An investigation by the Information Commissioner’s Office (ICO) found that the Metropolitan Police Service’s (MPS) use of the Gangs Matrix led to multiple and serious breaches of data protection laws.
The investigation into the Gangs Matrix, a database that records intelligence related to alleged gang members, began in October 2017 after concerns were raised by Amnesty International.
The ICO found that, whilst there was a valid purpose for the database, the inconsistent way it was being used did not comply with data protection rules.
It has now issued an Enforcement Notice, compelling the MPS to ensure it complies with data protection laws in future and has given them six months to make these changes, which the MPS has accepted and already started to implement.
Deputy Information Commissioner of Operations, James Dipple-Johnstone, said:
“Protecting the public from violent crime is an important mission and we recognise the unique challenges the MPS faces in tackling this.
“Our aim is not to prevent this vital work, nor are we saying that the use of a database in this context is not appropriate; we need to ensure that there are suitable policies and processes in place and that these are followed.
“Clear and rigorous oversight and governance is essential, so the personal data of people on the database is protected and the community can have confidence that their information is being used in an appropriate way.”
The MPS’ operating model governs the use of the matrix across the Metropolitan area. Each of the 32 London boroughs operate their own Matrix, which are then compiled centrally to form a larger London-wide Gangs Matrix.
The personal data of people recorded on the Gangs Matrix includes; full names, dates of birth, home addresses, and information on whether someone is a prolific firearms offender or knife carrier.
The investigation found:
The MPS already has an action plan underway and has stopped sharing personal data on the Gangs Matrix with third parties, where there is no individual sharing agreement in place. They have committed to being more open about the database and are working with us to complete a Data Protection Impact Assessment.
The Deputy Commissioner added,
“I am pleased that the MPS has been co-operating with us and has committed to bringing the Gangs Matrix in line with data protection laws, and we will continue to work with them.
“I believe that by taking these steps and demonstrating that people’s data rights matter to them, the MPS will be able to build increased trust amongst their communities.”
Due to the timing of the case, it was dealt with under the provisions of the Data Protection Act 1998, and not the General Data Protection Regulation (GDPR) and 2018 Act that replaced it in May this year.
The ICO will also be launching a second investigation that focuses on how partners of the police handle information, such as that provided through the Gangs Matrix, and is already investigating a data breach at Newham Borough Council involving the Matrix.
The corac team
News and thoughts from Centaur House
Open Government Licence
In addition to our own posts we also post news content from selected government agencies.
We are pleased to include the following attribution statements in recognition of the content we use in the following categories:
"Contains public sector information published by the Health and Safety Executive and licensed under the Open Government Licence"
Environment Agency -
"Contains Environment Agency information © Environment Agency and database right"
Food Standards Agency
Plus other general .gov content:
"Contains public sector information licensed under the Open Government Licence v3.0".