Retailers “must only share personal information that’s proportionate and necessary to achieve your purpose”, the ICO explained.
The shopkeeper was told to remove the sign ‘as it might cause offence’ (Image: PA)
Photographs of suspected shoplifters should not be displayed in stores in case they breach data protection and privacy rules, the UK’s information watchdog has warned in a move likely to infuriate politicians, business leaders, and frustrated retailers. The Information Commissioner’s Office (ICO) has told shopkeepers putting up images of suspected thieves in shop windows or public areas “may not be appropriate” under UK data protection law, and may amount to an unjustified intrusion into the rights of individuals.
The guidance is part of the ICO’s advice on how small businesses can tackle shoplifting without violating GDPR and other privacy legislation. The ICO explained that retailers “must only share personal information that’s proportionate and necessary to achieve your purpose.”
Reform UK deputy leader Richard Tice (Image: Getty)
In practice, that means images or personal details of alleged offenders should only be passed to the police, store managers, or other relevant parties – not displayed for all passers-by to see.
The disclosure comes after a string of incidents in which police have told shopkeepers to remove notices or photographs identifying suspected thieves.
In one high-profile case, Rob Davies, a shop owner in Wrexham, was ordered by North Wales Police to remove a handwritten sign referring to “scumbags” who had stolen from his store.
Officers told him the language could cause offence and that public display of images could violate data protection rules.
Katie Lam with Shadow Justice Minister Robert Jenrick (Image: Getty)
The ICO insists its position is not about shielding criminals from consequences but about ensuring that any sharing of “criminal offence data” is lawful, targeted, and proportionate.
In a 2023 blog post, it stressed: “We want businesses to be able to take action to prevent crime, but we want people who aren’t breaking the law to be able to go about their day without unjustified intrusion.”
However, many politicians and industry figures see the guidance as another example of bureaucracy prioritising offenders over victims.
Robert Jenrick, the shadow justice secretary, called the ICO’s position “data protection gone mad” and told the Telegraph shoplifters should be “named and publicly shamed.”
Richard Tice, leader of Reform UK, went further, saying that any official who opposed posting images of repeat thieves was “on the side of the criminals” and “should be ashamed of themselves.”
He told The Telegraph: “This highlights the complete insanity of GDPR. It’s damaging to healthcare, damaging to law and order, damaging to businesses and our economy.”
Katie Lam, a shadow home office minister, said she recently met a constituent who had been “plagued by shoplifters” but was warned by police to take down photographs of suspects despite handing over CCTV, card details, and licence plate numbers.
She said: “Our system should crush the lawless and protect the law-abiding. It does the opposite.”
The British Retail Consortium estimates that theft costs UK businesses £1.8 billion a year, with an extra £700 million spent on security measures. Official figures show shoplifting reports have risen 20 per cent in a year – with nearly three offences reported every minute across the country.
Retailers say they feel increasingly abandoned, claiming many forces no longer treat shoplifting as a serious crime. Some have turned to their own deterrents, such as signs, locked cabinets, and local business watch groups – but now even those measures risk falling foul of data protection law.
The ICO’s guidance outlines actions it considers appropriate, including sharing suspect details with police or other stores where there is a clear and immediate risk.
However, it warns against public posting of photographs in shop windows, on lampposts, or in other public spaces, arguing that such displays make personal information available to people who have no authority or ability to act on it.
