March 6th 2024
Home Office breached law in e-monitoring migrants – ICO
Government department failed to sufficiently assess privacy risks to migrants says Information Commissioner’s Office in issuing enforcement notice and warning
Data regulator the ICO has found against the Home Office over the way data was collected and used during a pilot scheme in which up to 600 people who arrived in the UK via unauthorised means were fitted with electronic ankle tags and then tracked used GPS. The pilot scheme ran until December 2023 and aimed to test if this was an effective way of maintaining regular contact with asylum claimants and reduced the risk of absconding. It was being mooted as a more effective and less onerous alternative to detention.
The ICO finding is a serious blow to any such alternative.
Photo by Markus Spiske
Concerns were initially raised by the charity Privacy International that the scheme breached the data protection and privacy rights of those involved. The ICO has been in discussions with the Home Office over the matter since August 2022 and has now made a ruling.
The ICO says that the Home Office failed to sufficiently assess the intrusion on privacy of continuous collection of such data. Indeed, the ICO underlines that tracking people in this manner is highly intrusive and strong justification is needed – which the Home Office lacked.
This was especially concerning, said the ICO, given that the people involved could already be vulnerable given their immigration status. For example, they might have had a perilous journey to the UK and English might not have been their first language. The ICO found that the Home Office has not sufficiently considered measures to tackle these challenges, such as providing clear, accessible information on why this location data was being collected, what data would be collected, how it would be used and how long it would be stored. Where such information existed, it was not set out clearly in one place and contained gaps and inconsistencies.
Over the course of the ICO inquiry, the Home Office failed to adequately explain why it was either necessary or proportionate to collect, access and use the data from electronic monitoring for the pilot. That included failing to show that consideration had been given to less intrusive methods.
The Home Office also failed to provide staff with adequate guidelines on when it would be necessary and proportionate to electronically monitor people as part of an immigration bail condition. It was important, concluded the ICO, that robust guidance and procedures should be in place to ensure such intrusive methods were applied consistently and in a way that could also preserve a person’s right to privacy.
Although the pilot ended in December, the Home Office is still able to access the personal information collected during the scheme until it has all been anonymised or deleted. That means, says the ICO, that there is still the potential for personal data to be accessed and used, whether by the Home Office or third parties.
The ICO has duly issued an Enforcement Notice requiring the Home Office to update internal policies, access guidance and privacy information relating to data gathered during the pilot. It has also issued a formal warning to the effect that future processing of such data by the Home Office would constitute a breach of data protection law, with enforcement action to follow.
John Edwards, UK Information Commissioner, says: ‘Having access to a person’s 24/7 movements is highly intrusive, as it is likely to reveal a lot of information about them, including the potential to infer sensitive information such as their religion, sexuality, or health status. Lack of clarity on how this information will be used can also inadvertently inhibit people’s movements and freedom to take part in day-to-day activities.
‘If such information were to be mishandled or misinterpreted, it could potentially have harmful consequences to people and their future. The Home Office did not assess those risks sufficiently, which means the pilot scheme was not legally compliant.
‘We recognise the Home Office’s crucial work to keep the UK safe, and it’s for them to decide on what measures are necessary to do so. But I’m sending a clear warning to the Home Office that they cannot take the same approach in the future. It is our duty to uphold people’s information rights, regardless of their circumstances.
‘It’s crucial that the UK has appropriate checks and balances in place to ensure people’s information rights are respected and safeguarded. This is even more important for those who might not even be aware that they have those rights.
‘This action is a warning to any organisation planning to monitor people electronically – you must be able to prove the necessity and proportionality of tracking people’s movements, taking into consideration people’s vulnerabilities and how such processing could put them at risk of further harm. This must be done from the outset, not as an afterthought.
‘I welcome the Home Office’s commitment to improve the privacy information for those whose personal information is still being held and to make improvements on their approach to data protection impact assessments.’
In related news:
Leave a Reply