20 January 2020
Not reviewed after the date of publication
Phones are seized pursuant to a warrant for a particular offence. Can these be shared with another team for intelligence and evidential purposes? They have not arrested the person and do not have a warrant in relation to their case.
If the phones have been lawfully seized by the police under a warrant, they are lawfully in police possession and liable to interrogation. Section 22(2)(a)(ii) of PACE allows for the retention of property for the forensic examination or for investigation in connection with an offence.
If evidence / intelligence has been discovered on a phone that was seized during the execution of a warrant relating to one offence, we are of the opinion that this does not prevent that material from being used in the investigation of another offence.
Part 3 of the Data Protection Act 2018 applies to competent authorities (i.e. the police – others are listed in Schedule 7 to the Data Protection Act 2018) and the processing of personal data for law enforcement purposes. A ‘law enforcement purpose’ is defined in section 31 of the Data Protection Act 2018 as:
‘for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.’
Section 36(3) provides that:
‘36(3) Personal data collected for a law enforcement purpose may be processed for any other law enforcement purpose (whether by the controller that collected the data or by another controller) provided that -
(a) the controller is authorised by law to process the data for the other purpose, and
(b) the processing is necessary and proportionate to that other purpose.’
There are six data protection principles under Part 3, Chapter 2, which are the main responsibilities to follow when processing personal data for law enforcement purposes. There must be overall compliance with all of the law enforcement principles.
Please note that organisations who are not competent authorities have to process information in accordance with parts 1 and 2 of the Data Protection Act 2018 and in accordance with GDPR (Part 3 of the Data Protection Act 2018 implements EU Directive 2016/680 and is separate from the GDPR regime). Paragraph 2 of Schedule 2 provides exemptions from the application of the GDPR for organisations who are not competent authorities, and to cover circumstances where competent authorities process personal data for other purposes (not ‘enforcement purposes’):
'2(1) The listed GDPR provisions and Article 34(1) and (4) of the GDPR (communication of personal data breach to the data subject) do not apply to personal data processed for any of the following purposes -
(a) the prevention or detection of crime,
(b) the apprehension or prosecution of offenders, or
(c) the assessment or collection of a tax or duty or an imposition of a similar nature,
to the extent that the application of those provisions would be likely to prejudice any of the matters mentioned in paragraphs (a) to (c).'
The Authorised Professional Practice guidance provided by the College of Policing contains information regarding sharing of police information.
This guidance also states that information can be shared between different departments in an organisation if it is for a policing purpose, and defines such purposes as:
protecting life and property.
preventing and detecting offences.
bringing offenders to justice.
any duty or responsibility arising from common or statute law.
Please be mindful of section 22(4) PACE which provides that nothing may be retained for either of the purposes mentioned in subsection (2)(a) if a photograph or copy would be sufficient for that purpose.’
To read more legislation about this subscribe to PNLD.