A new Cabinet Office policy has recently been published which provides guidance on the use of instant messaging technologies, such as WhatsApp, by government officials. The policy discourages the use of non-corporate communications channels (‘NCCCs’), particularly when these platforms are accessed on personal devices. The new policy is a welcome development in the regulation of ‘government by WhatsApp,’ and demonstrates better practice with respect to the public law duties which are applicable in this context, namely, the Public Records Act 1958, the Freedom of Information Act 2000 and the common law duty of candour.
It has become clear over the last few years that instant messaging technologies do play a key role in the way that government is conducted. Familiar examples include the use of WhatsApp to negotiate COVID contracts and the prorogation decision. The recent news coverage of Matt Hancock’s leaked WhatsApp messages demonstrates the extent to which important decisions have been, and continue to be, taken via these channels.
The widespread use of these platforms throughout the government prompted an investigation by the Information Commissioner’s Office in 2021 into the use of private correspondence channels by Ministers working at the Department of Health and Social Care. The findings of this investigation highlighted a lack of clear controls on the use of these technologies, with varying compliance with the Cabinet Office policy in place at the time. The previous policy encouraged the use of automatic deletion instant messaging technologies, although it cautioned government officials that in some circumstances a note may need to be taken of discussions taking place via these platforms in order to comply with record-keeping duties. The ICO report concluded that the absence of effective controls on governmental use of instant communication technology presented a risk to the effective handling of Freedom of Information Act requests, as well as to the integrity of the public record. The ICO, following the investigation, issued the DHSC with a Practice Recommendation under s.48 of the Freedom of Information Act.
The use of these technologies came under further scrutiny last year, when All the Citizens and the Good Law Project challenged the legality of the use of these technologies before the High Court on the basis that they were incompatible with the statutory duty imposed by s.3(1) of the Public Records Act 1958. The High Court ruled that the use of these technologies was not incompatible with the duty to maintain the public record. They held, at , that s.3(1) only imposes a duty “to make arrangements” for certain records to be selected for preservation and so is not a duty to preserve records as such. It was for this reason that the use of instant messaging technology with automatic deletion functionality did not place the government in breach of their record-keeping duties. Despite the ruling, the High Court emphasised, at , the importance of keeping a full public record to ensure governmental accountability and scrutiny. The findings of the High Court were upheld on appeal, and the Supreme Court have recently refused the Good Law Project permission to appeal further. The correctness of the ruling with regard to the ambit of the Public Records Act is contestable: the decisions seemingly rest on a narrow construction of the duties imposed (a more detailed view of the law is set out in For the record: self-deleting messages and compliance with public law duties).
The high-profile issues raised in both the litigation process and the ICO investigation appear to have catalysed government reform of the use of NCCCs. The new Cabinet Office policy replaces the previous policy which encouraged the use of automatic deletion instant messaging technologies by ministers. The new policy demonstrates a significant change in the Cabinet Office’s approach to this technology. The policy emphasises from the outset that “Government communications belong to the Crown and must be handled lawfully” . The policy takes a cautionary approach to the use of NCCCs and, in particular, advises government officials that “exceptional circumstances”  would be required to justify using an NCCC on a privately owned device when communicating significant government information. The new policy also appears to discourage officials from using automatic deletion functionality. At , the policy provides that “‘disappearing message’ functions have a role in limiting the build-up of messages on devices. You must ensure that any such use does not impact on your recordkeeping or transparency responsibilities.”
Importantly, the new policy appears to signal a greater degree of compliance with the public law frameworks which regulate record-keeping and disclosure. As Joe Tomlinson and I have written previously, there are three main public law frameworks which are engaged in this context: the Public Records Act 1958, the Freedom of Information Act 2000 and the common law duty of candour. In outline, messages sent via NCCCs may constitute public records under s.3 of the Public Records Act 1958, information held by a public authority for the purposes of the Freedom of Information Act 2000, and material that may be relevant to disclose in judicial review proceedings pursuant to the duty of candour. Where instant messages are not retained, for instance because automatic deletion functionality is enabled, these duties might not be complied with because the record has been irretrievably lost.
The new Cabinet Office policy is a significant step forward to governmental compliance with these duties. The policy directly addresses the duties imposed by both the Freedom of Information Act and the Public Records Act. It notes, at , that “any use of NCCCs for significant government business engages your recordkeeping responsibilities.” At , the policy details that “government information held on NCCCs could become the subject of an information access request… deletion or concealment of material relevant to an information request may be a criminal offence.” In so far as it highlights the relevance of these frameworks and provides guidance as to how these frameworks can be complied with, this policy is to be welcomed.
More could be done, however, to facilitate compliance with the public law duties which operate in this area. For instance, the policy does not go so far as to prohibit the use of automatic deletion functionality (‘disappearing messages’), which means that whether a message is retained or not in any particular case will be subject to the discretion of the governmental official in question. It is not always immediately obvious to those exchanging messages whether a message is important: full compliance with the aforementioned frameworks is contingent on the base information surviving. This will be at risk so long as automatic deletion is permissible. What is clear, however, is that the regulation of governmental use of NCCCs is moving in the right direction for compliance with these frameworks.
The author would like to thank Joe Tomlinson for his comments and suggestions.
Cassandra Somers-Joce is a Visiting Lecturer at King’s College London and a current MPhil (Law) candidate at the University of Oxford.
(Suggested citation: C. Somers-Joce, ‘Government by WhatsApp: Where are we now?’, U.K. Const. L. Blog (24th April 2023) (available at https://ukconstitutionallaw.org/))