Employment Law Cases
WhatsApp messages and misuse of private information
The High Court has refused to strike out a claim for misuse of private information which was brought by an employee against her former employer. In so doing, the court considered the extent to which there can be a reasonable expectation of privacy in private WhatsApp messages that had been found at work.
FKJ worked as a junior solicitor at a firm owned and operated by its managing partner RVT. She began working at the firm as a newly qualified solicitor in February 2017. In December 2017 she was dismissed for gross misconduct. In March 2018, she issued tribunal proceedings against RVT alleging sex discrimination, wrongful and unfair dismissal. She lost. RVT relied heavily on FKJ’s WhatsApp messages, some 18,000 of which it had obtained post-dismissal but before FKJ issued her tribunal claim. These messages were between FKJ, her boyfriend and her best friend – and included very intimate messages and images. They undermined the credibility of FKJ and spoke to the fact that the alleged sexual misconduct was either consensual or not ‘unwanted’. Following her loss at tribunal, FKJ brought a High Court claim for misuse of private information relating to RVT’s use of her WhatsApp messages. RVT applied to have the claim struck out.
High Court decision
The application was dismissed.
RVT claimed that the WhatsApp messages had been obtained by accessing FKJ’s work laptop after she’d been dismissed, and from an anonymous source. FKJ maintained that the messages had been obtained by hacking her WhatsApp account.
Dismissing RVT’s application to strike out FKJ’s claim, the High Court commented that the application was ‘without merit’ and, in some instances, ‘not worthy of serious consideration’. The judge commented that it seemed likely that the strike out application had been made ‘as an attempt to stifle a claim that [RVT] would prefer not to contest’.
The court held that, given the nature of the messages, it was obvious that they were communications in respect of which FKJ had a reasonable expectation of privacy. Such a finding was unaffected by the fact that they were on a work laptop. The messages had been obtained before the tribunal claim and only a fraction of them were relevant to that claim. There was no justification for their retention or use. RVT had an immediate duty to notify FKJ of the messages and deliver them to her. And even if the tribunal proceedings had been alive at the time when FKJ’s employer accessed the messages, it should have returned the messages either to FKJ or to her solicitor, who would then have disclosure obligations in relation to them.
Whether there is a legitimate expectation of privacy will always be fact sensitive. And this was an interim decision only and it remains to be seen whether FKJ will be successful when the substantive merits of the case are heard. Whilst a properly drafted IT policy may allow employers to access anything on a work laptop, even personal information, once they had found these messages the employer should have returned them to FKJ’s representatives who would then be under a duty to disclose them during the proceedings.
Any misuse of private information could expose an employer to data protection issues given that the GDPR requires that personal data is obtained, held, and processed fairly and lawfully.