Two UK police forces have been reprimanded by the country’s data protection regulator after covertly recording over 200,000 phone calls with victims, witnesses and suspected perpetrators of crimes.
The Information Commissioner’s Office (ICO) said that Surrey Police and Sussex Police would normally have been fined £1m ($1.2m) for the unlawful, unfair and in many cases unnecessary collection of personal data.
However, the regulator is trialling a new approach to public sector enforcement which focuses on public reprimands over monetary penalties.
Read more on police data privacy failings: ICO Reprimands Metropolitan Police for Data Snafu.
The problems stemmed from the use of an app which recorded all incoming and outgoing phone calls. The ICO claimed that 1015 staff members across the two forces downloaded the app onto their work mobile phone, where it automatically saved recordings of hundreds of thousands of calls.
Police officers using the app were apparently unaware that all calls were being recorded and interviewees were therefore not informed. That meant they were not able to give informed consent about their personal information being collected during the calls.
“People have the right to expect that when they speak to a police officer, the information they disclose is handled responsibly. We can only estimate the huge amount of personal data collected during these conversations, including highly sensitive information relating to suspected crimes,” argued ICO deputy commissioner for regulatory enforcement, Stephen Bonner.
“This case should be a lesson learned to any organization planning to introduce an app, product or service that uses people’s personal data. Organizations must consider people’s data protection rights and implement data protection principles from the very start.”
In fact, after being made available in 2016, the app was originally intended for use by only a small number of officers, but Surrey Police and Sussex Police apparently made the decision to distributed it to all staff.
It was not until 2020 that the ICO became aware of the situation. The app has now been withdrawn from use and most recordings have been destroyed – other than those thought to contain important evidence.