This briefing is a breakdown of the Government’s response in Committee to the debate on Schedule 2 Paragraph 4 which would create an exemption from GDPR provisions to personal data processed for the purposes of “the maintenance of effective immigration control”, or “the investigation or detection of activities that would undermine the maintenance of effective immigration control”.
Government’s positions is in bold. Open Rights Group’s response is in red.
Given the extension of data subjects’ rights under the GDPR, it is necessary that we include in the Bill an express targeted exemption in the immigration context.
The extension of data subject rights the Government are minimal, proportionate, and necessary. Schedule 2 Paragraph 4’s exemption is wide ranging and undermines the purpose of the Bill: Giving the public more control of their personal data.
The Data Protection Act 1998 requires data controllers to provide a description to data subjects:
- The personal data of which that individual is the data subject;
- The purposes for which they are being or are to be processed; and
- The recipients or classes of recipients to whom they are or may be disclosed
These same pieces of information are mirrored in the Data Protection Bill. Additional information in the Bill includes:
recipients to whom the personal data has been disclosed - which is vital for fairness in immigration processes; and
the period for which it is envisaged that the personal data will be stored, or the criteria used to determine that period.
Neither of these categories of information extend subject rights to the degree that removing fundamental rights to data protection could be considered a proportionate response.
It emphatically does not set aside the whole of the GDPR for all processing of personal data for all immigration purposes. The opening words of paragraph 4 make it clear that only “the listed GDPR provisions” may be set aside. The listed GDPR provisions are those set out in paragraph 1 of Schedule 2.
The listed GDPR provisions under paragraph 1 of schedule 2 are:
The only provision that survives this carve out is the right related to automated decision making. While this right is important, if you can’t access the information (access to data) then your ability to object to that processing is practically and essentially curtailed.
suspected overstayer, if we had to disclose in response to a subject access request what we are doing to track their whereabouts with a view to effecting administrative removal, it is clearly possible that they might then be able to evade enforcement action.
This is not an example of this exemption being required, this is an example of a criminal offence which can already be exempted.
Suspected overstaying of a visa is a criminal offence. Data protection rights have always been exempt for the prevention or detection of crime.
…second example relates to circumstances where we seek to establish the legitimacy of a particular claim, such as an extension of leave to remain in the UK, and suspect that the claimant has provided false information to support that claim. In such a case, we may contact third parties to evidence the claim. If we are then obliged to inform the claimant that we are accessing records held by third parties, they may abscond and evade detection. Such procedures may then become common knowledge and further undermine our ability to maintain effective controls.
It is a criminal offence to provide false information on a document. If the Government suspects this they should rely on the exemption for the prevention or detection of crime. This exemption will have a direct effect on the transparency of administrative procedures, which should not be exempt from transparency and accountability. People making immigration claims are not criminals, nor are they attempting anything unlawful - they are merely trying to claim their right to remain in the UK. Three million EU citizens may need to assert these rights, and should not be treated as if they are criminals.
For further information please contact Jim Killock, Executive Director, Open Rights Group, email@example.com