On 25 May 2018, the General Data Protection Regulations (GDPR) will come into force in the UK. The Data Protection Bill (which sets out, amongst other things, how the Government proposes to apply the derogations available under the GDPR) passed Second Reading on 5 March 2018. Together, they will completely overhaul data protection law in the UK.
Ever since the Bill’s first reading, concerns have been raised about the inclusion of a provision which would permit the Home Office to refuse data requests from individuals whose details are processed for “effective immigration control”.
There is no definition of “effective immigration control” and there is widespread fear that, if enacted, the exemption will increase the likelihood of errors being made when considering immigration applications. Subject Access Requests are often the only way that individuals can ascertain the reasons for an adverse immigration decision.
The Government has announced an intention to rely increasingly on data by using a “light touch” online system to process claims by EEA Nationals applying for “settled status”. Without the ability to access data concerning those applications, it will be incredibly difficult for individuals to challenge refusals.
It is perhaps unsurprising, therefore, that the Open Rights Group (who campaign on privacy rights and free speech online) and the3million (who represent EU citizens living in the UK) have launched a legal challenge to this provision, claiming that the immigration exception creates a discriminatory two-tier system of data protection rights and is therefore incompatible with the GDPR and the European Convention on Human Rights. They have indicated that they will seek Judicial Review if the clause is enacted into law.