Chief Constable of the Police Service of Scotland – €75,700 Fine (United Kingdom, 2025)

€75,700Information Commissioner's Office12 December 2025United Kingdom
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Chief Constable of the Police Service of Scotland was fined €75,700 for improperly handling personal data during a police investigation. The police downloaded data from a private individual's phone and shared it without proper safeguards. This case serves as a reminder for public agencies to follow data protection rules.

What happened

The police executed a mass download of personal data from an individual's mobile phone without proper authorization.

Who was affected

A private individual whose phone data was downloaded and shared was affected.

What the authority found

The UK DPA ruled that the police failed to implement adequate measures to protect personal data and did not minimize the data collected.

Why this matters

This case highlights the need for law enforcement agencies to comply with data protection laws just like any other organization. It shows that failure to protect personal data can lead to significant fines.

GDPR Articles Cited

AI-verified

Art. 5(1)(c) GDPR
Art. 5(1)(f) GDPR
Art. 25(1) GDPR
Art. 25(2) GDPR
Art. 32(1) GDPR
Art. 33(1) GDPR
View original scraped data
Art. 5(1) c) GDPR
f) GDPR
Art. 25(1) GDPR
(2) GDPR
Art. 32(1) GDPR
Art. 33(GDPR)

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Section 35 DPA 2018
Section 37 DPA 2018
Source verified 14 April 2026
articles corrected
national law identified
United Kingdom enforcementInformation Commissioner's Office actionsAll Chief Constable of the Police Service of Scotland actions
Full Legal Summary
Detailed

The UK DPA has imposed a fine of £66,000 (EUR 75,700) on the Chief Constable of the Police Service of Scotland. The processor executed a mass download from the mobile telephone of a private individual during the course of a police investigation, thereby contravening regional data protection legislation. After the investigation concluded, the data was forwarded to another investigative entity for a misconduct investigation into a third party, who was provided with the entire download from the data subject's phone. The controller failed to implement adequate technical and organisational measures to prevent the disclosure of personal data to unauthorised third parties. Additionally, the controller failed to comply with the principles of data minimisation. Furthermore, the controller failed to inform the DPA of the data breach.

Related Enforcement Actions (0)

No other enforcement actions found for Chief Constable of the Police Service of Scotland in UK

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

12 December 2025

Authority

Information Commissioner's Office

Fine Amount

€75,700

Enforcement Tracker ID

ETid-3075

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Chief Constable of the Police Service of Scotland - United Kingdom (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: