Government will create 'a two-tier data protection system', campaigners warn

Privacy groups vow to challenge an exemption to the Data Protection Bill if it becomes law

Digital rights campaigners have threatened to launch legal action over plans that would prevent three million EU citizens from accessing personal data the government holds on them.

The potential lawsuit concerns the government's Data Protection Bill, which proposes to replicate most of the EU's General Data Protection Regulation (GDPR) into UK law to ensure data can continue to flow freely between the UK and EU post-Brexit.

GDPR comes into force on 25 May, and will allow EU residents to demand that organisations delete, amend and move any data they hold on residents, as well as tell residents what information they have on them and why they have it.

But the bill, being debated in Parliament today, currently includes proposals for an exemption clause that privacy campaigners argue is incompatible with the principles of GDPR, by effectively excluding 3 million EU citizens living in the UK from bring able to challenge such data held by immigration authorities.

The clause (Schedule 2, Paragraph 4 of the bill) would prevent these citizens from challenging the Home Office over any deportation decisions, campaigners say, because they could not debate the accuracy of any information the Home Office holds on them.

That's because the bill provides an exemption for data relevant to "effective immigration control", and because instead of confirming the existing rights of EU citizens living in the UK, the government instead wants them to apply for a new immigration status, meaning any error made by the Home Office in that process would go unchallenged by those it affects.

As a result 3million, a grassroots organisation representing EU citizens resident in the UK, and privacy campaign organisation Open Rights Group (ORG), will challenge the clause in court if it is enshrined in law.

Rosa Curling, a human rights solicitor from law firm Leigh Day, representing the two groups, said: "The immigration exemption creates a discriminatory twotier system for data protection rights. The clause is incompatible with GDPR, as well as EU law generally and the European Convention on Human Rights.

"If the exemption is made law, our clients will apply for judicial review. They have written to the government today to urge it to reconsider and to remove the immigration exemption from the bill without further delay."

"This is an attempt to disguise the Home Office's mistakes by making sure that their errors are never found," added Jim Killock, ORG executive director. "When people are wrongly told to leave, they would find it very hard to challenge.

"Data protection is a basic safeguard to make sure you can find out what organisations know about you, and why they make decisions. Sometimes, during criminal investigations, that isn't appropriate, but immigrants aren't criminals, nor should they be treated as such."

Nicolas Hatton, chairman of the3million, argued that further government proposals to set up a new registration system for EU citizens living in the UK after it leaves the EU would "potentially create a database with the personal details of over three million people".

"We need safeguards in place to ensure that these citizens have access to the information held about them, so they are able to appeal Home Office decisions or correct mistakes," he added. "Everyone should be entitled to know how the Home Office and other government agencies are using their records, and that is why we want this exemption removed."

A government spokesperson told the Guardian: "The bill carefully balances protecting people's data rights and the wider interests of society including making sure day-to-day operations relating to immigration controls are not obstructed. There are no blanket exemptions: any restrictions will need to be justified on a case-by-case basis with oversight from the Information Commissioner's Office and the courts."

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

Recommended

ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
The NHS teams up with Apple and Google on coronavirus tracking app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Health sites are 'unlawfully' sharing medical data with Facebook and Google
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
Supreme Court rules Morrisons was not liable for 2014 data breach
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
Police use of facial recognition ruled unlawful in the UK
privacy

Police use of facial recognition ruled unlawful in the UK

11 Aug 2020