The Government’s attempts to safeguard the immigration exemption under the Data Protection Act fails in the High Court

The Government’s attempts to safeguard the immigration exemption under the Data Protection Act fails in the High Court

The UK GDPR provides an exemption that allows for certain individual rights to be restricted if they are likely to have a negative impact on immigration matters. The exemption can apply to; the right to be informed including the transparency principle, data subject access requests, the rights to erasure, restriction and objection to processing. As such, the application of this exemption could have far-reaching impacts on individuals such as refugees who are genuinely seeking asylum and are at risk of being returned to nations where they may encounter persecution and significant danger. This exemption applies specifically to data processing related to the maintenance of effective immigration control, or the investigation and detection of activities that could undermine effective immigration control therefore, the Secretary of State (which includes the Home Office and its agencies) is the only entity authorised to apply this exemption. Other controllers, such as employers, universities, and police, who collaborate with the Home Office on immigration matters are not eligible to use this exemption.

The exemption is defined in the Data Protection Act 2018 and was updated in 2022. These updates were made in response to the first judicial review challenge by The3million and Open Rights Group which resulted in the Government making amendments to the legislation. Such amendments included additional measures to safeguard the exemption, such as confining its application to the Secretary of State, mandating the existence of an immigration exemption policy document, and necessitating the maintenance of records and notification of individuals if the exemption is used.

Despite the amendments made to the exemption, The3million and the Open Rights Group argued that the changes were insufficient in safeguarding individuals subject to immigration laws. As a result, they pursued a second judicial review. In the claim, the UK’s data protection regulator, the Information Commissioner, participated as an Interested Party and has stated that it will “continue to provide advice to the Government as they make the adjustments set out by the court, and will update the guidance”.

The judgment deems the exemption to be unlawful; however, the High Court has suspended this declaration for a period of three months, allowing the Government time to modify the Data Protection Act 2018 to rectify its non-compliance. We wait eagerly to see the further amendments the Government make to the exemption especially given this comes at a time where “the use of the Immigration Exemption by the Home Office has been extensive” as the Judge pointed out.

The full judgment can be found here

Recent posts

Previous
Next
AI Report
Read more
Baby Reindeer, internet sleuths and the perils of jigsaw identification
Read more
What businesses should consider before implementing monitoring
Read more
'Consent or pay’: the EDPB’s two cents on the right model
Read more
Take note: new guidance on the ICO’s penalties and fines
Read more
Labour’s proposed secondary ticketing reforms
Read more
The abolition of non-domicile in the Spring Budget
Read more
Content moderation: the ICO's guide
Read more
The Government moves to address unlawful immigration exemption under the Data Protection Act 2018
Read more
How can I get probate to sell my property?
Read more

More from this author

Previous
Next
What businesses should consider before implementing monitoring
Read more
'Consent or pay’: the EDPB’s two cents on the right model
Read more
The Government moves to address unlawful immigration exemption under the Data Protection Act 2018
Read more
Byte by Byte: The progress of the UK Data Protection and Digital Information Bill
Read more
The UK Government bridges the gap for UK-US personal data transfers
Read more
The Culture, Media and Sport Committee’s recommendations on monitoring employees
Read more
DATA DEFENCE IN THE METAVERSE: IT'S NOT A GAME
Read more
Navigating the grey areas of AI ethics: ICO's updated guidance provides clarity on utilising AI
Read more
EDPB releases lukewarm opinion on the EU-US Data Privacy Framework
Read more
ICO focusses on child protection in latest guidance to the games industry
Read more
Government to replace the UK GDPR
Read more

Share this page