Independent advisory group on emerging technologies in policing minutes: June 2022

Attendees and apologies

Attendees and apologies

• Dr Elizabeth Aston – Edinburgh Napier University (Chair)
• Scott Ross - Scottish Police Authority 
• Jenny Brotchie - Information Commissioner’s Office (Online)
• Stephen Ferguson – Crown Office and Procurator Fiscal Service (Online)
• Professor Bill Buchanan – Edinburgh Napier University (Online)
• Professor Angela Daly - Dundee University (Online)
• Bill Stevenson - Equality and Human Rights Commission (Online) 
• Denis Hamill – Police Scotland (Online)
• Andrew Alexander - Law Society of Scotland (Online)
• Elaine Galbraith – HMICS – (Online)

Scottish Government secretariat (SG)

• Ryan Paterson
• Elaine Hamilton (Online)

Apologies

• Burkhard Schafer - Edinburgh Napier University 
• Naomi McAuliffe – Amnesty International
• Georgie Henley - techUK
• Barry Sillers - Scottish Police Authority 
• Ken Dalling – Law Society of Scotland
• Andrew Hendry – Police Scotland 
• Kirsty-Louise Campbell – Police Scotland 
• Anil Gupta - COSLA

Items and actions

Chair update  

The Chair welcomed everyone to the meeting and noted apologies. Acknowledged that the rail strikes have limited some members in person attendance.

Work stream (WS) updates 

WS2

Bill Buchanan (BB) confirmed that he had taken on board previous comments and updated to WS2 report to reflect these including typos and titles. 

Members spoke about the possible barriers to data sharing in the context of data protection and whether a recommendation covering this area for Police Scotland (PS) could be a possibility.

AP: BB to contact Jenny Brotchie and work on a short paragraph to include on the WS2 report regarding data sharing by 28 June.

Chair was content with the layout of the report in particular naming the authors who wrote each section and the whole WS members list.

Denis Hamill (DS) commented that it was good to see the use of common data language throughout the report and the linking of the data. Highlighted a recommendation on p27 in regards to ISO27001 standard - while PS do not go down the certification route for that they do have annual accreditation based around the UKG Security Policy Framework, Home Office Standards and SG Cyber Resilience Standards. PS feel they already adhere to a very high standard and not only against the ISO27001 standard. 

AP: BB to contact DH and obtain provide information on PS progress in this area that can be incorporated into the WS2 report by 28 June. 

Scott Ross (SR) spoke about the report in regards to democratising the decision making process with PS and the evidence/research used when looking at new technology. Possible need for a proportionate approach when looking at new technology as there still could be certain gaps that research has not covered - but as long as it is justifiable/proportionate it should not hold PS back in this area.

DH followed this point and confirmed that PS new Data Ethics Triage process that will assess all new business cases and could indicate levels of risk that would require higher levels of governance or the need for further research.

Bill Stevenson (BS) also commented that he will contact BB regarding EHRC aspects to the WS2 report.

Chair noted that it was not enough to point out that gaps existed - colleagues should also indicate how those gaps could be filled. 

AP: BS to contact BB regarding EHRC lines to be included in the WS2 report by 28 June. 
AP: Chair asked for all contributions/lines/comments that address areas to be with BB by 28 June.

WS1 

Angela Daly (AD) confirmed that the WS1 report is still a work in progress. Confirmed currently 50 pages long and did not wish to make it any longer. Still incorporating different information. AD asked for:

• any further contributions to be succinct and to try and fit the narrative  
• members to check report for factual accuracy (including PS Data Ethics Panels) 
• possible input from ICO and Law Society 
• footnotes not being used in the Report but fine to include hyperlinks 

DH commented that it was hard for PS to offer feedback on certain areas of the report and could be split into 3 areas:

• on recommendations 3 and 8 as PS already feel they have process/justifiable basis covering these perceived gaps – possible need to “strengthen” or “improve on” what they’re doing, as opposed to filling a gap
• no. 6 could be seen as “work in progress”
• don’t agree with wording on recommendation 9 as PS follow the principles of reusing before buying new – but happy to have a conversation to delve deeper into the meaning of this recommendation

AD noted  that even though they could not all agree,  they should try to take account of differences in views  as stakeholder perception may be different to PS view.

Chair added that perhaps it was not about  a lack of legal basis, but rather that the legal basis had not been shared. 

Chair confirmed that WS1 meeting was due to take place on 29 June. 

AP: Chair asked for all contributions/lines/comments that address areas to be with AD by 28 June.

JB confirmed that ICO will try to meet this deadline but might be pushed due  as she wanted to input on data protection law but needed to consult internally first - this may take some time. 

AP: AD to liaise with DH regarding specific WS1 input and the Recommendations being more specific.

Chair advised that all reports should have been finalised in the Spring; and then by May; and now by end June (8 July for WS1 and 2). She had originally set aside time in June to write up the final report but that will now be delayed to late summer due to other commitments. She now anticipates a November submission date for the Final Report to accommodate another face to face  meeting of the whole ETIAG in August, with time to revise the material after that. Further meetings may be needed in September and October.

All written submissions should go to Chair copying in RP - discussions can be had thereafter if necessary.

Chair confirmed that the latest draft of the research report has been shared and is available for comments. Chair spoke about publishing the 4 WS reports and the research report as a parallel report and have equal status. Members agreed with this.  

AP: All members to provide any comments on research report by 28 June to enable final feedback to be sent and a final research report to be confirmed.

Chair advised that she’d discuss any plans for follow up to the Recommendations with Graham Thomson of SG when she meets him on Friday.

Interim report 

Chair spoke to the draft of the interim report and asked if any members had comments. Interim report would be submitted to the Cabinet Secretary next week. Graham Thomson of SG had confirmed no need to publish the Interim Report.

Executive summaries and recommendations 

Members spoke about the difficulty looking at all the recommendations with some still outstanding or incoming. Also how to group and look at them all once obtained – grouped in one document, table format or aligned to each WS. 

AP: Chair asked for Secretariat to create a table of recommendations (once all received) and how they link to the WS emerging themes  of legislation, policy and practice and whether any conflict with each other. 

Chair suggested that when the group meet in late August they could use mind map and post its to draw out links etc. 

Next steps 

• further comments for WS1 and WS2 reports to be returned by 28 June
• WS4 executive summary to be returned by 30 June 
• research comments to be returned by 28 June 
• WS1 and WS2 reports to be finalised by 8 July 
• IAG meetings to take place 24 August (in person), TBC September (Virtual) and TBC October (in person) 
• once all 4 WS reports have been received (8 July) all members will have the chance to provide any comments by 12 August in respect of feedback they’ve received from external organisations e.g. Amnesty. The feedback will not lead to the workstream reports being changed but could influence the final report