Freedom of Information (Scotland) Act 2002
44.Paragraph 2 of the schedule adds the Bank to the list of Scottish public authorities in schedule 1 of the Freedom of Information (Scotland) Act 2002. This means that the Bank will be subject to the requirements that Act places on public bodies, including requirements to provide information to the public on request and to have in place a scheme for the pro-active publication of information it holds.
45.Being a public authority within the meaning of the Freedom of Information Act also makes the Bank a “Scottish public authority” to which the Environmental Information (Scotland) Regulations 2004 apply.
46.In addition, as a public authority within the meaning of the Freedom of Information Act, the Bank is a “public authority” or “public body” for the purposes of the General Data Protection Regulation by virtue of section 7 of the Data Protection Act 2018 (subject to the Secretary of State not making regulations under that section to remove its “public authority” status). The General Data Protection Regulation (also commonly referred to by the acronym “GDPR”) is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. There are particular rules applied to bodies classified as “public authorities” (over and above those applied to all data processors) in the GDPR and the Data Protection Act 2018. An analysis of those rules is beyond the scope of these Notes.