I spoke with John Humphrys on the Today Programme on Radio 4 this morning. The interview is here at 1:16:05: https://www.bbc.co.uk/radio/player/b09zt3fj.
On behalf of the Law Society, I raised the Data Protection Bill, currently making its way through Parliament, and the clear link with the ‘Windrush cases’. In those cases, the Home Office has apologised because individuals who have been in the UK lawfully for many years have been treated as if they had no status at all. This is clearly a scandal.
However, if the Data Protection Bill is passed in its current form, it will increase the chance of such injustices happening again in the future, and to a much wider group of individuals.
The main purpose of the Data Protection Bill is to strengthen individuals’ data protection rights but it contains an ‘immigration control exemption’ which means that the Home Office can ignore data protection rights if they think such rights will ‘undermine immigration control’.
There are a number of concerns with this part of the Bill (explained in detail in Liberty’s briefing below) but we are most concerned with the impact on Subject Access Requests (SARs), that is the right to see what information the Home Office holds about an individual.
We often make SARs to the Home Office for the release of our clients’ files because these files can provide crucial information. The Home Office cannot be relied upon to provide this information without a SAR, and the Home Office often does not act in accordance with its own records when making life-changing decisions. As the Windrush cases show, the Home Office frequently make serious mistakes.
The immigration control exemption means the Home Office will be able to refuse SARs and withhold information. This will remove an important tool in holding the Home Office to account when they ignore or misrepresent facts, it will fundamentally undermine access to justice and the effective operation of the rule of law in the UK.
We have gathered examples from many immigration lawyers to show when SARs are crucial. These examples have been used in the Parliamentary briefings by the Immigration Law Practitioners Association, The Law Society, and The Bar Council (see below). The examples bring home forcefully how important SARs are.
In response, the Home Office has stated:
“It is wrong to say that the proposed narrow exemption in the Data Protection bill is an attempt to deny people access to their data. People will still be able to request data as they can now and will be met in all cases except where we to do so could undermine our immigration control. They will have the right to complain to the information commissioner if they disagree with any use of the immigration exemption and we would always want to assist those whose claims are in question.”
This is simply not good enough. The exemption is not narrow; there is no definition of ‘undermine immigration control’ and the Bill gives the Home Office wide-ranging powers to ignore data protection rights. Furthermore, access will be all in their power. If the Home Office make a mistake and say an individual is unlawfully present when they are not, that individual will not have access to the information required to show a mistake had been made because the Home Office can legally deny that access on the basis of ‘immigration control’.
The right to complain against denial of access is of no comfort. Such complaints can take many months to be resolved, meaning the individual may have been removed or deported from the UK or may have been denied access to essential services, such as health care. Also, such complaints may well be unsuccessful as this Bill will make lawful the denial of access to information. The Information Commissioner’s hands may be tied.
If the government has learned anything from the Windrush cases, it must remove this exemption from the Bill. If they do not, they have learned nothing.
If individual MPs vote for this bill in in its current form, then despite their professed disgust at the Windrush cases, they will be complicit in future injustices.
Links:
https://publications.parliament.uk/pa/cm201719/cmpublic/DataProtection/memo/dpb20.pdf