Quickly exit this site by pressing the Escape key Leave this site
We use some essential cookies to make our website work. We’d like to set additional cookies so we can remember your preferences and understand how you use our site.
You can manage your preferences and cookie settings at any time by clicking on “Customise Cookies” below. For more information on how we use cookies, please see our Cookies notice.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Sorry, there was a technical problem. Please try again.
This site is a beta, which means it's a work in progress and we'll be adding more to it over the next few weeks. Your feedback helps us make things better, so please let us know what you think.
Freedom of information request reference no: 01.FOI.23.031351
I note you seek access to the following information:
I am requesting information on the Met Police policy on providing body-worn video through subject access requests. I am specifically trying to understand if the met police provide audio from BWV when requested when the audio does not contain the individual but pertains and is identifiably the individual in the discussion either in private or otherwise.
As I'm sure the Met Police know any information regarding internal emails about an individual is considered their information if it is identifiably the individual in question and I'm trying to understand if this police is consistent and complainant when applied to BWV. Some other police forces have stated any BWV or audio that does not contain the individual does not belong to the individual even if that information is identifiably the individual.
Please clarify whether this is the case for the Met Police and if it is why they do not provide it as to how it can be complainant with GDPR and SAR requests.
I would like any documentation providing data protection policy within the Met Police.
I have today decided to disclose some of the requested information. Some data has been withheld as it is exempt from disclosure and therefore this response serves as a Refusal Notice under Section 17 of the Freedom of Information Act 2000 (the Act) by virtue of the following exemptions:
Section 31(1)(a) – Law Enforcement
Reason for decision
The MPS does not hold a policy specifically relating to the consideration of body worn video footage in relation to Right of Access requests. Therefore, this information is not held.
However, the MPS does hold an overarching Data Protection Policy titled ‘The Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR) compliance policy and guidance’. I have today decided to disclose that policy, subject to the redaction of internal email addresses and phone numbers, hyperlinks and one third party email address which does not appear in the public domain.
This is because disclosing this information could lead to unsolicited contact to mailboxes and hotlines which are not public facing, which would be likely to impact upon service delivery. In addition, disclosing hyperlinks to our intranet site might enable those with the necessary know-how to gain unauthorised access to our systems and data.
Section 31(1)(a) – Law Enforcement - Providing the email addresses and phone numbers of internal teams and third parties that have not already been made public would be likely to, if released, provide persons intent on disrupting the work of the MPS and these third parties with information that would assist them in this endeavour. Therefore, as this would be likely to impact upon our service delivery and could negatively impact upon our ability to prevent and detect crime, Section 31 is engaged.
In addition, providing hyperlinks to our intranet could potentially provide those with the necessary skill the ability to gain access to our internal systems and data. This would be likely to have a significant negative impact upon our data security, thus increasing the likelihood of attacks against us.
The MPS utilises public facing mailboxes in order to control the flow of information into the Organisation to ensure it is handled efficiently and effectively. It ensures that those responsible for undertaking the relevant work are privy to the communications received and able to offer the best public service. It also enables them to ensure private mailboxes are clear of such correspondence, so they can undertake the work required of them. To release the contact details of specific teams (including their email addresses and phone numbers) would provide persons intent on disrupting the work of the MPS with information that would assist them to do so. In this regard, a person with this intent would be likely to use this information to make inappropriate contact with members of staff and/or send them vast amounts of unsolicited correspondence – thus ensuring they are unable to undertake the role required of them. This would disrupt the daily work of these teams and cause wider disruption to the work of the MPS, hindering our ability to both prevent and detect crime. The same argument can be made for the third party email address that has also been redacted from the document in question.
In addition, various hyperlinks to other pieces of information on the MPS intranet site have been redacted. This is because disclosure of these links could potentially be used by those with the necessary skills and know how to disrupt our network. If this was allowed, this would be likely to have a significant impact upon the service delivery of the MPS, thus hindering our ability to prevent and detect crime. In order, we would have to commit further resources to counteract this disclosure and protect our data security.
For the reasons outlined in the prejudice test, it cannot be considered in the public interest to provide information that could be used to disrupt the work of specific teams (both within the MPS and also in the third party organisation) so they are unable to undertake their roles and provide the public service required of them. It can also not be considered to be of a wider benefit to the public if we disclosed information which could potentially be used to gain unauthorised access to Met data and systems.
Furthermore, the release of the policy arguably satisfies the public interest as the body of the text addresses the points in question. The release of these hyperlinks, email addresses and phone number would do little to add to the context of the information.
Having considered your request, I accept that there is a public interest in transparency when any request is made for police information. The public interest favouring release must however be balanced against any associated risk and/or prejudice that would be caused through disclosure.
Having carefully considered this, I have found that the public release and publication of the contact details of these specific teams within the MPS and the third party organisation would be likely to provide persons intent on disrupting the work of these units with information that would assist them in this endeavour. In addition, disclosing hyperlinks would potentially lead to data security breaches, which would have significant consequences for Met data. Given this, and the fact that the removal of this information does not detract from the quality of the record disclosed, I have found that the release of this information is not in the public interest at this time.
Disclosure
Please clarify whether this is the case for the Met Police and if it is why they do not provide it as to how it can be complainant with GDPR and SAR requests.
As explained above, this information is not held by the MPS. This is because this exact scenario is not documented in any recorded format, and instead normal DPA principles apply.
In accordance with section 16 of the Act, I would like to give you the following advice and assistance.
Body Worn Video (BWV) and any accompanying audio that relates to an identifiable individual is the personal data of that individual. It would therefore be considered for disclosure should that individual make a request for access to that data. However, there are exemptions that may apply which would result in information being withheld. For example, if a member of the public is recorded on BWV discussing a third party, that audio would be both the personal data of the individual speaking and of the individual they are talking about. If the individual who is the subject of the discussion/allegation applies for that data it is likely that we would refuse the request as the exemption provided under Section 45(4)(e) would be likely to apply. To clarify, disclosure to the data subject would result in the disclosure of third party personal data – that being the voice/footage of the individual speaking. The two are intrinsically linked and cannot be separated, and as such, it is likely that such a disclosure would prejudice the rights and freedoms of that third party.
Please note, there are also other reasons (covered by different exemptions) as to why an individual’s personal data may be withheld. It should also be noted, for example, that a request for “any footage that mentions me or refers to me” would be rejected as it would not be possible to run searches to locate such data and therefore this is outside of any reasonable search. Requests such as these may be rejected on the grounds of being manifestly excessive.
I would like any documentation providing data protection policy within the met police.
The MPS have a policy titled “The Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR) compliance policy and guidance”. I have supplied you with a copy of that policy/guidance document with some minor redactions. This satisfies question 2 of your request. However, as you can see, the policy is a high level document with no mention of Body Worn Video/BWV. As per the answer to Q1, there is no recorded information covering the specific scenario you have described.
I would like to state that the MPS have plans for the development of a Complaints and Learning team in respect of Data Rights (which includes Subject Access/Right of Access). While that team will not be able to provide guidance to staff covering every potential scenario, that team will look at bridging any gaps between high level policy such as the attached and the daily activity carried out by the staff dealing with Subject Access/Right of Access requests.