for the same type of information. If the requester is not satisfied with the response provided by the institution, the appropriate solution is to submit a complaint to the Office of the Information Commissioner. The Commissioner notes that the requester is well aware of this, as the requester has filed complaints with her Office in the past. And if the requester is not satisfied with the outcome of such a complaint, the appropriate remedy is to apply to the Federal Court for a review.

Rather than pursuing and exhausting the review procedures available to them to address their dissatisfaction with the institution’s responses, the requester chose to re-file the same or very similar access requests. Such behaviour has been found to be both vexatious and an abuse of the right of access (Ontario (Consumer and Business Services) (Re), 2001 CanLII 26073 (ON IPC))). Accordingly, the Commissioner concludes that the access request at issue, which is the requester’s seventh attempt under the Act to access information located in bank 045, is vexatious.

Given her conclusion that the access request at issue is vexatious because the requester has repeatedly requested the same type of information and persists in requesting the same type of information to no good purpose, the Commissioner does not need to examine whether it constitutes an abuse of the right of access, nor whether it is made in bad faith.

Do the circumstances warrant that the Commissioner provides her approval to decline to act on the access requests?

Given that the institution established that one of the requirements of subsection 6.1(1) applies to the access request, the Commissioner must now exercise her discretionary power to either grant or refuse the application.

In exercising her discretion, the Commissioner has considered all relevant factors and circumstances, including the following.

Obligation to assist the requester

Subsection 4(2.1) sets out a general duty to assist requesters. The scope of this duty is broad, requiring that an institution make “every reasonable effort” to assist a requester with their request. It extends as far as it would be reasonable for the institution to provide assistance. The duty to assist may include helping a requester: clarify their access request; narrow its scope in order to facilitate a more timely response to records sought; and provide information needed to enable an institution to identify requested record(s).

What will constitute “every reasonable effort” to assist a requester with their request in any given case will depend on the relevant facts and circumstances. In turn, whether an institution has met its obligations under subsection 4(2.1) is fact dependent and must be assessed case-by-case.

Two main attempts were made by the institution to provide information to the requester concerning its personal information banks. One was likely made around July 2021. In its letter, the institution provided details about each relevant banks and mentioned whether some of them included responsive records or not. On November 25, 2023, the institution also provided a link to Info Source, which details its personal information banks.

I can also see that the institution sought clarification from the requester on August 3, 2023. The institution asked the requester the following: “Can you please specify the type of personal information you are requesting?” In response, the requester mentioned that they were unable to mention specific records.

As the Commissioner mentioned above, the institution did not propose to the requester to modify the timeframe of their access request to specifically capture the time period between the last completed similar access request and the current one. That said, the Commissioner does not think it would have been reasonable to make that suggestion to the requester, given that the response provided by the institution would have been the same whether it had modified the timeframe or not. That is, the response would have been to neither deny nor confirm that the records exist , whether the timeframe had been modified or not.

Given the requester’s insistence in attempting to obtain information from bank 045 , despite the fact that they were informed that it is an exempt bank , the Commissioner finds that the institution made every reasonable effort to assist the requester. Thus, she concludes that the institution established that it had met its duty to assist the requester.

Decision

The institution has established that the access request met one or more of the requirements of subsection 6.1(1):

  • The requester had requested on many occasions the institution’s investigational records, which would be located, if they existed, in bank 045.
  • Bank 045 is an exempt bank and the courts have found that the institution’s uniform policy to neither confirm nor deny the existence of records in bank 045 is reasonable.
  • The requester is requesting the institution’s investigational records for a seventh time, knowing that the records would be located, if they exist, in an exempt bank and that they would obtain the same response they already had.
  • For these reasons, the Commissioner finds that the access request is vexatious.

The circumstances warrant an exercise of her discretionary power to authorize the institution to decline to act on the access request.

The application is granted.

Date modified:
Submit a complaint