A meeting of the embryonic Automatic Number Plate Recognition privacy advisory group on 10 November was told that the Metropolitan Police are planning to delete of some 4 billion items of vehicle movement data, most held years beyond their retention date and no longer usable for crime fighting. The existence of this Automatic Number Plate Recognition (ANPR) data cache dating from 2012 in the National CT ANPR System known as the ‘Olympic Feed‘ was first revealed to the general public in a response to a Freedom of Information Act request made in 2015 through the What Do They Know website.
I am grateful to DCC Paul Kennedy, National Lead for ANPR for his leadership responding to my challenges since that time and to his team for implementation, particularly officers in the Met Police. The police have engaged with me and other civil society actors in a transparent manner. I have recorded progress on this website. Lorna Woods, University of Essex Professor of Internet Law in a recent article illustrated the many legal challenges facing ANPR, operating as it does without specific legislation. Technical problems with the (very securely held) historic cache of data at the Met have apparently rendered it unusable.
4 billion items, each recording a person on their journey is likely to be one of the world’s largest, possibly the largest public sector data deletions.
I strongly support the need for ANPR to fight crime, but the power of the largely covert system is such that it needs to be managed and overseen in a transparent and independent manner. The steps DCC Kennedy is taking to set up an Advisory Board for ANPR are welcome as is the support of Tony Porter the Surveillance Camera Commissioner. But much more needs to be done to put ANPR on a safe and secure statutory footing with its own legislation leading to governance with an independent and ethical component proportionate to the substantial scale of surveillance. It seems that the National ANPR leadership structures want this to happen too and are moving in the right direction.
This planned deletion shows that for all its flaws, aspects of the Data Protection Act and interplay with human rights law in the UK work. But this large repository of data should not have been allowed to accumulate in the first place – illustrating the gaps where the DPA interacts with security and surveillance that Professor Woods described. The powers and to some extent the role of the Information Commissioner’s Office as regulator and at the same time advisor is also tested as they have long been aware of the over retention of billions of records.
The Home Office and Crime and Justice Sector in general need an over-arching review of their work with the data they collect in the course of their work, how they access, retain and use it. The Investigatory Powers Bill, whether one agrees with it or not, was a step in this direction. But ANPR was outside the IP Bill scope as is vast majority of the Criminal Justice System data work. Much of the CJS is closed to FOI, limiting the scope for civil society to scrutinise and hold it to account. I am concerned that if a system as large as ANPR fell into keeping billions of records of citizens movements beyond their retention date, then other criminal justice system data systems will have made similar decisions that the public they are intended to serve do not know about.
- So what does the digital charter mean? - 21st June 2017
- Hyperlocal blog can help hold power to account in tower block blaze - 14th June 2017
- A vision for regulating the digital sphere after Brexit? - 6th April 2017