Bridgwood v Information Commissioner: Strengthening the Regulator’s “Safe Space”

17 December 2025

Kevin Bridgwood v The Information Commissioner & Equality and Human Rights Commission [2025] UKFTT 01530 (GRC)

The First-tier Tribunal has provided a robust endorsement of the “Neither Confirm Nor Deny” (NCND) principle in regulatory contexts, specifically regarding the “Mosaic Effect” and the risk of tipping off.

The Appellant sought information from the Equality and Human Rights Commission (EHRC) regarding its handling of his earlier complaint about a data breach involving the police and an NHS Trust. The EHRC refused to confirm or deny holding relevant information, relying on section 31(3) FOIA (law enforcement) .

Dismissing the appeal, the Tribunal held that confirming the existence of a file would effectively reveal whether regulatory action was “undertaken or in prospect”. The decision relied on three key principles:

Prejudice to Investigation: Confirmation could alert subjects to an investigation, potentially leading to the destruction of evidence—even if done innocently in the belief it was no longer needed .
The Mosaic Effect: The Tribunal accepted that consistency is vital. If a regulator only uses NCND selectively, motivated applicants could use a “process of elimination” to identify which organisations are subject to active scrutiny.
Purpose of FOIA: The Tribunal reiterated that FOIA is a right to know for the world at large, not a mechanism for individuals to receive “feedback for a particular complaint”.

This decision confirms that the “safe space” for regulators is broad. The Tribunal accepted that the prejudice test in s.31(3) extends beyond the immediate investigation to the systemic integrity of the regulator’s intelligence gathering. It serves as a reminder that a regulator’s silence is often a necessary tool of enforcement.