The Metropolitan Police Service has been given six months to get its use of its Gangs Matrix database into line with data protection rules after an investigation found it was “unclear and inconsistently applied”, confusing for those using it, and lacked “effective central governance” for several years, resulting in “risk of damage or distress” to people on it.
The Information Commissioner’s Office (ICO) has issued an enforcement notice, compelling the Met to comply with data protection laws in future after acting on concerns raised in October 2017 by Amnesty International.
The Gangs Matrix records the full names, dates of birth and home addresses of alleged gang members in the capital, along with intelligence about whether they are prolific firearms offenders or knife-carriers. It is compiled from the individual matrixes of the 32 boroughs into a London-wide intelligence pool.
The ICO identified a failure of the central matrix to “clearly distinguish between the approach to victims of gang-related crime and the perpetrators” and a failure to distinguish between people assessed as high risk and low risk, creating “the potential for disproportionate action to be taken against people no longer posing a risk”.
Other shortcomings included “an absence, over several years, of effective central governance, oversight or audit of data processed” which led to “risk of damage to distress” to people included on the database and a “blanket sharing” of information with “third parties” ungoverned by agreements about how the data should be handled and used.
It was also discovered that some boroughs had kept “informal” lists of people who had been removed from the Matrix because intelligence had shown they were no longer active gang members, and continued to monitor them anyway.
“Serious breaches of data protection laws” had “the potential to cause damage and distress to the disproportionate number of young, black men on the Matrix,” the ICO says, adding that the absence of an equality impact assessment meant the Met was unable to show that it had considered “issues of discrimination or equality of opportunity” in this context.
The ICO says that the Met already has an “action plan” underway to address its shortcomings and has stopped sharing Gangs Matrix personal data with third parties when there is no sharing agreement in place.
The ICO’s deputy information commissioner of operations, James Dipple-Johnstone, said that, “Clear and rigorous oversight and governance is essential, so the personal data of people on the database is protected and the community can have confidence that their information is being used in an appropriate way.”
London Assembly member Siân Berry, who has been supporting Amnesty’s work on the running of the Gangs Matrix, described the ICO findings and enforcement notice as “absolutely scathing”. The full enforcement notice can be read via here.