Bristol Council questioned over social media ‘spying’

Bristol City Council’s controversial contract with a firm that uses “big data software” to live-monitor social and online conversations is due to end today (September 30).

And opposition councillors are now asking whether authorisation was needed for the “surveillance” which they say was “covert” until it was revealed earlier this year. 

The council has said anyone can “review” social media posts and it is not illegal.

The authority hired social media insight and analysis company Impact Social to harvest and analyse social media chatter about itself and the city’s elected mayor in March 2018.

But the 30-month, £90,000 contract did not come to light until February this year, when it emerged the council was paying the firm to conduct “online and social media analysis” of the online accounts linked to itself and Marvin Rees.

“I’ve opened up a whole can of worms, I think.”

Green Party Councillor Stevens

Information released under Freedom of Information law showed the council had access to a live dashboard of “all social media data” relating to the council and Rees and was receiving monthly reports about “what people in the city are thinking and feeling”. 

One example included a pie chart showing the Twitter handles of individuals, such as Liberal Democrat councillor Tim Kent, who had mentioned “Marvin Rees”, “mayor of bristol”, @MarvinJRees, @BrisMayorOffice or “Bristol Council” in their tweets.

At the time, the council said it was a cost-effective way of “listening” to the public and that it had considered the requirements of General Data Protection Regulation (GDPR).

But some members of the public expressed concerns the surveillance breached their privacy, and opposition councillors accused the council of wasting taxpayers’ money on “social media spying”.

Now Green councillor Clive Stevens has sought answers about whether the council needed – and gained – authorisation for the surveillance.

Cllr Stevens asked his question at a committee meeting on Monday (September 28) where the local authority’s use of covert surveillance powers was discussed.

Under the Regulation of Investigatory Powers Act (RIPA) 2000, the council can use various means of covert surveillance to prevent or detect crime, but it needs the prior approval of a designated authorising officer and the Magistrates’ Court.

But, according to the council’s RIPA policy, it may sometimes be “necessary, and proportionate” to carry out covert surveillance for activities other than serious crime.

In these “non-RIPA” instances, staff must get the approval of an authorising officer but not the court. 

Sarah Sharland, the council’s RIPA monitoring officer, told the meeting that social media monitoring would amount to “covert surveillance” if was done covertly and in a “planned investigatory manner”.

Cllr Stevens asked: “So, if you had a software that was looking at social media posts over a period of time and reporting back, that would certainly be covert surveillance.”

Ms Sharland said: “If it had been done covertly and in an organised ongoing way, then yes.

“But if you can get it overtly because it’s public information, you wouldn’t need to do the covert surveillance.”

“If you can get it overtly because it’s public information, you wouldn’t need to do the covert surveillance”

Sarah Sharland, Bristol City Council RIPA Monitoring Officer

Her answer prompted Cllr Stevens to say: “I’ve opened up a whole can of worms, I think.”

He went on to ask Tim O’Gara, the senior officer responsible for RIPA, whether the social media surveillance conducted by Social Impact on behalf of the council would have required a non-RIPA authorisation.

Cllr Stevens said: “I think it [the surveillance] is now public knowledge and consequently it’s overt, but there was a time when it was covert, and, if they followed procedures properly, my question is, should they have done a non-RIPA form?”

O’Gara said he was “not familiar with the scenario” and suggested the matter would be best addressed outside the meeting.

Asked about the need for non-RIPA authorisation after the meeting, a council spokesperson said: “As the legal representative in the meeting stated, the review of social media posted in the public domain is public information and therefore any person or organisation that reviews publicly made social media posts are in no way contravening any law.”

The council did not confirm whether the current contract with Impact Social would expire today and whether it was planning to renew it.