Saudi Arabia
Name of law: Freedom of Information Interim Regulations
First adopted: 2020
Last modified: n/a
RTI Rating last updated: n/a
First adopted: 2020
Last modified: n/a
RTI Rating last updated: n/a
Introduction
Saudi Arabia's RTI law contains some progressive elements, including a strong scope and decent promotional measures. However, the law's brevity has resulted in an overall low score, especially in the area of appeals, requesting procedures, exceptions and appeals.| id | Section | Points | Max score |
|---|---|---|---|
| 1 | Right of Access | 3 | 6 |
| 2 | Scope | 17 | 30 |
| 3 | Requesting Procedures | 8 | 30 |
| 4 | Exceptions & Refusal | 9 | 30 |
| 5 | Appeals | 4 | 30 |
| 6 | Sanctions & Protections | 2 | 8 |
| 7 | Promotional Measures | 10 | 16 |
| ∑ = 53 | ∑ = 150 |
| Section | I | Description | Scoring instructions | Max score | Findings | Points | Article | Comments |
|---|---|---|---|---|---|---|---|---|
1. Right of Access |
1 | The legal framework (including jurisprudence) recognises a fundamental right of access to information. | Score 0 for no constitutional right to information, 1 point for a limited constitutional right, 2 points for full constitutional recognition of a public right of access to information. | 2 | NO | 0 | N/A | No reference to RTI English: https://www.constituteproject.org/constitution/Saudi_Arabia_2013.pdf?lang=en |
1. Right of Access |
2 | The legal framework creates a specific presumption in favour of access to all information held by public authorities, subject only to limited exceptions. | No=0, Partially=1, Yes=2 | 2 | YES | 2 | 7.2 Principle 1: Transparency Individuals have the right to access information related to public entities' activities to enhance integrity, transparency, and accountability. Principle 3: Public Information Disclosure Every individual has the right to access or obtain public information – unprotected – and the applicant does not necessarily have a certain status or interest in this information to be able to obtain it and is not subject to any legal accountability related to this right. 7.3(1) The right to access and obtain any public information – unprotected – by any public entity. | |
1. Right of Access |
3 | The legal framework contains a specific statement of principles calling for a broad interpretation of the RTI law. The legal framework emphasises the benefits of the right to information. | One point for each characteristic. | 2 | Partially | 1 | 7.2 Principle 1: Transparency Individuals have the right to access information related to public entities' activities to enhance integrity, transparency, and accountability. | Benefits of RTI are mentioned, but broad interpretation of the regulations is not listed as a principle. |
2. Scope |
4 | Everyone (including non-citizens and legal entities) has the right to file requests for information. | Score 0 point if only residents/citizens; 1 point for all natural persons; 1 point for legal persons. | 2 | Partially | 1 | 7.1 This Interim Regulation applies to all requests coming from any individual to access or obtain public information – unprotected – produced or held by public entities, regardless of the source, form or nature. | "Individual" suggests that legal persons are not included. |
2. Scope |
5 | The right of access applies to all material held by or on behalf of public authorities which is recorded in any format, regardless of who produced it. | Score 1-3 points if limited definition of information information such as not "internal documents" or databases excluded, 4 points for all information with no exceptions. | 4 | Partially | 2 | 2. Public Information: Raw data or processed data - unprotected - that is received, produced or held by public entities, regardless of the source, form or nature. 7.1 This Interim Regulation applies to all requests coming from any individual to access or obtain public information – unprotected – produced or held by public entities, regardless of the source, form or nature. This includes paper records, emails, information stored on computers, audio or video cassettes, microfiche, maps, photographs, handwritten notes or any other form of recorded information. | The right of access does not apply to "unprotected" types of information - namely the exceptions - which are scoped out from the Regulation entirely. 7.1 The following information should be considered as protected, and should not be disclosed: 1. Information that, if disclosed, may harm the Kingdom of Saudi Arabia„s national security, policies, interests or rights; 2. Military and security information; 3. Documents and information obtained in agreement with another state and classified as protected; 4. Inquiries, investigations, checks, inspections and monitoring in respect of a crime or violation; 5. Information that include recommendations, suggestions or consultations for issuing governmental legislation or decision not issued yet; 6. Commercial, industrial, financial or economic information that, if disclosed, may result in gaining profits or avoiding losses in an illegitimate manner; 7. Scientific or technological searches or rights included intellectual property right that, if disclosed, may result in infringement of incorporeal right; 8. Tender and bidding Information that, if disclosed, may give rise to violation of fair competition; 9. Information and the like, which are protected, confidential or personal under another law, or require certain legal action to be accessed or obtained. |
2. Scope |
6 | Requesters have a right to access both information and records/documents (i.e. a right both to ask for information and to apply for specific documents). | Score 1 point for only documents, 1 point for information. | 2 | Partially | 1 | 7.1 This Interim Regulation applies to all requests coming from any individual to access or obtain public information – unprotected – produced or held by public entities, regardless of the source, form or nature. This includes paper records, emails, information stored on computers, audio or video cassettes, microfiche, maps, photographs, handwritten notes or any other form of recorded information. | The definition appears to restrict the concept of information to "recorded" information. |
2. Scope |
7 | The right of access applies to the executive branch with no bodies or classes of information excluded.This includes executive (cabinet) and administration including all ministries, departments, local government, public schools, public health care bodies, the police, the armed forces, security services, and bodies owned or controlled by the above. | Score 4 points for central government agencies covered: 1 for the head of state, 1 for ministries, 1 for other non-statutory agencies created by the ministries, 1 for state and local government if the government is unitary. If it´s a federalist system, 2 points for the non-statutory agencies. This can be determined by examining the length and thoroughness of the list, if such a schedule exists. Score 1 point for the archives. Add three points and deduct 1 for each exempted central agency (such as the armed forces, police, etc). | 8 | Partially | 6 | 2. Public Entity: Any government or affiliated organization that manages, operates or maintains a public function or operates or maintains any elements of national infrastructure or provides a public service. 7.1 This Interim Regulation applies to all requests coming from any individual to access or obtain public information – unprotected – produced or held by public entities, regardless of the source, form or nature. The following information should be considered as protected, and should not be disclosed: 2. Military and security information; | While the definition of public entity is broad, it is not clear that all authorities which are owned or controlled by other public authorities are covered. "military and security information", which would apply to all information about the armed forces, is excluded as the Regulation only covers "unprotected" public information and this information is "protected". |
2. Scope |
8 | The right of access applies to the legislature, including both administrative and other information, with no bodies excluded. | Score 1 point if the law only applies to administrative documents, 2-3 points if some bodies excluded, 4 points if all legislative branch at all levels of government | 4 | Partially | 2 | 2. Public Entity: Any government or affiliated organization that manages, operates or maintains a public function or operates or maintains any elements of national infrastructure or provides a public service. 7.1 This Interim Regulation applies to all requests coming from any individual to access or obtain public information – unprotected – produced or held by public entities, regardless of the source, form or nature. | It is not clear these bodies are covered under the definition of public entity but some benefit of the doubt given. |
2. Scope |
9 | The right of access applies to the judicial branch, including both administrative and other information, with no bodies excluded. | Score 1 point if the law only applies to administrative documents, 2-3 points if some bodies excluded, 4 points if all judicial branch at all levels of government | 4 | Partially | 2 | 2. Public Entity: Any government or affiliated organization that manages, operates or maintains a public function or operates or maintains any elements of national infrastructure or provides a public service. 7.1 This Interim Regulation applies to all requests coming from any individual to access or obtain public information – unprotected – produced or held by public entities, regardless of the source, form or nature. | It is not clear the judiciary is covered under the definition of public entity but some benefit of the doubt given. |
2. Scope |
10 | The right of access applies to State-owned enterprises (commercial entities that are owned or controlled by the State). | Score 1 point if some, 2 points if all | 2 | YES | 1 | 2. Public Entity: Any government or affiliated organization that manages, operates or maintains a public function or operates or maintains any elements of national infrastructure or provides a public service. 7.1 This Interim Regulation applies to all requests coming from any individual to access or obtain public information – unprotected – produced or held by public entities, regardless of the source, form or nature. | It is not clear these bodies are covered under the definition of public entity but some benefit of the doubt given. |
2. Scope |
11 | The right of access applies to other public authorities, including constitutional, statutory and oversight bodies (such as an election commission or information commission/er). | Score 1 point if some bodies, 2 points if all | 2 | Partially | 1 | 2. Public Entity: Any government or affiliated organization that manages, operates or maintains a public function or operates or maintains any elements of national infrastructure or provides a public service. 7.1 This Interim Regulation applies to all requests coming from any individual to access or obtain public information – unprotected – produced or held by public entities, regardless of the source, form or nature. | It is not clear these bodies are covered under the definition of public entity but some benefit of the doubt given. |
2. Scope |
12 | The right of access applies to a) private bodies that perform a public function and b) private bodies that receive significant public funding. | 1 point for public functions, 1 point for public funding | 2 | Partially | 1 | 2. Public Entity: Any government or affiliated organization that manages, operates or maintains a public function or operates or maintains any elements of national infrastructure or provides a public service. 7.1 This Interim Regulation applies to all requests coming from any individual to access or obtain public information – unprotected – produced or held by public entities, regardless of the source, form or nature. | While public functions are mentioned, public funding is not. |
3. Requesting Procedures |
13 | Requesters are not required to provide reasons for their requests. | Y/N answer 0 or 2 points | 2 | NO | 0 | 7.5 2. The request should be filled out in a dedicated form made accessible by the public entity; The National Data Management and Personal Data Protection Standards (https://sdaia.gov.sa/ndmo/Files/PoliciesEn001.pdf) FOI.3.4 The Entity shall prepare request forms for access to Public Information - whether paper or electronic - specifying the required information to be provided by the Requestor. The required information shall include, at minimum, the following: 3. Purpose behind the request for access to public information | Forms require reasons for requests. |
3. Requesting Procedures |
14 | Requesters are only required to provide the details necessary for identifying and delivering the information (i.e. some form of address for delivery). | Score Max 2 points and deduct if requesters are required to give any of the following: ID number, telephone number, residential address, etc. | 2 | NO | 0 | 7.5 2. The request should be filled out in a dedicated form made accessible by the public entity; The National Data Management and Personal Data Protection Standards (https://sdaia.gov.sa/ndmo/Files/PoliciesEn001.pdf) FOI.3.4 The Entity shall prepare request forms for access to Public Information - whether paper or electronic - specifying the required information to be provided by the Requestor. The required information shall include, at minimum, the following: 1. Information about the Requestor including name, address, national ID 2. Description of Public Information being requested 3. Purpose behind the request for access to public information 4. Legal basis for the request 5. Notice delivery method to the requestor (e-mail, national address) 6. Date of the request. | FOI forms require significant amounts of information about requestor. |
3. Requesting Procedures |
15 | There are clear and relatively simple procedures for making requests. Requests may be submitted by any means of communication, with no requirement to use official forms or to state that the information is being requested under the access to information law. | Max 2 points. Considerations include that there is no requirement to state that the request is under the RTI law, nor to use an official form, nor to identify the document being sought. | 2 | NO | 0 | 7.4 The public entity shall verify the identity of individuals before granting them the right to access or obtain public information in accordance with the controls determined by the National Cyber Security Authority. 7.5 2. The request should be filled out in a dedicated form made accessible by the public entity; 3. The request should clearly state that it is a request for Freedom of Information purposes; The National Data Management and Personal Data Protection Standards (https://sdaia.gov.sa/ndmo/Files/PoliciesEn001.pdf) FOI 3.4 The Entity shall prepare request forms for access to Public Information - whether paper or electronic - specifying the required information to be provided by the Requestor. The required information shall include, at minimum, the following: 1. Information about the Requestor including name, address, national ID 2. Description of Public Information being requested 3. Purpose behind the request for access to public information 4. Legal basis for the request | It is necessary to use the provided form. Requests must specify the "legal basis" for the request. |
3. Requesting Procedures |
16 | Public officials are required to provide assistance to help requesters formulate their requests, or to contact and assist requesters where requests that have been made are vague, unduly broad or otherwise need clarification. | Score 1 point for help in formulation and 1 point for clarification procedures | 2 | NO | 0 | N/A | Not mentioned. |
3. Requesting Procedures |
17 | Public officials are required to provide assistance to requesters who require it because of special needs, for example because they are illiterate or disabled. | Score Yes=2 point, No=0 | 2 | NO | 0 | N/A | Not mentioned. |
3. Requesting Procedures |
18 | Requesters are provided with a receipt or acknowledgement upon lodging a request within a reasonable timeframe, which should not exceed 5 working days. | Score 1 point for receipt, 1 point for max 5 working days | 2 | NO | 0 | N/A | Not mentioned. |
3. Requesting Procedures |
19 | Clear and appropriate procedures are in place for situations where the authority to which a request is directed does not have the requested information. This includes an obligation to inform the requester that the information is not held and to refer the requester to another institution or to transfer the request where the public authority knows where the information is held. | Score: 1 point for information not held, 1 for referrals or 2 for transfers | 2 | Partially | 1 | The main steps for the request to access public information (pp. 46 - 47) Second: The public entity, in not less than thirty (30) days of receipt of a request to access or obtain public information, shall take one of the following steps: 4. Notice: If the required information is available on the entity's website, or is not within its competence, the individual requesting the information must be notified, in writing or electronically, including the following information: o The type of notice, for example, the required data is available on the entity's website, or is not within its jurisdiction; o The right to complain about this notice and how to exercise this right. | Notice must be provided, but no clear procedure for transfers. |
3. Requesting Procedures |
20 | Public authorities are required to comply with requesters’ preferences regarding how they access information, subject only to clear and limited overrides (e.g. to protect a record). | Score: 2 points for Yes, only 1 point if some limitations | 2 | Partially | 0 | N/A | Not mentioned. |
3. Requesting Procedures |
21 | Public authorities are required to respond to requests as soon as possible. | Score: No=0, Yes=2 points | 2 | NO | 0 | N/A | Not mentioned. |
3. Requesting Procedures |
22 | There are clear and reasonable maximum timelines (20 working days or less) for responding to requests, regardless of the manner of satisfying the request (including through publication). | Score: 1 point for timeframes of 20 working days (or 1 month, 30 days or 4 weeks). Score 2 points for 10 working days (or 15 days, or two weeks) or less. | 2 | Partially | 1 | The main steps for the request to access public information (pp. 46 - 47) Second: The public entity, in not less than thirty (30) days of receipt of a request to access or obtain public information, shall take one of the following steps: 7.4(9). The public entity shall notify the applicant - in an appropriate manner - in the event the request is rejected in whole or part, explaining the reasons for the denial and the right to appeal and how to exercise this right within a period not exceeding (15) days after the making of the decision. | Requests must generally be responded to in 30 days. However, the wording of 7.4(9) is a little unclear (potentially due to translation issues) as to whether public officials can have an additional 15 days beyond the 30-day deadline to notify applicants about reasons for rejection and appeal procedures when requests are denied. |
3. Requesting Procedures |
23 | There are clear limits on timeline extensions (20 working days or less), including a requirement that requesters be notified and provided with the reasons for the extension. | - | 2 | Partially | 1 | The main steps for the request to access public information (pp. 46 - 47) Second: The public entity, in not less than thirty (30) days of receipt of a request to access or obtain public information, shall take one of the following steps: 3. Extension: In the event the public entity is unable to respond to the request for access in due time, the time in which to respond should be extended within reasonable time given the size and nature of information requested – for example not exceeding an additional thirty (30) calendar days – and the public entity should provide the applicant the following information: o Notice of the Extension and the new date when the request is expected to be completed; o A concise statement for the basis of delay; o Notice of a right to appeal such delay, including notice as to the time and manner in which any appeal must be taken. | While the Regulation does not explicitly state that requests are free, the description of the procedure suggests that fees appear to only be charged for processing requests and are charged after the filing of a request. |
3. Requesting Procedures |
24 | It is free to file requests. | Score: No=0, Yes=2 points | 2 | YES | 2 | The main steps for the request to access public information (pp. 46 - 47): First: Applications should be submitted by filling out a “Public Information Request Form” – electronic format or paper – and submitting it to the public entity that has the information. Second: The public entity, in not less than thirty (30) days of receipt of a request to access or obtain public information, shall take one of the following steps: 1. Grant: If the public entity grants a request to access to or obtain information in whole or in part, the applicant should be advised in writing the applicable fees, and the public entity should make this information available to the applicant within a reasonable period that does not exceed ten (10) days of receipt of payment. | While the Regulation does not explicitly state that requests are free, the description of the procedure suggests that fees appear to only be charged for processing requests and are charged after the filing of a request. |
3. Requesting Procedures |
25 | There are clear rules relating to access fees, which are set centrally, rather than being determined by individual public authorities. These include a requirement that fees be limited to the cost of reproducing and sending the information (so that inspection of documents and electronic copies are free) and that a certain initial number of pages (at least 20) are provided for free. | Score 1 point for fees being limited to reproduction and delivery costs and set centrally, 1 point for at least 20 pages free of charge or for fees being optional | 2 | Partially | 1 | 7.4(5) The public entity shall set the necessary standards for determining the fees for processing requests to access or obtain public information based on the nature of the data, its size, the effort spent, and the time taken - in accordance with the Data Revenue Framework Interim Regulation. The development of the Data Revenue Framework Interim Regulations is in progress. | While the public entity sets standards for fees, it must do so in line with the centralised Data Revenue Framework Interim Regulation. It is not clear whether fees will be limited to repreoduction and delivery. No pages are provided for free. |
3. Requesting Procedures |
26 | There are fee waivers for impecunious requesters. | - | 2 | NO | 0 | N/A | Not mentioned. |
3. Requesting Procedures |
27 | There are no limitations on or charges for reuse of information received from public bodies, except where a third party (which is not a public authority) holds a legally-protected copyright over the information. | Score: No=0, Yes=2 points | 2 | NO | 2 | N/A | Not mentioned. |
4. Exceptions & Refusal |
28 | The standards in the RTI Law trump restrictions on information disclosure (secrecy provisions) in other legislation to the extent of any conflict. | Score 4 points for a resounding "yes" and 1/2/3 points if only for some classes of information or for some exceptions. If the state secrets law is not trumped by the RTI law max score is 2 points. | 4 | NO | 0 | 7.1(9) The following information should be considered as protected, and should not be disclosed: Information and the like, which are protected, confidential or personal under another law, or require certain legal action to be accessed or obtained. | All secrecy laws trump the Regulation. |
4. Exceptions & Refusal |
29 | The exceptions to the right of access are consistent with international standards. Permissible exceptions are: national security; international relations; public health and safety; the prevention, investigation and prosecution of legal wrongs; privacy; legitimate commercial and other economic interests; management of the economy; fair administration of justice and legal advice privilege; conservation of the environment; and legitimate policy making and other operations of public authorities. | Score 10 points and then deduct 1 point for each exception which either (a) falls outside of this list and/or (b) is more broadly framed | 10 | Partially | 6 | 7.1 The following information should be considered as protected, and should not be disclosed: 1. Information that, if disclosed, may harm the Kingdom of Saudi Arabia's national security, policies, interests or rights; 2. Military and security information; 3. Documents and information obtained in agreement with another state and classified as protected; 4. Inquiries, investigations, checks, inspections and monitoring in respect of a crime or violation; 5. Information that include recommendations, suggestions or consultations for issuing governmental legislation or decision not issued yet; 6. Commercial, industrial, financial or economic information that, if disclosed, may result in gaining profits or avoiding losses in an illegitimate manner; 7. Scientific or technological searches or rights included intellectual property right that, if disclosed, may result in infringement of incorporeal right; 8. Tender and bidding Information that, if disclosed, may give rise to violation of fair competition; 9. Information and the like, which are protected, confidential or personal under another law, or require certain legal action to be accessed or obtained. 7.4(2) The public entity shall establish an organizational unit linked to the data management offices that have been established across public entities under the Royal Decree No. 59766 dated 20/11/1439 AH, and shall assign them the responsibility to develop, document and monitor the implementation of policies and procedures approved by the top management across these entities and related to the right to access public information. The functions and responsibilities of that unit shall include development of appropriate standards to determine levels of data classification in case of their absence – according to the Data Classification Interim Regulations – and using them as a main reference while processing requests for access to public information. 7.6 Seventh The public entities shall have the right to set additional rules for handling requests related to specific types of public information according to their nature and sensitivity after coordination with NDMO. | The exception for information that requires "legal action" to be accessed or obtained is illegitimate. The exceptions for information that may harm the interests/rights of Saudi Arabia and "scientific or technological searches" are too broad. Furthermore, 7.4(2) appears to suggest that each public entity's dedicated units for handling RTI can develop data classification standards and rely on those to ascertain whether acess requests can be granted, which would be another illegitimate exception. |
4. Exceptions & Refusal |
30 | A harm test applies to all exceptions, so that it is only where disclosure poses a risk of actual harm to a protected interest that it may be refused. | Score 4 points and then deduct 1 point for each exception which is not subject to the harm test | 4 | Partially | 1 | 7.1 The following information should be considered as protected, and should not be disclosed: 1. Information that, if disclosed, may harm the Kingdom of Saudi Arabia's national security, policies, interests or rights; 2. Military and security information; 3. Documents and information obtained in agreement with another state and classified as protected; 4. Inquiries, investigations, checks, inspections and monitoring in respect of a crime or violation; 5. Information that include recommendations, suggestions or consultations for issuing governmental legislation or decision not issued yet; 6. Commercial, industrial, financial or economic information that, if disclosed, may result in gaining profits or avoiding losses in an illegitimate manner; 7. Scientific or technological searches or rights included intellectual property right that, if disclosed, may result in infringement of incorporeal right; 8. Tender and bidding Information that, if disclosed, may give rise to violation of fair competition; 9. Information and the like, which are protected, confidential or personal under another law, or require certain legal action to be accessed or obtained. | Military and security information; inquiries, investigations, checks, inspections and monitoring in respect of a crime or violation; and protected information obtained in agreement with another state not harm-tested. Information about yet-issued governmental legislation and decisions not issued is borderline, since it may be self-evidently harmful to release such information in many cases (1 point nonetheless given as many exceptions are harm-tested). |
4. Exceptions & Refusal |
31 | There is a mandatory public interest override so that information must be disclosed where this is in the overall public interest, even if this may harm a protected interest. There are ‘hard’ overrides (which apply absolutely), for example for information about human rights, corruption or crimes against humanity. | Consider whether the override is subject to overarching limitations, whether it applies to only some exceptions, and whether it is mandatory. | 4 | NO | 0 | N/A | Not mentioned. |
4. Exceptions & Refusal |
32 | Information must be released as soon as an exception ceases to apply (for example, after a contract tender process decision has been taken). The law contains a clause stating that exceptions to protect public interests do not apply to information which is over 20 years old. | Score 1 point for each | 2 | NO | 0 | N/A | Not mentioned. |
4. Exceptions & Refusal |
33 | Clear and appropriate procedures are in place for consulting with third parties who provided information which is the subject of a request on a confidential basis. Public authorities shall take into account any objections by third parties when considering requests for information, but third parties do not have veto power over the release of information. | Score: 1 point for consultation, 1 further point if original time frames must be respected and the law allows for expedited appeals. | 2 | NO | 0 | N/A | Not mentioned. |
4. Exceptions & Refusal |
34 | There is a severability clause so that where only part of a record is covered by an exception the remainder must be disclosed. | Score 1 point if yes but sometimes can be refused (eg: if deletions render meaningless the document) and 2 points if partial access must always be granted | 2 | NO | 0 | N/A | Not mentioned. |
4. Exceptions & Refusal |
35 | When refusing to provide access to information, public authorities must a) state the exact legal grounds and reason(s) for the refusal and b) inform the applicant of the relevant appeals procedures. | Score Y/N: 1 point for a and 1 point for b | 2 | YES | 2 | 7.2 Principle Two Any restrictions on requesting access or obtaining protected information received, produced, or managed by public entities must be justified in a clear and explicit manner.7.3 Second The right to be informed about the reason for the denial of the request for access to information. 7.4(9) The public entity shall notify the applicant - in an appropriate manner - in the event the request is rejected in whole or part, explaining the reasons for the denial and the right to appeal and how to exercise this right within a period not exceeding (15) days after the making the decision. The main steps for the request to access public information: (page 46 - 47) Second: 2. Denial: If the public entity denies a request to access to or obtain information, rejection decision should be communicated in writing or electronically and should include the following information: o Whether the request is denied, in whole or in part; o A concise statement for the basis of denial, if applicable; o Notice of a right to appeal such denial, including notice as to the time and manner in which any appeal must be taken. | |
5. Appeals |
36 | The law offers an internal appeal which is simple, free of charge and completed within clear timelines (20 working days or less). | Score 2 points if the internal appeal fulfills these criteria, 1 point if an appeal is offered that does not fulfill this criteria, 0 for no internal appeals. | 2 | NO | 0 | The main steps for the request to access public information (pp. 46 - 47) Third: In the event the applicant wants to appeal a denial by a public entity, they could submit a written or electronic notice of appeal to the public entity's Office within a specific period of time, not exceeding ten (10) working days after receiving the decision of the public entity. The Board of Grievances within the entity's office, shall review the application, make the appropriate decision and notify the applicant of the related fees – it is retrieved if the Board approves the request – and the appeal decision. | The Board of Grievances is the Kingdom of Saudi Arabia's system of courts that handle administrative disputes. The wording is a little vague here, possibly due to translation issues - the reference to the Board of Grievances "within the [public] entity's Office" sounds a little like an internal appeal, but it is likelier that this is simply a judicial appeal given the specific "Board of Grievances" terminology. Thus, no points awarded for this indicator since there does not appear to be an internal appeal (only a judicial one). |
5. Appeals |
37 | Requesters have the right to lodge an (external) appeal with an independent administrative oversight body (e.g. an information commission or ombudsman). | 1 for partial, 2 for yes | 2 | NO | 0 | N/A | The centralised data protection authority, the National Data Management Office (NDMO), has competence over RTI. But it is primarily a standard-setting/promotional/coordinating body with respect to reactive disclosure; it does not appear to serve any oversight function over public entities' reactive disclosure decisions, although it does appear to serve some oversight function with respect to open data obligations (see s. 8.6). |
5. Appeals |
38 | The member(s) of the oversight body are appointed in a manner that is protected against political interference and have security of tenure so that they are protected against arbitrary dismissal (procedurally/substantively) once appointed. | Score: 1 point for appointment procedure, 1 point for security of tenure | 2 | NO | 0 | N/A | Not mentioned. |
5. Appeals |
39 | The oversight body reports to and has its budget approved by the parliament, or other effective mechanisms are in place to protect its financial independence. | Score 1 point for reports to parliament, 1 point for budget approved by parliament | 2 | NO | 0 | N/A | Not mentioned. |
5. Appeals |
40 | There are prohibitions on individuals with strong political connections from being appointed to this body and requirements of professional expertise. | Score 1 point for not politically connected, 1 point for professional expertise | 2 | NO | 0 | N/A | Not mentioned. |
5. Appeals |
41 | The independent oversight body has the necessary mandate and power to perform its functions, including to review classified documents and inspect the premises of public bodies. | Score 1 point for reviewing classified documents, 1 point for inspection powers | 2 | NO | 0 | N/A | Not mentioned. |
5. Appeals |
42 | The decisions of the independent oversight body are binding. | Score N=0, Y=2 points | 2 | NO | 0 | N/A | Not mentioned. |
5. Appeals |
43 | In deciding an appeal, the independent oversight body has the power to order appropriate remedies for the requester, including the declassification of information. | 1 for partial, 2 for fully | 2 | NO | 0 | N/A | Not mentioned. |
5. Appeals |
44 | Requesters have the right to lodge a judicial appeal. | 1 for partially, 2 for fully. | 2 | YES | 2 | The main steps for the request to access public information (pp. 46 - 47) Third: In the event the applicant wants to appeal a denial by a public entity, they could submit a written or electronic notice of appeal to the public entity's Office within a specific period of time, not exceeding ten (10) working days after receiving the decision of the public entity. The Board of Grievances within the entity's office, shall review the application, make the appropriate decision and notify the applicant of the related fees – it is retrieved if the Board approves the request – and the appeal decision. | The Board of Grievances is the Kingdom of Saudi Arabia's system of courts that handle administrative disputes. The wording is a little vague here, potentially due to translation issues - the reference to the Board of Grievances "within the [public] entity's Office" sounds a little like an internal appeal, but it is likelier that this is a judicial appeal. |
5. Appeals |
45 | Appeals to the oversight body (where applicable, or to the judiciary if no such body exists) are free of charge and do not require legal assistance. | 1 for free, 1 for no lawyer required. | 2 | NO | 0 | The main steps for the request to access public information (pp. 46 - 47) Third: In the event the applicant wants to appeal a denial by a public entity, they could submit a written or electronic notice of appeal to the public entity's Office within a specific period of time, not exceeding ten (10) working days after receiving the decision of the public entity. The Board of Grievances within the entity's office, shall review the application, make the appropriate decision and notify the applicant of the related fees – it is retrieved if the Board approves the request – and the appeal decision. | Some fees are mentioned, although it is not clear what these pertain to since the fees do not apply if the Board of Grievances "approves the request". While the text does not refer to the need for a lawyer, it is likely that one is needed, since the Board of Grievances is a judicial body. |
5. Appeals |
46 | The grounds for an external appeal are broad (including not only refusals to provide information but also refusals to provide information in the form requested, administrative silence and other breach of timelines, charging excessive fees, etc.). | Score 1 point for appealing refusals, additional points for appealing other violations. | 4 | Partially | 1 | The main steps for the request to access public information (pp. 46 - 47) Third: In the event the applicant wants to appeal a denial by a public entity, they could submit a written or electronic notice of appeal to the public entity's Office within a specific period of time, not exceeding ten (10) working days after receiving the decision of the public entity. The Board of Grievances within the entity's office, shall review the application, make the appropriate decision and notify the applicant of the related fees – it is retrieved if the Board approves the request – and the appeal decision. | Only refusals appear to be appealable. |
5. Appeals |
47 | Clear procedures, including timelines, are in place for dealing with external appeals. | Score 1 point for clear procedures, 1 point for timelines. | 2 | Partially | 1 | The main steps for the request to access public information (pp. 46 - 47) Third: In the event the applicant wants to appeal a denial by a public entity, they could submit a written or electronic notice of appeal to the public entity's Office within a specific period of time, not exceeding ten (10) working days after receiving the decision of the public entity. The Board of Grievances within the entity's office, shall review the application, make the appropriate decision and notify the applicant of the related fees – it is retrieved if the Board approves the request – and the appeal decision. | Clear procedures are in place for appeals (Figure 4 on page 46 also provides a useful flowchart to illustrate the procedure). Neither the Regulation nor the procedural rules for the Board of Grievances (https://www.saudiembassy.net/board-grievances-procedural-rules) mention timelines for dealing with appeals. |
5. Appeals |
48 | In the appeal process, the government bears the burden of demonstrating that it did not operate in breach of the rules. | Score Y/N and award 2 points for yes. | 2 | NO | 0 | N/A | Not mentioned. |
5. Appeals |
49 | The external appellate body has the power to impose appropriate structural measures on the public authority (e.g. to conduct more training or to engage in better records management) | 1 for partial, 2 for fully. | 2 | NO | 0 | N/A | Not mentioned. |
6. Sanctions & Protections |
50 | Sanctions may be imposed on those who wilfully act to undermine the right to information, including through the unauthorised destruction of information. | Score 1 point for sanctions for underming right, 1 point for destruction of documents | 2 | NO | 0 | N/A | Not mentioned. |
6. Sanctions & Protections |
51 | There is a system for redressing the problem of public authorities which systematically fail to disclose information or underperform (either through imposing sanctions on them or requiring remedial actions of them). | Score 1 point for either remedial action or sanctions, 2 points for both | 2 | Partially | 1 | 7.4(11) The public entity shall be responsible for monitoring compliance periodically with the Freedom of Information Interim Regulation and presenting the results to the head of the entity (or the delegate). The corrective procedures should be determined in case of non-compliance and the Regulatory Authority and NDMO should be notified accordingly. | Not mentioned. |
6. Sanctions & Protections |
52 | The independent oversight body and its staff are granted legal immunity for acts undertaken in good faith in the exercise or performance of any power, duty or function under the RTI Law. Others are granted similar immunity for the good faith release of information pursuant to the RTI Law. | Score 1 for oversight body, 1 for immunity for others | 2 | NO | 0 | N/A | Not mentioned. |
6. Sanctions & Protections |
53 | There are legal protections against imposing sanctions on those who, in good faith, release information which discloses wrongdoing (i.e. whistleblowers). | Score 2 for strong protections, 1 for moderate protections | 2 | Partially | 1 | N/A | While the Kingdom of Saudi Arabia has no unified whistleblower law, it does have an Oversight and Anti-Corruption Authority (Nazaha), and in May 2018 the King issued Royal Decree No. 41043 (https://www.spa.gov.sa/1759818) that protects whistleblowers from "violations of their privileges or rights" for reporting corruption. This is worth at least 1 point. |
7. Promotional Measures |
54 | Public authorities are required to appoint officials (information officers) or units with dedicated responsibilities for ensuring that they comply with their information disclosure obligations. | Score Y/N, Y=2 points | 2 | YES | 2 | 7.4(2) The public entity shall establish an organizational unit linked to the data management offices that have been established across public entities under the Royal Decree No. 59766 dated 20/11/1439 AH, and shall assign them the responsibility to develop, document and monitor the implementation of policies and procedures approved by the top management across these entities and related to the right to access public information. The functions and responsibilities of that unit shall include development of appropriate standards to determine levels of data classification in case of their absence – according to the Data Classification Interim Regulations – and using them as a main reference while processing requests for access to public information. | |
7. Promotional Measures |
55 | A central body, such as an information commission(er) or government department, is given overall responsibility for promoting the right to information. | Score Y/N, Y=2 points | 2 | Partially | 1 | 1. From this standpoint, the National Data Management Office (NDMO), as the national regulator of data in the Kingdom, has developed the framework for national data governance to set the policies and regulations required for data classification, data sharing, data privacy, Freedom of Information, open data and others in anticipation of necessary legislation. National Data Management and Personal Data Protection Standards Specifications (https://sdaia.gov.sa/ndmo/Files/PoliciesEn001.pdf) FOI.2.1 The Entity shall launch awareness campaigns to promote and enhance the culture of transparency and to raise awareness of the National Data Management Office's Freedom of Information Regulations and right to access Public Information. The awareness campaigns shall include, at minimum, the following: 1. Raising awareness across the employees involved in the processing of FOI Access Requests to understand the main obligations and requirements of National Data Management Office's Freedom of Information Regulations 2. Raising awareness of the Freedom of Information Principles and their applicability on Saudi citizens' rights. | The central NDMO has standard-setting and policy-making competence; it has created policies that include promotional aspects, although the NDMO has largely delegated that responsibility to the individual public entities. Worth 1 point here. |
7. Promotional Measures |
56 | Public awareness-raising efforts (e.g. producing a guide for the public or introducing RTI awareness into schools) are required to be undertaken by law. | Score Y/N, Y=2 points | 2 | YES | 2 | 7.4(10) The public entity shall launch awareness programs to promote and enhance the culture of transparency and raise awareness of the Freedom of Information policies and procedures approved by the top management of the entity. National Data Management and Personal Data Protection Standards Specifications (https://sdaia.gov.sa/ndmo/Files/PoliciesEn001.pdf) FOI.2.1 The Entity shall launch awareness campaigns to promote and enhance the culture of transparency and to raise awareness of the National Data Management Office's Freedom of Information Regulations and right to access Public Information. The awareness campaigns shall include, at minimum, the following: 1. Raising awareness across the employees involved in the processing of FOI Access Requests to understand the main obligations and requirements of National Data Management Office's Freedom of Information Regulations 2. Raising awareness of the Freedom of Information Principles and their applicability on Saudi citizens' rights. | |
7. Promotional Measures |
57 | A system is in place whereby minimum standards regarding the management of records are set and applied. | Score Y/N, Y=2 points | 2 | YES | 2 | 7.4(7) The public entity shall prepare and document policies and procedures for proper records keeping and disposing of it in accordance with the relevant national laws and regulations. Also see the National Data Management and Personal Data Protection Standards Specifications (https://sdaia.gov.sa/ndmo/Files/PoliciesEn001.pdf) generally, which are more detailed. | |
7. Promotional Measures |
58 | Public authorities are required to create and update lists or registers of the documents in their possession, and to make these public. | Score Y/N, Y=2 points | 2 | NO | 0 | N/A | Not mentioned in the minimum list of information that must be published by public entities in FOI.3.3 of the National Data Management and Personal Data Protection Standards Specifications (https://sdaia.gov.sa/ndmo/Files/PoliciesEn001.pdf) or generally. |
7. Promotional Measures |
59 | Training programs for officials are required to be put in place. | Score Y/N, Y=2 points | 2 | Partially | 1 | National Data Management and Personal Data Protection Standards Specifications (https://sdaia.gov.sa/ndmo/Files/PoliciesEn001.pdf) FOI.2.1 The Entity shall launch awareness campaigns to promote and enhance the culture of transparency and to raise awareness of the National Data Management Office's Freedom of Information Regulations and right to access Public Information. The awareness campaigns shall include, at minimum, the following: 1. Raising awareness across the employees involved in the processing of FOI Access Requests to understand the main obligations and requirements of National Data Management Office's Freedom of Information Regulations | Raising awareness regarding the main obligations and requirements of the Regulation amongst employees involved in the processing of requests is worth one point. |
7. Promotional Measures |
60 | Public authorities are required to report annually on the actions they have taken to implement their disclosure obligations. This includes statistics on requests received and how they were dealt with. | Score Y/N, Y=2 points | 2 | YES | 2 | 7.4(11) The public entity shall be responsible for monitoring compliance periodically with Freedom of Information Interim Regulation and presenting the results to the head of the entity (or the delegate). The corrective procedures should be determined in case of non-compliance and the Regulatory Authority and NDMO should be notified accordingly. The National Data Management and Personal Data Protection Standards Specifications (https://sdaia.gov.sa/ndmo/Files/PoliciesEn001.pdf) FOI.4.1 The Entity shall document in a register compliance records as required by the National Data Management Office's Freedom of Information Regulations. The register shall include, at minimum, the following: 1. Information on the current Open Data and Information Access Officer 2. Public Information Access Requests Records 3. Public Entity Publication 4. Any other records, including the manner and format, that is required by the National Data Management Office's Freedom of Information Regulation. Refer to the National Data Management Office's Freedom of Information Regulations for more detailed requirements. | |
7. Promotional Measures |
61 | A central body, such as an information commission(er) or government department, has an obligation to present a consolidated report to the legislature on implementation of the law. | Score Y/N, Y=2 points | 2 | NO | 0 | N/A | Not mentioned. |
