This section highlights the rights to information policy in the Kingdom of Saudi Arabia related to confidential public information. Here, you will gain insight into eligibility of requesting information and the rights of individuals to obtain information based on five conditions, while also understanding which information can be requested and which information is excluded. Additionally, this section offers the official steps and procedures for requesting access to information and the platform on which you may apply, while also providing contact information of the relevant entities to contact for any inquires on freedom of information policy.
Freedom of information
It is the unprotected or confidential public information that the platform processes regardless of its source, form, or nature - open data falls under public information. The process of providing individuals with public data for a fee is called "freedom of information," or as it is known, a "right to information policy."
Freedom of Information Regulation
The Freedom of Information Interim Regulations sets the legal basis for the rights of Individuals to access public sector information and obligations of public entities for all requests coming from any individual to access or obtain public information – unprotected – produced or held by public entities, regardless of the source, form or nature. This includes paper records, emails, information stored on computers, audio or video cassettes, microfiche, maps, photographs, handwritten notes or any other form of recorded information. The Regulation also defines the roles and responsibilities of the Saudi Data and Artificial Intelligence Authority (SDAIA) and its sub-entities, as well as the obligations of the National Data Management Office (NDMO), National Information Center (NIC).
Who can request the information?
Every individual has the right to submit a request and know information related to the platform's activities and has the right to view public information - unprotected - in exchange for a financial fee. The applicant doesn't need to have a certain quality or interest in this information to obtain it, nor will it not expose the person to any legal accountability related to this right, which strengthens the system of integrity, transparency, and accountability.
Individuals' rights to obtain information
- The individual has the right to submit a request to obtain or access any information not protected by public authorities.
- The individual has the right to know the reason for the rejection of the request for access or to see the requested information.
- The individual has the right to file a grievance against the decision to reject the request to obtain or access the requested information.
- That all requests to access or obtain public information are dealt with based on equality and non-discrimination between individuals.
- Any restrictions on requesting access to protected information that you receive, produce or deal with the platform should be justified clearly and explicitly.
What information can be requested, and what information is excluded?
The policy applies to all requests to access "unprotected and open data" information, regardless of its source, form, or nature, to improve the performance and efficiency of work and benefit from the data.
As for the excluded information to which the provisions of this policy do not apply is "protected information" such as:
- Information that the disclosure of harms the state's national security, policy, interests, or rights.
- Information that includes recommendations, suggestions, or consultations for the issuance of legislation or government decision has not yet been issued.
- Information of a commercial, industrial, financial or economic nature, the disclosure of which would lead to profit achievement or encounter loss in an illegal manner.
- Scientific or technical research, or rights that contain an intellectual property right whose disclosure leads to an infringement of a moral right.
- Information related to bids, bids and auctions, the disclosure of which would prejudice competition's fairness.
- Information confidential or personal under another system requires specific legal procedures to access or obtain it.
- Military and security information.
- Information and documents obtained by an agreement with another country and classified as protected.
- Investigations, investigations, seizures, inspections, and surveillance related to a crime, violation, or threat.
Steps and procedures for requesting access to information
- You can apply here..
- The platform shall, within a specified period (30 days) from receiving the request to view or obtain public information, take one of the following decisions:
Consent: If the request to access or obtain information is approved in whole or in part, the individual must be notified electronically of the applicable fees, and the platform must make this information available to the individual within a period not exceeding (10) working days.
Rejection: If the request to access or obtain information is rejected, the disclaimer must be electronic, provided that it includes the following information:
- Determine whether the application was denied in whole or in part
- Reasons for rejection, if possible
- The right to complain about this refusal and how to exercise this right.
Extension: If the request for access to information cannot be processed in the specified time, the platform extends the period in which the response will be made with a reasonable period depending on the size and nature of the required information and provides the individual with the following information:
- Notice of extension and the date on which the application is expected to be completed
- Reasons for delay
Notice: If the requested information is available on the platform's website or is not within its jurisdiction, the individual must be notified of this in writing or electronically, provided that it includes the following information:
For example, the type of notification is the required data on the platform's website or not within its jurisdiction.
If you have any questions about our freedom of information policy , or to request assistance or to file a complaint, please contact us at:
- Phone: 199099
- Text messages: 1990099
- Fax: 00966-11-434-6654
- Email: email@example.com
- Questionnaire: the form of contact
- Working hours: 24/7 around the clock
- Expected response time: 24 hours
- For inquiries: call 199099
Obligations of public entities
1. The public entity is responsible for preparing and implementing policies and procedures related to exercising the right to access or obtaining public information. The entity's primary office is responsible for accepting and approving it.
2. That the public entity establish an administrative unit to be linked to the data management offices in government agencies that were established according to the Royal Decree No. 59766 dated 11/20/1439 AH and assigns it the responsibility to develop, document and monitor the implementation of the policies and procedures approved by the entity's senior management related to the right to access The information, provided that the tasks and responsibilities of the unit include setting appropriate standards for determining the levels of data classification in the absence of them - in accordance with the data classification policy - and using them as a main reference when processing requests to access or obtain public information.
3. The public entity identifies and provides the possible means (public information request forms) - whether it is a paper or electronic form - through which an individual can request access to or access public information.
4. The public authority verifies individuals' identity before granting them the right to view or obtain public information by the controls approved by the National Cybersecurity Authority and the relevant authorities.
5. The entity sets the necessary criteria for determining the fees involved in processing requests to access or obtain public information. This precise is based on the nature and size of the data, the effort exerted, and the time spent. According to the data monetization policy, public documents record the requests of access or obtain information and decisions regarding these requests. So, these records are reviewed to address cases of abuse or non-response.
6. The public entity prepares and documents the policies and procedures for maintaining and disposing of records of requests according to the laws and legislation related to the entity's business and activities.
7. The public agency prepares and documents the necessary procedures to manage, process, and document extension requests. However, rejected requests define tasks and responsibilities related to the relevant work team in cases where the regulatory authority and the office are notified. This case is according to the administrative hierarchy according to the period specified for processing the requests.
8. The public authority can notify the individual - in an appropriate manner - if the request is rejected. Whether in whole or in part, the explanation of the reasons for rejection should be clear. So, the requester has the right to complain and exercise his rights within a period not exceeding (15) days after the decision is made.
9. The public entity prepares awareness programs to promote a culture of transparency and raise awareness by the freedom of information policies and procedures approved by the entity's senior management.
10. The public entity is responsible for monitoring compliance with freedom of information policies and procedures periodically, and it is presented to the entity's first official or whoever he authorizes. Corrective actions that will be taken in the event of non-compliance are determined and documented, and the regulatory authority and office are notified according to the administrative hierarchy.
First: The unified national platform is responsible for aligning this policy with its organizational documents - policies and procedures - and disseminating them to all its affiliates or associated entities to achieve integration and ensure the achievement of the desired goal of its preparation.
Second: The unified national platform must balance the right to obtain or access information with other requirements such as achieving national security and maintaining personal data privacy.
Third: The unified national platform must comply with this policy and periodically document compliance by these authorities' mechanisms and procedures after coordination.
Fourth: The regulatory authorities - after coordination with the office - prepare the mechanisms, procedures, and controls related to handling complaints according to a specific time frame and according to the organizational hierarchy.
Fifth: The unified national platform must notify the office if the request to obtain access, access to public information, or extend the period specified for providing this information is rejected, which is within the scope.
Sixth: The unified national platform, when contracting with other bodies - such as companies that conduct public services - must periodically verify the compliance of other entities with this policy by the mechanisms and procedures specified by the entity, provided that this includes any subsequent contracts made by other parties.
Seventh: The unified national platform has the right to set additional rules for handling requests related to specific types of public information according to their nature and sensitivity after coordination with the office.
Eighth: The unified national platform must prepare forms to obtain or view public information - whether paper or electronic - to specify the necessary information and possible means to provide the required information.