View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Policy
November 19, 2018updated 24 Jun 2022 11:06am

Met Police’s “Gangs Matrix” in Breach of Data Protection Laws

ICO blasts absence of "effective central governance, oversight or audit of data"

By CBR Staff Writer

The Metropolitan Police’s gang-mapping database, known as the Gangs Matrix, has led to “multiple and serious breaches” of data protection laws, according to a report by the Information Commissioner’s Office (ICO).

Among its flaws, the ICO said, were that “the Gangs Matrix does not clearly distinguish between the approach to victims of gang-related crime and the perpetrators, leading to confusion amongst those using it.”

The ICO launched the investigation in October 2017 after human rights group Amnesty International challenged how the database was compiled and how details were shared with other agencies.

The Gangs Matrix, launched in the wake of the 2012 London riots, operates a traffic light system meant to function as a risk-assessment tool to assess and rank London’s suspected gang members, according to their ‘propensity for violence’. Individuals on the matrix are known as ‘gang nominals’.

The finding comes as London remains wracked by knife crime, with the highest levels recorded. There were 1,299 stabbings in London up to the end of April, according to official statistics from the Met Police.

Gangs Matrix: “Vague and Ill-Defined”

In its earlier 55-page report, Trapped in the Matrix, Amnesty had claimed: “Our research shows that the Gangs Matrix is based on a vague and ill-defined concept of ‘the gang’ that has little objective meaning and is applied inconsistently in different London boroughs.”

The group, which interviewed 30 users of the database, including police, local authority users and the voluntary sector, had added: “The Matrix itself and the process for… sharing data with partner agencies appears to be similarly ill-defined with few, if any, safeguards and little oversight.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

See also: UK Police Adoption of Tech a “Complete Mess”

It’s a position the ICO largely agreed with.

In a statement published Friday 16 November, the data protection watchdog listed a litany of issues with the database.

These include that police engaged in “blanket sharing with third parties” that failed to distinguish between those on the Gangs Matrix assessed as high-risk and those as low risk, with the “potential for disproportionate action to be taken against people no longer posing a risk”.

The ICO also blasted an “absence, over several years, of effective central governance, oversight or audit of data processed as part of the Gangs Matrix, resulting in risk of damage or distress to those on it”.

met policeThe ICO’s Deputy Information Commissioner of Operations, James Dipple-Johnstone, said: “Protecting the public from violent crime is an important mission and we recognise the unique challenges the MPS (Metropolitan Police Service) faces in tackling this.

“Our aim is not to prevent this vital work, nor are we saying that the use of a database in this context is not appropriate; we need to ensure that there are suitable policies and processes in place and that these are followed.”

Due to the timing of the case, it was dealt with under the provisions of the Data Protection Act 1998, and not the GDPR which replaced it in May this year.

The ICO will also be launching a second investigation that focuses on how partners of the police handle information, such as that provided through the Gangs Matrix, and is already investigating a data breach at Newham Borough Council involving the Matrix, it said.

Gangs Matrix: Met Police Response to ICO Findings

The Met Police said it “accepts the findings outlined in the Enforcement Notice by the Information Commissioner’s Office (ICO) issued this week and are working hard to address them.”

Deputy Assistant Commissioner for Met Operations Duncan Ball said: “We have already started work to ensure that we improve our data handling and information sharing with partners, who are also involved in community safety work.”

He added: “As well as addressing the concerns within the ICO report, we are also taking forward additional work including the introduction of a public facing website to explain the legal framework for the Gangs Matrix and further information to improve public confidence and transparency. We have a constructive relationship with the ICO and will continue to work with them as we go forward.”

The Met now needs to: Improve guidance to explain what constitutes a gang member and the intelligence required to demonstrate gang membership; ensure people’s data on the Gangs Matrix is clearly identified, to distinguish between victims of crime and actual or suspected offenders and ensure that any Gangs Matrix information shared with partner agencies is done so securely and proportionately.

It also needs to conduct a Data Protection Impact Assessment of the Gangs Matrix.

Read this: Morrisons Loses Data Breach Appeal: A “Serious Warning” for Business Leaders

Lead image (not a gangster) credit: Pawel Janiak, Creative Commons, via Unsplash. 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.