A collection of legal interpretations that are such a load of old bollocks it’s hard to put into words
The council openly acknowledge that that they were spying on SEND parents at para 29 of their fact finding report.
And again at para 41
Having acknowledged parents were spied on, the report concludes with some bizarre legal analysis from council legal boss, “L’ill” Tim O’Gara explaining why nothing unlawful occurred. On the subject of the Regulation of Investigation Powers Act, which regulates how, why and when state actors can spy on us, he says:
A rather odd conclusion as the relevant legislation on directed surveillance makes no mention of ‘publicly available information’ being exempt as O’Gara seems to think:
Considering that O’Gara’s report acknowledges that the information on SEND parents was obtained on two occasions for what looks like a ‘specific investigation’ in a ‘manner likely to result in the obtaining of private information’ (eg. the identity of anonymous Twitter users and wedding photos), it’s hard to understand how this wasn’t directed surveillance as defined in RIPA.
RIPA authorisation would have meant that rather than providing a useless (and unrecorded) briefing to obtain permission for their dodgy investigation from clueless moron Education Director, Alison “Pervy” Hurley, the managers undertaking the investigation would have had to have obtained formal written advice and authority before undertaking any spying activities. To most normal people, a sensible course of action.
However, any authorisation would have had to come from a magistrate, who would be unlikely to authorise an investigation of parents because they were criticising some thin-skinned local authority managers and their shit service. This is on the simple basis that slagging off the council is not a crime and councils can only spy on people where there’s a reasonable belief that they are breaking the law.
O’Gara reaches similarly offbeat conclusions about data protection and the relevant GDPR legislation designed to protect our personal data from government and corporate snoopers and data thieves. In simple terms, the information council bosses accessed, processed and shared was undoubtedly personal data subject to GDPR legislation.
The council, therefore requires the consent of the owners of this data to process it. Something they clearly did not have. If they don’t have consent, then the council is required to have another lawful ‘reason for processing’ this personal data.
However, here’s O’Gara’s interpretation of GDPR issues raised his by council’s spying activities:
Where’s the council’s ‘lawful reason for processing’ SEND parents personal data in all this guff? Nowhere in three long-winded paragraphs of red herrings about ‘Data Protection Impact Assessments’ (DPIA) and ‘systematic monitoring’.
There’s no dispute that it was thicko Education Director Alison Hurley’s choice whether or not to do a DPIA, which is basically a risk assessment. Something you might expect a director-level public sector manager to undertake as a matter of course before implementing any new and, potentially, highly controversial policy.
But what’s this got to do with GDPR compliance? Are the council saying they complied with GDPR because they didn’t produce a risk assessment that’s not required? Ironically, a document that might have informed Hurley how to comply with GDPR? But which might have also left a rather unhelpful paper trail directly back to her?
Similarly, the surveillance Hurley authorised may or may not be ‘systematic’ and therefore subject to further regulation but where’s the answer to the crucial GDPR issue: what was Hurley’s ‘lawful reason for processing’ SEND parents’ personal data from the internet without their consent?
This central issue is avoided in O’Gara’s report, which tells ua that their spying activities were done
at the request of Contact and BPCF to substantiate the concerns being raised by BCC about the activity of the [parent carer] forum members;Para 49, Fact-finding report – Use of social media by council staff re SEND Parent Carer Forum.
Are we being told that if the Bristol Parent Carer Forum requests personal information from the council on the parents it’s supposed to be representing then this exempts the council from the law? This is such a load of old bollocks it’s hard to put into words.
It’s further worth noting that an unnamed ‘Parent Participation Advisor’ from Contact, an allegedly independent national organisation supporting SEND parents, seemed to very enthusiastically encourage the council to spy on Bristol’s SEND parents. They told a council SEND snooper in an email extract at para 20:
I understand that some of the evidence may be subject to GDPR but I have been advised that anything that is posted publically [sic] is ok to sharePara 20, Fact-finding report – Use of social media by council staff re SEND Parent Carer Forum.
Did anyone at Bristol City Council bother to check if this legal opinion was accurate and check the legal credentials of whoever ‘advised’ this ‘Parent Participation Advisor’? Or was it just accepted by a ridiculously thick set of SEND managers and has this inaccurate claim then found its way into a formal council legal opinion, allegedly prepared by three lawyers?
This short, daft report signs off with just one recommendation:
Would it come as any surprise to learn that this is one great big fat lie too? Bristol City Council Children’s Services has a very detailed protocol called Use of Social Media Sites by Social Care and Safeguarding Staff on the internet in their Bristol Children’s Services
The relevant section would appear to be:
2.3 Covert/Overt Surveillance and the Regulation of Investigatory Powers Act 2000
Viewing a service-user’s social media content without their specific consent is not necessarily, of itself, unlawful.
However, consideration must be given, in all cases, as to whether viewing the sites constitutes ‘directed surveillance’ under the Regulation of Investigatory Powers Act 2000 (‘RIPA’) and so requires authorisation under that Act. This is a complex area.
Whilst the following general principles apply, each case must be treated on its own facts, and legal advice MUST be sought as necessary:
- If the consent of the service-user is obtained, then no further authorisation would be required;
- If consent is not obtained but no privacy settings are in operation to prevent viewing, then the material available on the sites can be regarded as ‘open source’, and so a single viewing would not constitute ‘directed surveillance’ under RIPA and no authorisation would be required under that Act;
- However, the Chief Surveillance Commissioner (now superseded by the Investigatory Powers Commissioner) made clear his view that repeat viewing of sites by staff may constitute ‘directed surveillance’ and if done covertly (i.e. without the knowledge of that person) then this would be ‘covert surveillance’. This would require authorisation under the Act in the form of a warrant from a magistrate.* It is for the employer to ensure that any covert surveillance is properly authorised, recorded and, most importantly, legally justifiable.
So why has the Director of Education and her SEND managers completely ignored their own publicly available procedures? And why is the Head of Legal Services and his legal team pretending in a report to councillors that these procedures don’t exist and instead published the exact opposite as their legal view?
I think we should be told ...
*******A meeting of Bristol City Council’s People Scrutiny Commission will take place on Monday 12 September at 5.00pm for councillors to discuss this absurd report and next steps. People are encouraged to ask questions, make statements and, if possible, to attend and jeer at any spying director or manager scum in attendance (that’s if they have the balls to attend – look out for last minute sick notes). Details on asking questions and putting in statements are here under ‘Public Forum’.