King’s College London breached GDPR by sharing list of activist students with cops – wait, it has a list of activist students?!

Kings College London breached the General Data Protection Regulations when it shared a list of student activists with the police and barred the activists from campus during a visit by the Queen, an independent report (PDF) has found.

Some 13 students and one member of staff were unable to access any of the campus sites as their cards had been deactivated to prevent access to the Bush House site, which was opened by the Queen on March 19.

In foreword to the report, Professor Evelyn Welch, acting principal at KCL said the university accepts the findings and recommendations in full and is putting in place a plan to address all the issues raised.

One of the findings of the report is that we have breached our own policies regarding protection of personal information and the GDPR regulations. Following the event, we informed the Information Commissioner’s Office that we were undertaking this review. We have now shared the report with them and await their response.

The report also contains recommendations about our security arrangements which we will follow as we bring our operations in house and a new Head of Security joins us.

Welch said that while some have interpreted the actions taken on the day as racial profiling, “this was not the case and I want to reiterate that discrimination on any grounds is unacceptable and is damaging to our community.”

The report’s author, Laura Gibbs, concluded that the security team had “overstepped the boundaries” when it compiled the list of activists and shared it with the Met Police.

She said “the barring of individuals against whom there was neither evidence of criminal activity nor any internal disciplinary findings, from “their campus” was disproportionate and “against King’s stated values.”

One student was blocked from entering a KCL building for an exam in south London, and was only able to enter when the on-site security staff reinstated the card.

Source: King’s College London breached GDPR by sharing list of activist students with cops • The Register