Home Office GPS tagging of asylum seekers breaches data protection law

Pilot programme aimed to tag 600 migrants

The ICO has issued an enforcement notice to the Home Office over the conduct of a pilot programme to place ankle tags on up to 600 migrants who arrived in the UK and were placed on immigration bail, following a complaint by campaign group Privacy International.

The pilot programme, which began in June 2022 and was intended to last for 12 months, meant that “all asylum seekers who arrive in the UK via unnecessary and dangerous routes can be tagged”. The Home Office extended the programme for a further six months until December 2023 after concluding the pilot had not provided sufficient evidence about the effectiveness of electronic monitoring to maintain contact with asylum seekers.

The data watchdog found the pilot project was not legally compliant with data protection law as the Home Office had failed to assess the risks that information collected from GPS tags could have potentially harmful consequences for people and their future if it is mishandled or misinterpreted.

Although the pilot scheme ended in December 2023, the Home Office will continue to be able to access information gathered from the pilot until it is deleted or anonymised, which means the data still could potentially be used and accessed by the Home Office and other third-party organisations, the ICO found.

“We recognise the Home Office’s crucial work to keep the UK safe, and it’s for them to decide on what measures are necessary to do so. But I’m sending a clear warning to the Home Office that they cannot take the same approach in the future. It is our duty to uphold people’s information rights, regardless of their circumstances,” said Edwards.

Home Office rejects ICO findings

The Home Office said that while it while it acknowledged that improvements could be made to documentation, it rejected the ICO’s finding that the privacy risks of the scheme were not sufficiently addressed.

“The pilot was designed to help us maintain contact with selected asylum claimants, deter absconding and progress asylum claims more effectively. We will now carefully consider the ICO’s findings and respond in due course.”

The Home Office maintains that it makes decisions to fit GPS tags on asylum seekers on a case-by-case basis, takes into account the mental and physical health of people who are tagged, and reviews every decision to tag someone after three months.

Complaint alleged significant breaches

The ICO’s investigation follows a complaint filed by Privacy International in August 2022, alleging that the Home Office’s GPS tagging policy had resulted in “widespread and significant” breaches of privacy and data protection law.

The complaint relied extensively on anonymous testimonies of individuals who recounted the debilitating impact that tagging was having on their private and family life and their physical and mental health.

The Home Office began issuing GPS tags to migrants released on immigration bail in January 2021. The number of people tagged under immigration powers has “increased exponentially” from 300 in 2021 to 4,360 by December 2023.

The data gathered, known as “trail data”, provides a deep insight into the intimate details of people’s lives, revealing a comprehensive picture of their everyday habits, movements, hobbies, social relations, health concerns, and political and religious views, according to the campaign group.

Capita and Serco provide monitoring services

Technology companies have won lucrative contracts to provide tagging services to the government which are overseen by the Ministry of Justice’s Electronic Monitoring Service.

Capita currently provides field services to fit and remove tags, runs the monitoring service, and reports breaches to the probation service, the police and other services. Capita’s subcontractors include Airbus Defence and Space which processes and verifies information transmitted from tags. G4S supplies tags and home monitoring equipment, and Telefonica provides a mobile network which allows tags to communicate with Airbus.

Outsourcing company Serco won a £200m contract to take over the provision of electronic monitoring services for the Ministry of Justice from May 2024, and will act as a “service integrator” for electronic monitoring devices and supporting technology supplied by other companies.

Home Office did not give staff clear directions

The ICO found that the Home Office failed to provide its staff with clear directions on when it would be necessary and proportionate to monitor people as part of the their immigration bail conditions.

It also failed to provide clear and accessible information to people receiving tags about what personal information was collected, how it will be used, how long it will be kept for and who it will be shared with. The information that was provided contained gaps and was inconsistent, it said.

The watchdog’s enforcement notice requires the Home Office to update its internal policies, privacy information, and guidance on accessing data retained from the pilot scheme.

Edwards said the ICO’s action was a warning to any organisation planning to monitor people electronically.

“You must be able to prove the necessity and proportionality of tracking people’s movements, taking into consideration people’s vulnerabilities and how such processing could put them at risk of further harm. This must be done from the outset, not as an afterthought,” he said.

Jonah Mendelsohn, a lawyer at Privacy International, said the government had failed to consider the impact of deploying intrusive monitoring technology.

“Blanket 24/7 GPS surveillance of asylum seekers arriving in the UK runs diametrically opposed to data protection and privacy rights. The UK government’s gung-ho, Wild West approach in deploying deeply intrusive technology has through today’s decision collided with a rules-based system that we all have recourse to, regardless of our immigration status,” he said.