Increasingly, police will neither confirm nor deny that they hold personal data on activists. Netpol believes there is a policy of deliberately avoiding data protection responsibilities until after a Supreme Court hearing in December
In March, Netpol relaunched our call for campaigners and activists to submit Subject Access Requests (SARs) under data protection legislation, to discover if a record is held on them on the National Domestic Extremism Database and by domestic extremism units in different police forces. We are also keen to reveal the extent of inaccuracies or trivial information in any data that the police hold.
Many of the responses people have obtained are illuminating, displaying a pattern of overt surveillance by Forward Intelligence Teams (FIT) stretching back for many years. Other requests have revealed the retention of publicly available information from newspaper articles, updates on Twitter feeds and blog posts. However, we have also noted a trend within the police – the Metropolitan Police in particular – of growing reticence about disclosing information. Instead they seem increasingly ready to hide behind a policy of ‘neither confirming nor denying’.
More and more people who have requested data from the Met have told us over the last two months that, after waiting patiently for months for a response, the information they received has been minimal or non-existent – even in circumstances where they know they have been subject to police surveillance. Instead they have been given the following statement
“The Data Protection Act places an obligation on the MPS to provide you with a copy of that information, unless disclosing such data would be likely to prejudice the prevention and detection of crime and / or the apprehension or prosecution of offenders.
From the personal details supplied in your request, there is no information the Commissioner is required to supply you.”
This is not the same as saying there is no information held: it suggests that there may or may not be information held by the police, but if there is, they are not going to release it anyway. This statement has caused anxiety in some cases as people have made the reasonable assumption that this must mean their data is connected to some ongoing investigation. Considering the frequency that this response is now used by the Met, this would seem to be unlikely. Instead, the police are apparently misusing an exemption to the Data Protection Act that was designed to protect live investigations.
The information sought by most activists who have successfully made requests for their data is neither sensitive or covertly obtained and does not reveal previously unknown or critical facts about police operations. Instead, the bulk of the information was obtained by observation and overt surveillance at public events, by uniformed and fully visible Forward Intelligence Teams. It seems extremely unlikely that the information they gather – a individual’s presence on a demonstration, their photograph, their behaviour or associations – could possibly pose a serious threat to on-going police operations. Certainly the police cannot lawfully use the claim of ‘preventing and detecting crime’ as a blanket excuse for refusing to disclose any information at all.
The Metropolitan Police may well hope that, on receiving an inconclusive and confusing response, most people will simply give up on exercising their rights under the Data Protection Act and accept that the police will never provide the data accumulated on them. We know the Met has claimed to the Information Commissioners Office that it is ‘overwhelmed’ by SARs and is struggling with a backlog they would really like to clear. However, people have paid for the privilege of gaining access to their own data, and the Met has a legal responsibility to respond.
Netpol strongly suspects that the Met is deliberately avoiding its data protection responsibilities until it knows the decision in the Supreme Court case involving John Catt, which will be heard in early December this year. This case involves a Brighton peace campaigner with no criminal history, known for making sketches at protests. He attended demonstrations called by the organisation Smash EDO where he was noted and identified by the forerunner of the current National Domestic Extremism and Public Disorder Intelligence Unit – at that time called the National Public Order Intelligence Unit (NPOIU).
When John made a subject access request under the Data Protection Act, the NPOIU was found to hold details of his appearance, his vehicle, demonstrations of other he had attended and other personal details. FIT officers had also taken and retained details about his daughter who went with him to protests and the vehicle registration number of their car – the movements of which were then tracked using police automatic number plate readers (ANPR). In total, there were 66 separate entries on the intelligence database.
In March 2013, the Court of Appeal ruled that gathering and retaining information about John Catt’s political activity was unlawful. At December’s Supreme Court hearing, the Met is seeking to reverse the Court of Appeal decision. The case is an important one, because a victory for the Metropolitan Police will make it significantly easier for them to obtain and retain data about protesters. If, on the other hand, the Supreme Court upholds the Court of Appeal decision, the police will struggle to justify the blanket collection of data on individuals taking part in political protest.
We believe it is possible the Met have decided to disclose as little as possible until the case has been settled, the legal position has been clarified and they know how much of our data they are lawfully permitted to keep.
In any case, Netpol’s advice to people who have made subject access requests to any UK police force under the Data Protection Act is to stay persistent. Don’t let yourself be fobbed off by police deliberately trying to subvert the law. We recommend that if you are unhappy with the response you receive, you write back asking them
- To consider whether it is lawful and reasonable to use the exemption under the Data Protection Act for the prevention and detection of crime to justify a blanket refusal to supply personal data
- To consider afresh whether there is any data they are able to disclose which would not be likely to be prejudicial to the prevention and detection of crime.
Specifically, if you have been told by the Metropolitan Police that there is “no information the Commissioner is required to supply you”, ask the Met to clarify is this means it holds no information about you; or whether this means it does but is unwilling to disclose it, along with an explanation of what reasons under the Data Protection Act they are refusing to make a disclosure.
We also urge activists to write to the Information Commissioners Office to complain that the police are misusing the exemption under the Data Protection Act for the prevention and detection of crime to justify a blanket refusal to supply personal data.
If you haven’t yet made a request for your data, don’t let the obstacles thrown up by deter you. Read Netpol’s guidance on making a Subject Access Request and submit one as soon as possible – you may have to wait some time for a reply!