Written by Data protection · covert policing · public-interest allegations
The supplied draft raises serious allegations about the Information Commissioner’s Office, Police Scotland Angels and the alleged use of personal data connected to activists, complainants and critics of public authorities. Because the claims are grave and identify people and institutions, they must be presented as allegations requiring verification, not as established findings.
Publication snapshot
- The article concerns allegations about Police Scotland Angels and the ICO’s certification or registration process.
- It raises concerns about alleged misuse of personal data supplied by vulnerable complainants and activists.
- It refers to allegations involving covert intelligence-gathering, CHIS status, unsafe convictions, custody outcomes and intimidation of dissenters.
- It includes a YouTube interview with Moira Dundee and Brian Gerrish on UK Column.
- It calls for independent scrutiny, review of affected cases and accountability from public authorities.
The allegations: from data concern to alleged covert operation
The supplied draft describes a troubling development in concerns about the Information Commissioner’s Office and an organisation known as Police Scotland Angels. Earlier concerns appear to have focused on whether the organisation was collecting personal data under questionable circumstances. The draft now goes further, alleging that the operation may have functioned as a covert intelligence-gathering mechanism aimed at political activists and dissenters.
Because that allegation is extremely serious, the published form should not state it as an established fact unless the documents have been independently checked and the evidential basis is clear. The safer formulation is that campaigners or complainants allege that Police Scotland Angels was more than a private data-collection project and may have had connections to state or policing interests.
Complicity through certification?
The draft alleges that the ICO’s issuance and renewal of certificate ZB291153 gave Police Scotland Angels a veneer of legitimacy. It also alleges that the entity had no proper legal status, no genuine address and was associated with a person whose background required scrutiny.
Those are publication-sensitive claims. The safer framing is that the ICO registration or certification is alleged to have created apparent legitimacy, and that critics say the ICO failed to conduct adequate checks before allowing the organisation to present itself as compliant with data-protection requirements.
Apparent legitimacy
The draft alleges that ICO registration helped Police Scotland Angels appear credible to potential complainants, activists and data subjects.
Data vulnerability
The concern is that sensitive data supplied in trust may have been exposed, repurposed or passed to bodies criticised by those same complainants.
Regulatory due diligence
The article questions whether the ICO adequately checked the entity’s status, address, controllers, purposes and risk profile.
Public confidence
If the allegations are substantiated, the issue would not be administrative error alone. It would raise wider questions about public trust in data-protection oversight.
Unsafe convictions and custody decisions: claims requiring urgent scrutiny
The supplied draft argues that the alleged activities of Police Scotland Angels may have implications for criminal convictions, custody decisions and reputational harm. It says victims may have been jailed, lost contact with children or suffered damage because of manipulated evidence, false allegations or weaponised data.
Those claims are grave. They should be framed as allegations requiring independent review. If data was gathered under false pretences and then used in criminal, civil, family or administrative processes, the appropriate question is whether affected decisions were contaminated by unreliable, improperly obtained or undisclosed material.
Criminal proceedings
If any prosecution relied on information connected to Police Scotland Angels, the provenance, reliability and disclosure history of that material should be examined.
Family and custody decisions
Where decisions affecting children were influenced by contested material, the source and accuracy of that material may require review.
Reputational harm
The draft alleges that individuals suffered reputational damage through the circulation or use of damaging information. That requires a careful audit of documents, recipients and consequences.
Institutional response and regulatory accountability
The draft criticises the ICO, Police Scotland and Information Commissioner John Edwards. It alleges that repeated warnings were ignored or deflected and that evidence of serious wrongdoing was not properly investigated.
For publication, the strongest safe formulation is that complainants allege serious regulatory failure and inadequate institutional response. The article may properly ask why concerns about data collection, identity, organisational status and alleged misuse of sensitive information were not escalated to a more rigorous investigation.
ICO
The article raises questions about registration checks, renewal decisions, complaint handling and escalation where high-risk allegations were made.
Police Scotland
The draft alleges that concerns about fraud, coercion or other misconduct were not adequately investigated. That claim should be checked against complaint records and police responses.
Information Commissioner
The draft criticises the Commissioner’s office for allegedly delegating or deflecting concerns. Personal criticism should be tied to correspondence and official responsibility, not assertion.
State protection claim
The draft’s suggestion of state protection or institutional complicity is highly sensitive and should be framed as an inference or concern unless supported by formal findings.
Silencing dissent: activists, data and intimidation claims
The draft alleges that Alexandria Gallagher, also described in the draft as having used the name “Sandra Gallacher”, targeted activists who opposed aspects of Scotland’s COVID-19 vaccination programme, including members of vaccine-related campaign groups.
It further alleges a pattern of intimidation and discrediting of dissenters. Those claims should be presented with care. The issue for publication is not to endorse every allegation, but to identify the accountability question: whether activists’ personal data was collected, processed, shared or used in ways they did not understand or consent to.
For further insight into this issue, Moira Dundee discusses her analysis in an interview with Brian Gerrish on UK Column. The conversation, recorded before UK Column withdrew an offer for her to cover Scottish issues, provides a concise breakdown of the methods used to entrap and discredit activists.
The need for accountability
The supplied draft calls for urgent scrutiny of the ICO’s role in giving apparent legitimacy to Police Scotland Angels and for a wider inquiry into undercover policing and covert intelligence practices in Scotland.
It also argues that Scotland’s refusal or failure to hold a comparable inquiry into undercover policing requires examination. That point should be framed as a call for transparency rather than as proof that authorities knew what would be revealed.
1. Independent inquiry
An independent inquiry could examine whether Police Scotland Angels collected personal data under false pretences, whether public bodies had knowledge of or involvement in that activity, and whether any covert policing practices were engaged.
2. ICO review
The ICO’s registration, renewal, complaint-handling and escalation decisions should be reviewed against the seriousness of the allegations and the sensitivity of the data involved.
3. Case audit
Any criminal, family, housing or administrative decision said to have relied on data connected to Police Scotland Angels should be identified and assessed case by case.
4. Victim disclosure
Those who supplied personal data should be told what data was held, who controlled it, who received it and whether it was shared with public authorities.
Conclusion: data protection cannot become a mask for surveillance
The allegations in the supplied draft are serious. If substantiated, they would raise profound questions about data protection, policing, covert activity, activist surveillance and public trust in regulatory oversight.
At the centre is a simple proposition: citizens who share sensitive information in the hope of challenging public authorities must not be exposed to covert exploitation, intimidation or undisclosed data-sharing with the very bodies they seek to scrutinise.
The victims and affected individuals deserve disclosure, independent scrutiny and a route to remedy. Public confidence requires no less.
Disclaimer
This article is public-interest commentary based on a supplied draft. It is not legal advice and should not be relied upon as a substitute for specialist advice on any data-protection, criminal, family, public-law, policing, defamation or privacy matter.
References to Police Scotland Angels, the ICO, Police Scotland, Alexandria Gallagher, “Sandra Gallacher”, John Edwards, covert intelligence activity, CHIS status, criminal conduct, unsafe convictions, custody decisions, blackmail, extortion, harassment, intimidation, institutional complicity or state protection are presented as allegations, concerns or matters requiring verification unless established by a competent court, tribunal, regulator, ombudsman, inquiry or other public authority.