Skip to site content Skip to main menu

Privacy Notice – Digital Device Examination

Publication Date: May 2024

About Digital Device Examination

An increasing amount of crime is now committed online or has a significant digital footprint.

Even those crimes committed in the physical world often have some form of digital evidence.

The ability to capture relevant evidence from digital devices has become an essential part of modern day policing.

A digital device is defined as any electronic device that can receive, store, process or send digital information and includes, but is not limited to, any mobile phone, laptop, computer, smart device, satellite navigation system, SD card, USB, hard drive, digital camera etc.

Digital evidence may be derived from an electronic device, mobile or otherwise, from social media or any other platform/operating system capable of capturing digital communications data.

Police Scotland examines digital devices where there is reasonable belief that it may contain evidence or information relating to a police investigation or incident.

This ensures we can conduct thorough investigations and maximise evidence to keep people safe.

Who we are

The Police Service of Scotland is a constabulary established under the Police and Fire Reform (Scotland) Act 2012. 

Its headquarters is located at Tulliallan Castle, Kincardine, FK10 4BE, United Kingdom, and you can contact our Data Protection Officer by post at this address, by email at: dataprotection@scotland.police.uk, and by telephone on 101.

About this notice

This notice is to advise you (you are also referred to as the data subject) of how your personal data (information) will be dealt with (processed) by Police Scotland when examining your digital device for law enforcement purposes and your rights in relation to that processing.

The Chief Constable of the Police Service of Scotland is a controller of your personal information and decides the purposes for which your personal information will be processed along with SPA, COPFS and SCTS. Police Scotland can be contacted by telephoning 101.

Digital device examination is carried out for law enforcement purposes which are:

The purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.

The information below provides details of:

  • our lawful basis for processing personal information
  • the types of information we may process as part of a digital device examination undertaken for law enforcement purposes.
  • the categories of individuals affected
  • the length of time we will keep the information
  • who we may share it with.

What is personal data?

“Personal data” is information that can identify and relates to a living individual, for example your name, date of birth and address. 

It also includes alleged or actual offending information.

There is also a type personal data referred to as “sensitive personal data” and this relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life or sexual orientation.

What is Police Scotland’s lawful basis for processing personal and sensitive personal data?

The Police and Fire Reform (Scotland) Act 2012 states that it is the duty of a constable:

  • to prevent and detect crime
  • to maintain order
  • to protect life and property
  • to take such lawful measures, and make such reports to the appropriate prosecutor, as may be needed to bring offenders with all due speed to justice
  • where required, to serve and execute a warrant…. in relation to criminal proceedings, and
  • to attend court to give evidence.

The Criminal Procedure Scotland Act 1995 places a statutory duty on Police Scotland to reveal relevant evidence to the Crown.

Section 164 of the Criminal Justice and Licensing (Scotland) Act 2010 Code of Practice provides that the Police have an obligation to pursue all reasonable lines of enquiry and to record, retain, review, reveal and where appropriate provide all information which may be relevant to the Crown.

Under Schedule 7 of the Data Protection Act 2018, the Chief Constable of the Police Service of Scotland is a competent authority, and Part 3 of the Act permits law enforcement processing by competent authorities.

This processing is strictly necessary for law enforcement purposes and is supported by Data Protection Act 2018 Schedule 8 (1)(a) and (b).

The Police Scotland Appropriate Policy Document for all law enforcement processing is available from the Police Scotland website.

Whose personal and sensitive personal data is processed for Digital Device Examination

Where there is reasonable belief that a digital device may contain evidence or information relating to a police investigation or incident, we process information relating to a variety of individuals including:

  • Victims of crime
  • Witnesses of crime
  • Suspects
  • Accused persons
  • Children or vulnerable individuals may become a source of personal data where they are victims or witnesses to an offence or, to safeguard their wellbeing. 
  • Members of the public (including those submitting evidence on behalf of corporate bodies and those captured in content data)
  • Consultants and other professional experts
  • Officers and staff.

What personal and sensitive personal data is processed for law enforcement purposes?

The extent of personal data processed will depend on the device type and the user’s use of and reliance on the device in their personal and work lives.

As such personal data may include name, age, address, IP address, location data, contact numbers, online identifiers, online activity, passwords and PINs, offline activity, and factors specific to physical, physiological, genetic, mental, economic, cultural or social identity of the individual.

The wide variety of personal data stored on mobile devices will include text messages and instant messaging, call logs, images, videos, voice notes, audio files and application activity including internet browsing and search activity.

Types of sensitive personal data we process may include information such as;

  • racial or ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership
  • genetic data
  • biometric data
  • health data
  • sex life or sexual orientation.

How long will Police Scotland retain the personal and sensitive personal data processed for digital device examination purposes?

Personal and sensitive personal data processed are retained in accordance with the Record Retention SOP (Crime – CRP001-005).

When a device is examined and information is identified that is relevant to the enquiry, information will not be deleted until approval has been provided by Crown Office Procurator Fiscal Service (COPFS). 

A case may be subject to review based on certain criteria and retention may then be extended as appropriate.

Who will Police Scotland share the personal and sensitive personal data with?

When necessary or required for law enforcement purposes;

  • Crown Office and Procurator Fiscal Service (COPFS)
  • Scottish Police Authority (SPA)
  • Scottish Courts and Tribunals Service (SCTS)
  • Other police forces in the UK including non-Home Office forces
  • Scottish Criminal Cases Review Commission
  • Police forces out with the UK
  • Prisons
  • Local and central government departments
  • Licensing authorities
  • Press and media
  • Police Investigations and Review Commissioner
  • Other law enforcement and prosecuting authorities
  • Legal representatives
  • Defence solicitors
  • Partner agencies involved in crime and disorder strategies, and public protection
  • Professional advisers
  • International agencies concerned with the safeguarding of international and domestic national security anywhere in the world
  • Third parties involved in investigations relating to the safeguarding of national security
  • Data processors.

The above list is not exhaustive and may vary on a case-by-case basis.  More information on non Digital Device Examination processing of information can be found in our other Privacy Notices.

Your Rights

You have certain rights in relation to how we process your personal information.  These are listed below.

  1. Right of access – you can make what is called a subject access request to us. You are entitled to, amongst other things, a copy of the information we hold on you, although there are exceptions to this. For further information and details on how to make a subject access request please visit the Police Scotland website.
  2. Right to rectification (correction)

We must correct without delay, any personal information we hold on you which is not accurate.

If you think anything is wrong, you should contact us by post or email, where possible by completing the form on our website telling us what you think is wrong and why.

There are exceptions to when we have to correct the information, and you will be advised if we have to apply them. 

If it is not possible to establish the accuracy of the personal information, we will restrict how we process it, for example restrict who can see your information, or who we disclose it to.

  1. Right to erasure or restriction of processing

You have a right to request that we delete your personal information, but this will only be done when we are not legally required to keep it.  On occasion it may be more appropriate to restrict how we process it, for example restrict who can see your information, or who we disclose it to.  You can find more information in the Your Rights section of the Police Scotland website or email information.assurance@scotland.police.uk.

If we refuse to carry out your requests in full under paragraphs 1 to 3 above, you have the right to ask the Information Commissioner to check whether our decision is correct.

If you are unhappy in any way with how we have dealt with your information, you have the right to complain to the Information Commissioner.

The Information Commissioner can be contacted at:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF                            Tel: 0303 123 1113 (local rate)     www.ico.org.uk

If we process your Biometric Data (information about your physical, biological, physiological, or behavioural characteristics) for example, your fingerprints, photograph of your face or, samples taken from any part of your body and you are unhappy in any way with how we have dealt with your information, you have the right to complain to the Scottish Biometrics Commissioner.

The Scottish Biometrics Commissioner can be contacted at:

Bridgeside House

99 McDonald Road

Edinburgh

EH7 4NS

Contact@biometricscommissioner.scot 

Tel: 0131 202 1043

Date of next review of this document: January 2025

featured

Vision 2030 Web 442X294px 15020 24 Ca (1)
Our 2030 vision

Safer communities, less crime, supported victims and a thriving workforce. Read about our 2030 vision and three-year plan.

Rec 442X294 Feat Web
Recruitment events

Police Scotland support those who wish to become police officers, special constables or police staff by hosting various online and in-person recruitment events throughout the year.

Right To Ask (Feature)
Disclosure Scheme

Worried that your partner or the partner of someone you know might have an abusive past? You have the #RightToAsk.

Help Us Improve (Feature) 11414 T1 Pm
Help Us Improve

If you've reported domestic abuse, rape or sexual crimes to us, we'd appreciate your feedback on the service we provided.

Accessibility Statement2
Accessibility Statement

Police Scotland has been working to make its websites more accessible - read our accessibility statement.

Your Police Survey Featured Bnr 13991 T1 24 AR
Your Police

Help shape policing in your local area.

more features