Privacy International Files ICO Complaint Over Secret Police Data Downloads

Privacy International has filed a formal complaint with the Information Commissioner’s Office (ICO) over police use of intrusive mobile phone extraction technology.

The rights group also issued complaints to the Home Office and the Independent Office for Police Conduct, following the findings revealed in its March report: Digital stop and search; how the UK police can secretly download everything from your mobile phone.

The report outlined the widespread practice of downloading data from users’ phones even if they are not suspected of a crime – often without consent or even their knowledge. Police are thought to use devices like the UFED Touch 2 manufactured by notorious Israeli firm Cellebrite.

Privacy International is arguing that the practice is in breach of current data protection laws and will also run counter to the forthcoming Data Protection Act 2018, which implements the GDPR into UK law post-Brexit.

After May 25, the ICO will have the power to levy fines of up to £17m or 4% of annual turnover in extreme circumstances.

It has already issued significant fines against UK police forces including Humberside Police, which was charged £130,000 after disks containing a video interview of an alleged rape victim went missing. A year ago, Greater Manchester Police was fined £150,000 after three DVDs containing footage of interviews with victims of violent or sexual crimes got lost in the post.

"A search of your phone will reveal so much more about you than a search of your home, so it is incredible that the police are doing it at a massive scale without warrants, without informing or asking people, without any regulation, without any clear legal basis, without any proper record keeping, and without any national statistics that might reveal biases and discrimination against minority groups,” argued Privacy International solicitor, Millie Graham Wood.

It is nothing short of a scandal. We wrote to the Home Office about this issue four weeks ago and have received no response. While they may be busy trying to address other aspects of their hostile practices, this is something they must also deal with urgently.”

She added that sensitive information on contacts stored in users’ phones could also come into the possession of the police thanks to this practice, further exposing it to data protection risk.

“That the police are potentially taking all this data unlawfully and in breach of basic data protection safeguards is a worrying reflection on the attitude of the police towards our most sensitive and personal information,” concluded Graham Wood. “We are looking to the Information Commissioner, The Independent Office for Police Conduct and The Home Office to address this scandal urgently."

Privacy International's letters can be found here.

What’s Hot on Infosecurity Magazine?