Face Off

In the first Parliamentary debate on police use of live facial recognition technology, significant concerns were raised in relation to the latitude afforded to chief officers in deploying the biometric artificial intelligence (AI) tool. Handley Gill’s specialist consultants, whose advice on the deployment of LFR was acknowledged during the debate, consider the implications of the new Labour government’s proposals to revisit the legislative and regulatory framework governing the deployment of live facial recognition by law enforcement.

Now you see me...

As police forces are encouraged by the government to expand their use of live facial recognition technologies, with the Prime Minister announcing additional funding, Handley Gill Limited’s specialist consultants consider the legal issues that arise and the actions that Chief Constables and forces must take prior to deploying or even procuring LFR for law enforcement purposes.

Nicola Cain15 April 2024Data Protection, Personal Data, Part 3 DPA 2018, Part 3 Data Protection Act 2018, Law Enforcement, Law Enforcement Processing, Police, Policing, Biometric data, Biometric Processing, Sensitive Processing, Human Rights, DATA PROTECTION ACT 2018, Human Rights Act 1998, Article 8, Article 8 ECHR, Article 8 European Convention on Human Rights, Article 14 ECHR, Article 14 European Convention on Human Rights, Facial Recognition, Live Facial Recognition, LFR, Public Sector Equality Duty, PSED, Discrimination, Bias, Surveillance, Surveillance Camera Commissioner, Biometrics Commissioner, Data protection impact assessment, DPIA, Appropriate Policy Document, Equality Impact Assessment, Community Impact Assessment, Human Rights Impact Assessment, Cyber Security Risk Assessment, Integrated Impact Assessment, Model Card, Algorithmic Impact Assessment, Algorithmic Transparency Report, Algorithmic Transparency, Data Processing Agreement, Data Sharing Agreement, Joint Controller Agreement, Privacy Policy, Privacy Notice, House of Lords Justice & Home Affairs CommitteeComment

Commended

Team at Handley Gill Limited receive an award commending the legal services provide to its client, the City of London Corporation acting in its capacity as police authority for the City of London Police in connection with the National Police Chiefs’ Council’s (NPCC’s) National Cybercrime Programme, which the City hosts.

Non-sequitur

Handley Gill’s specialist data protection consultants consider the conclusions and implications of the College of Policing’s review of Lancashire Constabulary’s handling of the investigation into the disappearance of Nicola Bulley for the processing of personal data for law enforcement purposes by police forces and other competent authorities under Part 3 Data Protection Act 2018.

PSNI Blues

Reflecting on the reprimand issued by the Information Commissioner against the Police Service of Northern Ireland (PSNI) for unlawfully transferring personal data processed for the law enforcement purposes under Part 3 Data Protection Act 2018 to the USA, Handley Gill’s consultants identify the elements of a compliance programme that would mitigate against such incidents and have produced a downloadable pdf illustrating each lawful basis for transferring personal data processed under Part 3 DPA 2018 overseas.

U-turn?

Handley Gill summarises the Government's publication of its response to the ‘Data: A New Direction’ consultation, previewing the content of the forthcoming Data Reform Bill, which was proposed in ‘The Benefits of Brexit’ policy paper and formally announced in the Queen’s Speech 2022.

Nicola Cain22 June 2022Personal Data, UK GDPR, UK General Data Protection Regulation, Data Protection Act 2018, DPA 2018, PECR, Privacy and Electronic Communications Regulations, Data: A New Direction, Data Protection Reform, BREXIT, National Data Strategy, Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, Article 89 UK GDPR, Recital 159 UK GDPR, Recital 33 UK GDPR, Article 14 UK GDPR, Recital 62 UK GDPR, Disproportionate effort, Article 6(1)(f) UK GDPR, Political processing, Article 6 UK GDPR, Special Category Personal Data, Schedule 1 Data Protection Act 2018, Anonymity, Anonymous Data, Article 4(1) UK GDPR, the Council of Europe’s Convention 108, the Council of Europe Convention 108, Privacy management programme, Data Protection Officer, Article 37 UK GDPR, Data Protection Impact Assessment, DPIA, Article 35 UK GDPR, Article 30 UK GDPR, Records of Processing Activities, Article 36 UK GDPR, Prior Consultation, Article 12(5) UK GDPR, Manifestly Unfounded or Excessive, Article 45(2) UK GDPR, International data transfers, Adequacy Decision, s.17B(1) Data Protection Act 2018, Alternative Transfer Mechanisms, Article 46 UK GDPR, Law enforcement processing, Part 3 Data Protection Act 2018, Part 4 Data Protection Act 2018, Cookie Consent, Regulation 6 Privacy and Electronic Communications Regulations, Regulation 22(2) Privacy and Electronic Communications Regulations, Soft Opt-In, Marketing, Regulatory Enforcement, Information Commissioner, Statutory Duties, Statement of Strategic Priorities, Expert Panel, Technical Reports, Notice of Intent, Final Penalty Notice, AI, Artificial Intelligence, Article 22 UK GDPR, Automated Processing, Voluntary Undertakings, Data Breach Reporting, Article 33 UK GDPR, Article 15 UK GDPR, Data Subject Access Request, Reverse Transfers, Article 49 UK GDPR, Derogations, s.35 Digital Economy Act 2017, Data Sharing, Algorithm Transparency, Schedule 1 Part 2 Data Protection Act 2018, Substantial Public Interest, Biometric Data, Impact Assessments, Legitimate Interests Assessment, Biometrics Commissioner, Smart Data Schemes, Data Intermediaries, Article 46(2)(f) UK GDPR, Certification Regime, Surveillance Camera Commissioner, Schedule 16 paragraph 2(2) Data Protection Act 2018, Data Protection & Digital Information BillComment

Who's Under Investigation?

The Information Commissioner recently published an opinion, 'Who’s Under Investigation? The processing of victims’ personal data in rape and serious sexual offence investigations', which calls on the police, CPS and other prosecution agencies to overhaul their approach to the obtaining and retention of victim personal data.

Nicola Cain13 June 2022Data Protection, Personal Data, Data Protection Act 2018, Part 3 Data Protection Act 2018, Law enforcement processing, Information Commissioner, Police, Training, Consent, Lawful Basis for Processing, Criminal Justice System, Victims, Witnesses, Law EnforcementComment

Taking a wrong turn? Government pursues data protection reform

The Government has today (10 May 2022) announced in the Queen’s Speech that further to its consultation ‘Data: A New Direction’ it will bring forward legislation in this Parliamentary session to reform the UK’s data protection law (the UK GDPR, Data Protection Act 2018 and Privacy and Electronic Communications Regulations) which has been adopted virtually wholesale from the European General Data Protection Regulation (GDPR).

Nicola Cain10 May 2022Data Protection, Personal Data, GDPR, General Data Protection Regulation, UK GDPR, UK General Data Protection Regulation, Data Protection Act 2018, DPA 2018, Privacy and Electronic Communications Regulations, PECR, Data Protection Reform, Data: A New Direction, Brexit, National Data Strategy, 10 Tech Priorities, Cookies, Data Protection Officer, Information Commissioner, International Data Transfers, Records of Processing Activities, Processing for Research Purposes, AI, Artificial Intelligence, Anonymous Data, Data Intermediaries, Data Stewards, Data Protection Impact Assessments, High Risk Processing, Prior Consultation, Data Breaches, Regulatory Enforcement, Voluntary Undertakings, Cookie Consent, Reverse Transfers, Digital Regulation Co-operation Forum, DRCF, Notice of Intent, Final Penalty Notice, Law Enforcement Processing, Part 3 Data Protection Act 2018, Part 4 Data Protection Act 2018, Automated Processing, Data Protection & Digital Information BillComment

Deep Impact on Data Protection Impact Assessments

Data controllers should revisit their Data Protection Impact Assessments (DPIAs).

DPIAsNicola Cain15 November 2020Data protection, Data protection impact assessment, GDPR, Article 35, Law enforcement processing, High risk processing, Data controller, Criminal conviction & offence data, Data Protection Act 2018, Section 64, Biometric data, Systematic public monitoring, Law Enforcement, Law Enforcement Processing, DPIA, Part 3 Data Protection Act 2018