About Matt, Child Protection, special needs

SEND parents under surveillance… is your council watching you online?

For families of children and young people with SEND, social media is one of the greatest assets we have. It brings isolated families together, it gives us a chance to share experience and knowledge, and the connections we make let us know that we’re not alone. And on the whole, SEND social media works differently to other social media communities. Disinformation is generally a big problem on social media – but one of the best things that SEND social media does is to combat disinformation.

Obviously, we would say that. Special Needs Jungle was a forerunner in the SEND social media landscape and our broad, cross-platform reach is vital for sharing content and listening to other parents. We sit alongside a beautiful, vociferous patchwork of open and closed Facebook parent self-help groups, SEND bloggers sharing their stories, and individuals yelling into the void on Twitter and Instagram.

But among the support, there are other, more surreptitious, actors. When SEND parents communicate with each other on social media, they’re not the only ones listening and watching. Others are too – including central and local government— and are sometimes going much further than passively reading or even “social listening” as it’s known in marketing terms. And it’s definitely something to be aware of.

Bristol fashion

A few months ago, several SEND parents from Bristol became aware that local authority employees were reading their social media posts. After these parents investigated, it became clear that Bristol City Council employees had monitored their social media posts on several occasions in late 2021 and early 2022, collated them, and assessed them.

You can find a good summary of the story here. Bristol LA’s surveillance activity included investigating anonymous social media accounts to try to establish a relationship between the accounts and the parents, and collating information that had no relevance whatsoever to SEND. Through its surveillance, Bristol LA is now the happy owner of a copy of one of the parent’s wedding photos.

Many of the social media posts that the council had collated were critical of the LA’s SEND services. Some of the parents who had been investigated had recently become members of Bristol’s Parent Carer Forum (PCF). The LA argued that it could not work with PCF members who ‘campaigned’ against the council. This summer, the LA informed the PCF that they would not renew their grant, and would move to a different model of co-production.

Bristol LA, put briefly, is a smoking, toxic SEND tyre fire, and has been for years. When Ofsted & CQC local area SEND inspectors visited Bristol in 2019, they ordered the local area to submit a Written Statement of Action. Inspectors revisited Bristol a few weeks ago, and their re-visit letter should be out by the end of this year.

In 2019, one of the things that the inspectors called out as a significant weakness in Bristol was “the fractured relationships with parents and carers, lack of co-production and variable engagement and collaboration.”

It’s unclear why Bristol LA officers thought that rummaging through SEND parents’ social media content would help them remedy that significant weakness. But that’s what they did.

Investigating—and exonerating—themselves

When challenged, the LA announced that they would investigate. The investigation—conducted internally by the LA, under narrow terms of reference that council officers set themselves—found no evidence that the LA had conducted systematic monitoring of SEND parents. You can find their report here.

Unfortunately for them, a Bristol council scrutiny committee pronounced itself unconvinced. Voting unanimously, the scrutiny committee condemned the council’s SEND parent surveillance, and called for an external investigation. After a bad-tempered meeting of Bristol’s Full Council, the external investigation is now going ahead. Council leaders and officers remain, thus far, utterly unrepentant.

What law and guidance is there on local authority surveillance?

The law and guidance around public officials’ surveillance of individuals’ social media posts is complex. If you’re interested, the main things to read up on are:

  • Part II of the Regulation of Investigatory Powers Act 2000 (RIPA), which sets out the basis under which public bodies (including LAs) can carry out covert surveillance and use covert human intelligence sources (CHIS);
  • The Data Protection Act 2018 and General Data Protection Regulation, which set out requirements for lawfully processing personal data that has been collected by public authorities. It enables individuals to discover what personal data a public authority has collected about them.
  • There are other relevant bits of law and guidance, but all are underpinned by Article 8 of the European Convention on Human Rights via the 1998 Human Rights Act. Article 8 protects your right to respect for your private life, your family life, your home, and your correspondence.

Law and guidance gives local authorities permission to conduct surveillance in support of their investigations and research, including monitoring social media – but this permission is limited. A lot depends on what type of surveillance is being done, how it’s being done, how often it’s being done, and how the LA then handles the information it’s gathered.

There’s also a difference between overt and covert surveillance. (There’s another category, intrusive surveillance, but that’s not relevant here).

  • With overt surveillance, there’ll be nothing secretive or hidden about it (for example, a council-employed traffic warden going about their business). Some of the online investigation work that councils do can be classed as overt surveillance.
  • Covert surveillance, under RIPA, is defined as “carried out in a manner that is calculated to ensure that persons who are subject to the surveillance are unaware that it is or may be taking place.” Some types of covert surveillance require explicit authorisation under RIPA from a senior officer. For a council, that’s normally a director or service manager.
  • Directed surveillance, under RIPA, is covert surveillance that is carried out “for the purposes of a specific investigation or a specific operation… …in such a manner as is likely to result in the obtaining of private information about a person.” Public officials must get RIPA authorisation to conduct directed surveillance lawfully. Directed surveillance should also be justified by necessity and proportionality, and applied to specific issues, including the prevention of crime, threats to public health, or national security – not SEND parents complaining about the LA on social media.

However, applying RIPA isn’t straightforward in the online world, particularly on social media sites where users – in theory – get to set their own privacy settings and where they have some control over who gets to see what.

If an LA officer or school employee monitors a SEND parent’s social media posts without telling them, it doesn’t automatically mean they’re conducting directed surveillance. It depends on lots of things, including how they collect the information, what reasonable expectation of privacy exists on the sites they look at, and – crucially – how often they surveil an individual, and what they do with the information they hoover up.

The 2018 Home Office Revised Code of Practice says the following:

“It is important that public authorities are able to make full and lawful use of [online] information for their statutory purposes. Much of it can be accessed without the need for RIPA authorisation; use of the internet prior to an investigation should not normally engage privacy considerations. But if the study of an individual’s online presence becomes persistent, or where material obtained from any check is to be extracted and recorded and may engage privacy considerations, RIPA authorisations may need to be considered.”

“Simple reconnaissance of [social media] sites (i.e. preliminary examination with a view to establishing whether the site or its contents are of interest) is unlikely to interfere with a person’s reasonably held expectation of privacy and therefore is not likely to require a directed surveillance authorisation. But where a public authority is systematically collecting and recording information about a particular person or group, a directed surveillance authorisation should be considered.”

Covert surveillance and covert human intelligence sources codes of practice

Bristol LA don’t deny looking at SEND parents’ social media, but they deny that the monitoring they did was systematic. They didn’t check whether RIPA authorisation was required or not.

Random samples or directed surveillance? We look at the “evidence”…

Some of what Bristol LA say is hard to take seriously. For example, LA officers monitored one SEND parent’s Twitter posts over a five-month period, and presented it as evidence that the parent was ‘campaigning’ against the LA. They collated a set of these posts, and described it as a “random sample.”

Sixteen of the 17 posts in the LA’s “random sample” were considered by the LA as criticism of their SEND services – including one post that the LA considered a possible “veiled threat.” This ‘threatening’ post simply reminded the LA of their legal duties.

With permission, I sampled the parent’s social media posts over the same period as Bristol LA did. Even using the absurd, paranoiac assumptions that the LA made about what constitutes criticism, only one in eight of the parent’s posts were critical of Bristol LA’s SEND services.

The odds that a “random sample” of this SEND parent’s Twitter output would have produced 16 out of 17 posts that were critical of Bristol LA’s SEND services are tiny. The odds are more than 100 billion to one. It’s almost certain that Bristol LA officers collected, filtered, and processed the parent’s posts, collating data of perceived criticism systematically. This makes it much more likely that this was directed surveillance that should gone through RIPA authorisation before proceeding.

Bristol LA also described their collection and surveillance as ‘ad hoc’ activity. Again, this is hard to credit given relevant timelines and their persistent interest in these parents.

It’s also puzzling in another way. Bristol LA’s investigation showed that their officers can research, investigate, and manage personal data with deftness – and they say they did it just using ad-hoc information handling techniques. If that’s the case, then why are Bristol’s EHCP processes, plans, and timeliness still so consistently appalling?

Finally here, there is another type of surveillance that’s relevant: If you are an LA officer or an NHS or school employee, and you interact with parents online, openly, spontaneously, without hiding who you are or who you work for, then it’s very unlikely that this would count as covert surveillance. But if you’re a public servant who interacts with SEND parents covertly, under an anonymous account, to gather and process information for your job, particularly if you are doing so in a privacy-rich part of social media, like a closed Facebook account, then you are firmly in a different type of world – the world of covert human intelligence sources (CHIS)….

Covert CHIS by the council?

Covert human intelligence sounds like something out of MI5, not your local council. But LA officials, even though you equate CHIS with Line of Duty, if what we’ve described above sounds like what you’ve been doing…then stop it, read up, and delete what you’ve collected before you find yourself in deep, deep doodoo.

Is SEND parent surveillance a widespread issue?

How often are SEND parents being surveilled on social media? No-one knows, and there’s no reliable way to explore it systematically.

Anecdotally, I’ve been surveilled by LAs. Many of my SEND parent friends have been surveilled too. Some (including me) aren’t bothered about it. Others say (plausibly) that their social media posts have been weaponised against them in disputes, particularly in a social care context. One friend memorably had not just their own social media output surveilled by their LA, but also their pet’s account too.

More generally, the campaign group Privacy International has noted that local authority surveillanceovert and covert – is on the rise. When they asked in 2019-2020, nearly two-thirds of LAs reported that they monitored social media sites ‘overtly’, and nearly a third reported that they used ‘covert’ techniques.

I’ve put ‘overt’ and ‘covert’ in quotation marks here, because Privacy International also noted that there was little to no LA auditing of ‘overt’ surveillance techniques, and most LAs didn’t provide relevant training. It’s likely that at least some of this ‘overt’ surveillance was covert.

In the absence of reliable data, there’s probably a sensible rule of thumb here. If your local LA SEND service, school leadership, or NHS team considers the Children & Families Act 2014 and the SEND Regulations as merely optional, then they’re unlikely to be scrupulous about sticking to law and guidance around social media surveillance either.

Are you bovvered? Some things to think about:

So what can SEND parents do to manage the risks of being surveilled by public authorities on social media? Here are some pointers:

  1. The first thing to think about is whether you’re bothered, and why. Remember, once you post anything that’s viewable by others, you’ve ultimately lost control over it - Wagatha Christie anyone?
  2. If you are bothered, then the second thing is to think about is where, what, and how you post online, and what a reasonable expectation of privacy might be for each of your posts.
  3. If you are explicitly and directly interacting with the LA or its declared personnel online, on their open social media accounts, then you have very little reasonable expectation of privacy there – the LA is pretty much entitled to hoover those posts up.
  4. If you’ve got an publicly-available blog with your name on it, you post detailed accounts of your SEND experiences, and you interact a lot with comments (there or on your social media), then your reasonable expectation of privacy here might be low. However, the LA isn’t automatically entitled to repeatedly hoover up and process your content.
  5. If you’re posting using an anonymous account on Mumsnet, or under highly locked-down privacy settings on Twitter or Instagram, or in a closed Facebook or Discord group, then your reasonable expectation of privacy is higher. The LA would have to expend effort that takes them close to, or well into, directed surveillance and RIPA authorisation territory. That’s something they are very unlikely to be able to justify, but bear in mind that they might do it anyway.

In general, there aren’t any firm dos or don’ts here. Everyone’s situation is different, and everyone’s appetite for risk is different - but here are a few things to think about:

  • Privacy settings: The more of these you apply, the more your reasonable expectation of privacy goes up. Think about the balance of who you want seeing your posts, against how you want to use each site. Don’t assume that privacy settings will automatically protect you against surveillance, and be aware that social media sites sometimes change your privacy settings without it being obvious. Also, be judicious with your sharing settings—how well do you know all your Facebook friends?
  • Tagging & interacting with public servants online: Think about the value of tagging the LA or its staff into your posts, or commenting on any of the council’s own pages or posts. It’s fine to do that if it has an impact – but if it doesn’t, then you have no reasonable expectation of privacy over those posts, and you might end up finding that officials take more of an interest in what else you’re posting online.
  • Using an anonymous account: There are pros and cons to this: using an anonymous account increases your reasonable expectation of privacy, but it can make it harder for you to establish your social media credibility. And again, anonymity is not a magic force field against surveillance: the SEND parents that Bristol LA surveilled both had anonymous social media accounts. Over time, it is easier to bust open the identity of an anonymous account than most people realise.
  • Be choosy when using closed groups: These groups are often exceptionally useful sources of information and support. But don’t assume that they are automatically safe spaces just because they’re closed. The best-run closed groups take time and effort to vet their members before entry, they make use of settings that allow members to put individual posts up anonymously, and they eject anyone found sharing content outside the group for any reason. But many may not spot a covert account set up to look like a parent.
  • Think about the sensitivity of the detail you’re posting: SEND is a small world. People often underestimate how easy it is read a series of your posts, piece together a narrative over time and identify who you are. This is particularly the case if your kid has low-incidence SEND, an unusual combination of SEND, or is in an unusual type of placement. If you’re looking for help on a particular issue, think hard about what detail you really need to share, and why.
  • Subject Access Requests: If you suspect that you are being surveilled, then a Subject Access Request is one route to finding out for sure. But it’s a nuclear option: the chances are high that you’ll get information, but some of it will be unpleasant to read, and your relationship with the LA or school will never be the same again. It also requires persistence, as SARs are often incomplete, and LAs and schools are sometimes reluctant to part with the most damning data.
  • Don’t be a dick: LA and school staff use social media too, sometimes just for personal reasons. If they are using their personal accounts to collect personal data on you for professional purposes, then that’s potentially problematic – and probably very problematic if they are doing this covertly. But if they’re just using their personal accounts to live their own lives, then don’t hound them, dox them, or get in their face. There’s a human being there usually, and being dragged on social media is a) no fun; b) unlikely to make the draggee do what you want them to.
  • Don’t assume privacy law works like SEND law: It’s probably just as prone to violation through ignorance or maladministration – but privacy law and guidance for social media is nowhere near as clear-cut as SEND law. In practice, there are a lot of grey areas, and legal remedies are not as straightforward to secure as they are with SEND. You might think you have the LA bang to rights – but you might not.

Also read:

Join the SNJ “Patron” Squad & get exclusive content!

 

Become a Patron!

 

- The SNJ Patrons' EXCLUSIVE SEND update Newsletter is OUT NOW! If you're a patron and you haven't received it check your spam. No joy? Get in touch.

 

Don’t miss a thing!

Sign up for SNJ new post alerts

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Are you signed up to SNJ new post alerts but aren’t seeing them in your inbox? There may be a couple of reasons for this. Check out why and how to fix it here

Matt Keer
Follow:
Latest posts by Matt Keer (see all)

This site uses Akismet to reduce spam. Learn how your comment data is processed.

s2Member®
Close
Special Needs Jungle