Freedom of Information

This section highlights the rights to information policy in Saudi Arabia related to confidential public information. Here, you will gain insight into the eligibility of requesting information and the rights of individuals to obtain information based on five conditions while also understanding which information can be requested and which information is excluded. Additionally, this section offers the official steps and procedures for requesting access to information and the platform on which you may apply while also providing contact information of the relevant entities to contact for any inquiries on the freedom of information policy.

Freedom of Information

It is the unprotected or confidential public information that the platform processes regardless of its source, form, or nature - open data fall under public information. The process of providing individuals with public data for a fee is called "freedom of information," or as it is known, a "right to information policy."

Freedom of Information Regulation

The Freedom of Information Interim Regulations sets the legal basis for the rights of individuals to access public sector information and obligations of public entities for all requests coming from any individual to access or obtain public information – unprotected – produced or held by public entities, regardless of the source, form or nature. This includes paper records, emails, information stored on computers, audio or video cassettes, microfiche, maps, photographs, handwritten notes, or any other recorded information. The Regulation also defines the roles and responsibilities of the Saudi Data and Artificial Intelligence Authority (SDAIA) and its sub-entities, as well as the obligations of the National Data Management Office (NDMO) and National Information Center (NIC).

Individuals’ Rights to Obtain Information

Who can request Information?

Every individual has the right to submit a request and know information related to the platform's activities and has the right to view public information - unprotected - in exchange for a financial fee. The applicant doesn't need to have a certain quality or interest in this information to obtain it, nor will it subject the person to any legal liability related to this right, which strengthens the system of integrity, transparency, and accountability. These rights include:

  • Right to submit a request to obtain or access any information not protected by public authorities
  • Right to know the reason for the rejection of the request for access or to see the requested information
  • Right to file a grievance against the decision to reject the request to obtain or access the requested information
  • All requests to access or obtain public information are dealt with based on equality and non-discrimination between individuals
  • Any restrictions on requesting access to protected information should be justified clearly and explicitly

What information can be requested?

The regulation applies to all requests to access "unprotected and open data" information, regardless of its source, form, or nature, to improve the performance and efficiency of work and benefit from the data. As for the excluded information to which the provisions of this policy do not apply is "protected information" such as:

  • Information that the disclosure harms the state's national security, policy, interests, or rights
  • Information that includes recommendations, suggestions, or consultations for the issuance of legislation or government decisions has not yet been issued
  • Information of a commercial, industrial, financial or economic nature, the disclosure of which would lead to profit achievement or encounter loss in an illegal manner
  • Scientific or technical research or rights that contain an intellectual property right whose disclosure leads to an infringement of a moral right
  • Information related to bids and auctions, the disclosure of which would prejudice competition's fairness
  • Information confidential or personal under another system requires specific legal procedures to access or obtain it
  • Military and security information
  • Information and documents obtained by an agreement with another country and classified as protected
  • Investigations, searches, seizures, inspections, and surveillance related to a crime, violation, or threat

Obligations of Public Entities

  • The public entity is responsible for preparing and implementing policies and procedures related to exercising the right to access or obtaining public information. The entity's primary office is responsible for accepting and approving it
  • The public entity establishes an administrative unit to be linked to the data management offices in government agencies that were established according to the Royal Decree No. 59766 dated 11/20/1439 AH and assigns it the responsibility to develop, document and monitor the implementation of the policies and procedures approved by the entity's senior management related to the right to access The information, provided that the tasks and responsibilities of the unit include setting appropriate standards for determining the levels of data classification in the absence of them - in accordance with the data classification policy - and using them as a main reference when processing requests to access or obtain public information
  • The public entity identifies and provides the possible means (public information request forms) - whether it is a paper or electronic form - through which an individual can request access to or access public information.
  • The public authority verifies individuals' identities before granting them the right to view or obtain public information through the controls approved by the National Cybersecurity Authority and the relevant authorities
  • The entity sets the necessary criteria for determining the fees involved in processing requests to access or obtain public information. This precision is based on the nature and size of the data, the effort exerted, and the time spent. According to the data monetization policy, public documents record the requests for access or obtain information and decisions regarding these requests. So, these records are reviewed to address cases of abuse or non-response
  • The public entity prepares and documents the policies and procedures for maintaining and disposing of records of requests according to the laws and legislation related to the entity's business and activities
  • The public agency prepares and documents the necessary procedures to manage, process, and document extension requests. However, rejected requests define tasks and responsibilities related to the relevant work team in cases where the regulatory authority and the office are notified. This case is according to the administrative hierarchy according to the period specified for processing the requests
  • If the request is denied, the public authority must notify the individual in a timely and appropriate manner. The explanation of the reasons for rejection, whether in whole or in part, should be clear. As a result, the requester gets the right to complain and exercise his rights within fifteen (15) days of the decision
  • The public entity prepares awareness programs to promote a culture of transparency and raise awareness through the freedom of information policies and procedures approved by the entity's senior management
  • The public entity is responsible for monitoring compliance with freedom of information policies and procedures periodically, and it is presented to the entity's first official or whoever he authorizes. Corrective actions that will be taken in the event of non-compliance are determined and documented, and the regulatory authority and office are notified according to the administrative hierarchy

Freedom of Information Controls and Standards

The National Data Management Office (NDMO) has adopted Freedom of Information Standards and Controls as part of the Data Management and Personal Data Protection Standards. The Freedom of Information domain comprises four controls and nine specifications. This domain focuses on providing Saudi citizens access to government information, portraying the process for accessing such information, and the appeal mechanism in the event of a dispute.

Freedom of Information Policy

The Freedom of Information Policy adopted by the National Data Management Office (NDMO) outlines the fundamentals and guiding principles of data freedom and applies to requests made by individuals to access or obtain unprotected public data generated by public entities.