The Home Office has received a formal warning from the data protection regulator over the government’s use of GPS ankle tags to monitor the location and movement of asylum seekers that arrive in the UK on small boats or other unauthorised routes.
An investigation by the Information Commissioner’s Office (ICO) found that the Home Office had been unable to explain why it was necessary or proportionate to collect, access and use personal information gathered by electronically monitoring asylum seekers.
The ICO concluded the Home Office had failed to assess the intrusive impact of continuously collecting people’s location data and its potential impact on people who may be vulnerable because of their asylum status, their inability to speak English, or because they had faced difficult conditions traveling to the UK.
The ICO’s findings however have been rejected by the Home Office which insists that it properly addressed privacy concerns.
John Edwards, UK Information Commissioner, said that the lack of clarity by the Home Office on how it would use information collected from asylum seekers could inadvertently lead to people with GPS tags restricting their own movements or not taking part in every-day activities.
“Having access to a person’s 24/7 movements is highly intrusive, as it is likely to reveal a lot of information about them, including the potential to infer sensitive information such as their religion, sexuality, or health status,” he said.
Pilot program aimed to tag 600 migrants
The ICO has issued an enforcement notice to the Home Office over the conduct of a pilot programme to place ankle tags on up to 600 migrants who arrived in the UK and were placed on immigration bail, following a complaint by the campaign group, Privacy International.
The pilot programme, which began in June 2022, and was intended to last for 12 months, meant that “all asylum seekers who arrive in the UK via unnecessary and dangerous routes can be tagged.” The Home Office extended the programme for a further six months until December 2023 after concluding the pilot had not provided sufficient evidence about the effectiveness of electronic monitoring to maintain contact with asylum seekers.
The data watchdog found the pilot project was not legally compliant with data protection law as the Home Office had failed to assess the risks that information collected from GPS tags could have potentially harmful consequences for people and their future if it is mishandled or misinterpreted.
Although the pilot scheme ended in December 2023 the Home Office will continue to be able to access information gathered from the pilot until it is deleted or anonymised, which means that the data still could potentially be used and accessed by the Home Office and other third-party organisations, the ICO found.
“We recognise the Home Office’s crucial work to keep the UK safe, and it’s for them to decide on what measures are necessary to do so. But I’m sending a clear warning to the Home Office that they cannot take the same approach in the future. It is our duty to uphold people’s information rights, regardless of their circumstances,” said Edwards.
Home Office rejects ICO findings
The Home Office said that while it whilst it acknowledged that improvements could be made to documentation, it rejected the ICO’s finding that the privacy risks of the scheme were not sufficiently addressed.
“The pilot was designed to help us maintain contact with selected asylum claimants, deter absconding and progress asylum claims more effectively. We will now carefully consider the ICO’s findings and respond in due course.”
The Home Office maintains that it makes decisions to fit GPS tags on asylum seeks on a case by case basis, takes into account the mental and physical health of people who are tagged and reviews every decision to tag someone after three months.
Complaint alleged significant breaches
The ICOs investigation follows a complaint filed by the campaign group Privacy International in August 2022, alleging that the Home Office’s GPS tagging policy had resulted in “widespread and significant” breaches of privacy and data protection law.
The complaint relied extensively on anonymous testimonies of individuals who recounted the debilitating impact that tagging was having on their private and family life and their physical and mental health.
The Home Office began issuing GPS tags to migrants released on immigration bail in January 2021. The number of people tagged under immigration powers has “increased exponentially” from 300 in 2021 to 4,360 by December 2023.
The data gathered, known as “trail data” provides a deep insight into the intimate details of people’s lives, revealing a comprehensive picture of their everyday habits, movements, hobbies, social relations, health concerns, and political and religious views, according to the campaign group.
Capita and Serco provide monitoring services
Technology companies have won lucrative contracts to provide tagging services to the government which are overseen by the Ministry of Justice’s Electronic Monitoring Service.
Capita currently provides field services to fit and remove tags, runs the monitoring service, and reports breaches to the probation service, the police and other services. Capita’s subcontractors, include Airbus Defence and Space which processes and verifies information transmitted from tags. G4S supplies tags and home monitoring equipment and Telefonica provides a mobile network which allows tags to communicate with Airbus.
Outsourcing company Serco won a £200 million contract to take over the provision of electronic monitoring services for the Ministry of Justicefrom May 2024, and will act as a “service integrator” for electronic monitoring devices and supporting technology supplied by other companies.
Home Office did not give staff clear directions
The ICO found that the Home Office failed to provide its staff with clear directions on when it would be necessary and proportionate to monitory people as part of the their immigration bail conditions.
It also failed to provide clear and accessible information to people receiving tags about what personal information was collected, how it will be used, how long it will be kept form and who it will be shared with. The information that was provided contained gaps and was inconsistence, it said.
The watchdog’s enforcement notice requires the Home Office to update its internal policies, privacy information, and guidance on accessing data retained from the pilot scheme.
Edwards said that the ICO’s action was a warning to any organisations planning to monitor people electronically.
“You must be able to prove the necessity and proportionality of tracking people’s movements, taking into consideration people’s vulnerabilities and how such processing could put them at risk of further harm. This must be done from the outset, not as an afterthought,” he said.
Jonah Mendelsohn, Lawyer at Privacy International, said that the government had failed to consider the impact of deploying intrusive monitoring technology.
“Blanket 24/7 GPS surveillance of asylum seekers arriving in the UK runs diametrically opposed to data protection and privacy rights. The UK government’s gung-ho, wild-west approach in deploying deeply intrusive technology has through today’s decision collided with a rules-based system that we all have recourse to, regardless of our immigration status,” he said.