An investigation by the Information Commissioner’s Office (ICO) has reviled that the Metropolitan Police’s database of gang members (Gangs Matrix) has been illegally sharing information on hundreds of victims who aren’t involved in gang crimes, leading to multiple breaches of data protection laws.
The investigation into the Gangs Matrix began in October 2017 after human rights group Amnesty International challenged how the database was compiled and how details were shared with other agencies.
The gangs matrix was created after the 2011 riots to gather intelligence on about 3,400 suspects. The data logged in the matrix included personal details, full names, addresses, criminal records, intelligence on links to gun or knife violence and a rating of how dangerous each individual is thought to be. However due to poor management since its inception, it constantly failed to properly differentiate between dangerous offenders and their victims. As a result, police shared information with other agencies, without fully explaining who on the list was actually a serious risk.
One of the implications of the report is that the database was also racially biased, given the fact that 9 out of 10 individuals on the database are from a black or other ethnic minority background.
The investigation found:
- The Gangs Matrix does not clearly distinguish between the approach to victims of gang-related crime and the perpetrators, leading to confusion amongst those using it;
- An operating model that was unclear and inconsistently applied across the boroughs, with some good practice in some areas but poor practice elsewhere;
- Some boroughs operated informal lists of people who had been removed from the Gangs Matrix, meaning that the MPS continued to monitor people even when intelligence had shown that they were no longer active gang members;
- Excessive processing of data as a result of blanket sharing with third parties that failed to distinguish between those on the Gangs Matrix assessed as high-risk and those as low risk, with the potential for disproportionate action to be taken against people no longer posing a risk;
- Serious breaches of data protection laws with the potential to cause damage and distress to the disproportionate number of young, black men on the Matrix;
- The absence of a Equality Impact Assessment that would enable MPS to show it had considered in this context the issues of discrimination or equality of opportunity;
- An absence, over several years, of effective central governance, oversight or audit of data processed as part of the Gangs Matrix, resulting in risk of damage or distress to those on it;
- The absence of information sharing agreements governing the purpose and use of the data by those third parties and insufficient guidance about how the third parties should handle and use the data. This led to the increased potential for an inconsistent approach and harm to data subjects.
The MPS must now take steps to ensure the Gangs Matrix complies with data protection laws, which include:
- Improving guidance to explain what constitutes a gang member and the intelligence required to demonstrate gang membership;
- Ensuring people’s data on the Gangs Matrix is clearly identified, to distinguish between victims of crime and actual or suspected offenders;
- Erasing any informal lists of people who no longer meet the Gangs Matrix criteria;
- Developing guidance in relation to the use of social media as a source of ‘verifiable intelligence’;
- Ensuring that any Gangs Matrix information shared with partner agencies is done so securely and proportionately; and
- Conducting a Data Protection Impact Assessment of the Gangs Matrix.
The ICO has served Scotland Yard with its toughest sanction short of a criminal prosecution, ordering the force to overhaul how it manages and shares the data, stopping of ordering the shutdown of the database because it’s value if managed properly.
The Met says it has accepted the findings and is overhauling the matrix.