By Robert Bateman
The U.K. is denying thousands of migrants access to their personal information using a controversial exemption to the country’s data-protection law, in a move that advocates say violates human rights.
The U.K.’s Home Office, which handles visas and immigration issues, relied on the controversial “immigration exemption” in as many as 72% of requests for personal information it received last year, according to a report released this month by the Open Rights Group (ORG).
Under U.K. law, individuals can make a “subject access request” to see what personal information an organization has about them.
The immigration exemption, which forms part of the U.K.’s Data Protection Act of 2018, allows an organization to reject an access request if granting so will be “likely to prejudice … the effective maintenance of immigration control.”
ORG’s report, released March 3, revealed that the Home Office received 19,305 subject access requests between Jan. 1 and Dec. 1 — relying on the exemption on 14,027 occasions.
Matthew Rice, the group’s Scotland director, told Digital Privacy News that the U.K. government had “never provided a solid justification for the immigration exemption.”
“These ‘situations’ are vague hypotheticals without any evidence of their necessity to back them up.”Matthew Rice, Open Rights Group.
“When pushed, (the government) has only ever drawn out ‘sorts of situations’ for which the exemption may be necessary,” he added. “These ‘situations’ are vague hypotheticals without any evidence of their necessity to back them up.
“They failed to adequately justify it during the bill debates, and they have continued to fail in our challenge to the exemption,” Rice continued.
“Now that we have the evidence of exemption in practice, it begs the question: Why is this exemption necessary in the vast majority of requests to the Home Office?”
A Home Office spokesperson said: “The immigration exemption to the 2018 Data Protection Act effectively balances the rights of the individual against the operational needs of maintaining effective immigration control.
“The exemption can only be applied to the extent it is necessary and proportionate to do so, such as to protect ongoing investigations,” the spokesperson said. “The rest of the information relating to the requestor will still be released.”
An initial legal challenge to the exemption, brought by ORG and the migrant advocacy organization The3million, was heard at London’s High Court in October 2019.
The exemption “effectively balances the rights of the individual against the operational needs of maintaining effective immigration control.”U.K. Home Office.
The case failed after the presiding judge found that the law contained sufficient safeguards against errors.
An appeal of the decision was heard at the Court of Appeal of England and Wales last month. An outcome is expected later this year.
“The immigration exemption is taking away your fundamental right to see what information the Home Office and its partners hold on you,” said Maike Bohn, co-founder of The3million.
“This makes it practically impossible to correct any incorrect data in a meaningful time frame,” she told Digital Privacy News.
“The exemption creates a broad smokescreen behind which errors and data misuse can go undetected. It is arming the Home Office and partners with the tools to act without scrutiny.”
Bohn pointed out that, besides such government departments as the Home Office, private businesses also could rely on the exemption to deny people access to personal information.
“The U.K. has created a hostile environment where private citizens and public servants must check the immigration status of other citizens when offering jobs, renting accommodation, visiting a doctor or hospital, opening a bank account, getting married and more,” Bohn said.
“The exemption creates a broad smokescreen behind which errors and data misuse can go undetected.”Maike Bohn, The3million.
“All these groups count as ‘data controllers’ — who could use this new exemption to withhold information they have about you, and they don’t have to justify it,” she added. “They can hide under the cloak of ‘maintaining effective immigration control.’
“This vague purpose,” Bohn told Digital Privacy News, “provides a blanket exemption from fundamental data-protection rights and is ripe for abuse.”
Robert Bateman is a writer in Brighton, U.K.