A new biometrics report has revealed police in Scotland hold an estimated 3 million images amidst a warning over the ‘proportionality’ of retaining such a vast database.
Scottish Biometrics Commissioner Dr Brian Plastow has raised concerns over Police Scotland’s practice of data retention in a new report laid down at the Scottish Parliament.
Dr Plastow, a former police officer, revealed his findings in an Assurance Review, which indicated that images are by far the biggest volumes of personal biometric data held by the force – and could be significantly higher than estimated.
He said: “There are concerns around the necessity and proportionality of retention policies for images.
“Police Scotland and the SPA [Scottish Police Authority] have established a weeding and retention practice for convicted persons, which follows CHS [Criminal History System] conviction retention periods. This means that there is a risk that images could be retained longer than necessary.
“All reviewed bodies are aware of this issue. Police Scotland’s work on deletion of images not linked to a live prosecution or conviction is ongoing. The SPA FS [Forensic Services] has introduced a manual workaround to ensure weeding is compliant with the 1995 Act and the SBC Code of Practice.”
Dr Plastow highlighted that no “overarching strategy” has been developed by the force and the Scottish Police Authority’s forensic services division with respect to the management of biometric data, including DNA, fingerprints, and in ‘certain circumstances’ images.
He said that unlike DNA and fingerprints, which are largely held in centralised and automated databases, images and recordings are held in different formats and databases, including hard copy. He warned that an underinvestment in ‘ICT solutions’ was hampering the force in its ability to provide effective management of data.
Dr Plastow also raised concerns that police are not being effectively trained in biometrics data management.
He said: “During our review, we found that Police Scotland had not yet provided any training to staff on the applicability of the Scottish Biometrics Commissioner’s Code of Practice, on the Commissioner’s authority to investigate complaints about failure to comply with the Code, and on observing the information rights of data subjects especially where biometrics are obtained without consent, including because of arrest.”
He added that Police Scotland has not yet used controversial live facial recognition technology capable of ‘mass public space surveillance’ but that it should be available to the chief constable as a strategic or tactical option where there is a ‘significant threat’ public safety or security.
He also raised concerns over the Scottish Government’s Digital Evidence Sharing Capability (DESC) programme – which seeks to streamline the sharing of digital evidence between justice agencies, including courts and the police. He said the cloud-based system, hosted in the US, could be in breach of UK data protection laws, and that he was awaiting a ruling by the Information Commissioner.
In numbers:
- In September 2023, there were 646,935 images relating to 382,052 people within the Police Scotland Criminal History System. This data is replicated in the UK Police National Database (PND) system. However, this number reflects custody episodes when an arrested person is brought into police custody and charged with an offence. Where persons are arrested but not charged, the police do not capture their image or any other biometric data.
- In October 2023, there were 56,158 images on the Violent Sexual Offenders Register
(ViSOR) for managed Registered Sexual Offender nominals and another 62,388 archived Registered Sexual Offender nominals managed by Scottish Agencies. In October 2023, there were 27,996 Police Scotland images in the UK video identification parades electronic recording system (ViPER). - In October 2023, there were 9.5 Tb of data covering 2.000 ‘incidents’ in the camera data and video manager database for Body Worn Video. Images are also held in a number of Police Scotland systems described further in the report. For these, it is not possible to determine the exact number and location. However, we can estimate that Police Scotland held more than three million images in 2023.