Chief Constable of the Police Service of Scotland – €75,700 Fine (United Kingdom, 2025)

€75,700Information Commissioner's Office12 December 2025United Kingdom
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Chief Constable of the Police Service of Scotland was fined £66,000 for improperly handling personal data during a police investigation. This matters because it highlights the need for law enforcement to protect individuals' data and follow legal guidelines when collecting information.

What happened

The Chief Constable mishandled personal data by downloading information from a private individual's phone without proper safeguards.

Who was affected

A private individual whose phone data was improperly downloaded and shared during a police investigation.

What the authority found

The UK DPA ruled that the police service violated GDPR by failing to implement adequate measures to protect personal data and not reporting a data breach.

Why this matters

This case serves as a reminder for law enforcement agencies to ensure they have strong data protection practices in place to safeguard personal information.

GDPR Articles Cited

AI-verified

Art. 33(GDPR)
Art. 5(1)(c) GDPR
Art. 25(1) GDPR
Art. 32(1) GDPR
View original scraped data
Art. 5(1) c) GDPR
f) GDPR
Art. 25(1) GDPR
(2) GDPR
Art. 32(1) GDPR
Art. 33(GDPR)

Original data from scraper before AI verification against source document.

Source verified 14 April 2026
articles corrected
national law identified
United Kingdom enforcementInformation Commissioner's Office actionsAll Chief Constable of the Police Service of Scotland actions
Full Legal Summary
Detailed

The UK DPA has imposed a fine of £66,000 (EUR 75,700) on the Chief Constable of the Police Service of Scotland. The processor executed a mass download from the mobile telephone of a private individual during the course of a police investigation, thereby contravening regional data protection legislation. After the investigation concluded, the data was forwarded to another investigative entity for a misconduct investigation into a third party, who was provided with the entire download from the data subject's phone. The controller failed to implement adequate technical and organisational measures to prevent the disclosure of personal data to unauthorised third parties. Additionally, the controller failed to comply with the principles of data minimisation. Furthermore, the controller failed to inform the DPA of the data breach.

Related Enforcement Actions (0)

No other enforcement actions found for Chief Constable of the Police Service of Scotland in UK

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

12 December 2025

Authority

Information Commissioner's Office

Fine Amount

€75,700

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Chief Constable of the Police Service of Scotland - United Kingdom (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: