Government will create 'a two-tier data protection system', campaigners warn
Privacy groups vow to challenge an exemption to the Data Protection Bill if it becomes law
Digital rights campaigners have threatened to launch legal action over plans that would prevent three million EU citizens from accessing personal data the government holds on them.
The potential lawsuit concerns the government's Data Protection Bill, which proposes to replicate most of the EU's General Data Protection Regulation (GDPR) into UK law to ensure data can continue to flow freely between the UK and EU post-Brexit.
GDPR comes into force on 25 May, and will allow EU residents to demand that organisations delete, amend and move any data they hold on residents, as well as tell residents what information they have on them and why they have it.
But the bill, being debated in Parliament today, currently includes proposals for an exemption clause that privacy campaigners argue is incompatible with the principles of GDPR, by effectively excluding 3 million EU citizens living in the UK from bring able to challenge such data held by immigration authorities.
The clause (Schedule 2, Paragraph 4 of the bill) would prevent these citizens from challenging the Home Office over any deportation decisions, campaigners say, because they could not debate the accuracy of any information the Home Office holds on them.
That's because the bill provides an exemption for data relevant to "effective immigration control", and because instead of confirming the existing rights of EU citizens living in the UK, the government instead wants them to apply for a new immigration status, meaning any error made by the Home Office in that process would go unchallenged by those it affects.
As a result 3million, a grassroots organisation representing EU citizens resident in the UK, and privacy campaign organisation Open Rights Group (ORG), will challenge the clause in court if it is enshrined in law.
Rosa Curling, a human rights solicitor from law firm Leigh Day, representing the two groups, said: "The immigration exemption creates a discriminatory twotier system for data protection rights. The clause is incompatible with GDPR, as well as EU law generally and the European Convention on Human Rights.
"If the exemption is made law, our clients will apply for judicial review. They have written to the government today to urge it to reconsider and to remove the immigration exemption from the bill without further delay."
"This is an attempt to disguise the Home Office's mistakes by making sure that their errors are never found," added Jim Killock, ORG executive director. "When people are wrongly told to leave, they would find it very hard to challenge.
"Data protection is a basic safeguard to make sure you can find out what organisations know about you, and why they make decisions. Sometimes, during criminal investigations, that isn't appropriate, but immigrants aren't criminals, nor should they be treated as such."
Nicolas Hatton, chairman of the3million, argued that further government proposals to set up a new registration system for EU citizens living in the UK after it leaves the EU would "potentially create a database with the personal details of over three million people".
"We need safeguards in place to ensure that these citizens have access to the information held about them, so they are able to appeal Home Office decisions or correct mistakes," he added. "Everyone should be entitled to know how the Home Office and other government agencies are using their records, and that is why we want this exemption removed."
A government spokesperson told the Guardian: "The bill carefully balances protecting people's data rights and the wider interests of society including making sure day-to-day operations relating to immigration controls are not obstructed. There are no blanket exemptions: any restrictions will need to be justified on a case-by-case basis with oversight from the Information Commissioner's Office and the courts."
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now