Government will create 'a two-tier data protection system', campaigners warn

Privacy groups vow to challenge an exemption to the Data Protection Bill if it becomes law

Digital rights campaigners have threatened to launch legal action over plans that would prevent three million EU citizens from accessing personal data the government holds on them.

The potential lawsuit concerns the government's Data Protection Bill, which proposes to replicate most of the EU's General Data Protection Regulation (GDPR) into UK law to ensure data can continue to flow freely between the UK and EU post-Brexit.

Advertisement - Article continues below

GDPR comes into force on 25 May, and will allow EU residents to demand that organisations delete, amend and move any data they hold on residents, as well as tell residents what information they have on them and why they have it.

But the bill, being debated in Parliament today, currently includes proposals for an exemption clause that privacy campaigners argue is incompatible with the principles of GDPR, by effectively excluding 3 million EU citizens living in the UK from bring able to challenge such data held by immigration authorities.

The clause (Schedule 2, Paragraph 4 of the bill) would prevent these citizens from challenging the Home Office over any deportation decisions, campaigners say, because they could not debate the accuracy of any information the Home Office holds on them.

That's because the bill provides an exemption for data relevant to "effective immigration control", and because instead of confirming the existing rights of EU citizens living in the UK, the government instead wants them to apply for a new immigration status, meaning any error made by the Home Office in that process would go unchallenged by those it affects.

Advertisement - Article continues below
Advertisement - Article continues below

As a result 3million, a grassroots organisation representing EU citizens resident in the UK, and privacy campaign organisation Open Rights Group (ORG), will challenge the clause in court if it is enshrined in law.

Rosa Curling, a human rights solicitor from law firm Leigh Day, representing the two groups, said: "The immigration exemption creates a discriminatory twotier system for data protection rights. The clause is incompatible with GDPR, as well as EU law generally and the European Convention on Human Rights.

"If the exemption is made law, our clients will apply for judicial review. They have written to the government today to urge it to reconsider and to remove the immigration exemption from the bill without further delay."

"This is an attempt to disguise the Home Office's mistakes by making sure that their errors are never found," added Jim Killock, ORG executive director. "When people are wrongly told to leave, they would find it very hard to challenge.

Advertisement - Article continues below

"Data protection is a basic safeguard to make sure you can find out what organisations know about you, and why they make decisions. Sometimes, during criminal investigations, that isn't appropriate, but immigrants aren't criminals, nor should they be treated as such."

Nicolas Hatton, chairman of the3million, argued that further government proposals to set up a new registration system for EU citizens living in the UK after it leaves the EU would "potentially create a database with the personal details of over three million people".

"We need safeguards in place to ensure that these citizens have access to the information held about them, so they are able to appeal Home Office decisions or correct mistakes," he added. "Everyone should be entitled to know how the Home Office and other government agencies are using their records, and that is why we want this exemption removed."

A government spokesperson told the Guardian: "The bill carefully balances protecting people's data rights and the wider interests of society including making sure day-to-day operations relating to immigration controls are not obstructed. There are no blanket exemptions: any restrictions will need to be justified on a case-by-case basis with oversight from the Information Commissioner's Office and the courts."

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now


General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

network attached storage (NAS)

Western Digital accused of sneaking inferior SMR tech into NAS drives

1 Jun 2020
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020