Things for public servants to bear in mind when searching social media
I return to the subject of when searching online by public servants becomes more than routine
Article eight and ickiness
Many years ago I wrote a post about when searches on social media became “icky”. This was basically looking at the question of when public bodies might infringe the right to privacy of a citizen. In particular I highlighted what I saw as the risk of public servants stumbling into a space that turned out to be “icky’. When does searching for things online and generally monitoring the online environment become “surveillance”?
The sort of things in my mind included (and these are theoretical examples, not things I’ve necessarily come across in the real world):
- a social worker with concerns about a potentially vulnerable individual periodically searches for their name on social media to check for any evidence on whether they are ok
- a customer services officer receiving a number of reports of street scene problems from the same account becomes curious and searches using that user name to build a fuller picture of that person
- a communications officer seeking to understand more about a local group campaigning against a council policy runs a regular search for the group’s name and the names of some of the prominent campaigners
I am not a lawyer
As I have no legal training or qualifications I wasn’t trying to give anyone advice, just point at what looked to me like a problem. Or to point at an area so fuzzy it was difficult to see whether there was a problem. I wrote it. A few people read it. I moved on.
Until yesterday I stumbled across this Opinion from the Court of Session. It was shared on Twitter by Andrew Tickell. It discusses some interesting issues about when people might have a reasonable expectations of privacy (in this case within a WhatsApp group) and it prompted me to dust off the old blog and see if it was worth updating.
And it seems it is.
This post is for you (if you imagine it is not)
There are some people in public services who probably recognise that they engage, from time to time, in surveillance (Trading Standards Officers, Police Officers, Environmental Health Officers). This post is not for them. I choose to imagine they know what they are doing, or if they don’t they need to listen to people who do. This post is for the people who search social media but don’t imagine that they involve themselves in surveillance (which could be almost anyone).
I’d like to point you to the revised code of practice on Covert Surveillance and Property Interference from the Home Office.
This encourages you to make use of the internet.
“The growth of the internet, and the extent of the information that is now available online, presents new opportunities for public authorities to view or gather information which may assist them in preventing or detecting crime or carrying out other statutory functions, as well as in understanding and engaging with the public they serve.“ s 3.10.
This has some very helpful things to say to those of you who are searching social media on behalf of your public sector employer. In particular chapter 3 on “directed” or “intrusive” surveillance.
“What is directed surveillance?” I hear you ask.
“the planned covert surveillance of a specific person, where not intrusive, would constitute directed surveillance if such surveillance is likely to result in the obtaining of private information about that, or any other person” s 3.2.
You’re probably breathing a sigh of relief. Even if you accept that your occasional searching could, theoretically, one day, stumble into some definition of surveillance you are probably confident that it is not covert.
“Use of the internet itself may be considered as adopting a surveillance technique calculated to ensure that the subject is unaware of it, even if no further steps are taken to conceal the activity.” s 3.12.
Public information is surely public
“But” I hear you say “I’m only searching publicly available social media channels, anything there is fair game”.
”[…] there may be a reduced expectation of privacy where information relating to a person or group of people is made openly available within the public domain, however in some circumstances privacy implications still apply. This is because the intention when making such information available was not for it to be used for a covert purpose such as investigative activity. This is regardless of whether a user of a website or social media platform has sought to protect such information by restricting its access by activating privacy settings.” s 3.13.
The guidance doesn’t say, but it seems to me to be a logical corollary of this, that the more steps the user has taken to protect information they put online, the greater their expectation of privacy. If this is true (and let’s remember I’m no lawyer) then it should follow that you might treat information shared in a Facebook group differently from information shared on a completely public profile.
And the guidance provides a nice example of where you might accidentally stumble from general (and perfectly normal) use of the internet into something that would constitute surveillance (and might even require specific authorisation).
”Example: Researchers within a public authority using automated monitoring tools to search for common terminology used online for illegal purposes will not normally require a directed surveillance authorisation. Similarly, general analysis of data by public authorities either directly or through a third party for predictive purposes (e.g. identifying crime hotspots or analysing trends) is not usually directed surveillance. In such cases, the focus on individuals or groups is likely to be sufficiently cursory that it would not meet the definition of surveillance.” But officers should be aware of the possibility that the broad thematic research may evolve, and that authorisation may be appropriate at the point where it begins to focus on specific individuals or groups. If specific names or other identifiers of an individual or group are applied to the search or analysis, an authorisation should be considered.” s 3.17 (my emphasis).
There’s quite a lot more of interest and relevance to the sort of cases I am considering including a whole set of circumstances when this sort of surveillance would not require a directed surveillance authorisation.
What I take from this guidance are these key points:
- the moment your searching moves from general monitoring or searching for “what’s going on” to searching for details of individuals you are potentially moving into the fuzzy area and should probably pause and check that you know what you are doing is OK
- just because someone placed information in a completely public environment does not, necessarily, mean that they do not have a right to privacy. The more steps they have take to keep the information private the greater their expectation of privacy
- public servants are encouraged to make good use of the internet but should also be aware of the issues that affect their uses
The Home Office guidance is pretty good though it is, perhaps understandably, aimed at people who consider surveillance to be a core part of their job rather the ones who may risk accidentally stumbling into it.
Thanks for reading.
Please clap so I know you were here…
I’m Ben from The Satori Lab. We work to support public servants so they have the right tools, skills and culture to design excellent public services.
You may also know me from Twitter where I am @likeaword.