Information Commissioner's Office
Blog: Information Commissioner’s investigation into the Metropolitan Police Service’s Gangs Matrix concludes with enforcement action
Gang violence is a matter of national concern – but the tools to tackle it must be fair, fit for purpose and above all, trusted by those communities at most risk
Violent gang crime in London is a matter of national concern. At a time when children are tragically being murdered on the streets and with nearly 200 gangs operating in London, this is a very real and immediate concern and the challenges faced by the Metropolitan Police Service cannot be underestimated. I have the utmost respect for the officers of the Met who work tirelessly to keep people safe.
Gang crime demands a robust response from the police, and as the gangs and their methods evolve, so too do the tools used by the Met to tackle it. But these tools must be fit for purpose and proportionate. The law requires personal data rights to be respected. And that law does not put barriers in place for legitimate law enforcement responses.
That is why my office investigated the Met’s Gangs Matrix; a database that records intelligence related to gang members. And what we found ran deep to the fundamental principles of data protection law.
Robert Peel, the founder of UK policing, said that for the public to have confidence in the police, the police should also be bound by the law. This includes the law on data protection.
We found that, whilst there was a valid purpose for the database, the way it was being used across Boroughs failed to comply with data protection laws and the Met’s own rules.
The Matrix can be shared with local councils, housing associations, and education authorities. And when shared, simply being on this database could lead to denial of services and other adverse consequences. Data sharing between the police and other public bodies is necessary, but in this case and all cases, that must be done within the law.
My investigation revealed serious breaches of data protection laws with the potential to cause damage and distress to the disproportionate number of young, black men on the Matrix.
For me it comes back to fairness; how people – both alleged gang members and alleged victims - end up on the matrix, how their personal data is shared, and whether that is done appropriately. What my investigation revealed was serious breaches of data protection laws with the potential to cause damage and distress to those on the matrix.
Ignoring people’s fundamental data rights erodes trust and confidence, which risks alienating the communities the Met serves. Building trust with communities to tackle gang crime comes from people knowing that engaging with the police will not have adverse consequences. Knowing that their personal information will not be shared unnecessarily, knowing that their chances of getting housing or a job will not be damaged, and knowing that they have won’t be discriminated against, simply because they’ve included in the Matrix.
People must also know that in the ICO they have an effective regulator. And that includes holding police forces to account to make sure that they meet their obligations to use and look after personal data fairly and responsibly.
My office has issued an Enforcement Notice, ordering the Met to make significant changes to the ways in which it uses the Matrix to bring it into compliance with data protection law. This includes making sure that the Matrix clearly distinguishes between victims of crime and offenders, which is not always the case at present. The Met must also delete any informal lists being kept of people who no longer meet the criteria for being on the Matrix. And the Met must review how information in the Matrix is shared with other public bodies, to evaluate whether the sharing is necessary and justified, and that any public bodies receiving the Matrix information understand how to properly interpret it.
The effects on individuals are serious and far-reaching. My office’s work will not end here. We are launching a separate investigation into how police information about gangs is used by other public bodies, such as local councils. We are already investigating a data breach at Newham Borough Council involving the Matrix.
This problem of gang crime cannot be solved overnight or in isolation of the principles of policing and respect for data protection. If people do not have trust and confidence in the police to look after and use their personal data properly in the first place, then their effectiveness at tackling violent crime is at serious risk.
I welcome the commitment of the Met to work with us to ensure the Matrix is brought into compliance with data protection law; this is positive and an important step in gaining the support of Londoners to help tackle violent crime on their streets.
Elizabeth Denham was appointed UK Information Commissioner on 15 July 2016, having previously held the position of Information and Privacy Commissioner for British Columbia, Canada.
Latest News from
Information Commissioner's Office
India-UK Future Tech Festival12/12/2018 15:15:15
Elizabeth Denham's speech to the India-UK Future Tech Festival in New Delhi.
Six month prison sentence for motor industry employee in first ICO Computer Misuse Act prosecution12/12/2018 12:20:00
A motor industry employee has been sentenced to six months in prison in the first prosecution to be brought by the Information Commissioner’s Office (ICO) under legislation which carries a potential prison sentence.
A statement from Information Commissioner, Elizabeth Denham in support of International Human Rights Day 201811/12/2018 09:10:00
This year is the 70th anniversary of the signing of the Universal Declaration of Human Rights (UDHR), which exists to create equal dignity and worth for every person.
Blog: Sleigh-ing the Christmas GDPR myths07/12/2018 14:10:00
In the latest of our series of GDPR myth-busting blogs, a new post by Deputy Commissioner (Policy) Steve Wood tackles some misconceptions which have sprung up around how the new data protection law might affect your Christmas.
Blog: ICO regulatory sandbox06/12/2018 15:25:00
Following our call for evidence and analysis of the submissions we received, work on the ICO Regulatory Sandbox continues with an event in the New Year to gather more detailed evidence, ideas and opinions.
Former headteacher prosecuted for unlawfully obtaining school children’s personal information06/12/2018 10:20:00
A former headteacher has been fined in court for unlawfully obtaining school children’s personal data from previous schools where he worked.
International Privacy Forum05/12/2018 16:15:00
Elizabeth Denham’s speech to the International Privacy Forum, a public event following the 50th Asia Pacific Privacy Authorities (APPA) Forum in Wellington, New Zealand on 4 December 2018.
ICO statement in response to Marriott Hotels breach announcement03/12/2018 12:20:00
ICO statement given recently (30 November 2018) in response to Marriott Hotels breach announcement.