UK.gov told: Scrap immigration exemption from Data Protection Bill or we'll see you in court

Campaigners say proposed law would create a 'discriminatory' system for data access rights


Campaign groups have increased pressure on the UK government to remove a section of the Data Protection Bill that could effectively prevent people gaining access to immigration data held on them.

The bill passed through the House of Lords at the start of the year, and has its second reading in the House of Commons today, which is the first opportunity for MPs to scrutinise and debate the text.

Among the various concerns about the bill, much has been made of the insertion of a new exemption for immigration (schedule 2, part 1, paragraph 4).

The clause, which was unsuccessfully challenged by peers, would bring in a broad exemption removing a person's rights as a data subject – their ability to access information or ask how it is being used – if satisfying them would prejudice "effective immigration control".

Opponents have voiced concern about the lack of specificity in the text, especially as there are already exemptions for cases of crime, national security, public safety and protection of sources in both the European Union's General Data Protection Regulation and elsewhere in national law.

But more significantly, if passed, the law could prevent asylum seekers gaining the information they need to appeal a Home Office decision on whether they have the right to remain, or challenge potential mistakes.

"Victims of administrative errors will have no way to stop a typo from turning their lives upside down," said the Open Rights Group in a statement.

"Rights are universal, that's what makes them rights. This exemption creates a two-tier system where immigrants will have less access to their personal data than UK citizens, which inherently undermines the whole system."

The ORG is lobbying against the clause with EU citizens' rights group the3million, which said that "everyone should be entitled to know how the Home Office and other government agencies are using their records".

The groups have today launched a legal challenge against the exemption and are being represented by law firm Leigh Day, which has written to the home secretary Amber Rudd to outline their concerns.

"The immigration exemption creates a discriminatory two-tier system for data protection rights," said Leigh Day solicitor Rosa Curling.

"The clause is incompatible with GDPR, as well as EU law generally and the European Convention on Human Rights. If the exemption is made law, our clients will apply for judicial review."

The pressure comes after prime minister Theresa May made much of the UK's data protection standards in her second Mansion House speech last Friday.

"The UK has exceptionally high standards of data protection," she said, once again setting out the need for an arrangement post-Brexit that will provide "stability and confidence" for businesses and individuals.

"That is why we will be seeking more than just an adequacy arrangement and want to see an appropriate ongoing role for the UK's Information Commissioner's Office," she said.

The government has repeatedly called for the ICO to be given a place at the table of the European Data Protection Board (EDPB) – the new group for member states' data protection agencies that is set to wield more power than the existing Article 29 Working Party.

However, the likelihood of this happening is far from certain, especially as the EDPB – unlike WP29 – is an EU body.

This is emphasised by the draft text of the European Commission's withdrawal agreement, which states that references to member states do not apply to the UK when it comes to "nomination, appointment or election" of members of bodies or in "decision-making and governance" of EU bodies.

There is also concern that the UK won't be granted the adequacy-plus agreement it desires because of national legislation, particularly the controversial Snoopers' Charter, which it has already had to admit breaches data protection law.

Or as lawyer and writer David Allen Green put it:

The UK's tech industry has previously said it wants full compliance with the GDPR and warned Brexiteers against the perception that the GDPR is incompatible with securing new trade agreements. ®


Other stories you might like

  • Despite global uncertainty, $500m hit doesn't rattle Nvidia execs
    CEO acknowledges impact of war, pandemic but says fundamentals ‘are really good’

    Nvidia is expecting a $500 million hit to its global datacenter and consumer business in the second quarter due to COVID lockdowns in China and Russia's invasion of Ukraine. Despite those and other macroeconomic concerns, executives are still optimistic about future prospects.

    "The full impact and duration of the war in Ukraine and COVID lockdowns in China is difficult to predict. However, the impact of our technology and our market opportunities remain unchanged," said Jensen Huang, Nvidia's CEO and co-founder, during the company's first-quarter earnings call.

    Those two statements might sound a little contradictory, including to some investors, particularly following the stock selloff yesterday after concerns over Russia and China prompted Nvidia to issue lower-than-expected guidance for second-quarter revenue.

    Continue reading
  • Another AI supercomputer from HPE: Champollion lands in France
    That's the second in a week following similar system in Munich also aimed at researchers

    HPE is lifting the lid on a new AI supercomputer – the second this week – aimed at building and training larger machine learning models to underpin research.

    Based at HPE's Center of Excellence in Grenoble, France, the new supercomputer is to be named Champollion after the French scholar who made advances in deciphering Egyptian hieroglyphs in the 19th century. It was built in partnership with Nvidia using AMD-based Apollo computer nodes fitted with Nvidia's A100 GPUs.

    Champollion brings together HPC and purpose-built AI technologies to train machine learning models at scale and unlock results faster, HPE said. HPE already provides HPC and AI resources from its Grenoble facilities for customers, and the broader research community to access, and said it plans to provide access to Champollion for scientists and engineers globally to accelerate testing of their AI models and research.

    Continue reading
  • Workday nearly doubles losses as waves of deals pushed back
    Figures disappoint analysts as SaaSy HR and finance application vendor navigates economic uncertainty

    HR and finance application vendor Workday's CEO, Aneel Bhusri, confirmed deal wins expected for the three-month period ending April 30 were being pushed back until later in 2022.

    The SaaS company boss was speaking as Workday recorded an operating loss of $72.8 million in its first quarter [PDF] of fiscal '23, nearly double the $38.3 million loss recorded for the same period a year earlier. Workday also saw revenue increase to $1.43 billion in the period, up 22 percent year-on-year.

    However, the company increased its revenue guidance for the full financial year. It said revenues would be between $5.537 billion and $5.557 billion, an increase of 22 percent on earlier estimates.

    Continue reading

Biting the hand that feeds IT © 1998–2022