Some of the approximately 21 million facial photographs held on the Police National Database are images of innocent people, but clunky IT systems mean cleansing computers of them is a complicated and potentially costly task.

The painstaking task of weeding out potentially hundreds of thousands of custody photographs of innocent people is likely to be deemed too expensive and onerous by cash-strapped constabularies, a minister has warned.

Innocent people whose mugshots are kept on file by the police have the right to request for such images to be deleted in their entirety – a right that only a handful of people have taken up so far.

However, the way in which these images are stored means that the process of deleting them can be complicated and clunky and it cannot be automated without a major upgrade to existing police computer systems.

Baroness Williams of Trafford, the Minister for Countering Extremism, told MPs on the Science and Technology Committee that there were “technical challenges” to automating the deletion of facial images, making deletion a “complex” manual exercise.

She added that “any weeding exercise will have significant costs and be difficult to justify given the off-setting reductions forces would be required to find in order to fund it”.

In total around 21 million facial images are held on the Police National Database (PND) and on local force systems. The arguably unlawful retention of at least some of these pictures has been a longstanding bugbear for pro-privacy groups such as Big Brother Watch.

Some senior law enforcement insiders have privately claimed that the retention of images of unconvicted people could help constabularies to fight crime in the long run. There have even been rumours that artificial intelligence-type tools are currently being developed to make links between police mugshots and visual clues buried in illegal material online.

In a letter to the chairman of the Science and Technology Committee, Baroness Williams explained that custody images are first stored on the policing system of the arresting force, of which there are 43 in England and Wales, and are then copied from these systems onto the PND.

“These records are structured around a person’s contacts with the police, rather than conviction status, and so there may be multiple images across several systems relating to a particular individual,” she wrote. “If a record is deleted from a local custody system it will also be deleted from the PND.

“However, deletion from the PND will not lead to an automatic deletion from the local police system, as there is no link back from the PND to local systems. In order to delete custody images automatically, it would be necessary to upgrade all 43 local systems and the PND.”

Committee chairman Norman Lamb called for an urgent review.

“Innocent people should rightly expect that images gathered of them in relation to a crime will be removed if they are not convicted,” he said. “This is increasingly important as police forces step up the use of facial recognition at high profile events, including the Notting Hill Carnival for the past two years.”

The row came as the Home Office cited compliance with data protection laws as the reason for the controversial destruction of landing cards that could have helped Windrush arrivals prove their right to stay in the UK. The issue is at the centre of a scandal over apparent threats to deport some children of immigrants from the West Indies who came to Britain immediately after the Second World War.



In 2015 it emerged that police were struggling to scrupulously review all material held on a counterterrorism database in order to comply with new privacy legislation.

At the time Clive Reedman, a biometrics consultant and expert in criminal justice, said: “To remove something from a criminal database of this size, whatever type of profile it is, is difficult if not impossible.

“Deleting data - things like biometric profiles and DNA profiles – is a very difficult thing to do. It’s actually also quite a nonsensical thing to do in many cases.”

A year later it was revealed that hundreds of DNA or fingerprint records relating to persons of interest to counter-terrorist police had either mistakenly been deleted or would need to be destroyed owing to oversights in applying for authorisation to legally retain such data.