Open Rights Group

Home Blog Immigration sector privacy concerns

15 Jun 2020 Yva Alexandrova Meadway

Immigration sector privacy concerns

As part of ORG’s work in the area of immigration we have consulted 30 organisations on their priorities and needs. The main themes of the survey results are outlined below. The top issues for the sector revolve around: 1) Developing the capacity to inform and support clients of their privacy rights, the risks of these practices, and how to counter them; 2) Building evidence of practice and policies and documenting harms and lived experiences of migrants; and 3) Building the capacity of NGOs to work and advocate on these issues.

The main specific concerns revolve around disproportionate data collection and data sharing, data being used for purposes other than what they were originally given for and clients not having access to their data. The best ways to support organisations include developing and holding: trainings and capacity building activities; information sheets, policy briefs and updates on data protection and obligations of governments, industry and third parties, signpost and support clients on their rights with regard to data and digital issues and how to safeguard them.

Open Rights Group is engaging in an effort to empower and work alongside organisations in the migrant and refugee sector to deal with increasingly important issues related to data, privacy and the use of new technologies in the development and implementation of immigration policies (read blog here).

To understand better the existing capacities and needs we surveyed the organisations in the sector. The survey was launched on 16 April jointly with Privacy International and shared widely. It received approximately 30 responses that included frontline service delivery providers, policy and advocacy organisations, community support organisations, providers of legal advice, and support and campaigning organisations. Organisations that responded cover nearly all existing categories of client groups including asylum seekers, refugees, migrants, EU citizens, people with no recourse to public funding (NRPF), as well as community, BAME and anti-racism organisations. They work on providing legal advice, access to public services, health, education, housing, employment, as well as migrant voice and participation.

The analysis of the survey results and the consultations with organisations in the sector will be presented in detail and shared with the respondents in the near term. Here some of the main findings and themes emerging from the survey are presented.

While most organisations who responded to the survey recognise the growing importance of data and privacy in immigration there is still the need to make clear and relatable the ways in which they connect. This can be done in a number of ways: by describing how data and immigration interlink, what tools exist and how they can be used, who can organisations and individuals worried about privacy and data rights contact, new technologies that are being used for immigration control and ways in which they can be challenged.

Two thirds of organisations have not received any training on data protection in terms of either their own work or in relation to their clients’ privacy and data protection rights. A third have received some form of training, usually on GDPR. Bigger organisations and legal services providers have trainings on how to securely handle data. As work increasingly moves online due to Covid 19, organisations will need support to better understand digital technologies and data protection to ensure the privacy of their clients is protected.

With regard to the main issues observed and of concern, the responses are as follows:

  • Disproportionate data collection: 60%
  • Disproportionate data sharing: 57% (this concerns mostly the Home Office–NHS data sharing agreement but there are others as well)
  • Data being used for purposes other than what they were originally given for: 60%
  • Clients not having access to their data: 53%
  • Use of automated decision making 27%

In terms of the use of new technologies – automated decision making and search of mobile devices are among the main concerns followed closely by social media monitoring and facial recognition. Concerns have also been raised on the use of video-conferencing for asylum interviews and location tracking of pre-paid cards. The use of third party apps and ways to hold companies to account has also come up in relation to general platforms such as Facebook and Whatspp, as well as specific apps providing right to work checks and health apps.

In terms of the tools organisations use in their work the most common ones are Freedom of Information Requests (FOI) – a majority of organisations have some experience with this but smaller ones lack capacity. Subject Access Requests (SAR) are also used, mostly by organisations providing legal advice. Most have no experience with analysing technology procurement and tender processes and some have little experience analysing contracts.

The top 3 priority areas for the sector based on the survey have been identified as:

1. Building the capacity of NGOs to inform and support migrants/asylum seekers/refugees/EU citizens of their rights, the risks of these practices, and how to counter them;

2. Building evidence of practice and policies and documenting harms and lived experiences of migrants;

3. Building the capacity of NGOs to work and advocate on these issues in national and international forums.

In addition, organising public engagement activities and awareness raising campaigns and building the capacity of the media on these issues are also relevant.

In terms of the needs of organisations to develop their capacity to engage, the following were identified in order of importance. Half or more of responding organisations said they were interested in:

  • trainings and capacity building
  • information sheets on rights, risks and how to counter them
  • policy briefs and updates on data protection and obligations of governments, industry and third parties
  • provide information and support to clients on their rights with regard to data and digital issues and how to safeguard them

Less than half of respondents also saw the need for:

  • a network for information sharing and signposting
  • technical explainers on the technology and the systems deployed
  • thematic explainers on the policies, laws and practices
  • how to perform policy assessment on new tech introduction to the sector
  • methodologies for researching data exploitation and surveillance
  • talking points for media engagements

Based on these survey results, as well as in further discussions with organisations that have expressed their interest to do so, ORG’s further work will aim towards achieving change by working on different levels. On policy level: through bringing together organisations from the sector, as well as organisations in the privacy sector, to liaise, work and campaign together for policy change on issues from data collection and sharing to automated decision making. On service delivery level: through supporting frontline and service delivery organisations to be better able to support their clients in using the privacy tools available to them such as submitting FOI and SAR requests, providing technical explainers and signposting. And on individual level: through working with partners to inform and empower migrants and refugees themselves to better understand privacy and data protection and how it relates to their immigration status.

Read more about the “Immigration exemption” ruled unlawful under GDPR campaign