Information Commissioner's Office
Blog: Information Commissioner’s investigation into the Metropolitan Police Service’s Gangs Matrix concludes with enforcement action
Gang violence is a matter of national concern – but the tools to tackle it must be fair, fit for purpose and above all, trusted by those communities at most risk
Violent gang crime in London is a matter of national concern. At a time when children are tragically being murdered on the streets and with nearly 200 gangs operating in London, this is a very real and immediate concern and the challenges faced by the Metropolitan Police Service cannot be underestimated. I have the utmost respect for the officers of the Met who work tirelessly to keep people safe.
Gang crime demands a robust response from the police, and as the gangs and their methods evolve, so too do the tools used by the Met to tackle it. But these tools must be fit for purpose and proportionate. The law requires personal data rights to be respected. And that law does not put barriers in place for legitimate law enforcement responses.
That is why my office investigated the Met’s Gangs Matrix; a database that records intelligence related to gang members. And what we found ran deep to the fundamental principles of data protection law.
Robert Peel, the founder of UK policing, said that for the public to have confidence in the police, the police should also be bound by the law. This includes the law on data protection.
We found that, whilst there was a valid purpose for the database, the way it was being used across Boroughs failed to comply with data protection laws and the Met’s own rules.
The Matrix can be shared with local councils, housing associations, and education authorities. And when shared, simply being on this database could lead to denial of services and other adverse consequences. Data sharing between the police and other public bodies is necessary, but in this case and all cases, that must be done within the law.
My investigation revealed serious breaches of data protection laws with the potential to cause damage and distress to the disproportionate number of young, black men on the Matrix.
For me it comes back to fairness; how people – both alleged gang members and alleged victims - end up on the matrix, how their personal data is shared, and whether that is done appropriately. What my investigation revealed was serious breaches of data protection laws with the potential to cause damage and distress to those on the matrix.
Ignoring people’s fundamental data rights erodes trust and confidence, which risks alienating the communities the Met serves. Building trust with communities to tackle gang crime comes from people knowing that engaging with the police will not have adverse consequences. Knowing that their personal information will not be shared unnecessarily, knowing that their chances of getting housing or a job will not be damaged, and knowing that they have won’t be discriminated against, simply because they’ve included in the Matrix.
People must also know that in the ICO they have an effective regulator. And that includes holding police forces to account to make sure that they meet their obligations to use and look after personal data fairly and responsibly.
My office has issued an Enforcement Notice, ordering the Met to make significant changes to the ways in which it uses the Matrix to bring it into compliance with data protection law. This includes making sure that the Matrix clearly distinguishes between victims of crime and offenders, which is not always the case at present. The Met must also delete any informal lists being kept of people who no longer meet the criteria for being on the Matrix. And the Met must review how information in the Matrix is shared with other public bodies, to evaluate whether the sharing is necessary and justified, and that any public bodies receiving the Matrix information understand how to properly interpret it.
The effects on individuals are serious and far-reaching. My office’s work will not end here. We are launching a separate investigation into how police information about gangs is used by other public bodies, such as local councils. We are already investigating a data breach at Newham Borough Council involving the Matrix.
This problem of gang crime cannot be solved overnight or in isolation of the principles of policing and respect for data protection. If people do not have trust and confidence in the police to look after and use their personal data properly in the first place, then their effectiveness at tackling violent crime is at serious risk.
I welcome the commitment of the Met to work with us to ensure the Matrix is brought into compliance with data protection law; this is positive and an important step in gaining the support of Londoners to help tackle violent crime on their streets.
Elizabeth Denham was appointed UK Information Commissioner on 15 July 2016, having previously held the position of Information and Privacy Commissioner for British Columbia, Canada.
Latest News from
Information Commissioner's Office
Blog: Advancing the adtech debate from a data protection perspective13/02/2019 09:10:00
Simon McDougall, Executive Director for Technology Policy and Innovation, invites adtech industry stakeholders to a fact-finding forum.
Housing developer fined for ignoring data request08/02/2019 16:20:00
Organisations have been reminded they could face a criminal prosecution if they fail to respect the public’s legal right to access their personal information.
Blog: Show you mean business by paying the Data Protection Fee08/02/2019 12:20:00
Paul Arnold, ICO Deputy Chief Executive explains to small businesses why they need to pay the data protection fee.
ICO to audit data protection practices at Leave.EU and Eldon Insurance after fining both companies for unlawful marketing messages01/02/2019 15:20:00
The Information Commissioner’s Office (ICO) has issued fines totalling £120,000 to an EU referendum campaign and an insurance company for serious breaches of electronic marketing laws and is set to review how both are complying with data protection laws.
Blog: ICO regulatory sandbox31/01/2019 13:20:00
In November the ICO published an analysis of the call for views on our proposed regulatory sandbox.
ICO celebrates the success of innovative data protection projects on Data Protection Day 201928/01/2019 15:20:00
Innovative data protection projects funded by the ICO are making a real difference to public trust and confidence in privacy issues.
Blog: How will personal data continue to flow after Brexit?28/01/2019 11:10:00
Elizabeth Denham's latest blog busts the myths for UK small and medium sized businesses transferring personal data to and from the EEA
Blog: Openness by Design: ICO’s access to information strategy is published for consultation15/01/2019 14:25:00
Gill Bull introduces the ICO’s proposed strategy for the next three years and invites comments to help inform a final version to be launched later in 2019.