The Metropolitan Police’s retention of data on a 16-year-old child (known as II) from the age of 11 was unlawful and a disproportionate interference with his right to private life, a High Court judge has ruled.
In II, R (On the Application Of) v Commissioner of Police of the Metropolis  EWHC 2528 Mrs Justice Steyn concluded that the continued retention of the claimant's personal data was in breach of Article 8 of the ECHR and ss.35 and 39 of the Data Protection Act 2018.
However, she also found that the defendant's decision did not breach s.149 of the Equality Act 2010.
The background to the claim was that in December 2015, when the claimant was 11 years old, an online tutor raised certain concerns about his alleged behaviour with the Department for Education.
In accordance with the Prevent Strategy, the matter was referred to the Metropolitan Police. On 20 June 2016, the case was closed by the defendant's local Prevent panel.
The claimant challenged a decision made by the Metropolitan Police on 26 April 2019 to retain the claimant's personal data, refusing his mother's requests for such material to be deleted.
Law firm Deighton Pierce Glynn, which acted for the claimant, said this resulted in the data being held across 10 separate databases, accessible to not only the police, but also local authorities and the Home Office.
In a witness statement the Metropolitan Police argued that the retention would have “minimal impact” on II.
It was also suggested that “it is often a patchwork of information gathered over time which allows for a complete assessment of risks and safeguarding needs. The content of the information held in relation to the Claimant gives rise to safeguarding concerns, which necessitates the retention of the data”.
Mrs Justice Steyn concluded that continued retention of the claimant's personal data would be disproportionate and unjustified:
- Although each of the matters raised by the source was not proved to be untrue, some aspects were proved to be untrue and the case was closed on its merits because it was assessed that there was no cause for concern that the claimant was being radicalised or was vulnerable to radicalisation. “There were sound reasons for reaching that conclusion at the time.”
- The source had no contact with the claimant after November 2015, so the concerns she raised stemmed from that date, at the latest, when the claimant was only 11 years old. “The claimant is now 16 years old. Four years and 10 months have passed without any further concern being raised that the claimant is vulnerable to radicalisation. Notably, that is so in circumstances where his school stated that they intended to monitor his behaviour and would raise any relevant concerns with the Prevent officer. I also note that when the decision letter was sent the claimant was 14 years old.” A further 17 months had passed since the police officer made the decision to continue to retain the claimant's personal data.
- The defendant had reviewed its records with a view to demonstrating the importance of keeping data following a referral, even if it seemed innocuous at the time, and the police officer had exhibited three anonymised examples as case studies. “It can be inferred that these are the best examples the defendant could find. In none of the three case studies was there a gap between the initial referral and the subsequent referral approaching the length of time that has passed in this case.”
- The defendant had contended that the starting point, in accordance with the national policy, was that data of this nature should not be deleted earlier than 6 years. “In accordance with the policy that is the ordinary period for which data in this category will be retained before being considered for deletion. However, when defending the necessity and proportionality of applying a six-year retention period to the personal data of children, the defendant asserted in the detailed grounds, correctly, that ‘the policy framework does not mandate a minimum period of retention – there is a right of review of the necessity for retention, which the claimant exercised (unsuccessfully) in this case. If retention is no longer required for a policing purpose then the information falls to be deleted on either a triggered or rolling review’.”
Mrs Justice Steyn noted that the length of proportionate retention was a fact-specific question. “In my judgment, on the facts of this case, no policing purpose for continuing to hold the claimant's personal data has been demonstrated.”
The judge also considered that the Metropolitan Police had underestimated the impact of the interference with the claimant's privacy rights entailed in retaining data about his alleged views and statements when he was 11 years old.
She accepted a submission that continued retention of the claimant's personal data was a lesser interference than disclosure of that personal data to third parties. “Nevertheless, retention alone means that the data can be accessed by MPS officers, counter-terrorism officers nationally, local authorities and Home Office colleagues, across 10 databases.”
In addition, Mrs Justice Steyn said, as long as the claimant's personal data was retained, he would continue to fear that it might be disclosed to third parties, particularly universities to which he might apply or from which he might receive offers.
Bharine Kalsi of Deighton Pierce Glynn, solicitor for the claimant, said: “The Court has found that there was ‘no policing purpose’ for the retention of data concerning II; data which alludes to radicalisation, but which our client has always maintained is untrue.
“This judgment means this data will no longer cast a worrying shadow over II’s bright future, particularly as there was no guarantee that it would not be shared with other organisations and institutions. It is now time for the authorities to look at their exercise of power under the Prevent Strategy, which continues to unjustly target innocent individuals, in particular children from the Muslim community by wrongly labelling them as extremists.”