UK’s migrant tagging scheme found in breach of data protection law – InfoMigrants

The pilot scheme, run by the Home Office (interior ministry) from August 2022 to December 2023, involved placing ankle tags with GPS trackers on up to 600 migrants who had been placed on immigration bail in the UK. It was judged by the Information Commissioner’s Office (ICO) this week to be in breach of UK data protection law.

According to the ICO, an independent body created to uphold information rights in the UK, the pilot scheme “failed to assess [a potential] intrusion of privacy [entailed] by the GPS monitoring.” The ICO also found that the government did not provide migrants on the pilot scheme with clear enough information on what data they were collecting and why.

The ICO said on Friday (March 1) that it had issued an “enforcement notice and a warning to the Home Office for failing to sufficiently assess the privacy risks posed by the electronic monitoring of people arriving in the UK via unauthorized means.”

‘Highly intrusive’

The ICO and the charity Privacy International, which looks into issues of how modern technologies intersect with human rights, have been questioning the Home Office’s tagging scheme since it was introduced in 2021 and expanded in August 2022.

According to a press statement from the ICO, the purpose of the pilot scheme was to “test whether electronic monitoring is an effective way to maintain regular contact with asylum claimants, while reducing the risk of absconding, and to establish whether it is an effective alternative to detention.”

Also read: Fears over biometric system in France for unaccompanied minors

Privacy International and the ICO pointed out that tracking people is “highly intrusive and organizations planning to do this must be able to provide a strong justification for doing so.”

The ICO also found that, apart from an invasion of privacy, the Home Office failed to take into account the “potential impact on people who may already be in a vulnerable position due to their immigration status, including the conditions of their journeys to the UK, or English not being their first language.”

The UK’s Information Commissioner John Edwards pointed out that “having access to a person’s 24/7 movements is highly intrusive, as it is likely to reveal a lot of information about them, including the potential to infer sensitive information such as their religion, sexuality, or health status.”

‘Lack of clarity on how this information will be used’

Edwards said that a “lack of clarity on how this information will be used can also inadvertently inhibit people’s movements and freedom to take part in day-to-day activities.”

Although the ICO asked the Home Office for more clarification, it said it was “unable to explain sufficiently why it was necessary or proportionate to collect, access and use people’s information via electronic monitoring.”

Edwards added that it was up to the Home Office to “decide what measures are necessary” to keep the UK safe, but that he wanted to send it a “clear warning” that it cannot do so while breaching people’s rights to privacy. He said it was the ICO’s “duty to uphold people’s information rights, regardless of their circumstances.”

Also read: Asylum seekers in Germany say mobile phone searches violate rights

Edwards said that some of the migrants in question might not have even been aware that they had rights in this area and that it was “crucial that the UK has appropriate checks and balances in place to ensure people’s information rights are respected and safeguarded.”

Rights protections needed ‘not as an afterthought’

The Commissioner added that the warning to the Home Office should act as a warning “to any organization planning to monitor people electronically.” He said that stringent measures to protect those rights should be put in from the outset and “not as an afterthought.”

Edwards said he welcomed the “Home Office’s commitment to improve the privacy information for those whose personal information is still being held and to make improvements on their approach to data protection impact assessments.”

Also read: Electronic tags proposed as latest addition to ‘Rwanda policy’

The enforcement notice issued by the ICO thus orders the Home Office to “update its internal policies, access guidance and privacy information in relation to the data retained from the pilot scheme.”

Any further processing would ‘breach data protection law’

If the Home Office were to process the data further on the same basis, it would be in breach of data protection law and would “attract enforcement action.”

On March 1, Privacy International posted that this did not mark the last word on the subject, since it was “awaiting judgement in two court cases” on related matters. In one of the cases, writes Privacy International, the tag worn by the claimant hasn’t been functioning “for months” and yet the Home Office argued that it was “lawful for him to wear a broken device.”

However, it said that the ICO’s decision represented a “significant win for all those who were subject to this vindictive, costly and cruel policy.”

Privacy International said that the tagging had been a “key part of the UK’s hostile environment policy” towards migrants, designed to put up obstacles and prevent migrants from accessing basic rights and goods, such as work or public services, or even bank accounts.

‘Migrants have the same data protection rights as everyone else’

According to the charity, a thread runs through the ideas and policies which make up much of current UK government policy on migration: That “migrants would be undeserving of the same human rights and protections as British citizens.”

Privacy International said that the ICO’s decision “is a powerful reminder that migrants have the same data protection rights as everyone else, and that immigration authorities are not above the law.”

It points out that the ICO has not ordered deletion of the data that the Home Office holds “for various practical reasons.” But that the order should deter them from sharing it with other organizations.

The Home Office, states Privacy International, will continue to tag migrants “albeit a smaller cohort” as “data protection law is not all-powerful against absurd, racialized, costly and harmful anti-migrant policies.”