Information Commissioner's Office
Blog: Information Commissioner’s investigation into the Metropolitan Police Service’s Gangs Matrix concludes with enforcement action
Gang violence is a matter of national concern – but the tools to tackle it must be fair, fit for purpose and above all, trusted by those communities at most risk
Violent gang crime in London is a matter of national concern. At a time when children are tragically being murdered on the streets and with nearly 200 gangs operating in London, this is a very real and immediate concern and the challenges faced by the Metropolitan Police Service cannot be underestimated. I have the utmost respect for the officers of the Met who work tirelessly to keep people safe.
Gang crime demands a robust response from the police, and as the gangs and their methods evolve, so too do the tools used by the Met to tackle it. But these tools must be fit for purpose and proportionate. The law requires personal data rights to be respected. And that law does not put barriers in place for legitimate law enforcement responses.
That is why my office investigated the Met’s Gangs Matrix; a database that records intelligence related to gang members. And what we found ran deep to the fundamental principles of data protection law.
Robert Peel, the founder of UK policing, said that for the public to have confidence in the police, the police should also be bound by the law. This includes the law on data protection.
We found that, whilst there was a valid purpose for the database, the way it was being used across Boroughs failed to comply with data protection laws and the Met’s own rules.
The Matrix can be shared with local councils, housing associations, and education authorities. And when shared, simply being on this database could lead to denial of services and other adverse consequences. Data sharing between the police and other public bodies is necessary, but in this case and all cases, that must be done within the law.
My investigation revealed serious breaches of data protection laws with the potential to cause damage and distress to the disproportionate number of young, black men on the Matrix.
For me it comes back to fairness; how people – both alleged gang members and alleged victims - end up on the matrix, how their personal data is shared, and whether that is done appropriately. What my investigation revealed was serious breaches of data protection laws with the potential to cause damage and distress to those on the matrix.
Ignoring people’s fundamental data rights erodes trust and confidence, which risks alienating the communities the Met serves. Building trust with communities to tackle gang crime comes from people knowing that engaging with the police will not have adverse consequences. Knowing that their personal information will not be shared unnecessarily, knowing that their chances of getting housing or a job will not be damaged, and knowing that they have won’t be discriminated against, simply because they’ve included in the Matrix.
People must also know that in the ICO they have an effective regulator. And that includes holding police forces to account to make sure that they meet their obligations to use and look after personal data fairly and responsibly.
My office has issued an Enforcement Notice, ordering the Met to make significant changes to the ways in which it uses the Matrix to bring it into compliance with data protection law. This includes making sure that the Matrix clearly distinguishes between victims of crime and offenders, which is not always the case at present. The Met must also delete any informal lists being kept of people who no longer meet the criteria for being on the Matrix. And the Met must review how information in the Matrix is shared with other public bodies, to evaluate whether the sharing is necessary and justified, and that any public bodies receiving the Matrix information understand how to properly interpret it.
The effects on individuals are serious and far-reaching. My office’s work will not end here. We are launching a separate investigation into how police information about gangs is used by other public bodies, such as local councils. We are already investigating a data breach at Newham Borough Council involving the Matrix.
This problem of gang crime cannot be solved overnight or in isolation of the principles of policing and respect for data protection. If people do not have trust and confidence in the police to look after and use their personal data properly in the first place, then their effectiveness at tackling violent crime is at serious risk.
I welcome the commitment of the Met to work with us to ensure the Matrix is brought into compliance with data protection law; this is positive and an important step in gaining the support of Londoners to help tackle violent crime on their streets.
Elizabeth Denham was appointed UK Information Commissioner on 15 July 2016, having previously held the position of Information and Privacy Commissioner for British Columbia, Canada.
Latest News from
Information Commissioner's Office
ICO fines firms for sending more than 2.7 million spam text messages during the pandemic05/03/2021 15:05:00
Two separate companies that sent nuisance text messages during the Covid-19 pandemic have been fined a total of £330,000 by the Information Commissioner’s Office (ICO).
From facial recognition technology to children online: regulating data protection in 202103/03/2021 16:25:00
ICO urges businesses to act now as Children’s Code comes into force in six months03/03/2021 12:25:00
Initial findings from industry research set up by the Information Commissioner’s Office (ICO) show that three quarters of businesses surveyed are aware of the Children’s Code.
Guest blog: Working for a regulator like the ICO02/03/2021 12:25:00
As the ICO seeks to employ a Post Doctoral Research Fellowship in Artificial Intelligence (AI), the former post holder, Professor Reuben Binns, reflects on his time in the role.
ICO's blog on its information rights work25/02/2021 12:25:00
Colleagues from the ICO’s FOI Directorate share their experiences and involvement in raising awareness of our regulation of access to information legislation.
ICO statement in response to the publication of a draft adequacy decision from the European Commission22/02/2021 10:20:00
The European Commission has published its draft UK adequacy decisions. If adopted these decisions will allow for continued free flow of personal data from the EU into the UK.
ICO launches data analytics toolkit17/02/2021 15:20:00
The Information Commissioner’s Office (ICO) is urging all organisations considering using data analytics on personal data to look at its new toolkit.
ICO issues fines totalling £270,000 to firms making nuisance calls15/02/2021 12:25:00
The Information Commissioner’s Office (ICO) has issued fines totalling £270,000 to two separate companies for making unlawful marketing calls to numbers registered with the Telephone Preference Service (TPS).