A recent report highlights the need for Police Scotland to establish a dedicated policy on biometric data retention, urging a thorough and evidence-based review of current practices. Released jointly by Scottish Biometrics Commissioner Dr. Brian Plastow and the Scottish government, the report identifies key areas where Police Scotland’s approach to biometric data retention requires refinement to ensure legal and ethical compliance.
Dr. Plastow explained that Police Scotland currently operates under a general policy for retaining complete criminal records rather than one specifically addressing biometric data. This practice, he noted, can result in data retention that exceeds necessary periods, lacking routine checks to verify whether continued storage remains justified. The Commissioner’s concerns follow his office’s successful implementation of new biometric information protocols in 2023, which improved transparency around data collection during arrests.
The report, compiled under sections 18 to 19C of the Criminal Procedure (Scotland) Act 1995, includes six recommendations aimed primarily at Police Scotland. Central among these is a directive for Police Scotland to create a specific policy prohibiting indefinite retention of biometric data, mandating periodic reviews to determine if continued retention meets standards of effectiveness, proportionality, and necessity.
Dr. Plastow cited the recent European Court of Human Rights ruling in Gaughran v The United Kingdom, which condemned indefinite retention of biometric data without periodic review. This ruling has particular relevance as Police Scotland considers expanding its use of biometric technologies, including potential implementation of live facial recognition systems.
The Commissioner emphasized that improved management information collection on data retention would support legislative improvements and align Police Scotland with ethical standards. The current practice of aligning biometric data retention with criminal record policies exposes Police Scotland to potential legal risks, particularly given evolving European privacy standards and increasing public scrutiny of law enforcement data practices.
Police Scotland’s current policy stipulates the destruction of DNA records at an individual’s 100th birthday or three years after their death, a provision the report deems inadequate and recommends for revision. The Commissioner called for a finalized policy within a year, incorporating public consultation to gauge societal perspectives on data retention practices.
Sources: Police Professional
—
October 31, 2024 – by Cass Kennedy
Follow Us