The UK Court of Appeal has ruled the government’s “immigration exemption” in the Data Protection Act 2018 as unlawful.
Found in Schedule 2 of the DPA 18, the immigration exemption allows the Home Office and organisations involved in “immigration control” to refuse personal data access if it could “prejudice the maintenance of effective immigration control.”
In July 2019, digital campaigning organisation Open Rights Group (ORG) and the3million argued to the High Court stating that the exemption was too broad and undermined GDPR in addition to its Charter of Fundamental Rights.
The exemption not only impacts EU nationals but anyone who has dealings with any of the state bodies or organisations involved in “immigration control.” This includes those affected by the Windrush scandal and people seeking refuge in the UK.
Although the court rejected the group’s argument and deemed the exemption lawful, stating that ”the purposes for which, and the categories of data to which, it may be applied were…appropriately delineated” - a legal appearl had resulted in the previous decision being overturned on June 2 2021.
“This is a momentous day. The Court of Appeal has recognised that the Immigration Exemption drives a huge hole through data protection law, allowing the government to restrict access to information that may be being used to deny people their rights,” said Sahdya Darr, immigration policy manager at ORG.
“If the government holds information about you, it should only be in the most exceptional circumstances that it is denied to you, such as during a criminal investigation.
“The treatment of immigrants as criminals and suspects is simply wrong. The suffering of the Windrush generation shows that Home Office use of data is poor. The court has today found that proper safeguards should be put in place to help prevent future abuses and to ensure that people are treated fairly and lawfully.”
Register to PrivSec Global and industry leaders worldwide share insight on data protection, privacy and security.
Must see sessions include:
- Keynote: Ciaran Martin, June 22 at 10:00am BST | 11:00am CEST | 5:00pm HK
- Why the Future of Trust Must Be Built on Data Transparency, June 22 at 1:00pm BST | 2:00pm CEST | 8:00pm HK
- How Do Data Protection Regulations Apply to AI and is GDPR Ready for Facial Recognition? June 24 at 1:00pm BST | 2:00pm CEST | 8:00pm HK
- Americas Focus: USA and the Developing Nature of Privacy Law, June 24 at 5:00pm BST | 6:00pm CEST | 12:00am HK