In a recent speech on 25 January 2017, the Information Commissioner (IC), Elizabeth Denham, reaffirmed her interest in creating a positive, statutory “Duty to Document” on public authorities in response to the challenges presented by digital technology and social media.
The IC stated that technology had already surpassed the law when the Freedom of Information Act 2000 (FOIA) was brought into full force in 2005, and that we now live in a society “where most of us walk around with our digital workplace in our purses and pockets, [and] we all become our own records managers”. The perceived dangers of this to public decision making are that digital communications are deemed “impermanent and transitory” by public decision makers, and are not treated with the import of, say, physical documents for the purposes of data retention. Worse, and as the IC recounted from her experience as the former Information and Privacy Commissioner for British Columbia, digital communications are more susceptible to being suspiciously deleted, undeclared or not retained. The IC’s view is that:
“If important texts, emails, instant messaging and tweets aren’t retained, then there’s a greater risk of reliance on oral government …
Use of private email accounts and instant messaging to conduct government business can frustrate good governance and undermine the public’s right to know”.
The IC specified that her office considers that information held in WhatsApp accounts is subject to FOIA, for example, if that information relates to the official business of the public body. Given the often cherished “private” feel and functions of social media and instant messaging, this may be surprising to some but in fact follows well-established principles under FOIA (see Practice note, Freedom of information: When is information held?: Is information in private e-mail accounts and on personal mobile phones “held” under FOIA?). Section 3(2)(b) of FOIA provides that information is held by a public authority if it is “held by another person on behalf of the authority”, be that an employee, for example, or a contractor. As the ICO’s Guidance on Official information held in private email accounts (May 2016) states, information is “very likely” to be held on behalf of a public authority where:
- The information relates to the business of the public authority.
- The third party has a direct, formal connection with the public authority.
(at page 2. See also Practice note, Freedom of information: When is information held?).
By way of example, the First-tier Tribunal (Information Rights) held in King’s College, Cambridge v Information Commissioner and another (EA/2012/0049, EA 2012/0085) that the private email accounts of school governors could contain information held on behalf of a public authority under section 3(2)(b) of FOIA (see Legal update, Information held by volunteer governors was held “on behalf of” college (FTT(IR))). Every case will, of course, turn on its own circumstances but there is no reason why the same principle should not apply to information held in a text message or a WhatsApp, Twitter or Facebook account. Prior to the UK’s referendum on membership of the EU in June 2016, the IC recounted, it was reported that government ministers campaigning for the UK to remain in the EU used WhatsApp for strategic discussions “outside of official government channels”. As the IC stated, “it’s the message, not the medium that matters”.
Simply because information transmitted on social media may be deemed to be “held” under FOIA will not necessarily mean that it is disclosable: an FOIA exemption may yet apply to it and the information may be withheld. And cyber water cooler gossipers may have no reason to fear, however, as information which is unrelated to a public authority’s business will not be covered by FOIA (the ICO’s Awareness Guidance: When is information caught by the Freedom of Information Act?, at paragraph 9). It might, however, be worth them reviewing the Cabinet Office’s Guidance to departments on use of private emails in any event.
The IC envisages that decisions taken on, say, an instant messenger service should be accompanied by a subsequent, affirming record of the decision elsewhere. (It is assumed that users of self-deleting image services such as Snapchat will just have to be swift transcribers). She has recognised, in addition, that this may require organisations to install appropriate technology to organise and search existing digitally stored data and ensure that this is properly managed in future.
The IC’s plans to explore the implementation of a duty to document (or “d2d” as it has been referred to) were earlier put forward in December 2016 (see Legal update, Information Commissioner outlines issues with freedom of information law and proposes solutions). The challenge of the age of “decisions taken by text, by instant message [and] by email” may soon become one public authorities are required to rise to.