FB pixel

Scottish Biometrics Commissioner seeks clarity on police cloud data sharing compliance

Scottish Biometrics Commissioner seeks clarity on police cloud data sharing compliance

The Biometrics Commissioner in Scotland, Brian Plastow, is seeking information on whether the deployment by the Scottish police of a cloud-based digital evidence sharing system on a pilot basis complies with data protection elements of his statutory code of practice.

This is contained in an information notice sent to the Head of the Scottish Police Crime, Public Protection and Local Crime, Bex Smith, on 22 April. Plastow says he requires a response on four key questions by 14 June at the latest.

In the notice, Plastow underlines the importance of the Scottish government’s Digital Evidence Sharing Capability (DESC), an initiative which aims to create a unified platform for access to and management of digital evidence by criminal justice stakeholders, and the need for the police to ensure data security and sovereignty.

Plastow appears to have been prompted by two things; a recent report by tech publication ComputerWeekly which noted that the Police had gone ahead with the DESC pilot even without major data protection questions being resolved, and also the fact that some of the data shared within the framework of the DESC involves biometrics. UK Biometrics Commissioner Fraser Sampson also weighed in on the need for law enforcement to be transparent about how its use of cloud technology complies with regulations.

He reminds Smith of the stipulations in the statutory Code of Practice which, among other things, prohibit unauthorized access to or disclosure in the way biometric data is obtained, retained, used, or destroyed for criminal justice and policing purposes.

Thus, in order to ensure compliance with the Code of Practice, Plastow asks the police to “demonstrate that any use of hyperscale cloud infrastructure which involves biometric data is complaint with law enforcement-specific data protection rules,” while suggesting that “one of the best ways to do this would be to have a hosting platform that is entirely located in the UK and which meets all the requirements of Part 3 of the Data Protection Act 2018 on processing for law enforcement purposes.”

On whether the police are complying with the data protection elements as prescribed in his code, Plastow also asks to know if and what type of biometric data have so far been exchanged as part of the DESC pilot and in what volume, the country hosting any biometric data which has been shared in the cloud, and if there have been any discussions with the UK Information Commissioner on questions of international transfer of data and digital sovereignty.

The DESC project is contracted to Axon and hosted on Microsoft Azure. This is also a major concern as this makes access by the U.S. government to the shared data possible through the Cloud Act which allows the U.S. government access to data stored by any U.S. company in the cloud in the country, according to ComputerWeekly.

Plastow in his annual report last year suggested the police have been responsible in their use of biometric data and relate technologies for the purposes of criminal justice and law enforcement.

Article Topics

 |   |   |   |   | 

Latest Biometrics News


Biometrics, electronic devices and identity credentials converging

Biometrics in electronic devices and ID documents to support digital identity are a major theme of the week’s top stories…


SITA wraps up acquisition of Materna IPS

SITA reports it has completed all necessary regulatory and legal procedures and finalized its acquisition of Materna IPS, a provider…


Payface lands new retail biometric payments deal in Brazil

Brazilian face biometrics payments startup Payface has clinched a deal with supermarket chain Ítalo. Ítalo Supermercados, based in the southern…


EU to fund digital programs with €108m, including digital identity

The European Union has issued a new call for funding within the Digital Europe Programme (DIGITAL), allocating over 108 million…


Lawmakers try again to kill diversion of TSA screening tech funds

Because of Washington partisan politics, the U.S. Transportation Security Administration (TSA) doesn’t expect to be able to field upgraded and…


Florida tosses mDL program into the Gulf

Florida’s mobile driver’s license has been shut down, making the state a rare case in the world of a place…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events