UK immigration exemption in Data Protection Act deemed unlawful

Found in Schedule 2 of the DPA 18, the immigration exemption allows the Home Office and organisations involved in “immigration control” to refuse personal data access if it could “prejudice the maintenance of effective immigration control.”

In July 2019, digital campaigning organisation Open Rights Group (ORG) and the3million argued to the High Court stating that the exemption was too broad and undermined GDPR in addition to its Charter of Fundamental Rights. 

The exemption not only impacts EU nationals but anyone who has dealings with any of the state bodies or organisations involved in “immigration control.” This includes those affected by the Windrush scandal and people seeking refuge in the UK.

Although the court rejected the group’s argument and deemed the exemption lawful, stating that ”the purposes for which, and the categories of data to which, it may be applied were…appropriately delineated” - a legal appearl had resulted in the previous decision being overturned on June 2 2021.

“This is a momentous day. The Court of Appeal has recognised that the Immigration Exemption drives a huge hole through data protection law, allowing the government to restrict access to information that may be being used to deny people their rights,” said Sahdya Darr, immigration policy manager at ORG.

“If the government holds information about you, it should only be in the most exceptional circumstances that it is denied to you, such as during a criminal investigation.

“The treatment of immigrants as criminals and suspects is simply wrong. The suffering of the Windrush generation shows that Home Office use of data is poor. The court has today found that proper safeguards should be put in place to help prevent future abuses and to ensure that people are treated fairly and lawfully.”