UK Police: 'Innocent people' on unregulated photo database

Police forces in England and Wales have uploaded up to 18 million "mugshots" to a facial recognition database. This is despite a court ruling it could be unlawful. They include photos of people never charged, or others cleared of an offence, and were uploaded without Home Office approval.

Photos of "hundreds of thousands" of innocent people may be on the database, an independent commissioner said.

The database complies with the Data Protection Act the police insisted.

It comes despite a ruling in 2012, when two people went to the High Court to force the Metropolitan Police to delete their photos from databases. The judge warned forces should revise their policies in "months, not years".

Met Police Commissioner Sir Bernard Hogan-Howe told the BBC that since the court case, his force had stopped putting images on the national database until the law had been clarified.
"So the broad concern is - are we keeping images of people who aren't convicted, and are we using them?" he said. "I don't think this is against the law but of course we always want to catch criminals." He added that he would look into the matter.

Biometrics Commissioner Alastair MacGregor QC said he was concerned about the implications of the system for privacy and civil liberties. MacGregor said police had been warned to put rules in place regarding the use of police mugshots - but had not done so.

He said he recognised the potential value of the database to the police, but warned senior officers had rushed in without considering all the implications. "These are important issues and it does seem to me surprising that they have not been addressed more carefully," he said.

Chief Constable Mike Barton, of the Association of Chief Police Officers, said forces had to stay up-to-date with new technology. "Everybody is very keen that the police enter the cyber world," he said. "I hear much criticism of policing that we're not up to speed and it does come as a surprise to me that we're now being admonished for being ahead of the game."

However, the use of the system has been criticised by some MPs and David Davis, the former Tory shadow home secretary, said that police forces should not "misuse the data in this way. There is a mind-set here, which is flawed…It's quite understandable, police always want more powers, but I'm afraid the courts and parliament say there are limits," he said. "You cannot treat innocent people the same way you treat guilty people."

http://www.bbc.co.uk/news/uk-31105678

« Anthem failed to encrypt data prior to cyber-attack
Snowden Reveals that China Stole Plans For New F-35 »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Intercede

Intercede

Intercede is a cybersecurity company specializing in digital identities, derived credentials and access control, enabling digital trust in a mobile world.

DKCERT

DKCERT

DKCERT (Danish Computer Security Incident Response Team) handles security incidents on forskningsnettet, the National Research and Education Network (NREN) in Denmark.

ThetaRay

ThetaRay

ThetaRay’s solution for Industrial cyber security protects against unknown cyber-attacks that target industry and critical infrastructure.

National Cybersecurity Competence Centre (NC3) - Czech Republic

National Cybersecurity Competence Centre (NC3) - Czech Republic

NC3 has been established in response to growing demands for practically applicable products and solutions for ensuring cybersecurity of critical and non-critical information infrastructures.

Datacentrix

Datacentrix

Datacentrix provides end-to-end cybersecurity services for the operational technology (OT) and IT environments to monitor, assess and defend our customers' information assets.

Responsible Cyber

Responsible Cyber

Protect yourself with Responsible Cyber’s 360° platform, IMMUNE, arming you with comprehensive support for your business.

Security Management Partners (SMP)

Security Management Partners (SMP)

Security Management Partners (SMP) is a trusted partner to financial services, healthcare and businesses that need to manage their information, securely.

Varen Technologies

Varen Technologies

Varen Technologies is an innovative consulting partner with highly respected cyber security, analytics, Agile Software Development and IT/maintenance expertise.

Celera Networks

Celera Networks

Celera Networks is a managed services provider specializing in cybersecurity, cloud and managed IT services.

Green Enterprise Solutions

Green Enterprise Solutions

Green Enterprise Solutions are a Namibian company providing Information and Communication Technology (ICT) services to corporate Namibia.

HEAL Security

HEAL Security

HEAL Security is the global authority for cybersecurity data, research and insights across the healthcare sector.

Standard Notes

Standard Notes

Standard Notes is a secure digital notes app that protects your notes and files with audited, industry-leading end-to-end encryption.

Keeran Networks

Keeran Networks

Established in Edmonton in 1999, Keeran specializes in delivering comprehensive IT support and solutions aimed at optimizing technology investments for businesses.

True Corporation

True Corporation

True Corporation is Thailand’s leading Telecom-Tech company, empowering people and businesses with connected solutions that advance society sustainably.

Harmony Intelligence

Harmony Intelligence

Harmony builds cutting-edge defensive AI products that safeguard people and critical infrastructure around the world from AI-powered threats.

Hurricane Labs

Hurricane Labs

Hurricane Labs is a managed security services provider (MSSP) that focuses on Splunk.