The High Court has ruled that the policy on the retention of personal data is unlawful, and warned of its negative impact. So why, instead of issuing new guidance that would have cracked down on police overstepping the mark, has the government chosen to champion new legislation that will similarly trample the rights of innocent people? Anna Mazzola and Najma Rasul report
May was a bad month for innocent people. The Metropolitan Police quietly introduced a policy of retaining data from detainees’ phones, even if those people are released without charge. A few weeks later, the courts said that the police could retain the records of an 87-year-old protester, even though he had committed no crime. And there are still no clues as to when the government will enact the laws that require the police to delete the biometric information of one million innocent people. All of this comes at a time when the Home Office is proposing that private companies should stockpile ‘communications data’ for the entire population instead of those suspected
In mid-May, it was reported that the Met and many other police forces have introduced new software to download information from the handsets of those taken into custody. The data – which includes call histories, contacts and texts, plus website histories and email content from smart phones – can then be stored indefinitely, even if the owner is not charged with any crime.
This is worrying. Retention of this data is likely to be unlawful unless there is reasonable suspicion that a phone was used in criminal activity. Even where there is such a suspicion, retention has to be proportionate. There does not, for example, seem to be any provision for diverging from the policy where the detainee is a child. Simply applying a blanket policy, as the police seem to be doing, is likely to attract the same criticism as the European Court of Human Rights dished out in S and Marper v UK 30562/04  ECHR 1581. In that case, the European Court held that holding DNA samples of individuals who are arrested but later acquitted or have the charges against them dropped is an unlawful interference with article 8 of the European Convention on Human Rights (ECHR), the right to privacy. In the more recent case of R (GC) v Commissioner of Police of the Metropolis  UKSC 21, the Supreme Court confirmed that the indefinite retention of the claimants’ DNA and fingerprints was an unjustified interference with their rights under article 8 ECHR and that the guidelines on retention of DNA and fingerprints were unlawful.
Running out of time
The government eventually introduced amendments to the law via the Protection of Freedoms Act 2012. But, while the Act received the Royal Assent in May, there is no indication as to when the government will introduce the secondary legislation to bring the changes into force. In the meantime, police forces continue to apply the exceptional cases procedure, by which data is only deleted on very narrow grounds.
Given that the Marper judgment was in December 2008, the government and police are running out of time to put this right. Two recent judgments from the UK courts confirm that this is an issue that won’t
On 30 May, the Administrative Court handed down its decision in Catt v Association of Chief Police Officers and Commissioner of Police of the Metropolis  EWHC 1471 (Admin). The case concerned whether information retained on the National Domestic Extremism Database about John Catt’s attendance at various protests infringed his right to privacy. Police officers had overtly gathered information (including photographic and video material) at protests by a campaign group called Smash EDO. The police then compiled reports on the protests, identifying a number of individuals including Mr Catt.
The key issue was whether there
was an interference with Mr Catt’s article
8 rights, and, if so, whether this interference was justified. The court said no on both counts. It accepted at face value the
police’s argument that they needed to
retain the information because Mr Catt
had “close association with violent members of Smash EDO”. The second
factor against article 8 being engaged
was supposedly the “public nature” of protest itself. The third was the violent disorder that they claimed characterised Smash EDO’s activities.
The court concluded that Mr Catt’s
rights under article 8(1) were not engaged
at all and that, even if they had been,
this would be “amply justified” under article 8(2). Worse still, Gross LJ stated
that, even after the Smash EDO
campaign had concluded, “it may yet
be justifiable to retain some or all of
The judgment will no doubt be read by the police as legitimising the surveillance of anyone who participates in protests. Particularly worrying was the court’s unwillingness to probe how records are held or the way in which the data may be used. At present, the National Domestic Extremism Unit operates without any system of public accountability and yet the information retained may be disclosed to many other authorities, including the Criminal Records Bureau (and from
there to employers). Data may also be shared with other countries, even
more so when the UK implements
the Prüm Convention on cross-border cooperation.
Good job, then, that in a judgment handed down on 22 June 2012, two High Court judges took a rather different attitude to the police’s retention of personal data. In R (on the application of) RMC and FJ v Commissioner of Police and Secretary of State for the Home Department  EWHC 1681 (Admin), an elderly woman (RMC), and a 15-year-old boy (FJ) challenged the police’s decision to retain their custody photographs even though they were never charged.
The court found that the keeping (although not the taking) of custody photographs for a substantial time was an unjustified interference with the claimants’ rights under article 8 ECHR and that the Code of Practice on the Management of Police Information issued by the home secretary and the linked guidance used by the Met were unlawful. The policy amounted to a disproportionate, blanket and indiscriminate procedure that allowed the police to retain photographs for at least six years, to be reviewed every ten years for RMC and potentially up to the age of 100 years for FJ.
The court was particularly concerned about the impact on young people and about innocent people being stigmatised, since the policy failed to draw a distinction between those convicted of an offence and those either not charged or acquitted
Ignoring the warnings
Despite this warning, the Home Office is trying to introduce new legislation that will require communication service providers (CSPs) like Virgin and BT to start collecting, storing and processing additional information (records of email, text and phone calls) about their customers. The Communications Data Bill – which has been dubbed the ‘snooper’s charter’ – would require private companies to collect information on billions of communications, information that a wide range of government departments could then access. As Liberty has pointed out, this amounts to “mass, blanket, surveillance of the population outsourced to the private sector”.
Let’s be clear. This is not a power that will be used only in relation to those suspected of terrorism or serious crime. Access to the data of innocent people will be granted to local authorities and hundreds of other public bodies for a wide range of purposes that have nothing to do with fighting crime or terrorism. The decision in RMC and FJ was a warning shot. We hope that the courts and the information commissioner will continue to remind the government that it cannot stockpile personal information on those never charged or convicted of any criminal offence simply because it might one day be useful to them.
Already registered? Login to access premium content