Metropolitan Police Data Retention and Usage Policies result in ICO Enforcement Notice

Published on: 20th November 2018
By PYXI GDPR Team


The Metropolitan Police Service have been issued with an enforcement notice from the Information Commissioner's Office to require them to address their data protection policies relating to the Gangs Matrix. This system stores and analyses data to monitor gang activity and identify principal persons of interest in the gang networks.

The ICO has judged that the data stored about the gangs, and people associated with the gangs is not being managed within the terms of the Data Protection regulations.

In particular concerns have been raised about a lack of data retention policy around this information and considers that aspects of the data retention within the system (specifically around victims of gang crime) are excessive and unjustified. They describe a situation in which there is insufficient differentiation between gang members and victims within the system. They also raised concerns about the sharing of information with other agencies in a "blanket and undifferentiated manner" and believe there is no necessity for this.

The MPS has been served notice to address these issues. Failure to do so will be a criminal offence.

PYXI GDPR Team: 20th Nov 2018 09:06:00