Privacy Notice: Use of Reoffending Data for the Twinning Project Research Study
University of Oxford
1. Introduction
This Privacy Notice explains how we use, store, and protect personal data relating to individuals who previously took part in the Twinning Project research study. We are conducting further analyses using reoffending and custodial outcome data shared by His Majesty’s Prison and Probation Service (HMPPS) and Ministry of Justice (MoJ) to evaluate long-term outcomes of participation in the programme.
This Notice is issued publicly to ensure transparency about how personal data is processed for this research, in line with UK GDPR and the Data Protection Act 2018.
2. Who is responsible for your data?
Data controllers: Ministry of Justice joint with University of Oxford
Lead researcher: martha.newson@anthro.ox.ac.uk
Data protection contact: data.protection@admin.ox.ac.uk
3. What data are we using?
For this phase of research, we are processing the following personal data supplied by MoJ:
• Identifiable custodial and probation records
• Reoffending and reconviction outcomes
• Relevant demographic, survey and custodial data already held from the original study
• Internal pseudonymous identifiers linking participants’ new outcome data to their earlier research responses
• No new data is being collected directly from participants
4. Why are we using this data? (Purpose of processing)
We are using this data to:
• Evaluate the long-term behavioural, psychological, and social outcomes associated with participation in the Twinning Project
• Understand how earlier improvements in attitudes, behaviour, or identity formation relate to later offending behaviours or desistance from crime
• Inform the development of the Toolkit for Transformative Social Interventions (TTSI) to improve future interventions in prisons and probation settings
• Contribute to academic and policy research on rehabilitation and desistance
• Data will not be used for research about individuals, i.e., data is aggregated
5. What is the lawful basis for processing?
Under UK GDPR, research carried out by a university uses the following legal bases:
Article 6(1)(e):
Processing is necessary for the performance of a task carried out in the public interest (research and evaluation of rehabilitation programmes).
Article 9(2)(j):
Processing is necessary for scientific or historical research purposes subject to appropriate safeguards.
All processing is carried out in accordance with the UK GDPR and the Data Protection Act 2018 (Schedule 1, Part 1, para. 4: research).
6. How do we keep your data safe?
• All identifiable data is stored on secure, access-restricted university servers.
• Access is limited to named researchers on the project.
• Data is encrypted during transfer and storage.
• We apply MoJ-approved security protocols and research governance procedures.
• Results will only ever be reported in aggregate, anonymous form.
7. Will your data be shared?
Your personal data will not be shared with any external organisations beyond the original data providers (HMPPS/MoJ).
Only anonymised, aggregated analyses will appear in publications, presentations, or policy briefs.
8. How long will we keep your data?
Data will be retained only for as long as necessary to complete the research and meet legal requirements. Personal data will either be securely deleted or anonymised for long-term research use in accordance with university retention schedules.
9. Your rights
Under UK GDPR, you have rights including:
• The right to be informed
• The right of access
• The right to rectification
• The right to restrict processing
• The right to object
Because the data is being used solely for scientific research, some rights (such as erasure or objection) may be limited where exercising them would seriously impair the research (UK GDPR Article 89). Requests will always be considered on a case-by-case basis.
To exercise your rights, contact the lead researcher, Dr Martha Newson: martha.newson@anthro.ox.ac.uk
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk.
