FB pixel

Scotland’s watchdog sends fresh warning over storing biometric data on Microsoft cloud

Categories Biometrics News  |  Law Enforcement
Scotland’s watchdog sends fresh warning over storing biometric data on Microsoft cloud
 

Scotland’s data protection watchdog has requested that the Scottish police assess the security of storing biometric data on Microsoft’s servers.

Biometrics ­Commissioner Brian Plastow wants more information on a platform called Digital Evidence Sharing Capability (DESC). A pilot project, it is testing easier access by police and court employees to images, CCTV footage and other sensitive data used in court cases.

Plastow warned that storing sensitive data of UK citizens on a cloud server run by a United States company opens questions about U.S. government access to Scottish data. The DESC project is run by government contractor Axon and hosted on Microsoft’s Azure.

“Based on the information so far provided to me by Police Scotland, I am not satisfied that biometric data within the Scottish government DESC project is being properly protected from unauthorized access,” he told The Sunday Post.

According to the U.S. Cloud Act, federal law enforcement agencies can compel domestic companies to provide data stored on servers regardless of whether the data is owned by a firm based outside the U.S.

“In other words, there is a risk U.S. federal authorities could compel the technology supplier to surrender very sensitive Police Scotland data without their knowledge or consent,” says Plastow.

Similar concerns have dogged the Scottish Police Authority itself.

This could put the DESC pilot at odds with the UK data protection law and the Scottish Biometrics Commissioners Code of Practice, the commissioner says. The legality of the scheme is being reviewed by the UK’s information commissioner.

The Scottish police have said that digital evidence-sharing is limited and does not include fingerprint, bodycam or DNA evidence. The pilot is part of a £33 ­million (US$42 million) Scottish government initiative to transform how evidence is managed across the justice system.

This is not the first time Plastow has sounded an alarm over stored biometric data. Earlier this year, after the commissioner found that the police had stored large amounts of biometric data from arrests on Microsoft servers, the Scottish Police Authority agreed to accept his recommendations. This included better protection of children’s data and increasing transparency and “right to information” for data subjects.

The Cloud Act and the question of U.S. government’s access to foreign citizens’ data is not only a concern in the UK. The US and the EU have spent months trying to reach a deal for the EU-U.S. data privacy framework with debates centering around concerns about U.S. spy agencies accessing Europeans’ private data. The mechanism is designed to safely transfer European Union citizens’ personal data to the United States, including biometric data.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Biometrics and injection detection for deepfake defense a rising priority

Biometrics integrations with injection attack detection to defend the latest front in the global battle against fraud, deepfakes, is the…

 

Biometric Update Podcast looks at the road to a global standard for age assurance

Episode 2 of the Biometric Update Podcast is a dispatch from the 2025 Global Age Assurance Standards Summit, held from…

 

WEF launches new DPI initiative focused on emerging tech, including biometrics

Global Digital Public Infrastructure (DPI) initiatives are lagging behind emerging technologies such as AI, which could lead to inefficiencies, bottlenecks…

 

Odds are good for biometrics firms in the global gambling sector

Gambling has always been a vice associated with certain kinds of criminal activity, but the development of the online gambling…

 

New Zealand issues tender for digital ID services accreditation infrastructure

New Zealand’s accredited digital identity services regulator, the Trust Framework Authority (TFA), has published a request for information (RFI) for…

 

Pindrop surpasses $100M in annual recurring revenue, kicks off BU podcast

A release from Atlanta-based voice biometrics firm Pindrop celebrates a milestone: the firm has surpassed US$100 million in Annual Recurring…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events