30 September 2020 - Post by:Aladdin Benali
As social media messaging has become such a quick and easy way for many of us to communicate, a key question for employers is the extent to which they can access and rely on employees’ WhatsApp messages in the context of investigations. In a recent case, BC and others v Chief Constable Police Service of Scotland and others, a Scottish appeal court has given some rare guidance on this important issue, in short, finding that the Police Service of Scotland was entitled to use WhatsApp group chat messages discovered on an officer’s smartphone during the course of a separate criminal investigation as a basis for misconduct proceedings.
During an investigation into sexual offences within the Police Service of Scotland, messages were discovered on a police officer’s phone on two separate WhatsApp groups of which of a number of other police officers were members. The messages were “blatantly sexist and degrading, racist, anti-Semitic, homophobic, mocking of disability” with “a flagrant disregard for police procedures by posting crime scene photos of current investigations”.
The messages were quickly passed on to the Police’s Professional Standards Department, which brought non-criminal misconduct charges against the officers in question.
WhatsApp messages could be used
A number of officers challenged the Police’s right to access the messages in the context of the misconduct proceedings, claiming that it unlawfully infringed their rights to privacy under Article 8 of the European Convention on Human Rights and under Scottish law. The issue centred on whether the officers, in the circumstances, had a reasonable expectation of privacy in their messages.
The Inner House of the Scottish Court of Session (agreeing with the first instance ruling) refused their petition and held that the officers participating in the WhatsApp group chat could have no such expectation of privacy. The officers were under an obligation to behave in accordance with professional standards by acting with honesty and integrity and challenging and reporting improper conduct. Police officers’ statutory obligations under the Police Service of Scotland Regulations 2013/35 to maintain public confidence in the profession took precedence over their privacy rights. Consequently the WhatsApp messages could be used.
It is all about context
The Court noted that an ordinary member of the public could have a reasonable expectation of privacy in respect of WhatsApp messages, given the characteristics of the platform, and the protected “zone of interaction” would extend even to messages “of an abhorrent nature”. A conversation within a WhatsApp group does not undermine that privacy either, so that messages between ten friends, as opposed to just one, does not mean that there can be no reasonable expectation of privacy.
However, in this case, as holders of public office, the police officers had accepted certain restrictions on their private life, such that that they could have no reasonable expectation of privacy, and the use of their messages was necessary to maintain public confidence and proportionate.
Wider implications for regulated employers
This is a ruling from a Scottish appeal court on Scottish law and so is only of persuasive value for the English courts rather than being a binding precedent. Nevertheless, it is of interest in considering when employers can look at the content of WhatsApp messages of those working in a regulated environment (here the police force), which is a point on which there is minimal English case law authority. In November last year, the English High Court also decided that obscene WhatsApp messages could be used to justify the dismissal of two senior executives (Wells and Solari v Cathay Investments and PNC Global Logistics ) although the guidance that had been hoped for around breach of privacy was absent from the judgment.
The ruling confirms that there is a clear distinction between ordinary members of the public and those to whom higher professional standards apply, or who work in regulated sectors, such as workers in financial services, doctors or lawyers. It suggests that employers or regulators may in some circumstances be able to take action on the basis of such workers’ private messages, where they point towards a serious breach of professional standards that would be likely to damage public confidence in the profession.
In the meantime, this case is a useful reminder of the need for employers to:
- maintain social media policies which make clear what constitutes inappropriate online behaviour and the consequences of non-compliance;
- ensure that managers, professionals or regulated individuals are made aware through policies and training of any higher standards of behaviour that are expected of them; and
- reserve rights to access employees’ personal devices (which must be done in a GDPR-compliant manner), particularly where they use those devices for business communications such as under BYOD schemes.