The UK Information Commissioner has called on the criminal justice sector to immediately stop collecting excessive amounts of personal information from victims of rape and serious sexual assault. The ICO has issued an Opinion which informs the sector how to use victims’ personal data in compliance with data protection laws.
The Opinion says that currently victims are being told to consent to hand over extraordinary amounts of information about their lives, in the immediate aftermath of a life changing attack. The ICO found police in the UK ask victims to consent to them accessing significant amounts of personal data. This is known as a ‘Stafford statement’ in England and Wales, and it gives police access to a victim’s information that can include information from school records, medical histories and social service records.
The UK Information Commissioner expects this practice to stop immediately. The Opinion also makes further recommendations about how information is handled.
Growing evidence suggests as the sector fails to gain the trust and confidence of victims their involvement in the process is not sustained. This has led to very low charge and conviction rates. This burden is also not shared equally, as victims of rape are more likely to be female, have a disability and identify as gay, lesbian or bisexual. The Commissioner believes his Opinion should contribute to improving victims’ confidence in the process.
The Opinion recommends a number of measures are implemented by the sector and builds upon the ICO’s previous work on mobile phone extraction.
The examination of digital materials generated by and stored on electronic devices is increasingly common. Much of this relates to communications between the victim and other persons.
The challenges associated with acquiring and examining mobile phones (especially those used by victims) were examined in detail in the ICO reports following its investigation into this practice.
The practices have also reached the courts, The Court of Appeal ruled in the case of Bater-James & Anor v R [2020] EWCA Crim 79072 and established a number of principles about the examination of a victim’s devices. The Court found that there is “no obligation on investigators to seek to review a witness’s digital material without good cause”. The judgment also said there must be a proper basis, usually based on a reasonable line of enquiry, that it would reveal relevant material. ‘Fishing expeditions’ are not appropriate.
It found that there is “no presumption that a complainant’s mobile telephone or other devices should be inspected, retained or downloaded, any more than there is a presumption that investigators will attempt to look through material held in hard copy”.
The judgment reiterates the point that victims do not automatically waive their right to privacy under Article 8 of the European Convention of Human Rights. Therefore, it is only necessary to disclose that material which is reasonably capable of undermining or assisting the case for the accused.
The ICO report on mobile phone extraction explained that the processing of data from a mobile device is likely to amount to sensitive processing. This is equally likely to be the case for other electronic devices used for communications. Therefore, to comply with data protection legislation, investigators need to be confident before requesting access to a victim’s electronic devices that they are following a reasonable line of enquiry; and that their proposed processing is strictly necessary.