ICO Report into mobile phone extraction

Written 28th June 2020 by Alex Close-Claughton

Recently the Information Commissioners Office (ICO) released a report into the extraction of data from mobile phones by the police. The report looked at how the police obtain data from phones, a process known as mobile phone extraction or MPE.

When the police investigate crime, the contents of mobile phones are a useful source of evidence and can go a long way to proving or disproving the guilt of a suspect. Nonetheless there are obvious concerns around privacy when considering the myriad of personal information sorted on an individual’s handset.

The ICO’s report criticised the police’s approach to MPE in that it found that there was a widely differing approach to the process across different police forces. It also raised concerns that there is no systematic approach to justifying the intrusion of privacy that MPE entails and it criticised the amount of personal information that it extracted, stored and distributed. It found that there was a tendency to extract all of the data on a handset and as opposed to simply looking for specific information.

Legal basis for mobile phone extraction

It also examined the legal basis for MPE. The findings were that the police relied on either consent of the handset owner a legal basis or that extraction is strictly necessary for the purpose of law enforcement. It outlines that under data protection rules, consent is deliberately hard to obtain, and there is a high standard for consent, which the police were not always achieving. 

The report stresses the importance of willing public co-operation with policing. It was concerned about the risk that the inappropriate use of MPE may be undermining public confidence in the police. The major issue being that witnesses and complainants may not be willing to hand over their handsets for examination. 

ICO recommendations 

The ICO made many recommendations with the most significant being that a statutory code of practice should be developed to regulate how and when MPE should be used. The code would also serve to ensure uniformity across the different police forces. 

The report also invited the police to re-examine its legal basis for justifying MPE, which as mentioned before there are currently issues with. It also recommended that the Crown Prosecution Service and the Attorney General should work together to improve consistency across the country for authorising MPE. Another recommendation was that police should follow existing regulation more closely and another suggestion was that they develop robust policies to ensure they handle data appropriately.

Other recommendations were that information downloads should be targeted to avoid unnecessary intrusion of privacy; data should not be retained when no longer necessary; police should improve their communication with the owners of the handsets subject to MPE and that there should be a national training standard introduced for all individuals involved in MPE.

In total 13 recommendations were made, mainly with a view to improving uniformity of MPE across the country, improving public confidence in the process by ensuring that data protection and privacy laws are respected and making sure that there is solid legal basis for MPE. 

It remains to be seen whether these recommendations will be implemented but the ICO was created by government as an independent body to uphold information rights. For the police and government to ignore its recommendations  could be considered degradation of their duty to uphold public confidence in policing. 

Article written by Alex Close-Claughton

If you have been released under investigation awaiting the result of mobile phone analysis then please contact us to discuss how Olliers can advise and represent you. For more information in relation to analysis of electronic devices please click here.

Alex Close-Claughton

Alex Close-Claughton



Head Office


Satellite Office

If you would like to contact Olliers Solicitors please complete the form below

Contact Us 2023
Preferred method of contact