Sign up to Newsletter

Privacy International is joining migrant organisations to challenge the UK's "immigration control" data protection exemption - find out why!

News & Analysis
Post date
10th July 2019
Uk immigration

Increasingly every interaction migrants have within the immigration enforcement framework requires the processing of their personal data. The use of this data and new technologies are today driving a revolution in immigration enforcement which risks undermining people's rights and requires urgent attention.

This is why Privacy International, and several migrant and digital rights organisation, joined a formal complaint filed by the Platform for International Cooperation on Undocumented Migrants (PICUM) against the United Kingdom for failing to respect, the General Data Protection Regulation (GDPR), by including an "immigration control" exemption in the Data Protection Act adopted in 2018.

Data processing for immigration purposes

At the border and beyond, vast amounts of data are being collected and processed to track and identify people for immigration purposes, from utility data to people's social media accounts, and even the entire contents of people's phones.

Within borders, government bodies - those with and those without mandates related to immigration enforcement - are collecting, analysing, sharing and accessing vast amounts of personal data and inferring intelligence, on the basis of which life-changing decisions are made including eligibility for entry and residence and to access public benefits amongst others. All of this is supported by an industry making millions from selling data, analysis, and infrastructure to immigration enforcement authorities. 

These practices impact all foreign residents of a country, including economic migrants, asylum seekers, refugees, seasonal workers, and undocumented migrants. Not only does it interfere with their rights, it potentially allows government authorities to interfere with the rights of UK citizens as long as they can claim they are doing so for immigration control purposes.

In view of existing and expanding data processing policies and practices for immigration purposes, there is an urgent need to regulate and monitor entities who undertake or are involved in the processing of migrants' data to ensure they comply with internationally recognised data protection principles and standards, as well as human rights.

What does the complaint challenge?

Schedule 2, Part 1, paragraph 4 of the UK's Data Protection Act includes a broad exemption for the “the maintenance of effective immigration control” or “the investigation or detection of activities that would undermine the maintenance of immigration control.” This was one of the main shortcomings of the Bill as it was being passed through the UK parliament which Privacy International and other Civil Society Organisations (CSOs) challenged during the various stages of the drafting of the law.

This clause provides for a broad and wide-ranging exemption which is open to abuse and should be removed altogether. Instead, there already exist other exemptions within the Act that the immigration authorities can seek to rely on for the processing of personal data in accordance with their statutory duties or in the case of an offence.

Fundamentally, the GDPR was drafted to strengthen the rights of individuals with regard to the protection of their data, impose more stringent obligations on those processing personal data, and provide for stronger regulatory enforcement powers. This broad exemption goes against these core principles and the standards of data protection and human rights. It curtails the rights of individuals and removes the obligations data processors should be subject to in their data processing activities.

What should the UK do?

In order for the United Kingdom to be in compliant with the GDPR and other internationally recognised data protection standards, as well as respect its obligations governed by other national and international frameworks upholding the rights of migrants, it must strike out this broad exemption.

We look forward to working with PICUM, other co-submitters, and UK organisations working on the rights of migrants and on digital rights issues as part of this complaint, and other advocacy and legal initiatives on-going in the UK.

As we wait to hear back from the European Commission about the complaint, PI will continue to research, raise awareness, and help bring change to make sure fairness, human rights, and security are built into the next generation of data-driven immigration enforcement.

Our campaign
Protecting migrants at borders and beyond
Attachments
Complaint_draft_June2019_FINAL.docx

Related Content

Advocacy
Tripod with surveillance cameras on blue sky background

The EU Migration Pact: a dangerous regime of migrant surveillance

PI joins the #ProtectNotSurveil coalition in calling out the EU's New Pact on Migration and Asylum voted on 10 April 2024, a package of reforms expanding the criminalisation and digital surveillance of migrants.

Continue reading
Advocacy
Photo by Mathias Reding on Unsplash

PI seeks to inform report on AI and racial discrimination of the UN Special Rapporteur on racism

Privacy International submitted its input to the UN Special Rapporteur on racism for their upcoming report which will examine and analyse the relationship between artificial intelligence (AI) and non-discrimination and racial equality, as well as other international human rights standards.

Continue reading
Advocacy
#PROTECT NOT SURVEIL in white capital letters with hand holding rose and surveillance camera on sides

Joint statement – A dangerous precedent: how the EU AI Act fails migrants and people on the move

The final text of the EU AI Act adopted by the European Parliament on 13 March 2024 fails to prevent tech-enabled harm to migrants and provide protection for people on the move.

Continue reading
News & Analysis
Drawing of two brandished fists

GPS tagging of migrants UNLAWFUL, UK authority finds after PI complaint

The UK's data protection authority (ICO) took action against the Home Office's GPS tagging of migrants.

Continue reading