The Metropolitan Police’s gang-mapping database, known as the Gangs Matrix, has led to “multiple and serious breaches” of data protection laws, according to a report by the Information Commissioner’s Office (ICO).
Among its flaws, the ICO said, were that “the Gangs Matrix does not clearly distinguish between the approach to victims of gang-related crime and the perpetrators, leading to confusion amongst those using it.”
The ICO launched the investigation in October 2017 after human rights group Amnesty International challenged how the database was compiled and how details were shared with other agencies.
The Gangs Matrix, launched in the wake of the 2012 London riots, operates a traffic light system meant to function as a risk-assessment tool to assess and rank London’s suspected gang members, according to their ‘propensity for violence’. Individuals on the matrix are known as ‘gang nominals’.
The finding comes as London remains wracked by knife crime, with the highest levels recorded. There were 1,299 stabbings in London up to the end of April, according to official statistics from the Met Police.
Gangs Matrix: “Vague and Ill-Defined”
In its earlier 55-page report, Trapped in the Matrix, Amnesty had claimed: “Our research shows that the Gangs Matrix is based on a vague and ill-defined concept of ‘the gang’ that has little objective meaning and is applied inconsistently in different London boroughs.”
The group, which interviewed 30 users of the database, including police, local authority users and the voluntary sector, had added: “The Matrix itself and the process for… sharing data with partner agencies appears to be similarly ill-defined with few, if any, safeguards and little oversight.”
See also: UK Police Adoption of Tech a “Complete Mess”
It’s a position the ICO largely agreed with.
In a statement published Friday 16 November, the data protection watchdog listed a litany of issues with the database.
These include that police engaged in “blanket sharing with third parties” that failed to distinguish between those on the Gangs Matrix assessed as high-risk and those as low risk, with the “potential for disproportionate action to be taken against people no longer posing a risk”.
The ICO also blasted an “absence, over several years, of effective central governance, oversight or audit of data processed as part of the Gangs Matrix, resulting in risk of damage or distress to those on it”.
The ICO’s Deputy Information Commissioner of Operations, James Dipple-Johnstone, said: “Protecting the public from violent crime is an important mission and we recognise the unique challenges the MPS (Metropolitan Police Service) faces in tackling this.
“Our aim is not to prevent this vital work, nor are we saying that the use of a database in this context is not appropriate; we need to ensure that there are suitable policies and processes in place and that these are followed.”
Due to the timing of the case, it was dealt with under the provisions of the Data Protection Act 1998, and not the GDPR which replaced it in May this year.
The ICO will also be launching a second investigation that focuses on how partners of the police handle information, such as that provided through the Gangs Matrix, and is already investigating a data breach at Newham Borough Council involving the Matrix, it said.
Gangs Matrix: Met Police Response to ICO Findings
The Met Police said it “accepts the findings outlined in the Enforcement Notice by the Information Commissioner’s Office (ICO) issued this week and are working hard to address them.”
Deputy Assistant Commissioner for Met Operations Duncan Ball said: “We have already started work to ensure that we improve our data handling and information sharing with partners, who are also involved in community safety work.”
He added: “As well as addressing the concerns within the ICO report, we are also taking forward additional work including the introduction of a public facing website to explain the legal framework for the Gangs Matrix and further information to improve public confidence and transparency. We have a constructive relationship with the ICO and will continue to work with them as we go forward.”
The Met now needs to: Improve guidance to explain what constitutes a gang member and the intelligence required to demonstrate gang membership; ensure people’s data on the Gangs Matrix is clearly identified, to distinguish between victims of crime and actual or suspected offenders and ensure that any Gangs Matrix information shared with partner agencies is done so securely and proportionately.
It also needs to conduct a Data Protection Impact Assessment of the Gangs Matrix.
Read this: Morrisons Loses Data Breach Appeal: A “Serious Warning” for Business Leaders
Lead image (not a gangster) credit: Pawel Janiak, Creative Commons, via Unsplash.
