Open Rights Group

News Civil society urges the ICO to investigate the Home Office’s failing eVisa system

11 December, 2025

Civil society urges the ICO to investigate the Home Office’s failing eVisa system

19 civil society organisations have called on the Information Commissioner’s Office (ICO) to formally investigate data protection breaches and accessibility issues arising as a result of the Home Office’s eVisa scheme.

The letter’s signatories warn that widespread data errors, inaccessible design, and systemic technical failures are leaving migrants unable to prove their right to work, rent, study, travel or access essential services.

There have been a high volume of data errors which represent both a huge breach of sensitive data as well as a failure in the system as people are prevented from proving their lawful status. Some users have been locked out of their accounts with no effective support from the Home Office or ways of escalating their concerns.

Evidence collected shows the most vulnerable migrants, including refugees and those without digital access, are disproportionately affected by digitalisation.

The signatories argue that the Home Office’s Data Protection Impact Assessment (DPIA) is incomplete, misleading, and fails to mitigate foreseeable risks, breaching the Home Office’s GDPR and equality duties.

Some of the key issues with the DPIA include:

  • There have been a high volume of data errors which represent both a huge breach of sensitive data as well as a failure in the system as people are prevented from proving their lawful status.
  • Some users have been locked out of their accounts with no effective support from the Home Office or ways of escalating their concerns.
  • The DPIA does not fully assess risks if face images are used for matching, automated checks, or shared with third parties that may combine them with other datasets.
  • The DPIA is misleading when it says that evisas are part of the transformation to ‘digital by default’, which the government defines as “digital services that are so straightforward and convenient that all those who can use them will choose to do so whilst those who can’t are not excluded”. However, the eVisa scheme is digital-only with people’s status being checked in real time. It removes all physical evidence of immigration status and users cannot opt out of digital methods.
    The DPIA has not assessed or mitigated the risks faced by people without smartphones or who are digitally excluded because of disability, their age or socio-economic reasons. It also doesn’t address risks, such as partner coercion, when people are forced to rely on friends or family to access their eVisas.

Sara Alsherif, Migrants Digital Justice Programme Manager at Open Rights Group said:

“Since the rollout of the digital-only e-Visa scheme, we’ve seen widespread data errors, inaccessible design, and persistent technical failures that are leaving migrants unable to prove their right to work, rent, study, travel, or access essential services.

“In its DPIA, the Home Office failed to assess the risks that a digital only scheme brings, particularly for those who are vulnerable, older or disabled. It is also misleading in its assessment of the scheme as digital by default.

“If the Home Office had identified some of these risks, migrnats may not have experienced the same levels of distress and hardship that we have seen over the last year. The ICO must investigate.”

ICO must investigate evisa scheme

Read the letter