Any organisation that is collecting data needs to comply with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), failure to do so can result in very heavy fines issued by the Information Commissioner’s Office (ICO).
Within the data protection legal regime in England and Wales the law provides that individuals (data subjects) have the right to have their data erased. This is know as the Right to Erasure, and is more commonly know as the “Right to be Forgotten”.
The GDPR sets out seven key general principles for the lawful processing of personal data which need to be at the heart of any personal data processing system. The seven general principles are:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality (security)
The 7 General Principles are drawn from Article 5 (1) and (2) of the GDPR:
Certain categories of data are considered by the GDPR to be more sensitive, this is know as special category data. Special category data under Article 9 (1) of the GDPR is defined as data relating to:
In a similar way to Special Category data, the GDPR also specifies that criminal offence records must be dealt with in a particular way, and only where there is legal or official authority to do so under Article 10 of the GDPR.
Article 10 states as follows:
Under Article 17 of the GDPR, individuals have the right to have personal data erased. The right to erasure (or the right to forgotten as it is often known) is not unlimited and does not apply to all situations and categories of data.
The GDPR states that data controllers must erase personal data, without undue delay, in the following circumstances:
The Right to Erasure/to be forgotten does not apply where the processing of personal data is necessary for exercising the right of freedom of expression and information, to comply with obligations carried out in the public interest or official authority, for public health reasons, for the archiving of scientific research, historical research, or statistical purposes, or for the establishment, exercise or defence of legal claims.
The Right to Erasure applies, for example, to the deletion from public aggregators of information, such as Google’s search engine.
We are able to help if you would like to have links to unfavourable news articles or other electronic media, removed from Google’s search index. For more information please visit here: Removing Information from Google’s Index.
The Right to be Forgotten under the GDPR however does not apply to criminal record information held by the police or other bodies entrusted with recording criminal record information, the Right to Erasure and/or Restriction under the Data Protection Act 2018 applies instead.
The police retain records in a variety of different ways, but the main two types of information are held on either the Police National Computer (PNC) or locally held records. Locally held police records are often backed up to the Police National Database (PND).
The PNC is a record of all arrest records, cautions and convictions issued to data subjects, typically these can only be removed if there is a lawful basis for doing so. In the case of cautions and arrest records these will only be removed because the police have agreed to a deletion, or the High Court has ordered expungement after judicial review proceedings. We have extensive experience of successfully challenging police cautions and arrest records.
Locally held records can be retained by the police relating to investigations where no charges resulted, or where charges were issued, but a prosecution collapsed at court. The police may also retain records in relation to old minor convictions and cautions, such as witness statements, interviews and custody records. The police can justify the retention of these records for law enforcement purposes, which are defined as: for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.
These records however can not be kept indiscriminately and depending on the circumstances of the case, a data subject may be able to successfully argue that their locally held police records should be deleted under the right to erasure.
We have significant experience in applying for the deletion of locally held police records under the right to erasure/rectification under the Data Protection Act. Please get in touch if you feel the police are unfairly retaining records against your name.