The Information Commissioner has investigated the process known as Mobile Phone Extraction (MPE), used by police forces when conducting criminal investigations in England and Wales. This followed concerns that:
• forces were inconsistent in their approach;
• there were poor practices in information handling, including an overly
wide approach to extracting data; and
• a reliance on consent as the basis for undertaking this task in
circumstances where it was not appropriate.
The aim of the investigation was to develop a detailed understanding of the
legislative frameworks, governance arrangements, operating practices and
challenges faced by those undertaking or affected by MPE. It also aimed to
provide further clarity about data protection law for those responsible for processing personal data in this context.
The investigation and its findings call into question the appropriateness of some of the current police practices in MPE. This report recommends that a number of measures are implemented across law enforcement in order to improve compliance with data protection law and regain some public confidence that may have been lost.
Whilst the investigation observed practice in only a limited number of police forces, it gathered sufficient evidence to conclude that there are inconsistent approaches and standards of compliance by forces. This raises concerns that there is no systematic approach to justifying privacy intrusion and demonstrating that it is balanced against legitimate law enforcement purposes.
Given the sensitive data processing involved, the observed police practices
increase the risk of arbitrary intrusion and impact standards of compliance when processing personal data extracted from mobile devices. This increases the risk that public confidence could be undermined.
You can download a copy of the report here – https://ico-newsroom.prgloo.com/resources/7wan1-nal7x-y30xg-aic6q-3w2hb