The Information Commissioner’s Office (ICO) has added its voice to those raising concerns about how police forces use data from people’s mobile phones.
It has published a report on the issue, saying there are inconsistencies and questionable practices, and laying out a series of recommendations to provide a balance between investigations and data protection.
Among the problems it identifies are poor practices in information handling, with some forces having a default position of extracting as much data as is available rather than data specific to a case.
The ICO says it has identified practices that increase the risk of arbitrary intrusion and undermining public confidence; and that police forces are often inconsistent in how they approach the processes. This is partly because different laws for data protection, police investigation and evidence gathering can create conflicting priorities that make it more difficult to establish consistent and compliant practice.
Code and clarification
Its recommendations include better rules, ideally set out in a statutory code of practice, to provide greater clarity around what is expected; and that police forces should clarify the lawful basis they rely on to process data from mobile phones.
Others include: the police, Crown Prosecution Service and Attorney General’s Office should work on improving consistency of authorising data extracts; forces should adopt more robust policies on appropriate handling of the data; they should improve their engagement with individuals whose phones are about to be examined; and the technology they use should be updated to take account of ‘privacy by design’ principles. The latter should be accompanied by data protection assessments before any procurement or implementation of new hardware or software
The report says the information commissioner, Elizabeth Denham (pictured), will be writing to chief constables and police and crime commissioners urging them to consider the recommendations.
Denham commented: “Many of our laws were enacted before the phone technology that we use today was even thought about. The existing laws that apply in this area are a combination of common law, statute law and statutory codes of practice.
“I found that the picture is complex and cannot be viewed solely through the lens of data protection. As this report makes clear, a whole-of-system approach is needed to improve privacy protection whilst achieving legitimate criminal justice objectives.”
She added: “People expect to understand how their personal data is being used, regardless of the legal basis for processing. My concern is that an approach that does not seek this engagement risks dissuading citizens from reporting crime, and victims may be deterred from assisting police.”
Denham also acknowledged that the pressures of the Covid-19 pandemic will create the need for more time to put the recommendations into effect.
Image from ICO