View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

The ICO is Concerned that Police Forces are Extracting Excessive Amounts of Data from Phones

"Police forces should implement measures to ensure that mobile phone data is managed in accordance with data protection legislation"

By CBR Staff Writer

An investigation by the Information Commissioner’s Office (ICO) has found that police forces in England and Wales are extracting “excessive” amounts of personal data from mobile phones and are storing it in a manner that is at odds with data protection laws.

Following an investigation into the process known as Mobile Phone Extraction (MPE) the data watchdog said it is concerned that police forces exhibited ‘poor practice’ when they handle sensitive information that has been taken from mobile phones.

A key concern of the ICO following a limited investigation of a number of police forces is that there is no “systematic approach to justifying privacy intrusion”. The ICO is worried that these intrusion into the public’s private data, without legitimate justifications, will have a significant impact on standards of compliance and run the risk that public confidence could be undermined.

Information Commissioner Elizabeth Denham said: “Many of our laws were enacted before the phone technology that we use today was even thought about. The existing laws that apply in this area are a combination of common law, statute law and statutory codes of practice.

“I found that the picture is complex and cannot be viewed solely through the lens of data protection. As this report makes clear, a whole-of-system approach is needed to improve privacy protection whilst achieving legitimate criminal justice objectives.”

The Law

A standard of policing was set out in 1829 by Sir Robert Peel who was trying to define an ethical police force and put forward the principles which should govern their actions. Peel stated that police forces should “maintain the respect and approval” of the public and seek cooperation when enforcing the law.

The ICO is concerned that currently the law does not “strictly require” that police forces take “proper account” of data privacy and protection when data is extracted from mobile phones.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

The ICO’s investigation found that: “The observed police practices increase the risk of arbitrary intrusion and impact standards of compliance when processing personal data extracted from mobile devices. This increases the risk that public confidence could be undermined.”

Elizabeth Denham added: “People expect to understand how their personal data is being used, regardless of the legal basis for processing. My concern is that an approach that does not seek this engagement risks dissuading citizens from reporting crime, and victims may be deterred from assisting police.”


In its report the ICO has laid out 13 recommendations to remedy the current situation and legal imbalance when police forces carry out mobile phone data extractions. Acknowledging the complexity of the issue the Commissioner is calling for the introduction of clearer rules and a statutory code of practice.

The regulator notes that the standards of Consent when it applies to data protection terms is ‘deliberately challenging.’

The report states: “This is to ensure that the individual has meaningful choice and control over how their data is used. The investigation found that the practices being adopted presently did not always demonstrate the conditions needed for Consent to be valid.”

It asks that the Crown Prosecution Service and the Attorney General’s Office ‘collaborate’ so that there is a more consistent approach when authorising data extractions.

The reports seventh recommendation highlights its concern for privacy intrusion and bluntly as it states that: “Police forces should implement measures to ensure that mobile phone data is managed in accordance with data protection legislation and retained no longer than necessary.”

The ICO has found that the technology used by police forces to extract mobile phone data needs to be update and that any future technology procurements should considered privacy concerns in their design.

Elizabeth Denham stated that: “While the work needed to implement my recommendations must not fall by the wayside, I am acutely aware that this report is issued at a time of unprecedented challenges flowing from the COVID-19 pandemic. I therefore acknowledge that the timeline for change will be longer than usual, but I am keen that we begin to make progress as soon as practicable, and I am committed to supporting that work at all stages.”

See Also: Scottish Police Roll Out Encryption-Busting Cyber Kiosks

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.