WhatsApp Rules for the UK Government

Palace of Westminster, Big Ben, and Westminster Bridge as seen from the south bank of the River Thames. Creative Commons

WhatsApp has threatened to withdraw from the UK if the Online Safety Bill becomes law. Regardless of any such action its use within the UK government has been brought into question by the Institute for Government. Leaks have revealed use of WhatsApp messaging groups to discuss key government initiatives such as over 100,000 messages involving Matt Hancock and the government’s response to COVID.

The WhatsApp attraction is that it is easy to send ideas back and forth without the formality and time required to create official emails. It also avoids the need to rely on being able to immediately contact someone that is imposed by having them pick up a telephone call. WhatsApp messaging is encrypted (at least while the safety bill is still to be finalised) but government rules require records to be kept. So unlike a phone call or off the record chat in a corridor the evidence is immediately recorded and can be recalled by a freedom of information request.

The Institute for Government sent a freedom of information request regarding the use of WhatsApp in government and reported that ‘between 13% and 31% of officials in some departments have the app installed on their work phones’. This illustrates that WhatsApp use is relatively widespread but a significant majority of officials are locked out of conversations and decision making because they do not use WhatsApp. Others may be excluded because they have never been members of a particular group or they have been deliberately banned or excluded from a group. Although casual conversations will always involve some and exclude others the nature of WhatsApp messaging means that some key decision makers may be excluded or some who do not ‘need to know’ may be accidentally included in messaging.

The Institute for Government does not advocate the banning of WhatsApp but that its use be appropriately regulated. This would include the restriction of WhatsApp government messaging to government mobile devices. The existing code was already used by civil service departments but not necessarily adopted by ministers and members of parliament. WhatsApp conversations also needed to be recorded where these are clearly work related. The Department for Levelling Up, Housing and Communities (DLUHC) is already using such as list which includes definitions of work related activities including ‘decisions to start or end a project’ and ‘approvals to spend’. Some conversations such as ‘what to have for lunch’ should be regarded as trivial and not require recording. It is unlikely that additional record keeping apparatus will be required within government circles as decision making conversations are already recorded. Official groups should require an administrator to police group membership and ensure that records are kept. Unofficial groups should not exist although the nature of WhatsApp makes that hard to enforce.

In March 2023 the UK government issued updated guidance on official use of WhatsApp, Signal, Facebook messaging, email and similar communication platforms. It is a relatively snappy (for a government document) publication of 5 pages that restricts itself to general principles rather than detailed scenario rulings.

Although the procedures and polices here directly apply only to the UK government the principles can easily be rolled out to any organisation where decision making and record keeping is crucial. The core of the ruling is that government systems will be used for government business. Private devices should only be used for messaging in exceptional circumstances and any such use should be reported. Any use for business categorised as SECRET or TOP SECRET is specifically banned regardless of any transmitting device being privately or government controlled. Users are required to keep records of messages, this will impact on the use of ‘disappearing message’ functions specifically designed to reduce the volume of messages held on devices.

More from Privacy

18/11/2024

Data Privacy in Job Recruitment

The online job-market business model involves building up a bank of CVs and matching those with possible job vacancies.  Unlike an old school recruitment …

Read post

21/10/2024

Smart TVs – Getting Smarter At Watching You

Kindus has described how connected devices harvest personal data and how that can be misused or breached either by the hosting  body or others …

Read post

30/09/2024

The SPAM Bomb

The symptoms of a SPAM, email or subscription bomb attack are almost impossible to miss.  The victim will suddenly receive a very large volume …

Read post

16/09/2024

NHS Federated Data Platform Progress

Those with long memories will recall the time and money spent by the UK NHS in the early years of this century to build …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories