A joint legal challenge is being brought against London mayor Sadiq Khan, over a new police surveillance network that violates privacy rights.
Bindmans LLP, acting for the Open Rights Group and Sian Berry AM and David Farbey, have sent the mayor a pre-action letter decrying the increase of potentially sensitive traffic camera data passed on to the Metropolitan Police Service (MPS).
In 2014, the MPS was given ‘limited access’ to textual data, accessed through the Transport for London (TfL) automated number-plate recognition (ANPR) system. The campaigners assert that access was expanded in May 2022 to include contextual imagery data from the ANPR cameras, including the colour of vehicles, their make, and images of drivers.
Within the letter, it is noted that TfL raised concerns in their 2020 data protection impact assessment (DPIA) over the wider range of view of newer versions of ANPR cameras.
At the time, it argued that there was a risk that the cameras could unintentionally capture images of individual pedestrians, or sensitive properties such as places of worship, health centres or schools. Under the Data Protection Act 2018 (DPA 2018), information such as an individual’s religious beliefs are considered protected characteristics, which may be processed under a limited range of conditions including if it is in the public interest.
The campaigners take issue with the lack of public consultation taken before the decision was made. They argue that the expansion of the ultra-low emission zone (ULEZ) to include all of Greater London by the end of 2023 will constitute a potentially large increase in the data collected by the MPS.
The legality of the decision has been questioned openly by the campaigners. The Independent Advisory Group (IAG) on ANPR cameras have called the plans a “gargantuan increase of surveillance in London”.
Earlier this year, the human rights group Liberty took legal action against the MPS for its highly controversial database of suspected gang members, known as the Gangs Matrix. This followed a 2018 ruling by the Information Commissioner’s Office (ICO) that the MPS had seriously breached data protection laws with its handling of the system.
The MPS’ website describes its use of ANPR as follows:
“As a vehicle passes an ANPR camera, its registration number is read and instantly checked against database records of vehicles of interest.
Police officers can stop a vehicle, speak to the occupants and, where necessary, make arrests.
ANPR has proved to be important in the detection of many offences, including locating, for example, people wanted for arrest or missing, witnesses, stolen vehicles, uninsured vehicles and uncovering cases of major crime.”
Within the pre-action letter, it is asserted that article 6 of the UK General Data Protection Regulation (GDPR) states that data can be processed in the ‘public interest’ if it is proportionate to the legitimate aim pursued, but that this is not clearly the case with regards to MPS use of ANPR data.
It also puts forward that the 2021 Surveillance Camera Code of Practice states that a surveillance camera system should not be used for purposes other than those used to have justified its establishment and that proposed extensions to system purposes or the information it collects should be subject to consultation prior to a decision being made.
“The aim of this case is to require the Mayor of London to consult with Londoners about the proposed sharing of location records and images from TfL’s ANPR cameras with the Metropolitan Police,” said Salima Budhani, partner in the Public Law & Human Rights team at Bindmans.
“The scheme involves sharing with the police a vast amount of data recording the whereabouts of Londoners going about their daily lives. The Mayor was under a clear duty to provide information and seek views before signing off the scheme.
“Had he done so our clients and others would have had an opportunity to air their concerns about the privacy risks involved which should have been taken into consideration by the Mayor in reaching a decision on this important issue.”
-
LaunchDarkly to "double down" on observability with Highlight acquisitionNews Highlight's observability tools will be integrated into LaunchDarkly's Guarded Releases software deployment service
-
Samsung Galaxy Tab S10 FE reviewReviews The Tab S10 FE retains the feel and core capabilities of Samsung's high-end S10 tablets, but compromises on the display and the performance
-
PowerEdge - Cyber resilient infrastructure for a Zero Trust worldWhitepaper Combat threats with an in-depth security stance focused on data security
-
Anticipate, prevent, and minimize the impact of business disruptionsWhitepaper Nine best practices for building operational resilience
-
Three steps to transforming security operationsWhitepaper How to be more agile, effective, collaborative, and scalable
-
Top ten ways to anticipate, eliminate, and defeat cyber threats like a bossWhitepaper Improve your cyber resilience and vulnerability management while speeding up response times
-
The complete SaaS backup buyer's guideWhitepaper Informing you about the realities of SaaS data protection and why an SaaS back up is essential
-
The 'cyber aSaaSin' manualWhitepaper Providing valuable insights to identify SaaS data enemies and win the battle against SaaS data threats
-
Best practices for Microsoft 365 business continuityWhitepaper Discover how to mitigate the effects of large-scale, high-cost data loss disasters
-
How to answer a tricky subject access request (SAR)Tutorials How do you prove a customer is who they say they are, and how much information should you provide?
