Quickly exit this site by pressing the Escape key Leave this site
We use some essential cookies to make our website work. We’d like to set additional cookies so we can remember your preferences and understand how you use our site.
You can manage your preferences and cookie settings at any time by clicking on “Customise Cookies” below. For more information on how we use cookies, please see our Cookies notice.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Sorry, there was a technical problem. Please try again.
This site is a beta, which means it's a work in progress and we'll be adding more to it over the next few weeks. Your feedback helps us make things better, so please let us know what you think.
Freedom of information request reference no: 01.FOI.22.025669
I note you seek access to the following information:
I am writing to you to request information about the reprimand your force was issued under Part Three of the Data Protection Act 2018 by the Information Commissioner’s Officer (ICO) on 03/12/2021.
1. Please could you provide any documentation received from the ICO about the reprimand?
2. Please could you provide information on why the reprimand was issued?
3. Please could you provide details on what steps the force needs to take to fix the issues identified by the reprimand?
4. Please could you provide any correspondence the force has had with the ICO regarding the reprimand, which details the nature of the reprimand?
Please note that I am not seeking any personally identifiable information and am happy for any personal information to be redacted in any documentation provided in response to this request.
Following receipt of your request, I have conducted searches to locate information relevant to your request. These searches located the following records:
1. Information Commissioner’s Office (ICO) letter to the MPS dated the 3 December 2021.
2. ICO Enforcement Leaflet - GDPR and DPA 2018.
3. MPS Letter to the ICO dated 27th of January 2022.
4. ICO Letter to the MPS dated 6th of May 2022.
I have disclosed the ICO enforcement leaflet in full and have disclosed the correspondence between the ICO and the MPS in redacted format, that is, I have removed information that I consider to be exempt under the Act. It should also be noted that the former security classification of document 3 being ‘Official Sensitive’, has been removed from the header and footer of this document, as it is no longer applicable.
This email accordingly serves as a ‘Refusal Notice’ in accordance with section 17(1) of the Freedom of Information Act 2000 (the Act) by virtue of the following exemptions:
Section 23(1) – Information supplied by, or relating to, bodies dealing with security matters
Section 24(1) – National Security
Section 31(1)(a)&(b) - Law Enforcement
Section 40(2)&(3A)(a) - Personal Information
Reason for decision
Section 23 and Section 24 - Cited in the Alternative - Having considered the requested records for release, I have determined that some of the information you have requested should be withheld under either section 23(1) or section 24(1) of the Act. Some of the information you have requested could be exempt under section 23(1) of the Act, which relates to the bodies specified in section 23(3) of the Act, although it is also possible that the information relates to none of these bodies. Sections 23(1) and 24(1) are being cited in the alternative as it is not appropriate, in the circumstances of the case, to say which of the two exemptions is actually engaged so as not to undermine national security or reveal the extent of any involvement, or not, of the bodies specified at section 23(3). Section 23 is an absolute exemption and the MPS is not required to consider whether the public interest favours disclosure of this information. Any information that is not exempt from disclosure under section 23(1) could be exempt under section 24(1) of the Act, which exempts information from disclosure if its exemption is required for the purpose of safeguarding national security. For the reasons given above under section 23, we cannot say which of the two exemptions is actually engaged, and to the extent to which section 24(1) is engaged.”
Section 24(1) of the Act provides that information is exempt from disclosure where the exemption is necessary for the purposes of safeguarding national security. Section 24 is a qualified exemption and is subject to Public Interest Test.
In favour of release, there is a general presumption under the Act in favour of making as much information as possible available to the public to enable informed debate. However, as explained to you above, to provide any further explanation for the application of this exemption would potentially involve the disclosure of information which itself would be exempt under this section of the Act, and I am satisfied that the criteria of section 17(4) has been met.
I am therefore content that the information in scope of your request falls within the exemptions provided for at either section 23 or alternatively section 24 of the Act but this should give no indication as to which of the exemptions is actually engaged.
Section 31(1)(a)&(b) - Law Enforcement - of the Act provide that any information is exempt if its disclosure under the Act would, or would be likely to, prejudice the prevention or detection of crime or the apprehension or prosecution of offenders.
I have claimed this exemption in that the release and publication of information about the operational tactics that are used by the MPS to prevent and detect crime, would provide persons intent on committing crime and/or evading detection by police, with information that would assist them in this endeavour. I have also claimed this exemption in that the requested correspondence contains email addresses that would assist persons whose intention is to disrupt the work of the MPS. The release of this information would accordingly, be likely to prejudice the prevention or detection of crime or the apprehension or prosecution of offenders
Harm to the Met’s Ability to Prevent and Detect Crime - The MPS has a statutory role in society to prevent and detect crime and apprehend persons that commit criminal offences. To do so, the MPS deploys a range of operational tactics. To effectively prevent and detect crime, it is important that the MPS maintains a tactical advantage over the offender. This will often mean that the MPS will not disclose details of its tactics to maintain this tactical advantage.
Should the MPS make sensitive information about its tactics publicly available, this would be likely to have 3 effects. Firstly, the offender would be better informed having obtained sensitive information about police tactics. A better informed offender would be more equipped and able to commit offences. Secondly a better informed and equipped offender would be more confident in committing offences which would increase the likelihood of offences being committed. Lastly an informed and confident offender would be more able and likely to avoid detection by police.
Ultimately the public release of any information that would be likely to assist the offender to commit offences and/or would adversely affect the ability of the MPS to prevent crime, is unlikely to be in the public interest.
Role of the Information Commissioner’s Office - The ICO is the UK's independent body that is responsible for ensuring that Data Controllers process personal data in accordance with the law. In this regard, the ICO has investigated the Met’s actions in the case recorded under reference INV/0283/2020 and reprimanded the MPS. Given that the ICO has investigated the actions of the MPS and taken the statutory action that they deem appropriate, the public interest in ensuring that the actions of the MPS have been appropriately overseen and scrutinised, has already been satisfied.
Disruption to the Work of Senior Members of Staff - The public release of the email address of a senior member of staff, would provide persons intent on disrupting the work of the MPS, with information that would assist them to do so. In this regard, a person within this intent would be likely to use this information to make inappropriate contact with this member of staff and/or send them vast amounts of unsolicited correspondence. This would tie up the resources of this member of staff and cause disruption to the work of the MPS, hindering its ability to prevent and detect crime.
The case for transparency has to be balanced against the risk associated with making public, sensitive tactical information. Having carefully considered this, I have found that the public release of sensitive tactical information would be likely to assist the offender to commit crime and evade detection by police. I have found this public interest factor/argument to be a particularly persuasive reason to withhold this information.
In considering this request for information, I have also found that the removal of sensitive tactical information is supported by the fact that the ICO, in their capacity as the ombudsman for the Data Protection Act 2018, has already investigated this matter and taken the action it deemed appropriate on behalf of the public. Furthermore, I believe that the MPS has been able to satisfy much of the public interest in this request through providing the material held with appropriate redactions. In this regard, the MPS has been able to provide a clear understanding of the action taken by the ICO and the broad reasons for it without disclosing any sensitive tactical information. For these reasons, I have found that withholding the sensitive tactical information held is in the public interest and refused to release the information identified as harmful in the Met’s correspondence with the ICO.
In disclosing the Met’s correspondence with the ICO, it should be also noted that I removed part of an email address of a senior member of staff. In doing so, I have found that the public release and publication of this email address would provide persons intent on disrupting the work of MPS, with information that would assist them in this endeavour. Given this and the fact that the removal of this information does not detract from the quality of the records disclosed, I have found that the release of this information is not in the public interest.
Section 40(2)&(3A)(a) - Personal Information - of the Act provides that any information to which a request for information relates, is exempt information if the first condition of Section 40(3A)(a) is satisfied. The first condition of Section 40(3A)(a) states that personal information is exempt if its disclosure would contravene any of the data protection principles.
There are six principles that are set out in Article 5(1)(a) of the General Data Protection Regulations (GDPR) that dictate when the processing of personal data is lawful. The first principle requires that any processing of personal data must be lawful, fair and transparent. Under Article 6(1)(f) of the GDPR, the disclosure of personal data is considered to be lawful if:
a. There is a legitimate interest in the disclosure of that personal data.
b. The disclosure of the personal data is necessary to meet that legitimate interest.
c. The disclosure would not cause unwarranted harm to the data subject.
Signatures of Senior Members of Staff - The requested correspondence contains the signatures of senior members of staff at the MPS and the ICO. Having considered the legitimate interest test in respect of this personal data, I have found that:
a. The disclosure of the requested signatures would demonstrate that each senior member of staff endorsed each piece of requested correspondence.
b. Signatures are a unique personal identifier that are used by individuals in all aspects of their personal lives. The disclosure of each signature is not necessary to meet the legitimate interest identified at point a, as the place in which this signatures were present, is evident within the disclosed records. It is accordingly clear that the signatures were present within the requested correspondence.
Name of a Member of Staff at the ICO -
a. The requested correspondence includes the name of a member of staff at the ICO who does not hold a senior position and does not perform a public facing role. This member of staff is unlikely to expect their name to be published in response to a Freedom of Information Act request. I have not therefore identified a legitimate interest that would be satisfied in disclosing their personal data in response to this request for information.
The provision to refuse access to information under Section 40(2)(a)(b) and (3A)(a) of the Act is both absolute and class based. When this exemption is claimed, it is accepted that harm would result from disclosure. There is accordingly no requirement to demonstrate what that harm may be in refusing access to information.
Disclosure
Please find below redacted information pursuant to your request above.