Police Scotland engages public on biometric data rights amid cloud storage concerns

Police Scotland has commenced the distribution of an information leaflet to all individuals in police custody who have their biometric data taken due to an arrest. This new procedure stems from recommendations made in 2023 aimed at ensuring detainees are informed about the handling of their biometric data.

The Scottish Biometrics Commissioner, Dr. Brian Plastow, emphasizes the importance of this new measure, stating: “It is essential that people arrested by the police in Scotland receive their information rights when deprived of their liberty, including an explanation of why the police may take their biometric data and how it will then be used.

“With around 88,000 police custody episodes in Scotland each year, this leaflet will ensure that important information rights are respected and that anyone who has their biometric data taken is aware of the Commissioner’s statutory Code of Practice and the accompanying complaint mechanism for data subjects.”

The leaflet says samples will be “securely stored by SPA FS, for example, in laboratory freezers and evidential production stores,” referring to Scottish Police Authority – Forensic Services. Profiles created from these samples, prints, images or impressions will be kept on electronic databases.

However, concerns about data sovereignty have emerged, particularly regarding the use of Microsoft’s hyperscale public cloud infrastructure. According to documents released by the Scottish Police Authority under Freedom of Information (FOI) rules, Microsoft has admitted that it cannot guarantee the sovereignty of UK policing data hosted on its cloud servers, Computer Weekly reports.

Last year, Scotland’s data protection watchdog urged the police to evaluate the security of storing biometric data on Microsoft’s servers. Plastow also raised concerns about the compliance of this cloud-based evidence-sharing system with data protection laws. Additionally, he sought information on whether the pilot deployment of this system by Scottish police aligns with his statutory code of practice, deeming it potentially “needlessly risky” and possibly “criminal.”

Article Topics

biometric data  |  biometrics  |  data protection  |  data storage  |  police  |  Scotland  |  Scottish Biometrics Commissioner