skip to main content
Connect
Call me back
Visit us
0191 211 7777

When should private be public: Matt Hancock’s WhatsApp messages

23rd Mar 2023 | Commercial Law | Data Protection & Information Law | Digital & Technology
Man's hand holding a smartphone which displays the WhatsApp logo.

When the Daily Telegraph leaked 100,000 private WhatsApp messages concerning Matt Hancock and his time as health secretary during the COVID-19 pandemic, opinion was divided. 

Did Isabel Oakeshott breach an NDA by sharing the messages, and when should private messages be made public?

Alex Craig, partner in our commercial team, explains the case and considers the grey area between private conversations and freedom of information.

What happened?

Journalist Isabel Oakeshott shared the messages to the Daily Telegraph, many of which gave insight into the UK government’s operation during the pandemic.

Hancock had initially shared the messages with Oakeshott when collaborating with her on his book, the Pandemic Diaries, under the remit of a non-disclosure agreement (NDA). Oakeshott later leaked them to the Daily Telegraph and admitted breaching their NDA.

Hancock said he had a relationship with Oakeshott based on “legal confidentiality” and was “hugely disappointed and sad at the massive betrayal and breach of trust”. 

Whilst there may have been an NDA breach by Oakeshott, questions arose as to whether Hancock had also committed a data breach by sharing the WhatsApp messages with Oakeshott.

Was there a data breach?

Following this, the Information Commissioner’s Office (ICO), the independent body responsible for disciplining data breaches and upholding information rights, released a statement on 1 March 2023. 

Its position was only to comment on the case, not to investigate whether there was a data breach. 

In response to the leaks, the ICO said: “At this stage we do not see this as a matter for the ICO but there are questions around the conditions on which departing members of government retain and subsequently use official information which need to be considered by organisations such as the Cabinet Office.”

Whilst the ICO did not elaborate on why it was not investigating whether there was a data breach, its statement referred to the existing “exemptions set out within the law, including around journalism and for literary purposes in the public interest”.

Practical takeaway

The ICO’s response to the leak serves to reaffirm the current position of, and exemptions available within, data protection law. 

The ICO previously called for a review into private messaging apps within the government and has used this latest leak to reiterate this. 

Whilst platforms like WhatsApp are known for being big on privacy, it is clear the ICO is pushing for transparency from public organisations which could lead to ramifications in freedom of information. 

However, given its repeated calls for review, it seems to be far from attaining any reform to government use of private messaging apps. 

Whilst the ICO found no data breach in this instance, indirectly referring to certain exemptions, the Hancock leaks are a good example of how leaking private messages might be called into question as a data breach. 

For more information on the issues in this article or on any other data protection query, please contact Alex using [email protected] or on 0191 211 7911.  

 

Frequently Asked Questions
What is an NDA?

Often the best way to protect confidential information in the UK is using a confidentiality agreement, or Non-Disclosure Agreement (NDA). This is a written contract imposing an obligation on a party or parties, to keep certain information confidential.  

What information can be protected by an NDA?

Information that is sensitive for one reason or another is typically what is protected. Examples include recipes, business plans, statistical and financial information, customer lists, and improvements to products or process. If information is in the public domain or already available to the other party, then it would not be considered confidential.

What happens if someone breaches an NDA?

It will depend on what the specific NDA provides for when a party breaches an NDA, but an important practical step to protecting confidential information is ensuring that access to it is restricted as soon as possible. For this reason, monetary damages are often insufficient and too slow and injunctive relief, specific performance, or other equitable relief remedies may be more appropriate alternatives. 

Share this story...