Skip to main content

Whatsapp’s Unpacked: Learnings for the Public Sector from the UK Covid Inquiry

Whatsapp’s Unpacked: Learnings for the Public Sector from the UK Covid Inquiry
How the government's communication during the pandemic is being exposed and what public sector bodies should be considering. 

This is the first in a series of articles on Whatsapp's Unpacked; exploring how the messaging app is playing a central role in the UK and Scottish Covid Inquiries and what implications it has for organisations across the different sectors. In this article, we focus on the public sector and how Whatsapp messages could be subject to freedom of information requests, which could expose the inner workings of the public sector as is unfolding with the UK and Scottish Government’s handling of the pandemic. 

What has happened so far?

Over the course of 2023, the UK and Scottish Government has had to hand over correspondence, notes and messages from the period which critical decisions were made about how to handle the Covid pandemic. Under the UK Covid Inquiry, established by the Inquiry Act 2005, the chair has a power to request all information that it sees relevant to the scope of the Inquiry. A controversial figure in the UK Covid Inquiry was Boris Johnson who initially refused to hand over his Whatsapp messages to the Inquiry. Johnson claimed that his messages were protected by the principle of confidentiality and that disclosing them would undermine the trust and candour between him and his advisers. The Government also argued that his messages were not relevant to the Inquiry as they do not reflect official government policy or decisions. The Government went to great lengths to defend this position but ultimately were required to hand over all correspondence after losing a legal challenge in the High Court. The Inquiry exposed the inner conversations of Johnson and the Government during key decisions when he was called to give evidence at the Inquiry and revealed an arguably chaotic and unsympathetic side to what happened during the pandemic. 

The role which the instant messaging platform played in the management of this pandemic was further exposed in Scotland. Despite a commitment by Nicola Sturgeon and the Scottish Government at the launch of the Scottish Covid Inquiry to provide all information, including private messages, it was revealed in January this year that senior figures across the Scottish Government were told to delete their messages. This means that revelations that have been devised from Johnson’s governments messages will not be probable in the same way for the Scottish Covid Inquiry and questions whether such actions have been deceptive are undermining the Inquiry. 

What has emerged from all of this is that the Inquiries powers are far reaching and places public sectors under extensive scrutiny, even where it is through private messaging platforms. Several senior figures in the UK establishment have been brought into disrepute as a result.

Why does this matter?

The use of Whatsapp messages by the governments during the pandemic raises several important questions about transparency, accountability and the public interest. Whatsapp is an encrypted instant messaging app that allows users to send text, voice, video and document messages to individuals or groups. It also has a feature that allows users to delete messages for everyone within a certain time frame, or to set messages to disappear after a period of time. All of these appear to be well used features by the governments and may be consistent across the public sector.

While Whatsapp may offer convenience and security for personal communication, it poses significant challenges for official communication by public authorities. The power of inquiries under the Inquiry Act 2005 is just one example however freedom of information requests can be far more wide-reaching for any public authority, which includes central and local government, NHS bodies, police forces, schools, universities, colleges and other public bodies designated by the Scottish Ministers.

Freedom of Information (Scotland) Act 2002 

The Act gives anyone the right to access information held by public authorities, unless it is exempt under an applicable exemption such as national security, personal data, commercial or confidential. The Act aims to promote openness and transparency in the public sector, and to enable the public to hold public authorities accountable for their actions and decisions.

Under the Act, authorities are obliged to respond to requests for information within 20 working days, and to provide the information requested, or explain why it is withheld. If the requester is not satisfied with the response, they can seek a review, failing which they can appeal to the Scottish Information Commissioner's (SIC), which is an independent watchdog that enforces the Act and can impose sanctions on public authorities that fail to comply.

One of the implications of the Act is that public authorities may have to disclose Whatsapp messages that relate to their official functions, if they are requested by the public. This means that Whatsapp messages that contain information about policies, plans, contracts, meetings, consultations, or any other matters of public interest may be subject to the Act, and public authorities must have systems in place to preserve and retrieve such messages. This is even the case where the Whatsapp messages are on a private device.  However, the Act also recognises that some information may be too sensitive or confidential to be disclosed and provides various exemptions that public authorities can apply to withhold information, such as for national security, legal privilege, personal data or policy formulation. Therefore, the Act does not automatically require public authorities to reveal all Whatsapp messages, but public bodies (and staff) should be aware that it is possible they may have to disclose them and any notion that use of such messaging platforms would not be caught by an FOI request is pure myth. 

Impact on the Public Sector

The use of Whatsapp by public authorities poses several challenges for complying with the Act, as well as for ensuring the integrity and accountability of their communications.  While most staff in public bodies are well aware of FOI now, it seems from the Covid Inquiry press coverage that staff may be under the impression that their Whatsapp messages are private to those in the group.  This belief and the fact that the nature of instant messaging platforms encourages concise informal language, the content of these messages may not align with the professional tone staff may naturally adopt when using email or more formal methods of communications. 

Public authorities need to be aware that Whatsapp messages written by staff during or related to their employment can be caught by FOI Requests, including where those are held on private phones and adopt good practices for managing Whatsapp messages that may contain official information. 

Some of these practices include:

  • Establishing clear policies and guidelines for the use of Whatsapp and other instant messaging apps, such as when it is appropriate or not to use it, what types of information can or cannot be communicated via Whatsapp, and how to handle requests for Whatsapp messages. 
  • Informing staff of their responsibilities and duties under the Act and providing training and support for them to understand and follow the policies and guidelines.
  • Applying appropriate retention policies to any private messaging platforms used by your organisation. 
  • Avoid making any business decisions via instant messaging apps and ensure such decisions are properly recorded in business systems. 
  • Responding to requests in a timely and professional manner, and applying the exemptions under the Act where necessary, while explaining the reasons for withholding information. Do not delete data as a result of receiving a requests and seek advice for how to manage requests appropriately. 

Thorntons’ Data Protection Team support several public sector obligations in meeting their obligations under the freedom of information regime and are on hand to provide tailored advice. Call us on 03330 430350.

About the authors

Morgan O'Neill
Morgan O'Neill

Morgan O'Neill

Director, Data Protection Services

Data Protection & GDPR

Lewis Quinn
Lewis Quinn

Lewis Quinn

Solicitor & Legal Technologist

Corporate & Commercial

For more information, contact Morgan O'Neill or any member of the Data Protection & GDPR team on +44 131 624 6854.