Welcome to GRIP, Global Relay’s new digital information service on practical compliance and regulatory change.

Please enjoy this free trial of our subscription content service, for a limited time only.

  

Rules

UK police forces reprimanded for recording over 200,000 calls without people’s knowledge

Two police officers looking down on a phone.
Photo: Getty Images

Martina Lindberg

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

About 1,1015 staff members of the Surrey and Sussex police forces used an app that automatically recorded phone conversations – possibly with victims, witnesses, and perpetrators of suspected crimes.

A reprimand has been sent to both Surrey Police and Sussex Police by the UK Information Commissioner’s Office (ICO) for unlawfully capturing personal data by using an app that was recording phone conversations without disclosure.

The app, that recorded all incoming and outgoing phone calls, was made available in 2016. But it wasn’t until June 2020 that the ICO became aware that all staff across both police forces had access to it.

“Sussex Police and Surrey Police failed to use people’s personal data lawfully by recording hundreds of thousands of phone calls without their knowledge.”

Stephen Bonner, ICO Deputy Commissioner – Regulatory Supervision

The app was originally intended to be used by a small number of specific officers, but Surrey Police and Sussex Police decided to make it available for all staff to download.

This meant a total of 1,015 staff members had the app on work mobiles, and more than 200,000 recordings of phone conversations were recorded and saved. These calls were likely to have been with victims, witnesses, and perpetrators of suspected crimes. However, not all officers were aware that the app would record all calls.

“Sussex Police and Surrey Police failed to use people’s personal data lawfully by recording hundreds of thousands of phone calls without their knowledge. People have the right to expect that when they speak to a police officer, the information they disclose is handled responsibly. We can only estimate the huge amount of personal data collected during these conversations, including highly sensitive information relating to suspected crimes,” said Stephen Bonner, ICO Deputy Commissioner – Regulatory Supervision.

Stephen Bonner, ICO Deputy Commissioner. Photo: ICO

In ‘normal’ outcomes, the ICO would have issued a £1m ($1.2m) fine to both Surrey Police and Sussex Police, however, in this instance, the regulator has applied its revised public sector approach to this case, giving the forces a formal reprimand instead.

“The reprimand reflects the use of the ICO’s wider powers towards the public sector as large fines could lead to reduced budgets for the provision of vital services,” said Bonner. “This case highlights why the ICO is pursuing a different approach, as fining Surrey Police and Sussex Police risks impacting the victims of crime in the area once again.”

Recordings destroyed

The app has now been withdrawn from use and most of the recordings, apart from those considered to be evidential material, have been destroyed.

“This case should be a lesson learned to any organisation planning to introduce an app, product or service that uses people’s personal data. Organisations must consider people’s data protection rights and implement data protection principles from the very start,” Bonner added.

In June last year, the ICO revised its approach to the public sector, aiming to reduce fines and encourage better collaboration with the sector – including publicising lessons learned and sharing good practice.

“I want to ensure my office remains a pragmatic, proportionate and effective regulator focused on making a difference to people’s lives.,” said John Edwards, UK Information Commissioner, at the time. “That means taking a more proactive and targeted approach with public authorities to ensure they are looking after people’s information while supporting their communities.”

, , , ,

You may also like